Subscribe to Monitor This! RSS Feed

Monitor This!

by: Leif Kothe - Wednesday, July 30, 2014

Tech publication Wired magazine may not focus too closely on alarm monitoring or residential security, but it does devote a good deal of ink to assessing network security threats, no matter what the context.

Just last month a writer for the magazine, Mat Honan, sketched a funny, dystopian picture of the connected home in revolt, commandeered by morally wayward hackers on some perverse quest for Internet notoriety. Identifiable only by screen names evoking bad 90s cyberpunk films, these lonesome code junkies are intent on doing everything from dousing homes by activating sprinkler systems to invading your privacy in all the imaginable ways in a home well stocked with cameras.

The piece, titled “The Nightmare on Connected Home Street,” is of course meant to be hysterical: The narrator is jarred awake at four a.m. by the pulse of dub step music exploding out of his connected pillow. The vignette ends, a few hours later, with a bare and awesomely memorable paragraph: “The skylights open up. The toaster switches on. I hear the shower kick in from the other room. It’s morning.”

It’s all just a thought experiment, but the piece is entertaining and well worth a read.

Interestingly enough, about a month later, Wired turned its attention to security again, this time focusing on concerns that, surprisingly, have nothing to do with Internet connected devices. This time, the article dealt with security vulnerabilities related to wireless home alarms, which, according to a pair of researchers cited in the article, could be comprised—the alarm being either suppressed (via “jamming”) or made to deliver false signals. The researchers found identical problems with a number of brands.

The issue, according to the report, has to do with radio frequency signals. While the conversation is understandable for a layman, it can seem a bit arcane. In sum, the researchers found that the systems “fail to encrypt or authenticate the signals being sent from sensors to control panels,” according to the report, “making it easy for someone to intercept the data, decipher the commands, and play them back to control panels at will.” Would-be malefactors, the report says, can do this relatively easily.

The researchers cited in the article—Logan Lamb and Silvio Cesare—plan to present their findings at the Black Hat security conference, a computer security conference held in Las Vegas next week. I’m eager to here more about their findings and to see what kind of impact the research could have.  

by: Leif Kothe - Wednesday, July 30, 2014

Tech publication Wired magazine may not focus too closely on alarm monitoring or residential security, but it does devote a good deal of ink to assessing network security threats, no matter what the context.

Just last month a writer for the magazine, Mat Honan, sketched a funny, dystopian picture of the connected home in revolt, commandeered by wayward hackers on some perverse quest for Internet notoriety. Identifiable only by screen names evoking bad cyberpunk movies, these lonesome code junkies are intent on doing everything from dousing homes with sprinkler systems to invading your privacy through in-home network cameras .

The piece, titled “The Nightmare on Connected Home Street,” is supposed to seem nearly implausible. The narrator is jarred awake at four a.m. by the pulse of dub step music exploding from his connected pillow. The piece ends, a few hours later, with the bare and awesomely memorable paragraph: “The skylights open up. The toaster switches on. I hear the shower kick in from the other room. It’s morning.”

It’s all just a thought experiment, of course, but the piece is thought-provoking and well worth a read.

Interestingly enough, about a month later, Wired turned its attention to security again, this time focusing on vulnerabilities that have nothing to do with IP devices. This time, the article dealt with security concerns related to wireless home alarms, which, according to a pair of researchers cited in the article, could be compromised—the alarms either being suppressed (via “jamming”) or made to deliver false signals. The researchers found identical problems among a number of brands.

The issue apparently has to do with radio frequency signals. While the conversation is understandable enough for a layman, it can drift into the arcane. In sum, the researchers found that the systems “fail to encrypt or authenticate the signals being sent from sensors to control panels," the report said, “making it easy for someone to intercept the data, decipher the commands, and play them back to control panels at will.” Would-be malefactors, the report says, can do this relatively easily.

A vulnerability is a vulnerability, and certainly no security company wants there to be any possibility of a system being hacked. But it should probably be mentioned that while these techniques may come across as elementary to the reading community of Wired Magazine, these methods would probably be, for your run-of-the-mill burglar, well above the norm from a sophistication standpoint.

