Subscriber Discussion

Data Is The Future Of Video - Solink Launch On IPVM

Avatar
Mike Matta
Mar 15, 2017

Background

I'm the CEO & Co-Founder at Solink, a company we founded in 2010 with the purpose of detecting and reducing fraud in banks. We've since grown to over 1000 customers globally and growing at 10-15% monthly. The focus has always been on using data analytics to make video a proactive source of insights. In 2015 we pivoted the company to provide an end-to-end cloud solution rather than managing integrations with outdated DVRs/VMS' on-premise. We've seen time and again that the value is in the data, not the security infrastructure.

I wanted to introduce Solink to the IPVM community to get feedback and questions. Happy to treat this as a Reddit-style AMA (Ask Me Anything) or feel free to email mmatta@solinkcorp.com if you’d rather have a private discussion.

Why another "video" company

First-off - we are a data company and use video as a verification source. Some customers have us in parallel to pure-play VMS/DVR products and that's fine. We are seeing a commoditizing video market - the value is in applications around data, video is another input to data.

Surveillance video is primarily reactive, it's main use is to record and provide evidence to support an incident. We love the concept of "video analytics" but in practice there is a lot of tuning and noise from computer vision that results in a lot of data but little actionable information. Traditional Exception-Based Reporting (EBR) tools have been helpful but they lack the ability to seamlessly integrate to video or adapt to new techniques employed by internal theft or external fraud. Data analytics using machine learning, on the other hand, is more practical at identifying suspicious activity and improves with use & quantity of data.

Offering

Solink is a complete solution for retail and financial institutions to identify and reduce losses. Best described, Solink brings Video + Exception Based Reporting + Case Management in a single end-to-end offering. We offer the solution on a RMR basis and rev-share RMR with partners for the life of the customer.

Video Discovery

Solink ingests transactions and "time-based" events from existing systems (like POS & ATM/Teller, Access Control) to understand "context" and we use video as a verification tool. We enable search in our cloud to identify patterns or specific events at scale. Solink retains transaction data and snapshots/clips for up to 1 year. You can search through millions of events in milliseconds. We call this "Video Discovery" - here is an example:

When an incident is identified you can watch the full footage from our web or mobile application. You can share evidence or push a specific clip to our "cloud" for extended retention via a "bookmark". The video controls are intuitive and user-friendly.

Mobile

Solink has native apps for both iOS and Android. Users can search, view, share, and watch any event or camera live. We focus on our mobile experience heavily and have high adoption and engagement from our user base on mobile.

When an incident is identified you can share it to our "Case Management" add-on. The embedded video clip and transactional data is shared to a cloud-based document store as a case. You can manage the workflow of cases and share internal & external as well as collaborate "in-case" - similar to Slack but around a case workflow.

Reports & "Daily Digests"

We identify patterns of suspicious activity through reports. Users can filter events by selecting a report category and narrowing the events in view to say "successive discount transactions" or "High number of Deleted items per order" or, in banking, "multiple declined transactions for common accounts". Users receive a daily email, that summarizes these reports and provides a snapshot & link to allow direct access to the application.

Machine Learning

As the system collects more data it gets smarter and can identify issues earlier. We tag customers by peer group and benchmark activity for each peer group (QSR, banking, specific geography) to develop a real-time "index". At scale, this index becomes "normal" and we can understand the summary data that distinguishes high and low performers. So, as a very simplistic example, if a particular retail chain has an average of 0.5% discounting or declined transactions and one store spikes to 1.5% this points to 3x higher activity that we can alert on. This is the biggest bet we are making - as we collect more video, data, and transactions our focus is on "picking winners" - similar to how Amazon can recommend future products based on your past purchases and benchmarked activity of similar users.

Hardware

As part of our solution, we include a NAS device - called "Connect Gateway". Once Connect is flashed to the device all ports/services are locked down and user management is managed from our cloud. Connect is a lightweight VMS - we can integrate to any ONVIF or (rtsp & h.264) compatible camera on the network. We have native camera integrations and recording rules for motion, schedules, Low/High-Def recording strategies - the basic requirements of any VMS.

