Aritech Access Controllers

Insider threat programmes started with counter-espionage cases in the government. Today, insider threat programmes have become a more common practice in all industries, as companies understand the risks associated with not having one. To build a programme, you must first understand what an insider threat is. An insider threat is an employee, contractor, visitor or other insider who have been granted physical or logical access to a company that can cause extensive damage. Damage ranges from emotional or physical injury, to personnel, financial and reputational loss to data loss/manipulation or destruction of assets. Financial and confidential information While malicious insiders only make up 22% of the threats, they have the most impact on an organisation Most threats are derived from the accidental insider. For example, it’s the person who is working on a competitive sales pitch on an airplane and is plugging in financial and confidential information. They are working hard, yet their company’s information is exposed to everyone around them. Another type of insider, the compromised insider, is the person who accidentally downloaded malware when clicking on a fake, urgent email, exposing their information. Malicious insiders cause the greatest concerns. These are the rogue employees who may feel threatened. They may turn violent or take action to damage the company. Or you have the criminal actor employees who are truly malicious and have been hired or bribed by another company to gather intel. Their goal is to gather data and assets to cause damage for a specific purpose. While malicious insiders only make up 22% of the threats, they have the most impact on an organisation. They can cause brand and financial damage, along with physical and mental damage. Insider threat programme Once you determine you need an insider threat programme, you need to build a business case and support it with requirements. Depending on your industry, you can start with regulatory requirements such as HIPAA, NERC CIP, PCI, etc. Talk to your regulator and get their input. Everyone needs to be onboard, understand the intricacies of enacting a programme Next, get a top to bottom risk assessment to learn your organisation’s risks. A risk assessment will help you prioritise your risks and provide recommendations about what you need to include in your programme. Begin by meeting with senior leadership, including your CEO to discuss expectations. Creating an insider threat programme will change the company culture, and the CEO must understand the gravity of his/her decision before moving forward. Everyone needs to be onboard, understand the intricacies of enacting a programme and support it before its implemented. Determining the level of monitoring The size and complexity of your company will determine the type of programme needed. One size does not fit all. It will determine what technologies are required and how much personnel is needed to execute the programme. The company must determine what level of monitoring is needed to meet their goals. After the leadership team decides, form a steering committee that includes someone from legal, HR and IT. Other departments can join as necessary. This team sets up the structure, lays out the plan, determines the budget and what type of technologies are needed. For small companies, the best value is education. Educate your employees about the programme, build the culture and promote awareness. Teach employees about the behaviours you are looking for and how to report them. Behavioural analysis software Every company is different and you need to determine what will gain employee support The steering committee will need to decide what is out of scope. Every company is different and you need to determine what will gain employee support. The tools put in place cannot monitor employee productivity (web surfing). That is out of scope and will disrupt the company culture. What technology does your organisation need to detect insider threats? Organisations need software solutions that monitor, aggregate and analyse data to identify potential threats. Behavioural analysis software looks at patterns of behaviour and identifies anomalies. Use business intelligence/data analytics solutions to solve this challenge. This solution learns the normal behaviour of people and notifies security staff when behaviour changes. This is done by setting a set risk score. Once the score crosses a determined threshold, an alert is triggered. Case and incident management tools Predictive analytics technology reviews behaviours and identifies sensitive areas of companies (pharmacies, server rooms) or files (HR, finance, development). If it sees anomalous behaviour, it can predict behaviours. It can determine if someone is going to take data. It helps companies take steps to get ahead of bad behaviour. If an employee sends hostile emails, they are picked up and an alert is triggered User sentiment detection software can work in real time. If an employee sends hostile emails, they are picked up and an alert is triggered. The SOC and HR are notified and security dispatched. Depending on how a company has this process set-up, it could potentially save lives. Now that your organisation has all this data, how do you pull it together? Case and incident management tools can pool data points and create threat dashboards. Cyber detection system with access control An integrated security system is recommended to be successful. It will eliminate bubbles and share data to see real-time patterns. If HR, security and compliance departments are doing investigations, they can consolidate systems into the same tool to have better data aggregation. Companies can link their IT/cyber detection system with access control. Deploying a true, integrated, open system provides a better insider threat programme. Big companies should invest in trained counterintelligence investigators to operate the programme. They can help identify the sensitive areas, identify who the people are that have the most access to them, or are in a position to do the greatest amount of harm to the company and who to put mitigation plans around to protect them. They also run the investigations. Potential risky behaviour Using the right technology along with thorough processes will result in a successful programme You need to detect which individuals are interacting with information systems that pose the greatest potential risk. You need to rapidly and thoroughly understand the user’s potential risky behaviour and the context around it. Context is important. You need to decide what to investigate and make it clear to employees. Otherwise you will create a negative culture at your company. Develop a security-aware culture. Involve the crowd. Get an app so if someone sees something they can say something. IT should not run the insider threat programme. IT is the most privileged department in an organisation. If something goes wrong with an IT person, they have the most ability to do harm and cover their tracks. They need to be an important partner, but don’t let them have ownership and don’t let their administrators have access. Educating your employees and creating a positive culture around an insider threat programme takes time and patience. Using the right technology along with thorough processes will result in a successful programme. It’s okay to start small and build.

