TDSi integrates access control with perimeter security systems
TDSi integrates access control with perimeter security systems

Specialist Access Control provider TDSi is bringing together the benefits of its entry control products with other perimeter security and building services controls, by offering full interactive systems integration. Earlier in the year TDSi launched a module for true TCP/IP integration from its EXgarde PRO software suite to alarm specialist Texecom’s Premier range of Intruder Alarm panels.  The solution allows full integration to other serial based devices such as IP CCTV, TDSi’s VUgarde NVR providing visual verification of Intruder Alarms through TDSi’s EXgarde PRO. John Davies, Managing Director of TDSi, comments “Integration with Texecom has enabled TDSi to augment EXgarde PRO into a more complete and truly integrated surveillance and security system at the TCP/IP level.  The user has full control, being able to arm and disarm zones to suit the use of the building, reducing the number of false alarms triggered, and providing visual verification of alarms.” Integration provides enhanced control and offers numerous benefits, such as the ability to activate and deactivate specific panels across multiple sites, as well as individual zones of a building and the ability to monitor all Intruder Alarm events which appear in the EXgarde Pro Alarm Manager Events panel.  If an alarm is activated, CCTV can be triggered to deliver both a real time image and a 15 second pre alarm condition recording to the control room.   The integration also means users benefit from a single point of administration with the ability to monitor a log of the intruder alarm system and also reduce the numbers of false alarm and the problems associated with this. This add-on to EXgarde continues TDSi’s overall commitment to making systems integration easier. The other key features of the system include the ability to log events in EXgarde, view the alarm zones’ status “armed”/”part-armed”/”disarmed” in EXgarde, remote arm/disarm from access events and part-arm zones from access events.  These flexible features allow users to avoid costly false alarms through arming only required zones of a building, also preventing unauthorised people from accessing certain zones. TDSi also recently announced the launch of the new Harmony Security Alliance, with even broader aims to ‘Collaborate, Innovate and Protect’ across the security product offering spectrum. TDSi is partnering with exterior detection equipment specialist GJD Manufacturing and specialist in highly efficient power supplies Elmdene International Ltd - along with Texecom, to offer installers and end users an unrivalled integrated service for all security and access control needs. The Harmony Alliance also means that the partner members will co-operate and develop on-going solutions that are designed to complement each other and work together effectively, whatever the specification of the overall system that is installed. For further details on TDSi and its range of access control solutions, please visit www.tdsi.co.uk or telephone +44 (0)1202 724 999. Installers and end users who would like more information on the Harmony Alliance, and have specific project requirements, can find further details on the new dedicated website: www.harmony-alliance.com.

Add to Compare
TDSi’s EXgarde V.4 access control software reflects the increasing need for advanced integration
TDSi’s EXgarde V.4 access control software reflects the increasing need for advanced integration