The researchers cited in the article—Logan Lamb and Silvio Cesare—plan to present their findings at the Black Hat security conference, a computer security conference scheduled next week in Las Vegas. For my part, I’ll be eager to hear more about their findings and to see what kind of impact the research could have.

by: Leif Kothe - Wednesday, July 30, 2014

Tech publication Wired magazine may not focus too closely on alarm monitoring or residential security, but it does devote a good deal of ink to assessing network security threats, no matter what the context.

Just last month a writer for the magazine, Mat Honan, painted a funny dystopian sketch of the connected home in revolt, commandeered by morally wayward hackers on some perverse quest for Internet notoriety. Identifiable only by screen names evoking bad cyberpunk films from the 90s, these lonesome code junkies are intent on doing everything from dousing homes by activating sprinkler systems to invading your privacy in all the imaginable ways in a home amply stocked with network cameras.

The piece, titled “The Nightmare on Connected Home Street,” is of course meant to be hysterical: The narrator is jarred awake at four a.m. by the blaring pulse of dub step music exploding from his connected pillow. The vignette ends, a few hours later, with a bare and awesomely memorable paragraph: “The skylights open up. The toaster switches on. I hear the shower kick in from the other room. It’s morning.”

It’s all just a thought experiment, but the piece is entertaining and well worth a read.

Interestingly enough, about a month later, Wired turned its attention to security again, this time focusing on concerns that, surprisingly, have nothing to do with Internet connected devices. This time, the article dealt with security vulnerabilities related to wireless home alarms, which, according to a pair of researchers cited in the article, could be comprised—the alarm being either suppressed (via “jamming”) or made to deliver false signals. The researchers found identical problems with a number of brands.

The issue, according to the report, has to do with radio frequency signals. While the conversation is understandable for a layman, it can seem a bit arcane. In sum, the researchers found that the systems “fail to encrypt or authenticate the signals being sent from sensors to control panels,” according to the report, “making it easy for someone to intercept the data, decipher the commands, and play them back to control panels at will.” Would-be malefactors, the report says, can do this relatively easily.

The researchers cited in the article—Logan Lamb and Silvio Cesare—plan to present their findings at the Black Hat security conference, a computer security conference held in Las Vegas next week. I’m eager to here more about their findings and to see what kind of impact the research could have.  

by: Leif Kothe - Wednesday, July 16, 2014

The Electronic Security Association has installed Marshall Marinace, owner of Yorktown Heights, N.Y.-based Marshall Alarm Systems, as its president for the next two years.

Marinace’s presidency was one of five new officer appointments announced at ESA’s annual membership meeting held during ESX 2014 in Nashville.

Marinace has been involved in the security industry for 38 years, and his alarm company was founded in 1976. He also has a longstanding involvement with ESA, serving in several different capacities with the association, including multiple terms as vice president, chairperson of the Membership Committee and liaison to the Standards and Fire Life Safety Committee, among other roles, according to an ESA news release.

“Having been involved with association boards and committees for the past 30 years and counting, my personal goal is to continue the legacy and ongoing development of strong leadership that has made ESA the foremost industry association,” Marinance said in a prepared statement. “I am therefore honored and humbled to have been given the opportunity to fill the role as ESA president for the next term.”

The following industry practitioners were also elected to ESA roles:

-- Dee Ann Harn, CEO of RFI Enterprises, elected to one-year term as vice president

-- Chris Mosley, president of Complete Security Systems, elected to two-year term as vice president

-- Angela White, executive vice president of Central 1 Security, elected to two-year term as vice president

-- Jon Sargent, industry relations / government affairs for Tyco Integrated Security, elected to two-year term as secretary

by: Leif Kothe - Tuesday, July 8, 2014

The ADT Corporation announced yesterday that it has closed its acquisition of Canadian monitoring giant Protectron.

ADT, which executed a definitive agreement to acquire Reliance Protectron in April, acquired the company for total cash consideration of CAD $555 million.

ADT has now officially added 400,000 customers and 31,000 accounts north of the border, worth approximately $11 million in RMR.

ADT, which already has two central stations in Canada, adds four more through the acquisition. Protectron, a portfolio company of investment funds managed by Alinda Capital Partners, has 900 employees. Its customer base is 75 percent residential.

ADT’s plan, as stated at the time it agreed to acquire the company, is to use the acquisition as the platform for a stand-alone business in Canada with a dedicated management team, a move designed to address the country’s specific market needs. In a news release, ADT said it planned to continue to using the Protectron brand under ADT ownership.