Today, the world is connected like never before. Your watch is connected to your phone, which is connected to your tablet and so on. As we’ve begun to embrace this ‘smart’ lifestyle, what we’re really embracing is the integration of systems. Why do we connect our devices? The simplest answer is that it makes life easier. But, if that’s the case, why stop at our own personal devices? Connection, when applied to a business’ operations, is no different: it lowers effort and expedites decision making. Integrating security systems Systems integration takes the idea of connected devices and applies it to an enterprise Systems integration takes the idea of connected devices and applies it to an enterprise, bringing disparate subcomponents into a single ecosystem. This could mean adding a new, overarching system to pull and collect data from existing subsystems, or adapting an existing system to serve as a data collection hub. Regardless of the method, the purpose is to create a single, unified view. Ultimately, it’s about simplifying processes, gaining actionable insights into operations and facilitating efficient decision-making. Although integration is becoming the new norm in other areas of life, businesses often opt out of integrating security systems because of misconceptions about the time and resources required to successfully make the change. So, instead of a streamlined operation, the various security systems and devices are siloed, not communicating with each other and typically being run by different teams within an organisation. Time-intensive process When systems are not integrated, companies face a wide range of risks driven by a lack of transparency and information sharing, including actual loss of property or assets. For example, a team in charge of access control is alerted to a door being opened in the middle of the night but can’t see what exactly is taking place through video surveillance. Without integrated systems they have no way of knowing if it was a burglar, an equipment malfunction or a gust of wind. Without integration between systems and teams, the ability to quickly put the right pieces in front of decision makers is missing. Instead, the team would have to go back and manually look for footage that corresponds with the time a door was open to figure out which door it was, who opened it and what happened after, which can be a time-intensive process. Integrating access control and surveillance systems Theft and vandalism occur quickly, meaning systems and users must work faster in order to prevent it This slowed response time adds risk to the system. Theft and vandalism occur quickly, meaning systems and users must work faster in order to prevent it. Security systems can do more than communicate that theft or vandalism occurred. Properly integrated, these systems alert users of pre-incident indicators before an event happens or deter events altogether. This gives teams and decision makers more time to make effective decisions. Integrating access control and surveillance systems allows for a more proactive approach. If a door is opened when it’s not supposed to be, an integrated system enables users to quickly see what door was opened, who opened it and make a quick decision. Integrated solutions are more effective, more efficient and help drive cost-saving decisions. Ideally, companies should establish integrated solutions from the start of operations. This allows companies to anticipate problems and adjust accordingly instead of reacting after an incident has occurred. Security camera system Although starting from the beginning is the best way to ensure comprehensive security, many companies have existing security systems, requiring integration and implementation to bring them together. Typically, companies with established security systems worry about the impact to infrastructure requirements. Is additional infrastructure necessary? How and where should it be added? What financial or human resources are required? These concerns drive a mentality that the benefits gained from an integrated solution aren’t worth the costs of implementation. Thankfully, this is becoming less of a problem as security providers, like Twenty20™ Solutions, work to offer adaptable solutions. With flexible options, operators don’t worry about adding or replacing infrastructure to align with a provider’s model. This allows users to monitor camera footage and gate traffic from one system If a company has an existing security camera system, but identifies a need for access control, a modern integrated solution provider can supply the gates for access points and equip the gates and cameras with the technology to connect the two. This allows users to monitor camera footage and gate traffic from one system. This model also spares operators additional costs by using a sole vendor for supplemental needs. Overall management of security While a single, unified system is beneficial for cost saving, it can also help the overall management of security. The ability to view all operating systems in one dashboard allows security personnel to manage a site from any location, reducing the expense and effort required to manage a system. The mobile world today means security directors no longer need to be in a centralised operations center to see alerts and make decisions. This simplifies processes by allowing users to quickly see an alert, pull up a camera, delete a user or check an access log from a phone. Modern networks are secure and accessible to those with permissions, without requiring those users to be physically present. Consolidating security systems is the first step companies can take toward streamlining work, information and costs. The next step is integrating all sites, both remote and on-grid. Energy and communication technology The integration of sites and systems turns mountains of data and information into actionable intelligence Traditional methods demanded two systems: one for on-grid facilities and another for off-grid locations. With advancements in energy and communication technology, the need for multiple systems is gone. Data from remote sites can be safely and securely fed into an existing system. These remote locations may gather, distribute and manage data in a different manner than a connected system due to the cost of transmission via remote connections (i.e., cellular or satellite connection). The end result, however, is a consistent and holistic view of operations for the decision maker. The integration of sites and systems turns mountains of data and information into actionable intelligence. With connected devices monitoring occurrences at individual sites, as well as events across locations, the data tells a story that is unhindered by operational silos or physical space. Identifying patterns and trends Instead of providing 10 hours-worth of footage that may or may not be relevant, system analytics can provide users with the specific set of information they need. Incidents once discarded as ‘one-off’ events can now be analysed and data-mapped to identify patterns and trends, directing future resources to the most critical areas first. Consumers are increasingly expecting everything they need to be right where they need it – and businesses are right behind them. The current generation of security professionals are increasingly expecting the simplicity of their everyday personal tasks to be mirrored in enterprise systems, which means giving them the ability to see what matters in one place. A unified system can provide just that, a single view to help simplify processes, promote cost saving and accelerate decision making.