In the past the Access Control industry was a relatively straightforward one. Vendors supplied access control systems to installers who in turn organised and fitted solutions which were primarily concerned with securing doorways and controlling the flow of people traffic to restricted parts of the premises. But like most parts of the security industry, the Access Control sector has evolved and the industry is looking to expand their offering to add more value for money than ever before. For some this would have been unthinkable even a few years ago, but now successful companies have to think outside the traditional boundaries to meet the constantly evolving expectations of the market. Integration is a word that is mentioned time and time again in relation to Access Control – and with good reason! The IP revolution has become just as central to this sector as the rest of the security and wider technology world and has shaped the expectations of customers. Far from being a novelty, any system that doesn’t integrate with other IP systems at some level is now considered unusual. The move towards integration means that mutually communicative systems are essential, with the likes of Microsoft Active Directory becoming a central hub to all kinds of company systems from security to Human Resources and Facilities Management systems. As an extension to this, there are also demands for solutions that can still incorporate older legacy systems, which in all likelihood would never have been designed with this kind of integration in mind. For example, a company that has a large installation of analogue CCTV cameras (which may well still have a high degree of their effective lifecycle remaining) is unlikely to want to tear them all out in favour of more modern IP megapixel cameras, just for the sake of having new ones. Modern integrated systems can deal with these integration issues, but it is something that installers need to be sympathetic to, offering solutions that will save their customers wasting budget and will offer tailor-made, highly relevant solutions. The modern business world is largely responsible for driving the need for integration. Security and the ability to monitor and prove it are high priorities, but so is doing it effectively on tighter budgets. Rather than seeing it as a potential stumbling block, the Access Control industry needs to see the opportunities to offer customers a sizable and crucial part of the wider security offering. Schools are a good example of the need to integrate all the security systems to protect potentially vulnerable users. Modern educational establishments usually use a dedicated Schools Information Management Systems (SIMS) which gives a single point of administration and reference. With this at the heart of the establishment, the opportunities and benefits from creating a two way communication between the SIMS and the access control systems is obvious. For an installer there may be a temptation to sell the school a simple, standalone access system (particularly when budgets are under such close scrutiny), that offers lower upfront costs with a simpler installation process - yet there is a superb opportunity to offer a hard working solution that may cost more up front, but will really make good use of existing systems, offering far bigger rewards and helping to future-proof itself for considerably longer. The concept of thinking outside the box can apply on many levels. Access Control is closely linked to security and yet an integrated system can be as much a part of the management of the wider buildings’ control systems. If a people counter system can be used to ensure perimeter security access isn’t breached, then why not use it to control heating and ventilation? Closely controlling these systems minimises the waste of resources whilst ensuring users still get the services they need. Another area that is ripe for the help of Access Control as a value-add is Health and Safety. Being able to monitor the number of people who enter a controlled area also means a close eye can be kept on occupancy. Not only can this control the access of unauthorised people, it also monitors if a lone worker is present in a potentially hazardous area for example, alerting other members of the team that there may be a risk to their safety. Linked to this, it can also be an integral part of compliance, logging when staff are present in a hospital or a prison for example, integrating directly with the employment management system to provide highly accurate and secure information. The humble MIFARE card is another industry standard that can actually offer users a great degree of flexibility and empowerment beyond its Access Control role. The secure identity information held on the card can easily be accompanied by additional authentication details which are just as safe. Businesses or organisations that require a number of different secure functions (such as a university campus for example – which may offer library, gym membership and EPOS systems for retail) can use a MIFARE card as a single confirmation token. The appeal for our customers is that it reduces cost by utilising existing system investments to provide new services, whilst being relatively simple to implement. These examples of ‘Thinking outside the box’ could just be the tip of the iceberg as new technologies are waiting to grab the market. Near Field Communications are rapidly coming into focus as a security tool, building upon the popularity of smartphones and mobile devices on which they are deployed. This is an exciting technology as it utilises a ubiquitous everyday device to offer secure and convenient authentication which as mentioned above, can have a myriad of different uses well beyond the traditional access control arena. Biometric authentication is another area that is coming on in leaps and bounds. Being able to use a fingerprint, retina scan, facial recognition, sub dermal scan or even the analysis of the circulatory system, frees users from having to carry a token and yet offers even tighter levels of security. These levels of security will make it even easier to integrate different systems and the idea of limiting the potential of access control will seem like an anarchistic relic of a bygone age.  

Add to Compare
TDSi announces new MIFARE Programmer tool
TDSi announces new MIFARE Programmer tool