In late April, following the acquisition agreement, Lee Jackson, regional VP Canada, said it was too early to say whether ADT would keep all six Canadian central stations in operation. He noted that ADT has yet to determine which resources and administrative functions it will transfer to Canada to supports its expanded account base in that country, now up to 800,000.

The acquisition goes down as ADT’s largest since becoming an independent company, far surprassing its 2013 Devcon deal, according to John Mack, EVP and managing director at Imperial Capital, who spoke to SSN when the agreement to acquire became public. At the time, Mack said the deal signals a return to “growth initiatives [through] high quality acquisitions” and predicted the deal would help ADT’s attrition profile while bolstering its enhanced services sales.

It will be interesting to wait and see if Mack's words prove to be prophetic.

Topic:
by: Leif Kothe - Wednesday, June 25, 2014

With ESX 2014 in the rearview mirror, I wanted to combine some of my experiences into one summarizing blog of an event rich in educational seminars and insightful speakers. Here are some of the sights and sounds, in more or less chronological order:

How, in 2014 and beyond, does a security company remain relevant? That’s the question Safeguard Security CEO John Jennings addressed at the ESA eye-opener breakfast, urging audience members to free themselves from outmoded ways of doing and thinking about business.

Titled “Dinosaurs, Woolly Mammoths, Saber tooth tigers and you,” the presentation very directly explored strategies to help security companies avoid becoming, well, extinct. His recommendations? Promoting unorthodox perspectives, challenging the obvious and fostering divergent ideas. He encouraged listeners to emulate the disruptive, risk-taking attitudes prevalent in the tech startup culture—first by considering failure not as an endgame, but as an occasional and even necessary obstacle along the pathway to better ideas.

Jennings also told attendees to ask the tough questions about their businesses, and to be uncompromising about having employees who both perform in the field and elevate the atmosphere in the office.

Strategic planning, Jennings noted, can be relegated to the dustbin of history. In an industry so rapidly evolving and so hard to predict, such projects no longer constitute a good use of time. Oh, and organizational charts? Those can go too. Divisions between personnel need no longer be so neatly divided or even hierarchical, as leaders should aim to pool ideas from all levels of their management structure.

Jennings also made a persuasive and rather funny case for doing away with the term “central station.” “Central station—really?!” he asked with half-serious outrage. He then asked if anyone outside the industry actually knows what a central station is. He’s got a point. There’s something a little unsleek and Star Trek-y about the phrase. And that’s misleading; the facilities I’ve visited are nothing if not sleek.

In the afternoon I moderated a seminar featuring Tom Szell, SVP, ADS Security, Mike Bodnar, president, Security Partners, and Brandon Savage, SVP customer experience and operations at My Alarm Center/Alarm Capital Alliance. It was a good mix of perspectives, and the trio wasn’t shy about proposing some forward-thinking ideas. Savage urged attendees to make customer support not just a differentiator but the key differentiator at their companies. Szell affirmed that the interactive services revolution is an enormous positive for the industry, but said the next imperative is figuring out how to provide top-notch support for this ever-expanding array of services. With respect to the hiring and training process, Mike Bodnar encouraged attendees to identify people with the right mix of hard and soft skills, and added that the demand for operators with those characteristics is only going to increase.

From a monitoring standpoint, the panelists left no stone unturned: PERS, mobile PERS, installer apps, subscriber apps, the ASAP to PSAP program, customer surveys, video verification, and interactive services and the new expectations for customer support they’ve produced.

In the latter part of the session, the audience members posed some superb questions as well. Some asked how to extend the life of PERS accounts or how to develop the most effective and informative customer surveys. Others asked about the threat of DIY  / MIY systems and how best to cope with broader market awareness of these systems.

The ESX show floor kicks into full gear Wednesday. I plan to be there the next two days and to make a point of getting to as many of the educational seminars as possible. 

 

DAY 2 - ESX 2014

 

It had the feel of a seminar anyone in the monitoring space needed to hear. Moderated by Don Childers, COO of Security Central, the panel titled “IP, the Central Station and All that Jazz” got down to the brass tacks of what it takes to be a monitoring company in 2014. One of the ruling themes: You need to honestly assess the strengths and weaknesses of your monitoring company now to determine how well suited or not it is to be reliable hub of IP signals.

