MAXxess Access Control Softwares

Insider threat programmes started with counter-espionage cases in the government. Today, insider threat programmes have become a more common practice in all industries, as companies understand the risks associated with not having one. To build a programme, you must first understand what an insider threat is. An insider threat is an employee, contractor, visitor or other insider who have been granted physical or logical access to a company that can cause extensive damage. Damage ranges from emotional or physical injury, to personnel, financial and reputational loss to data loss/manipulation or destruction of assets. Financial and confidential information While malicious insiders only make up 22% of the threats, they have the most impact on an organisation Most threats are derived from the accidental insider. For example, it’s the person who is working on a competitive sales pitch on an airplane and is plugging in financial and confidential information. They are working hard, yet their company’s information is exposed to everyone around them. Another type of insider, the compromised insider, is the person who accidentally downloaded malware when clicking on a fake, urgent email, exposing their information. Malicious insiders cause the greatest concerns. These are the rogue employees who may feel threatened. They may turn violent or take action to damage the company. Or you have the criminal actor employees who are truly malicious and have been hired or bribed by another company to gather intel. Their goal is to gather data and assets to cause damage for a specific purpose. While malicious insiders only make up 22% of the threats, they have the most impact on an organisation. They can cause brand and financial damage, along with physical and mental damage. Insider threat programme Once you determine you need an insider threat programme, you need to build a business case and support it with requirements. Depending on your industry, you can start with regulatory requirements such as HIPAA, NERC CIP, PCI, etc. Talk to your regulator and get their input. Everyone needs to be onboard, understand the intricacies of enacting a programme Next, get a top to bottom risk assessment to learn your organisation’s risks. A risk assessment will help you prioritise your risks and provide recommendations about what you need to include in your programme. Begin by meeting with senior leadership, including your CEO to discuss expectations. Creating an insider threat programme will change the company culture, and the CEO must understand the gravity of his/her decision before moving forward. Everyone needs to be onboard, understand the intricacies of enacting a programme and support it before its implemented. Determining the level of monitoring The size and complexity of your company will determine the type of programme needed. One size does not fit all. It will determine what technologies are required and how much personnel is needed to execute the programme. The company must determine what level of monitoring is needed to meet their goals. After the leadership team decides, form a steering committee that includes someone from legal, HR and IT. Other departments can join as necessary. This team sets up the structure, lays out the plan, determines the budget and what type of technologies are needed. For small companies, the best value is education. Educate your employees about the programme, build the culture and promote awareness. Teach employees about the behaviours you are looking for and how to report them. Behavioural analysis software Every company is different and you need to determine what will gain employee support The steering committee will need to decide what is out of scope. Every company is different and you need to determine what will gain employee support. The tools put in place cannot monitor employee productivity (web surfing). That is out of scope and will disrupt the company culture. What technology does your organisation need to detect insider threats? Organisations need software solutions that monitor, aggregate and analyse data to identify potential threats. Behavioural analysis software looks at patterns of behaviour and identifies anomalies. Use business intelligence/data analytics solutions to solve this challenge. This solution learns the normal behaviour of people and notifies security staff when behaviour changes. This is done by setting a set risk score. Once the score crosses a determined threshold, an alert is triggered. Case and incident management tools Predictive analytics technology reviews behaviours and identifies sensitive areas of companies (pharmacies, server rooms) or files (HR, finance, development). If it sees anomalous behaviour, it can predict behaviours. It can determine if someone is going to take data. It helps companies take steps to get ahead of bad behaviour. If an employee sends hostile emails, they are picked up and an alert is triggered User sentiment detection software can work in real time. If an employee sends hostile emails, they are picked up and an alert is triggered. The SOC and HR are notified and security dispatched. Depending on how a company has this process set-up, it could potentially save lives. Now that your organisation has all this data, how do you pull it together? Case and incident management tools can pool data points and create threat dashboards. Cyber detection system with access control An integrated security system is recommended to be successful. It will eliminate bubbles and share data to see real-time patterns. If HR, security and compliance departments are doing investigations, they can consolidate systems into the same tool to have better data aggregation. Companies can link their IT/cyber detection system with access control. Deploying a true, integrated, open system provides a better insider threat programme. Big companies should invest in trained counterintelligence investigators to operate the programme. They can help identify the sensitive areas, identify who the people are that have the most access to them, or are in a position to do the greatest amount of harm to the company and who to put mitigation plans around to protect them. They also run the investigations. Potential risky behaviour Using the right technology along with thorough processes will result in a successful programme You need to detect which individuals are interacting with information systems that pose the greatest potential risk. You need to rapidly and thoroughly understand the user’s potential risky behaviour and the context around it. Context is important. You need to decide what to investigate and make it clear to employees. Otherwise you will create a negative culture at your company. Develop a security-aware culture. Involve the crowd. Get an app so if someone sees something they can say something. IT should not run the insider threat programme. IT is the most privileged department in an organisation. If something goes wrong with an IT person, they have the most ability to do harm and cover their tracks. They need to be an important partner, but don’t let them have ownership and don’t let their administrators have access. Educating your employees and creating a positive culture around an insider threat programme takes time and patience. Using the right technology along with thorough processes will result in a successful programme. It’s okay to start small and build.