Access control specialist TDSi has launched its new MIFARE Programmer, which offers users the ability to specify their own sectors and keys on their MIFARE access cards. Together with the ability to re-configure TDSi's standard sector readers to any desired code (without the need for any other parties to be involved), the MIFARE Programmer ensures confidentiality of security data and access control.To make sure it doesn't inadvertently become a weak point of security itself, TDSi's MIFARE Programmer uses a highly secure user login to protect the ability to programme user cards from unauthorised users. Having control of MIFARE security details also offers a number of other key benefits:  Use pre-assigned sequential numbers - The MIFARE Programmer provides an effective method of card programming which eliminates potential duplication problems, Read and identify existing cards - users can identify existing cards and sector usage before migrating existing system cards, Log all cards issued - The MIFARE Programmer provides a history of cards which have been issued (for future reference), Multiple card number options - The user can utilise a unique number, custom number or CSN to program a sector, providing increased flexibility, Dual decode options - The MIFARE Programmer allows users to decode the new 7 byte UID using TDSi's format or NXP's format, for increased flexibility, Check which sectors are used - This built-in function allows users to check which sectors have already been used. This is ideal if you want to migrate existing MIFARE CSN cards that may be utilised for other aspects (such as cashless vending) to a more secure sector operation. TDSi's John Davies comments on the MIFARE Programmer, "For companies that need the highest levels of protection; the ability to protect your security codes across the board is a very attractive proposition. Being able to programme your own MIFARE cards and readers means you can close a potential gap in security that comes from pre-programmed systems. We believe this is a unique solution that offers real peace of mind. It has been developed from feedback we have had from installers and users, who advised that it would be highly desirable choice for both security and convenience."

Add to Compare

Browse Access Control Softwares

Access control software - Expert commentary

New Year's Resolutions to counter web and mobile application security breaches in 2019
New Year's Resolutions to counter web and mobile application security breaches in 2019

With the coming of a New Year, we know these things to be certain: death, taxes, and… security breaches. No doubt, some of you are making personal resolutions to improve your physical and financial health. But what about your organisation’s web and mobile application security? Any set of New Year’s resolutions is incomplete without plans for protecting some of the most important customer touch points you have — web and mobile apps. Every year, data breaches grow in scope and impact. Security professionals have largely accepted the inevitability of a breach and are shifting their defense-in-depth strategy by including a goal to reduce their time-to-detect and time-to-respond to an attack. Despite these efforts, we haven’t seen the end of headline-grabbing data breaches like recent ones affecting brands such as Marriott, Air Canada, British Airways and Ticketmaster. App-level threats The apps that control or drive these new innovations have become today’s endpoint The truth of the matter is that the complexity of an organisation’s IT environment is dynamic and growing. As new technologies and products go from production into the real world, there will invariably be some areas that are less protected than others. The apps that control or drive these new innovations have become today’s endpoint — they are the first customer touch point for many organisations. Bad actors have realised that apps contain a treasure trove of information, and because they are often left unprotected, offer attackers easier access to data directly from the app or via attacks directed at back office systems. That’s why it’s imperative that security organisations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise. It’s imperative that security organisations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise In-progress attack detection Unfortunately, the capability to detect in-progress attacks at the app level is an area that IT and security teams have yet to address. This became painfully obvious in light of the recent Magecart attacks leveraged against British Airways and Ticketmaster, among others. Thanks to research by RiskIQ and Volexity, we know that the Magecart attacks target the web app client-side. During a Magecart attack, the transaction processes are otherwise undisturbed Attackers gained write access to app code, either by compromising or using stolen credentials, and then inserted a digital card skimmer into the web app. When customers visited the infected web sites and completed a payment form, the digital card skimmer was activated where it intercepted payment card data and transmitted it to the attacker(s). Data exfiltration detection During a Magecart attack, the transaction processes are otherwise undisturbed. The target companies receive payment, and customers receive the services or goods they purchased. As a result, no one is wise to a breach — until some 380,000 customers are impacted, as in the case of the attack against British Airways. The target companies’ web application firewalls and data loss prevention systems didn’t detect the data exfiltration because those controls don’t monitor or protect front-end code. Instead, they watch traffic going to and from servers. In the case of the Magecart attacks, the organisation was compromised and data was stolen before it even got to the network or servers. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications Best practice resolutions The Magecart attacks highlight the need to apply the same vigilance and best practices to web and mobile application source code that organisations apply to their networks—which brings us to this year’s New Year’s resolutions for protecting your app source code in 2019: Alert The key to success is quickly understanding when and how an app is being attacked First, organisations must obtain real-time visibility into their application threat landscape given they are operating in a zero-trust environment. Similar to how your organisation monitors the network and the systems connected to it, you must be able to monitor your apps. This will allow you to see what users are doing with your code so that you can customise protection to counter attacks your app faces. Throughout the app’s lifecycle, you can respond to malicious behavior early, quarantine suspicious accounts, and make continuous code modifications to stay a step ahead of new attacks. Protect Next, informed by threat analytics, adapt your application source code protection. Deter attackers from analysing or reverse engineering application code through obfuscation. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications. If an attacker tries to understand app operation though the use of a debugger or in the unlikely event an attacker manages to get past obfuscation, threat analytics will alert you to the malicious activity while your app begins to self-repair attacked source code or disable portions of the affected web app. The key to success is quickly understanding when and how an app is being attacked and taking rapid action to limit the risk of data theft and exfiltration. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organisation’s health and well-being in 2019 Encrypt Finally, access to local digital content and data, as well as communications with back office systems, should be protected by encryption as a second line of defense, after implementing app protection to guard against piracy and theft. However, the single point of failure remains the instance at which the decryption key is used. Effective encryption requires a sophisticated implementation of White-Box Cryptography This point is easily identifiable through signature patterns and cryptographic routines. Once found, an attacker can easily navigate to where the keys are constructed in memory and exploit them. Effective encryption requires a sophisticated implementation of White-Box Cryptography. One that combines a mathematical algorithm with data and code obfuscation techniques transforming cryptographic keys and related operations into indecipherable text strings. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organisation’s health and well-being in 2019. Protecting applications against data breach According to the most recent Cost of a Data Breach Study by the Ponemon Institute, a single breach costs an average of $3.86 million, not to mention the disruption to productivity across the organisation. In 2019, we can count on seeing more breaches and ever-escalating costs. It seems that setting—and fulfilling—New Year’s resolutions to protect your applications has the potential to impact more than just your risk of a data breach. It can protect your company’s financial and corporate health as well. So, what are you waiting for?