The panelist lineup included Sascha Kylau, VP central station solutions and services, OneTel; Morgan Hertel, VP of operations at Rapid Response Monitoring; and Mark McCall, director of IT, Security Central.

The “Internet of Things” movement was broached early in the session, with Kylau mentioning some possibilities for monitoring that might have seemed farfetched a few years ago but that now seem totally plausible. Pet tracking, mobile medical monitoring, mobile tracking, geo fencing, aggregating information from household appliances—Kylau touched on all these possibilities. Some of these services, such as PERS, are already well-established streams of RMR for some monitoring companies, and only stand to become more mainstream in the years ahead.

The panelists agreed that investing in quality ISPs and bandwidth will pay off in the long run. Hertel noted that during Hurricane Sandy, Rapid Response was hit was an astonishing rate of signals for two weeks straight. With such taxing scenarios in mind, he advised monitoring companies to invest in reliable, first-rate ISPs, and to work closely with automation providers to ensure their company can accommodate IP traffic in any set of circumstances. To that point, McCall added that it’s crucial to invest in a network monitoring platform that tracks signal information and informs you when the IP firewall is about to max out.

The panelists didn’t just discuss the equipment investments in the central station IP domain. They also touched on the human capital aspect of the business, which is evolving in proportion to the technology. Hertel said Rapid Response now employs a 25-person IT and software development team.

Later in the day I caught up with Jeremy Mclerran, director of marketing at Qolsys. The company’s big news at the show was the launch of its new user interface intended to make the customer experience more consistent and sleek. To that end, the new look is a rousing success; it’s an uncluttered, clean, visually appealing interface. McLerran explained that Qolsys is so closely integrated with Alarm.com that remodeling the company’s own interface to make it closer in alignment with that platform’s look and feel “just made sense.”

Though the new look features flat, monochromatic icons, McLerran pointed out that the changes aren’t just cosmetic. The company’s intent was to design a “forward-compatible” panel that interoperates with a host of wireless radios and has a slew of home control functionalities already embedded. Qolsys also managed to elicit some guffaws with its anonymous banner ads adorning the escalators: “1980 called. It wants its panel back.” The banners also encouraged industry members to take a deep breath and  “just say no” to rubber button keypads.

In the afternoon I met with Dave Mayne, VP of marketing at Resolution Products, which today announced the release of its new Helix panel, scheduled to ship everywhere in December. Mayne said the panel reflects Resolution’s goal of creating a panel that reduces the amount of time dealers need to spend servicing accounts, while giving them a pathway to adding new home control functions. The Helix employs software and interactive services from SecureNet. It will ship to a select group of early adopters in July, he said.

I also spoke with Kirk MacDowell, VP sales, intrusion-Americas, at Interlogix, about the company’s recent acquisition of Ultra High Speed, a technology provider of telecommunications infrastructure equipment. The move expands the company’s global intrusion portfolio in the residential and small- to medium-sized retail verticals. A big draw, MacDowell said, was that UHS was a “proven, developed and launched” service.

First thing tomorrow morning I’ll be attending the ESX Rise and Shine breakfast, where I’ll be listening closely to what some of the new entrants to the industry have to say about their go-to-market strategies and their vision for the security industry of tomorrow. I’m eager for this session, and from what I’ve heard from attendees, I’m not alone. I expect to see few if any empty seats.

 

Day 3 - ESX 2014

 

The final day of ESX began with a highly anticipated panel moderated by ESX chair George De Marco. The panel was intended to showcase how some of the new security entrants envision the direction of the industry.

The lineup included Adam Mayer, VP strategy and new business development, Time Warner Cable; Gene LaNois, GM, Nest Labs, Pro Channel; and Mike Hackett, VP sales and marketing, Qolsys.

De Marco did not refrain from asking the tough questions, or in other words, the questions the audience wanted to hear. In view of Google-owned Nest recently acquiring Dropcam, he asked LaNois if he thought third-party monitoring centers and installers would remain crucial components of security, or if DIY systems would factor them out of the equation. The response from LaNois, and from the other panelists who chimed in, were not exactly discouraging for installers or monitoring personnel. Yes, both LaNois and Mayer agreed the DIY market was poised to take off. But they also agreed that for more complex integration projects, installers will still be in high demand, and will continue to play a major role in shaping the industry moving forward. The key takeaways of the panel were that lifestyle services and monitored security can and will share a symbiotic relationship, and that DIY systems, while a threat to central station RMR, are not necessarily going to destroy the entire central station model. If anything, they might just modify it.

After the seminar I caught up with Telguard’s Shawn Welsh, VP marketing and business development, and Pamela Benke, director of marketing, to discuss the company’s new cellular alarm communicator for CDMA networks, the TG-1 Express CDMA. Welsh said the product goes along way toward expanding the company’s residential reach, turning rural or hilly regions, where cellular coverage can be spotty, into more viable zones for Telguard’s services. Compatible with Verizon’s 3G/4G wireless networks, the CDMA alternative is being marketed as a replacement to soon-to-be obsolete GSM products. Telguard is making the product eligible for the company’s Upgrade Incentive Program, which allows dealers to receive $25 for replacing GSM units.

On my final day at ESX, I got wind that the Partnership for Priority Video Alarm Response met its ESX deadline for developing video verification best practices. Mark McCall, IT director at Security Central, Keith Jentoft, president at Videofied-RSI Technologies, and Peter Tallman, program manager at Underwriters Laboratories shed some light on their roles in the process, and on the numeric threat evaluation criteria outlined in the new recommendations.

by: Leif Kothe - Wednesday, June 18, 2014

One of the most visible illustrations of the Internet of Things movement, the connected home continues to open up an expanding world of RMR possibilities for the security industry. But according to a recent CNN Money report, it’s also opening up some new and murky legal terrain that, like many Internet-related matters, raises fundamental questions about privacy and information rights.

The headline is as blunt as it is Orwellian: “Cops can access your connected home.” While the article references smart home technology writ large, the piece mostly focuses on the video aspect of the connected home and the potential for cameras to generate footage that could someday be used in legal proceedings.

In the article, Jay Stanley, a senior policy analyst from the American Civil Liberties Union, is quoted as saying, “We’re seeing law enforcement across a variety of areas arguing that they should be able to access information with lower standards than before the electronic age.”

The source also notes that information from the home can provide a “window into the things you’re doing in your private space.”

Still, authorities cannot get their hands on such footage without a warrant or subpoena, as the article notes. A judge authorizes a warrant when the prosecutors show “probable cause” that evidence exists that could be linked to criminal activity. Subpoenas, however, have a somewhat looser standard, requiring only that the data being sought is relevant to a given investigation.

Security companies offering interactive services are typically very sensitive to the notion that customers have lingering concerns about privacy. Andy Stadler, division manager, advanced services, at Security Partners, illustrated that awareness in our conversation a few weeks ago about the company’s recent adoption of Alarm.com’s new video verified alarm service. During the development phase, he said, Security Partners and Alarm.com took pains to erect privacy measures that would perform the dual task of giving central stations the information they need without infringing on the customer's privacy.

This left me wondering: With home automation offerings so widespread, could the implementation of more robust and consumer-friendly privacy measures emerge as a real differentiator? Are the more tech-savvy, privacy-conscious consumers going to start asking companies how long they store footage on their servers? Are they going to ask how and why authorities might access data generated in their homes? Are they going to ask about what cyber security measures are being put in place to thwart hacks?

This will be a fascinating industry topic to watch on several levels. At the business level, it could just be that the companies most attentive to privacy protections will view public skepticism as an opportunity rather than a hindrance.

Topic:
by: Leif Kothe - Wednesday, June 11, 2014

It’s that time of year: ESX is closing in on us, and my schedule for the show is beginning to take form. I’m envisioning a high-energy, well-paced show, with an array of educational sessions geared to new and important topics, and a show floor conducive to getting the skinny on the trends shaping the industry.

I wanted to use this space to draw attention to a seminar I’ll be moderating Tuesday, June 24 at 3:15 titled “Monitoring: A Quality Customer Touch Point.”

I’ll be talking to Mike Bodnar, president of Security Partners, Tom Szell, SVP at ADS, and Brandon Savage, SVP of customer experience and operations at Alarm Capital Alliance / My Alarm Center about the new means of customer engagement brought on by the rise of mobile apps and interactive services, and how those in the industry can leverage these advances to minimize attrition.  

