7.16.24 -SIW
No two companies are exactly the same – and similarly, when it comes to false alarm reduction, there is no “one-size-fits-all” approach.
There’s a huge misconception when it comes to handling noise in security operations. No two companies are exactly the same – and similarly, when it comes to noise reduction, there is no “one-size-fits-all” approach. Each company is dealing with their unique noise, which means customization is key to silencing alarms without suppressing the ones your team needs.
The risk that false alarms create can be impactful to the organization. Missed alerts, complacency, not enough resources to address the incoming alerts, and much more can affect an organization’s bottom line.
Here are four ways false alarms can impact your global security operations center (GSOC):
1) Drain on resources: A typical GSOC, depending on the size of the organization it protects, might have dozens of operators and analysts who are overseeing hundreds of locations around the world and responding to hundreds or even thousands of alarms each day on numerous disparate platforms.
Alarms that are deemed “noise” or are false – meaning an event where a security system is triggered without the presence of an actual security threat or breach – can take the attention away from these operators and analysts, reducing their ability to effectively manage incoming incidents.
This is a drain on resources allocated to the GSOC and might mean tying up personnel who are processing these alarms manually, taking them away from other important security tasks.
2) High levels of complacency. Have you ever heard of the boy who cried wolf? There’s more to that fable, and it’s a good analogy for what happens when too many false alarms undermine an operator’s ability to respond to actual alarms. GSOC operators might become desensitized to alarms, potentially missing real threats.
In talking with former security directors on our team they shared some experiences they’ve had with this challenge. In one instance, incoming alarms were programmed with a specific sound associated, and became so frequent that operators began muting their computers. In that case, IT had to come in and set the computers so that they couldn’t be muted.
Instead of getting to the root cause of the incoming alarms, the teams became numb to it. This level of complacency can mean missing critical alerts and potentially serious threats.
3) Financial costs. Depending on how your GSOC is set up, the cost of false alarms can add up. Calling out emergency responders without verification can incur fines, but there’s A LOT more to the story. In addition to response fees charged by emergency services, more direct costs associated with false alarms include maintenance and repair expenses for faulty equipment and increased operational costs due to additional personnel time spent addressing these alarms. Some of the indirect costs associated include productivity losses from business disruptions, reputational damage and decreased employee morale that can lead to higher turnover (which is already elevated in the guarding industry).
Over time, these costs can add up, impacting the overall financial health of a business. A company might have so many false alarms that eliminating them frees up most of an operators’ time. For example, one company had so many incoming alarms, they determined the organization would need six times the number of operators they currently had per day to respond to every alarm as they scaled the business. Over time, this can add up to millions of dollars in cost savings when false alarms are effectively addressed and eliminated altogether.
4) Ongoing disruptions. As false alarms roll into a GSOC, it may cause unnecessary panic or disruption to normal operations, which affects productivity. False alarms divert resources and personnel away from their primary duties, leading to decreased efficiency and slower response times to actual threats.
Frequent false alarms can also cause operational fatigue, which might further reduce an operator’s ability to be vigilant in the GSOC. Additionally, the increased workload can result in staff burnout and higher turnover rates, disrupting the continuity and effectiveness of security operations.
Solving for False Alarms
False alarms or “noise” in a GSOC can be caused by several factors, including but not limited to:
- Sensors not lining up
- Broken hardware
- Environmental factors such as wind or rain
- Shadows caused at different times of the day
- Animals being identified as humans/setting off motion detectors
- Janitorial staff pushing on doors to clean them
- User error
The most effective way that organizations can solve their false alarm problems is through analysis, triage and tool implementation. There is no all-encompassing solution for noise, but by running an efficient process you can identify and solve for the type of noise that your environment is experiencing.
Organizations must first analyze their false-positive data. Security programs should monitor their security alarms and then document which were false positives. Afterwards, you should aggregate them by the device name, to identify which of the largest contributors of false positives. This helps you prioritize devices that will have the most impact on your program.
The second step is to be able to triage incidents to figure out the cause. It’s important to diagnose the specific problem so you can implement the correct solution.
Is there malfunctioning hardware? Create a device health ticket for your technicians to fix. Are the door contacts or REX configured correctly? Use a computer vision tool or work with your technician to get them configured. Are there multiple types of the same incident occurring for Door Forced Open alarms? Use a solution that can create rules to deduplicate the additional alarms.
It’s also important for companies to realize that no two security programs are identical, so noise and false alarm reduction approaches should be flexible and empower GSOC teams to drive their own noise reduction program.
We talk about it like this: “One team’s noise is another team’s treasure,” which means that one team might need to gain all access control-related alarms, for example, while another team might want to focus solely on video analytics-driven alarms. The difference is in how each team uses the incoming data to optimize their programs.
It’s not enough to purchase what many companies are offering, which is a “band-aid” of technology that promises false alarm reduction without first finding the root cause of these alarms.
Buyers should be beware of companies claiming to “eliminate” all of your noise. Organizations must take steps to develop comprehensive strategies for reducing and understanding their noise in their SOCs in addition to finding the right software.
Jordan Hill is Co-Founder and Head of Product at HiveWatch, a technology company reimagining how companies keep their people and assets safe. As a DeepTech Product Innovator, he focuses on bringing a fresh perspective to complex industries through data. Jordan holds a B.S. in Physics and a B.A. in Government and Politics from the University of Maryland at College Park.
About the Author
Jordan Hill | Co-Founder, Head of Product
Jordan Hill is Co-Founder and Head of Product at HiveWatch, a technology company reimagining how companies keep their people and assets safe. As a DeepTech Product Innovator, he focuses on bringing a fresh perspective to complex industries through data. Jordan holds a B.S. in Physics and a B.A. in Government and Politics from the University of Maryland at College Park.