Management

The application is managed through our secure device management layer called "Call Home" where each device can be configured, updated, and managed for health at scale from the cloud. Partners can manage their entire customer base from a single portal. This should look similar to other IoT MDM applications like Cradlepoint. Along with hardware/network health we can push down connectors to data systems (like POS') and reports. Each "tennant" can be bubbled-up to the reseller level to manage ALL customers. All Identifiable Data & Video is isolated from this portal for PCI & SOC compliance. 

Happy to take any questions, thoughts or comments

Thx

Mike Matta - CEO @ Solink (www.solinkcorp.com)mmatta@solinkcorp.com

JH
John Honovich
Mar 15, 2017
IPVM

Note to all: I ok'd this before he posted. I am ok with any company posting a discussion like Mike did as long as they are ready to face and directly answer questions and criticisms.

In 2015 we pivoted the company to provide an end-to-end cloud solution rather than managing integrations with outdated DVRs/VMS' on-premise.

So you don't integrate with any VMSes or DVRs? Is anything recorded on site?

Avatar
Mike Matta
Mar 15, 2017
In reply to John Honovich

Thanks @John

We do NOT integrate with the DVR/VMS via their SDK. Some recording devices have the ability to output an RTSP stream (like HIK DVRs for example). We treat the stream like a camera (or more accurately an encoder) - taking the live stream into Solink. In order to maintain security and control over storage (local store or push to cloud) we record all video to the Hardware device (NAS) mentioned above. 

 

Avatar
Josh Hendricks
Mar 15, 2017
Milestone Systems
In reply to Mike Matta

Hi Mike, so this means any VMS which can produce an RTSP stream one way or another is likely to be compatible with your solution?

Avatar
Mike Matta
Mar 15, 2017
In reply to Josh Hendricks

@Josh

Correct.  Note that we also work with the cameras directly. Having ONVIF and native camera integrations allows us to create a profile (from our VMS) and use it for our purposes.

(2)
JH
John Honovich
Mar 15, 2017
IPVM

Mike, so what does it cost and why should one pay the premium over just having a few hundred dollar one time cost of a DVR?

Avatar
Mike Matta
Mar 15, 2017
In reply to John Honovich

@John

MSRP starts at $150/month/site (no per-camera licenses which customers told us they hate) - which would cover ~16 cameras for at least 30-days. If you want more cameras or storage it can go up from there. 

 

From our perspective... Data is the key to Loss Prevention and Video is the verification tool. In other words you find incidents ... employees or customers stealing through data. Then video provides verification of that potential issue. A DVR/VMS alone is rarely the answer and many times just too time consuming to use. Most "modules" sold by DVR/VMS companies are just bandaids. LP has to do more today with less and time is everything when your limiting resources to stop fraud and theft.
 
Our customers take what has been historically hours of search time and reduce that to as little as minutes. Another key is that LP looks for patterns over time and 30 - 90 
days of video usually comes up short. That is why a year in the cloud is important.

Hope that helps.

(1)
JH
John Honovich
Mar 15, 2017
IPVM
In reply to Mike Matta

$150/month/site

So I buy my Hikvision NVR for $150 one-time and then I pay you $150 per month forever?

So who then are you competing with - March Networks, Agilence, Verint? And what is your value proposition vs them?

(1)
Avatar
Mike Matta
Mar 16, 2017
In reply to John Honovich

@John - if you don't have a DVR you don't need to have one to use our service. There is no hardware (or software) requirement when you deploy Solink. We provide a NAS device that has our VMS pre-loaded. We can record from any IP or Analog camera (via encoder). The NAS is included in the service price.