How organisations can secure user credentials from data breaches and password hacks
How organisations can secure user credentials from data breaches and password hacks

In the age of massive data breaches, phishing attacks and password hacks, user credentials are increasingly unsafe. So how can organisations secure accounts without making life more difficult for users? Marc Vanmaele, CEO of TrustBuilder, explains. User credentials give us a sense of security. Users select their password, it's personal and memorable to them, and it's likely that it includes special characters and numbers for added security. Sadly, this sense is most likely false. If it's anything like the 5.4 billion user IDs on haveibeenpwned.com, their login has already been compromised. If it's not listed, it could be soon. Recent estimates state that 8 million more credentials are compromised every day. Ensuring safe access Data breaches, ransomware and phishing campaigns are increasingly easy to pull off. Cyber criminals can easily find the tools they need on Google with little to no technical knowledge. Breached passwords are readily available to cyber criminals on the internet. Those that haven’t been breached can also be guessed, phished or cracked using one of the many “brute-force” tools available on the internet. It's becoming clear that login credentials are no longer enough to secure your users' accounts. Meanwhile, organisations have a responsibility and an ever-stricter legal obligation to protect their users’ sensitive data. This makes ensuring safe access to the services they need challenging, particularly when trying to provide a user experience that won’t cause frustration – or worse, lose your customers’ interest. After GDPR was implemented across the European Union, organisations could face a fine of up to €20 million, or 4% annual global turnover Importance of data protection So how can businesses ensure their users can safely and simply access the services they need while keeping intruders out, and why is it so important to strike that balance? After GDPR was implemented across the European Union, organisations could face a fine of up to €20 million, or 4% annual global turnover – whichever is higher, should they seriously fail to comply with their data protection obligations. This alone was enough to prompt many organisations to get serious about their user’s security. Still, not every business followed suit. Cloud security risks Breaches were most commonly identified in organisations using cloud computing or where staff use personal devices According to a recent survey conducted at Infosecurity Europe, more than a quarter of organisations did not feel ready to comply with GDPR in August 2018 – three months after the compliance deadline. Meanwhile, according to the UK Government’s 2018 Cyber Security Breaches survey, 45% of businesses reported breaches or attacks in the last 12 months. According to the report, logins are less secure when accessing services in the cloud where they aren't protected by enterprise firewalls and security systems. Moreover, breaches were most commonly identified in organisations using cloud computing or where staff use personal devices (known as BYOD). According to the survey, 61% of UK organisations use cloud-based services. The figure is higher in banking and finance (74%), IT and communications (81%) and education (75%). Additionally, 45% of businesses have BYOD. This indicates a precarious situation. The majority of businesses hold personal data on users electronically and may be placing users at risk if their IT environments are not adequately protected. Hackers have developed a wide range of tools to crack passwords, and these are readily available within a couple of clicks on a search engine Hacking methodology In a recent exposé on LifeHacker, Internet standards expert John Pozadzides revealed multiple methods hackers use to bypass even the most secure passwords. According to John’s revelations, 20% of passwords are simple enough to guess using easily accessible information. But that doesn’t leave the remaining 80% safe. Hackers have developed a wide range of tools to crack passwords, and these are readily available within a couple of clicks on a search engine. Brute force attacks are one of the easiest methods, but criminals also use increasingly sophisticated phishing campaigns to fool users into handing over their passwords. Users expect organisations to protect their passwords and keep intruders out of their accounts Once a threat actor has access to one password, they can easily gain access to multiple accounts. This is because, according to Mashable, 87% of users aged 18-30 and 81% of users aged 31+ reuse the same passwords across multiple accounts. It’s becoming clear that passwords are no longer enough to keep online accounts secure. Securing data with simplicity Users expect organisations to protect their passwords and keep intruders out of their accounts. As a result of a data breach, companies will of course suffer financial losses through fines and remediation costs. Beyond the immediate financial repercussions, however, the reputational damage can be seriously costly. A recent Gemalto study showed that 44% of consumers would leave their bank in the event of a security breach, and 38% would switch to a competitor offering a better service. Simplicity is equally important, however. For example, if it’s not delivered in ecommerce, one in three customers will abandon their purchase – as a recent report by Magnetic North revealed. If a login process is confusing, staff may be tempted to help themselves access the information they need by slipping out of secure habits. They may write their passwords down, share them with other members of staff, and may be more susceptible to social engineering attacks. So how do organisations strike the right balance? For many, Identity and Access Management solutions help to deliver secure access across the entire estate. It’s important though that these enable simplicity for the organisation, as well as users. Organisations need an IAM solution that will adapt to both of these factors, providing them with the ability to apply tough access policies when and where they are needed and prioritising swift access where it’s safe to do so Flexible IAM While IAM is highly recommended, organisations should seek solutions that offer the flexibility to define their own balance between a seamless end-user journey and the need for a high level of identity assurance. Organisations’ identity management requirements will change over time. So too will their IT environments. Organisations need an IAM solution that will adapt to both of these factors, providing them with the ability to apply tough access policies when and where they are needed and prioritising swift access where it’s safe to do so. Importantly, the best solutions will be those that enable this flexibility without spending significant time and resource each time adaptations need to be made. Those that do will provide the best return on investment for organisations looking to keep intruders at bay, while enabling users to log in safely and simply.

The many faces of today's facial recognition technology
The many faces of today's facial recognition technology

