Skip to main content

Once you’ve effectively implemented a process for measurement and analysis, it’s time to take your captured data and drill down into one of the most common response time detractors: false alarms. 

It’s a well-known story: operators have a long, scrolling list of alarms in their queue and see “another one of those alarms” pop up. They have seen this alert so many times they have become numb to the condition. Consequently, buried in this list of alerts is a real event that requires immediate action but doesn’t receive a quick response. Before developing a plan to reduce false alarms, it’s important to understand what causes them. 

Alarms caused by faulty equipment are relatively easy to resolve and present in one of two ways: either sending large quantities of alarms (i.e. multiple alarms a second) or, alarms that are raised for an unanticipated or nonexistent event (e.g. door-open alarm being triggered when the door is, in fact, closed). Security technology professionals can troubleshoot their systems to identify the source of these sorts of alarms. While this investigation is underway, security teams can mask these points from monitoring until the system is restored. 

So far, so simple, but it’s actual ‘false positives’ that are a far more difficult issue to resolve. The system or device is operating properly but triggering alarms that, while not true threats, still require operator action. One example of a false positive is an expired access control card. The system raises a valid alarm, albeit one that could have been avoided if the card had been updated prior to its expiry date.

Reducing false positives requires an understanding of the behaviors that are causing the alarm, then either changing the configuration of the device, updating the system, or changing operating procedures. There is no silver bullet for false alarms as each circumstance is different. 

The reporting capabilities of SureView make capturing and differentiating this data easy. It’s very common for alarm reports to show 80% of traffic coming from 20% of points. Dig into the data to work out if these alarms are being caused by A. faulty equipment or B.false positives. By reducing and ultimately eliminating these faulty and/or false alarms, operators’ response times will be greatly improved because they will be focusing entirely on processing genuine alarms.

Download the full whitepaper, Response Time: The Key to Better Security Outcomes, to learn more.