If you need to replace your DVR we offer a solution that give you seamless integration to your data and video. You can accomplish everything you'd normally want a DVR for with the added benefit of have a data-centric solution. Essentially you get a Exception Based Reporting tool at no additional cost (or vice-versa) that scales (lots of data - traditionally it's expensive to manage database clusters). What we normally see with smaller customers is they select us initially because of video but expand  to all locations because of their ROI they see in Loss/Fraud-Prevention.

If you like your existing video solution and want to deploy Solink as an exception based reporting tool that's an alternative. We see this with larger customers who have an "EBR" budget.

Hope that helps.

JH
John Honovich
Mar 16, 2017
IPVM
In reply to Mike Matta

Nope, that does not help. You ignored my question.

Again, so who then are you competing with - March Networks, Agilence, Verint? And what is your value proposition vs them?

Avatar
Mike Matta
Mar 16, 2017
In reply to John Honovich

@John

Ouch... Let me be explicit then. We've converted customers from all of the above competitors as well as other DVR companies. However some customers like their video infrastructure -They are looking for a way to tackle shrink/fraud/losses proactively. 

In the early days of Solink, we integrated traditional DVRs to our applications to detect fraud at banks. Those integrations were built on outdated client-based SDKs. Given the scale of processing we need server-side integrations. We understand what makes a hardware (quasi-networking company) good at large 20,000 unit deployments but also what makes them "bloat-ware" for the average customer.

Solink focused on making the video interface very easy and intuitive. We wanted the heavy networking, camera configuration, health, etc to happen in the background. Most importantly we wanted Search to shine for us. We purposely separated time and location search to event search.

Our core focus was (& still is) 1) a "complete" mobile experience, 2) the best (& most comprehensive) discovery of data - we want to cannibalize "time & location search", 3) transparent cloud/local hand-off (so you are not completely hardware or cloud dependent - important events in cloud rest local) , and 4) an IoT-like managed solution (a la Nest or Meraki in Enterprise) - where customers pay for success & value not infrastructure. 

Where we lack in "Advanced" video functionality we make up for in focus on the above points - some people live in fear of cloud, and despite our best efforts to strictly manage security and compliance, they won't move over today.

I hope that (now) helps

Avatar
Harrison Mitchell
Mar 15, 2017

Mike,

Is there a form of encryption for video travelling from the NAS to the Cloud? If not, how is that video secured?

Avatar
Mike Matta
Mar 15, 2017
In reply to Harrison Mitchell

@Harrison

The transport is encrypted via TLS. When we push video from the gateway to the cloud that happens over an authenticated channel. When users commit to watch video the client uses his/her own authentication (via login) to stream video p2p over a separate encrypted channel.

Hope that helps

Avatar
Greg Thornbury
Mar 15, 2017
Facility Solutions Group, Inc. • IPVMU Certified

Mike;

I notice that you have AXIS listed as a technology partner on the website.  Do I understand correctly that if there's AXIS cameras at a site, connected to some sort of NVR/VMS, that you would 'talk' directly to the AXIS camera and not touch the NVR/VMS system at all?

Thanks,

Greg 

Avatar
Mike Matta
Mar 16, 2017
In reply to Greg Thornbury

@Greg - yes that's exactly correct. In 99% of our deployments we pull back a stream from the existing camera network. We don't touch the DVR/VMS - unless the customer is replacing it with us.

UI
Undisclosed Integrator #1
Mar 15, 2017

$150 per month, for 16 cameras for 30 days of record time, but you state that you recommend 1 year of record time. 

So what is the monthly cost for 16 cameras, with 1 year of recording?

Avatar
Mike Matta
Mar 16, 2017
In reply to Undisclosed Integrator #1

@Undisclosed

Let me clarify. We store 30 days of full-res, full-frame video locally. Everytime an event is identified (transaction, motion, etc.) we pull back a snapshot (or alternatively a clip) to the cloud. We store Cloud Events for 1+ years. That allows you to go back and see snapshots/clips of specific events or patterns of events (exceptions).

Hope that helps 

(1)
U
Undisclosed #2
Mar 16, 2017

Cool more toys! any Splunk integration on the horizon?