With Nashville roughly ten days away, I encourage folks (particularly those on the monitoring side) to contact me in the days ahead to arrange a meeting on the show floor. Given the structure of the show, and its emphasis on education, I don’t anticipate fodder for conversation being in any short supply. Industry shows like ESX offer a valuable stage not only for discussing initiatives specific to a single business, but also broader trends affecting the industry writ large. I look forward to chatting.

by: Leif Kothe - Wednesday, June 4, 2014

Toronto, the largest city in Canada, is mulling the possibility of not responding to private alarms, citing a false alarm rate that looks bad even within that context.

According to a report from the Toronto Star, just 300 of the 20,000 private alarm calls Toronto police responded to in 2012 turned out to be legitimate. As a result, an internal police steering committee is reviewing the cost-savings that could be reaped by scaling back on alarm response (among other services), the report said.  

By doing so, the committee estimates the police force could realize $613,222 in savings, according to the report. That amounts to 10,960 officer hours.

Additionally, the committee recommended police stop taking reports on lost or stolen property whose value does not exceed $500.

From a law enforcement perspective, it’s sensible to do away with writing redundant reports for lost property, particularly when other institutions are better suited to deal with such events. But what could a non-response policy portend for alarm companies who would then have to provide private response services themselves? Not only do companies stand to incur the costs associated with this; they also stand to lose what many in the industry view as the most vital element of the value proposition of an alarm system—the guarantee of police response in the event of a legitimate alarm.  

False alarms (and what to do about them) remain among the most polarizing issues in the alarm industry today. It continues to define, and sometimes roil, the relationship between private alarm companies and law enforcement.

So what’s can be done? The theories about how to mitigate false alarms tend to diverge and dovetail, making the issue especially complex and difficult to navigate, much less reach a conclusion on. Some believe a clear and properly enforced ordinance, bolstered by measures such as cross-zoning and enhanced call verification, will do the trick, with fines for offending alarms helping to offset the losses. Others say private response is the inevitable long-term solution.

Others still, such as PPVAR, believe the relationship between law enforcement and the industry can and should remain intact so long as the alarm installed base evolves technologically and municipalities move toward a verified response approach (that's not to say the industry is in full agreement over what constitutes a verified alarm). The organization also espouses new video verification standards.

The issue continues to be a fraught one, with no definite solution in sight. To be sure, many cities have made great strides with false alarm reduction. But cases such as Toronto are a resounding reminder that there’s room for improvement.

by: Leif Kothe - Wednesday, May 28, 2014

In the modern security environment, there’s no shortage of relatively new, tech-savvy companies intent on revising the traditional alarm monitoring business model. That some of these upstart companies, such as Cambridge, Mass.-based SimpliSafe, are now attracting serious outside investment interest is a development that bears watching.

SimpliSafe, which provides wireless security systems and professional monitoring services without long-term contracts, recently partnered with Sequoia, a prominent venture capital firm in Silicon Valley, to raise $57 million. On its website, the company claims to have 100,000 customers.

SimpliSafe describes itself as a “disruptive tech company working to help people live safely,” while touting its in-house maxim that “being safe should be simple.”

Interestingly enough, SimpliSafe doesn’t fit perfectly into the DIY/MIY mold; it’s really more of a hybrid between those types of systems and more traditional security units. A Wall Street Journal blog noted that a SimpliSafe system with sensors and other burglary protection components, along with a hardware package, typically costs about $260. The company also offers monitoring services for $14.99 per month, but doesn’t require customers to purchase them.

In a company blog, Chad Laurans, CEO of SimpliSafe, said the following: “We’ve eliminated unnecessary middlemen, so we can pass the savings onto our customers and pour our resources into product innovation and customer service.”

Down the road, one of the biggest threats to central station RMR could be the proliferation of increasingly sophisticated DIY/MIY systems that unite ease of use and installation with competitive pricing models. As of yet, there’s no clear writing on the wall that says central station RMR will suffer the effects of “disintermediation” at the hands of innovative MIY products. But a $57 million infusion is no small sum for the security industry. It goes without saying that an investment of this scale can be transformative from a product development standpoint.

It will be interesting to see if this pared down version of security and alarm monitoring indeed proves to be disruptive, and if so, how the monitoring industry responds to the challenge. 

Pages