Growing up, I was surrounded by the military way of life as my father was a Captain in the Marine Corps during the Vietnam War and my grandfather and uncles all served in the military. Even from a young age, I knew I was going to serve our country. My 22-year career in the military includes serving in the United States Air Force, the California Air National Guard and as a reservist assigned to an active-duty Air Force unit. Training and development operations Over the course of my military career, I held a variety of assignments from starting out as a Gate Guard to becoming a Flight Chief and Non-Commissioned Officer in Charge (NCOIC) of a Security Forces section. I retired from the military as a Master Sergeant. After my deployment to Afghanistan, I joined Allied Universal as a security director. My 17-year career at Allied Universal encompasses roles including Service Manager and General Manager at the West Los Angeles Branch and leading the Training and Development operations and Fire Life Safety Division. In 2008, I was tasked to develop and implement the company’s Healthcare Division. Attaining meaningful employment opportunities Below are just a few reasons why the physical security sector is a natural fit for military veterans: Self-Discipline and Organisation Coveted in Security Sector - I believe that the skills learned in the military, such as self-discipline and organisation, have provided the necessary tools to be successful. I truly enjoy working with other veterans at my company as we all know that we can count on each other to get the job done right. This bond and sense of commitment to each other is always there. Multi-faceted Career Paths Available - The security sector also offers veterans the ability to attain meaningful employment opportunities with multi-faceted career paths. A veteran’s background and experience are highly valued in this sector and there are many positions to match our skill sets and expertise. The responsibility we have for those in our charge is really not any different than what we have learned in the military. Team Players - Teamwork is a lesson all military veterans learn. In the military, you live and work together, and are taught to support your team members and efficiently collaborate with the people around you. This is an invaluable skill in the security sector whether you are seeking an entry level or management position. No Military to Civilian Decoder Needed - Veterans need a ‘military to civilian decoder’ system to help explain the significance of their military skills and how they translate to the general employment landscape. The physical security sector, however, understands the language of the military and don’t generally require that military responsibilities be coded into language that non-military can understand. Securing mid-level appointments The physical security sector features a wide variety of jobs from entry level, middle management to senior positions. A retired veteran with a pension may look to the security sector for part-time or full-time entry level work. Other former military, who are not eligible for retirement benefits, may secure mid-level appointments with the goal of climbing the ladder to the highest rungs. The flexibility and opportunity are unparalleled in the security sector. Veterans generally enter the workforce with identifiable skills that can be transferred to the physical security world and are often skilled in technical trends pertinent to business and industry. And what they don't know, they are eager to learn - making them receptive and ready hires in physical security environments that value ongoing learning and training.