 

Thanks Mike Matta.

Avatar
Mike Matta
Mar 16, 2017

Thx @undisclosed 

Re Splunk. That's timely. Pm me on that. Would love to hear your thoughts on that. 

Mike 

LB
Lee Brown
Mar 18, 2017

Mike,

As a potential customer, I am attracted to your approach and agree with your perspective “Data is the key to Loss Prevention and Video is the verification tool”.

Please don't take the following as a caustic reaction to your product offering as I have these concerns for most modern IOT / Public-Cloud models.

At the moment, four questions come to mind.

  1. The authentication and transport elements you describe on your site are encouraging but I would also like to know if the POS/transaction data is stored server side using strong encryption?
  2. If the transaction data is stored encrypted is it using native OS file system encryption or is it a function of your application?
  3. Can you provide more detail on the “tennant “ and reseller portal isolation structure?
  4. Are Solink admins / devops people structurally or cryptographically isolated as well (this also seems necessary for PCI)?

Speaking only for myself, I would be far more comfortable with an “option” for running your server side software on my own deep learning AMI instance or preferably an on-premise private cloud then paying for updates / repository access. Perhaps even buying Solink DL server appliances full of Nvidia cores.

If possible, branches of the core product  offering UDP-Hole punching / peer to peer VPN would be welcome to accommodate cross network topologies for integrators / customers choosing to host outside AWS or other public infrastructure.

These kind of options would give me greater peace of mind knowing that both my transaction data and the processed results are available only to me and cannot be easily or surreptitiously side channeled to a third party.

In a nut shell –

I desire your products functionality but would ultimately abhor not having greater administrative control and audit.

 

Thanks for considering my concerns.

Avatar
Mike Matta
Mar 19, 2017
In reply to Lee Brown

Hi @Lee

Thanks for your questions. For every new customer we send a due diligence package that summarizes much of the questions below and explains (in detail) our network and data topology. Our rationale behind cloud is that we guarantee High Availability, Scale and Maintainability of our solution for all customers in a manageable way. As we improve the product everyone benefits - not just those that bought our latest release. Security is inherently a critical focus. 

To answer your specific questions:

1. Note that we collect Transaction data not payment or customer identifiable information - unless desired for a specific customer. In such cases (like banking), such fields are obfuscated - one method we use for "sensitive" fields it to apply a SALT and store the information encrypted. All outputs of this data from our API come back hashed - the information can be searched but never shown in its original form. Note that this is for specific fields tagged as "sensitive".

2. Application level encryption - stored in our datastore. Accessible only if you have valid authentication to that specific "tennant". 

3. Our representation of a Tennant is not logically separated but virtually separated in a different database cluster. To explain, most multi-tennant applications isolate customers with a field usually called CustomerID - so you may have 2 different customers with data 2 rows apart, governed only by the CustomerID. In contrast we have unique database clusters for each customer that cannot be accessed unless an authenticated user makes a request from our API. For more on Multi-tennant architectures look-up this article on how salesforce.com architects their application - https://developer.salesforce.com/page/Multi_Tenant_Architecture)

The Reseller view (CallHome) is purely a management layer without any "view" data. They can see the metadata behind device/network/transaction health but not the recorded video or event data. Some customers give their integrators a user account (via "support" user privilege - see #4) to provide additional monitoring but this is optional.

4. By default No. We have the concept of "support" users where you can request support and give temporary access to one our Success Managers to help you troubleshoot a problem.

I appreciate & echo your security concerns. We are constantly making improvements around how we manage, flow & store data. I'd love to discuss further how we can work within your constraints and see if there is a fit as a partner. Feel free to drop my an email @ mmatta@solinkcorp.com and we can get on a call.

Hope that helps

LB
Lee Brown
Mar 20, 2017

@Mike

Thanks for the detailed answers to my security concerns. I have some additional questions that relate to specific third party VMS API stuff but will save those for private communications. Be in touch soon.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions