The industry has come a long way from analog CCTV video surveillance systems. The days of a few low-resolution cameras being monitored by a security guard at a desk are becoming rarer in mid-sized to enterprise organizations. Putting the cameras on an enterprise network and treating the video like any other data gives us endless possibilities of what we can do with this powerful and complex information.
We witnessed the rise of video content analysis (VCA) technology, or video analytics, in the early 2000s in response to the growth of cameras and general surveillance, spurred on by the emergence of IP cameras, the falling costs of data storage and IT infrastructure, a reactive security posture to a changing threat landscape, and the quick realization that traditional monitoring approaches couldn’t keep pace with the growth in video data.
The video analytics industry is typically split into two distinct camps: (1) systems designed around rules and user-specified rules or models and (2) autonomous systems designed around machine learning. One could write an entire article on the subtle nuances and sub-classes within machine learning approaches and potential security applications and implications, so we will stick with the general definition here with a single defining characteristic: supervised vs. unsupervised learning. Supervised learning systems require heavy training and feedback to achieve the desired output, where unsupervised learning systems train themselves from the input data and require minimal human input. The video analytic solutions we saw in the market a decade ago seem rudimentary compared to today’s offerings; partly due to the technology catching up with early promises and partly due to the industry’s understanding and level-setting of expectations from the initial splash of analytics hyped as a panacea and the future of security.
Much of the initial excitement around machine learning in analytics such as (1) limiting configuration and ongoing support requirements, (2) unlimited scale, and (3) the ability to detect the unexpected has proven to be accurate. However, some of the extreme claims such as its ability to replace trained human operators, eliminate the need for well-designed camera placement, completely eliminate false positives, and determine a person’s intent ahead of an action have proven to be more hype than reality for many end users. Now that the dust is settling and the industry is moving beyond some broken promises, we must acknowledge the progress made and lessons learned. Above all, we are clear, now more than ever, that people are still a critical ingredient for success in both design and ongoing security operations.
In full disclosure, I am firmly planted in the unsupervised machine learning camp. For the better part of a decade, I’ve been working under the premise that ML is the only option for detecting our most dangerous threats; the unpredictable or those where we can’t pinpoint the target, time, location, or attack vector. Five years of deploying and maintaining these systems have solidified my belief that ML provides the fastest ROI with lowest TCO through scale and deployability, but I acknowledge that there is still work to do. Some of the key remaining challenges are alert relevance or actionabilty, the burden of triage on the operators, and the interpretability of alerts. On the surface, the value of unsupervised machine learning is the ability to eliminate the need for any input from humans.
This is actually true, up to a point. These systems have the proven ability to observe a live data stream, learn the normal patterns of behavior, and identify anomalies (statistical outliers) as they happen. Furthermore, they accurately rank how an abnormal event is measured against all previously observed behaviors.