The jury is in: traditional security is out — and it’s being replaced with service-based solutions. The bottom line is: if you’re not embracing it, you’ll soon be left behind. XaaS — the collective term referring to the delivery of anything as a service — includes all services made possible through the use of the cloud. Security-as-a-Service (SaaS), which encompasses any type of system from access control to video surveillance, has paved the way for users to gain significant functionality and scalability not previously experienced with more traditional methods. Complicated IT functions SaaS allows manufacturers to provide numerous benefits to their customers As such, there is a marked transition for manufacturers from simply designing and building products to providing a service rooted in a partner- and customer-centric focus. This change hasn’t come easily. Some are still holding out and waiting for the “fad” to pass. However, the potential advantages for all parties involved far outweigh the perceived negative points. First and foremost, SaaS allows manufacturers to provide numerous benefits to their customers. An “as-a-service” model shifts the burden of data maintenance and infrastructure spending to an integrator/dealer partner or service provider. This relieves the end user of the expertise necessary to implement complicated IT functions to keep networked and on-premise solutions up-to-date. Traditional security systems Additionally, end users demand solid customer service. For some end users, traditional security systems are so similar in features and functionality that the key differentiator is the ability of the integrator or manufacturer to provide exceptional customer service and training. This is made possible through the service-based model, where customers appreciate a strong relationship with their integrator or manufacturer that provides them with additional knowledge and assistance when necessary. The cloud has proven to be  highly functional, flexible, and convenient for organisations Everyone also wants convenience. In the consumer market, we invest in things like meals that are pre-measured, prepped, and ready to be cooked, or companies that auto-ship dog food to our door each month. This ease-of-use translates over to the B2B market, where time is money and systems that save valuable resources are highly regarded. The role of the cloud The cloud has proven to be a highly functional, flexible, and convenient method for organisations to leverage as part of their strategies to protect and modernise their facilities. And the service-based nature lends itself well; forward-thinking integrators and dealers can diversify their product arsenal while still capitalising on a recurring monthly revenue model (RMR). But then why has there been so much resistance to this change? Over the last 10 to 15 years, the cloud has gotten a bad rap for a myriad of reasons, including usability, management, and unreliability. However, that view of the cloud is changing for the positive as the technology becomes more advanced and innovators learn more about what it means to design a product or service with security at its core. "As-a-service” platform For example, one of the biggest misconceptions that plagues the cloud is the idea that it is not secure. However, the security of public cloud service providers is integral to their success because their business depends on it. Developing an ongoing and trustworthy relationship with customers can only be made possible through the assurance that their services are safe and the customer’s data is protected. As such, they’ve embraced the service-based model that is, at its core, the future of the business world as we know it. There isn’t a person, manufacturer, or integrator partner out there today who isn’t somehow touched or influenced by an “as-a-service” platform. And it’s about time the service-based model that leverages the public cloud reaches the masses.

Transforming the way security teams monitor, manage and control multiple systems, Maxxess is launching its new, open-architecture InSite solution at IFSEC International, (London ExCel 18-20 June, stand IF2120). Maxxess InSite is a cyber-secure, cloud-based service that has been developed to give organisations impressive new levels of situational awareness and allow the most rapid, coordinated response to wide range of incidents, both emergency and non-emergency. InSite can pull data from a wide array of security and safety systems and infrastructure thanks to its open-architecture design. Applications range from device fault monitoring, maintenance tracking and reporting, to incident handling and emergency response coordination.  Effective coordination during emergency InSite doesn’t simply integrate disparate systems, it unifies their capabilities and makes them more powerful in use"For large organisations, or those with complex sites or multiple premises to manage, InSite reduces complexity and allows seamless central control. It lets day-to-day operations to be managed more efficiently, identifying problems early and reducing risks, and it enables more effective coordination during emergency incidents. “InSite doesn’t simply integrate disparate systems, it unifies their capabilities and makes them more powerful in use,” said Lee Copland, Managing Director, Maxxess EMEA. “InSite pulls together critical security infrastructure and systems – everything from cameras to door controls - bringing everything under a single operating umbrella, and unifying their functions to allow rapid communications, analysis and action.” eFusion security management platform Ambit allows system controllers to link with remote personnel via their personal devicesInSite joins Maxxess’s full suite of advanced control solutions, including the Ambit family of mobile apps and the eFusion security management platform. Ambit allows system controllers to link with remote personnel via their personal devices, enabling alerts, notifications, status assessment and functions including video surveillance support. And eFusion integrates seamlessly with more than 60 off-the-shelf systems from leading vendors, including surveillance, access control, fire and intruder systems with back-office processes. For managers and teams that need to be mobile, the Maxxess MX+ client gives secure web access to eFusion controls and functions via smartphones and tablets. The full suite of Maxxess technologies will be on show at IFSEC, providing complete solutions for organisations looking to streamline their operations and improve control of multi-system infrastructure.