The use of facial recognition has become a highly debated topic recently, and has increasingly and misleadingly been criticised by some for being an unethical tool used to spy on the public. The reason for such criticism is however largely due to lack of information and regulation around the technology. Used proportionately and responsibly, facial recognition can and should be a force for good. It has the ability to do a lot more to increase security in the future – from street crime to airport security, all the way through to helping those battling addiction, the technology can take security and operations to new heights. These systems can memorise the faces of persons of interest, networks of gang members, wanted criminals and those suspected of involvement in serious violent crimes The rise in knife crime Knife crime has dominated the headlines in the UK throughout the year. Recent statistics show the number of people being admitted to emergency care due to attacks by a sharp object to be up by nearly 40 per cent from two years ago, whilst the number of children under the age of 18 being admitted to hospitals with stab wounds is up by 86 per cent in only four years. This recent surge in knife crime has put police forces under immense pressure, and the intelligent use of facial recognition has a role to play in enabling more informed stop & search interventions. Currently UK police can stop and search an individual they suspect to be carrying drugs or weapons or both, or they can stop and search a person in a location where there have been or are considered likely to be “incidents involving serious violence.” In both cases they must do so with access to limited information, leaving themselves open to accusations of bias or discrimination. Knife crime dominated the headlines in the UK throughout 2018 Police systems benefiting crime investigations This is where facial recognition can offer up additional intelligence. These systems can memorise the faces of persons of interest, networks of gang members, wanted criminals and those suspected of involvement in serious violent crimes. Furthermore, these systems don’t need prior personal engagement to recognise an individual and see only data, not gender, age or race. Facial recognition thus helps eliminate both weapons and criminals off the streets and potentially prevent crimes before they have a chance to take place. The technology doesn’t take the decision away from the human police officer. However, it does bring greater transparency and context to the decision-making process of whether a stop and search intervention is justified.  Similarly, the advanced technology can recognise and match an individual seen on a CCTV camera at a crime scene to someone the police encounters on the streets some time later, justifying a stop and search on that individual. Its ability to check in real time if a person is on a criminal watchlist adds an extra layer to the decision-making process prior to conducting a stop and search, lowering the likelihood of discrimination. Facial recognition thus helps eliminate both weapons and criminals off the streets and potentially prevent crimes before they have a chance to take place. Gambling addiction and how facial recognition can help There are an estimated 593,000 people in the UK currently battling a gambling problem, making it a serious public health issue in the country. Having understood the gravity of the issue, the UK gambling commission have set limits and advice in place to help those suffering this addiction; yet as with all addictions, gambling is a tough habit to beat. In order to put effective limitations in place and make a real difference, the gambling commission needs the right technology to protect those most vulnerable in the industry.   Facial recognition technology is able to keep track of customers and thus help gambling companies in protecting their customers Facial recognition technology is able to keep track of customers and thus help gambling companies in protecting their customers to a higher degree. Monitoring those entering and moving around gambling areas is an extremely difficult task for human staff to do alone, especially in large crowded areas such as casinos. Facial recognition technology installed around the premises would be able to help the company and the staff to identify people who have registered as gambling addicts, and keep record of their day’s play in order to inform staff if and when it was time for them to stop. It would also be able to ensure effective self-exclusion procedures, by identifying a self-excluded individual via CCTV as soon as they entered the venue to then allow security staff to respectfully escort them out. Utilising facial recognition at airport security Facial recognition has by now become a normal sight at many airports around the world. Several people today hold a so-called biometric passport, which allows them to skip the normally longer queues and instead walk through an automated ePassport control to proceed to the gate faster without having to deal with control officers. Facial recognition used in this way has managed to significantly cut waiting times at the passport control, but it also has the ability to enhance security in and around airports. Facial recognition uses algorithms to match physical characteristics against photos and videos of people's faces Earlier this year, facial recognition technology managed to catch an imposter trying to enter the US at the Washington Dulles Airport. The false passport may have been uncaught by the human eye, yet due to the accuracy of the facial recognition technology it managed to help officers catch the imposter and bring him to justice. Facial recognition thus allows officers to identify an individual faster and more accurately than the human eye. Facial recognition uses algorithms to match physical characteristics against photos and videos of people's faces, which have been collected from visas, passports and other sources.   Facial recognition allows officers to identify an individual faster and more accurately than the human eye At airports the use of facial recognition has proved to both enhance security as well as speed up processes such as check-inWhilst some critics may worry about issues of privacy related to the technology, at airports the use of facial recognition has proved to both enhance security as well as speed up processes such as check-in and, in the future, even boarding proceedings. If used correctly and proportionately, facial recognition can help safeguard the public and improve national security on several fronts. Whilst the many benefits of facial recognition are evident, the lack of regulation and understanding of the technology has led to misconception around how it works and what it is used for. Facial recognition technology can match faces in crowded public places against criminal watch lists, and register faces that match with those on criminal watch lists – whilst ignoring everyone else.