Maxxess will be at Intersec 2019 showcasing its latest advances in corporate risk reduction, improved people management and smarter hospitality access solutions - including new releases in its popular eFusion and Ambit solutions. eFusion security management The latest version of the VisitorPoint module within the eFusion security management platform will be showcased, offering a host of new streamlined functions for efficient people and visitor management. Harnessing current advances in cloud computing and mobile communications, VisitorPoint is being used at premises from hotels and campuses to corporate headquarters. It allows the whole process of visitor management to be streamlined in a way never previously possible. For example, it lets guests’ phones be used as access credentials, making it a perfect alternative to room keys in the hospitality sector. Compatibility of the VisitorPoint system with ASSA Abloy Hospitality products has proved to be particularly popular with hotels. VisitorPoint System VisitorPoint is also ideal for busy hotel reception teams who need to keep across who is entering the premises VisitorPoint is also ideal for busy hotel reception teams who need to keep across who is entering the premises. With the latest version of VisitorPoint, users can easily view pre-registered visitors in advance; manage and sign-in large groups in seconds; book meeting rooms; manage visitor car parking; and automate notifications and messaging. Now organisations can go even further in streamlining their people and diary management processes, thanks to integration with Outlook and Google calendars. A new VIP feature allows automatically tailored welcomes for specified guests and/or groups; and a QR Scan App allows visitors and VIPS to be immediately verified. In addition, a new, sleek self-service kiosk will be unveiled at the show, which is ideal for positioning in hotels and high-end corporate lobbies. Open-technology systems integration Meanwhile, with its versatile, open-technology software eFusion is proving a practical alternative to costly or complex conventional PSIM solutions. It offers the advantages of a modular, building block approach and gives users the freedom to integrate, customise and adapt their security systems to meet both current needs and emerging risks. Ensuring compatibility with leading surveillance, intruder, access and fire detection systems, eFusion now supports more than 60 off-the-shelf integrations and several important additions are confirmed for the show. These latest integrations include Jaquies IP intercom hardware; the mobile phone app GuardPoint; and the Metra locker system hardware. “For users who want control and better value from their security investments, eFusion with its expanding choice of integrations is the ideal management platform”, says Lee Copland, Managing Director, Maxxess EMEA. Smart, open infrastructure The eFusion platform allows legacy systems to be transformed into a smart, open infrastructure and extends the life of equipment" “The eFusion platform allows legacy systems to be transformed into a smart, open infrastructure and extends the life of equipment. Our technology is proving particularly popular because it gives users all the advantages of advanced PSIM without the associated cost or complexity.” eFusion can be easily scaled from one site to multiple sites globally and it can connect stand-alone systems for easy upgrades such as retro-fits with existing hardware. Network monitoring for public safety Also on show, Ambit allows security controllers to communicate directly with both individuals and groups and to monitor the safety of everyone on site (or on multiple sites), for example employees, residents, visitors, or contractors. Now Ambit users will benefit from direct notification of a wide range of risks thanks to a new integration with the NC4 incident alert service. NC4 monitors risks and issues alerts in real time, covering potential threats ranging from terrorist incidents to weather events, from civil disruption to cyber-attacks. With this new integration, as N4C alerts arise they will be filtered by proximity/relevance and directly sent to Ambit users. Lone worker monitoring   Visitors to the Maxxess stand will also learn how Ambit’s latest life-saving technology comes with a choice of applications tailored to the user’s needs. For example, it can allow lone-worker monitoring; courtesy communications and remote escorting after-hours; panic alarm features; and individualised messaging during incidents. It can help security teams co-ordinate and work more effectively with emergency responders too as well as improving the efficiency of day-to-day operations.  We are well positioned to further capitalise on major infrastructure projects across the region such as hotels and leisure" With new customers and projects including Bluewater Island, TAJ Hotel & Residences JLT Dubai, TAJ Hotel & Palace on Palm Jumeirah, the Emirates Nuclear Energy Corporation, Emirates Flight Catering Extension, the Jewel of the Creek and Yahsat, 2019 will be an exciting year of growth for Maxxess in the Middle East.  Maxxess expands Middle East reach  “We are well positioned to further capitalise on major infrastructure projects across the region such as hotels and leisure. The demand for increased operational efficiencies across the MENA region has seen many organisations look to automate tasks and at the same time mitigate against the potential for human error. This is evident in the demand we’re seeing for streamlined visitor management, the elimination of keys and better optimised workforces across security and facilities management functions.”, said Lee Copland, Managing Director, Maxxess EMEA. He adds, “And as real-world applications for artificial intelligence become a reality, we are continuing to collaborate with our world leading video surveillance partners to bring these advanced analytics into the eFusion platform. Meanwhile, we will continue to support our customers in complying with revised fire and safety codes and new security regulations.” 

VisitorPoint from Maxxess is a smart visitor management solution that offers an easy but powerful upgrade for a wide range of users. For those needing to replace a basic signing-in book for the first time, VisitorPoint is an attractive, user-friendly solution with a choice of useful features. And for larger organisations looking for a multi-site visitor management solution, it provides control and audit features that are future proof, flexible, and designed to complement security, fire and building management operations. It can be integrated with Maxxess software and eFusion range of modules, or adapted with a customised integration, plus it allows users to manage everything from visitor pre-registration, to SMS notification, identity verification and car park occupancy. Easy & efficient visitor management Putting more control in the hands of front-of-house teams, VisitorPoint allows pre-registered visitors to be viewed any time in advance. Visitor badges can be pre-printed for a smoother and more efficient welcome, and sign-in for large groups can be managed in seconds. Visitors check themselves in easily and efficiently using either an iPad or the VisitorPoint free standing touch-screen kiosk. The pre-registered visitor’s details are confirmed when they enter a reference code, passport number, QR code or any specified ID. A photo can be taken with the iPad or kiosk, printed onto the badge and/or saved to the record. Visitors can also be asked to read and sign any non-disclosure agreement (NDA), health and safety or safeguarding instructions on screen, The allocation and control of visitor car parking also becomes much more efficient as specific spaces can be easily assigned to specific vehicles in advance. Automatic email notifications and/or SMS messaging reduce the burden on front-of-house staff, with employees automatically alerted when their visitors arrive. The system can be set up so that both hosts and visitors receive a friendly reminder text ahead of the visit, at check in and check out. Useful information such as directions and meeting details can be added.  Hosts can also check out a visitor, helping front-of-house staff to maintain up-to-date site occupancy records. For enhanced security, alerts can be sent when a visitor forgets to check out, or when a pre-specified visit is due VisitorPoint security enhancement For enhanced security, alerts can be sent when a visitor forgets to check out, or when a pre-specified visit is due. For senior security managers real time reports can be generated to show who is currently on site, where they are authorised to visit, as well as who been on site during any given timeframe. The smart VisitorPoint badge printer allows individual badge customisation so that details can be easily changed and added – for example with Wi-Fi codes, meeting room details and specific courtesy messages.  This feature also makes it ideal for multiple tenancy sites, with individual badge branding and messaging, available to each tenant. “VisitorPoint is a highly flexible solution that can be used for both single and multiple sites,” says Lee Copland, Managing Director, Maxxess EMEA. “It allows a practical, easily managed upgrade from more basic solutions and it can be easily adapted to the organisation’s changing requirements in future years.”