The statistics are staggering. The death tolls are rising. And those who now fear environments that were once thought to be safe zones like school campuses, factories, commercial businesses and government facilities, find themselves having to add the routine of active-shooter drills into their traditional fire drill protocols. The latest active shooter statistics released by the FBI earlier this year in their annual active-shooter report designated 27 events as active shooter incidents in 2018. The report reveals that 16 of the 27 incidents occurred in areas of commerce, seven incidents occurred in business environments, and five incidents occurred in education environments. Deadly active-shooter events Six of the 12 deadliest shootings in the country have taken place in the past five years Six of the 12 deadliest shootings in the country have taken place in the past five years, including Sutherland Springs church, Marjory Stoneman Douglas High School, the San Bernardino regional center, the Walmart in El Paso and the Tree of Life Synagogue in Pittsburgh, which have all occurred since 2015. Although these incidents occurred in facilities with designated entry points common to churches, schools and businesses, the two most deadly active-shooter events since 2015 were the Route 91 Harvest music festival shooting in Las Vegas that left 58 dead and the Pulse nightclub killings in Orlando where 49 perished. As Christopher Combs, special agent in charge of the FBI field office in San Antonio, Texas, said during a news conference following the August 31 mass shooting in Odessa, Texas that claimed seven lives: “We are now at almost every two weeks seeing an active shooter in this country." Active shooter incidents Between December 2000 and December 2018, the FBI’s distribution of active shooter incidents by location looks like this: Businesses Open to Pedestrian Traffic (74) Businesses Closed to Pedestrian Traffic (43) K-12 Schools (39) Institutions of Higher Learning (16) Non-Military Government Properties (28) Military Properties—Restricted (5) Healthcare Facilities (11) Houses of Worship (10) Private Properties (12) Malls (6) What the majority of these venues have in common is they all have a front entrance or chokepoint for anyone entering the facilities, which is why any active-shooter plan must include a strategy to secure that entry point. Situational awareness in perimeter and door security Preventing people with the wrong intentions from entering the space is the goal" According to Paul Franco, an A&E with more than 28 years of experience as a consultant and systems integrator focusing on schools, healthcare and large public and private facilities, that while active shooter incidents continue to rise, the residual effect has been an increase in situational awareness in perimeter and door security. “Certainly, protecting people and assets is the number one goal of all our clients. There are multiple considerations in facilities like K-12 and Healthcare. Preventing people with the wrong intentions from entering the space is the goal. But a critical consideration to emphasise to your client is getting that person out of your facility and not creating a more dangerous situation by locking the person in your facility,” says Franco. High-security turnstiles “Schools today are creating a space for vetting visitors prior to allowing access into the main facility. Using technology properly like high-security turnstiles offer great benefits in existing schools where space constraints and renovation costs can be impractical.” What steps should they be taken when recommending the proper door security to ensure the building is safe As a consultant/integrator, when discussions are had with a client that has a facility in a public space like a corporate building, government centre or industrial facility, what steps should they be taken when recommending the proper door security to ensure the building is safe and can protect its people and assets? For Frank Pisciotta, President and CEO of Business Protection Specialists, Inc. in Raleigh, North Carolina, a fundamental element of his security strategy is making appropriate recommendations that are broad-based and proactive. Properly identifying the adversaries “As a consultant, my recommendations must include properly identifying the adversaries who may show up at a client’s door, the likelihood of that event occurring, the consequences of that event occurring, determining if there are tripwires that can be set so an organisation can move their line of defence away from the door, educating employees to report potential threats and creating real-time actionable plans to respond to threats. A more reactionary posture might include such thing as target hardening such as ballistic resistant materials at entry access points to a facility,” Pisciotta says. Veteran consultant David Aggleton of Aggleton & Associates of Mission Viejo, California recommends that clients compartmentalise their higher security areas for limited access by adding multiple credential controls (card + keypad + biometric), along with ‘positive’ access systems that inhibit tailgating/piggybacking such as secure turnstiles, revolving door and mantrap if your entrances and security needs meet the required space and access throughput rates. Integrated solution of electronic access control Defining a single point of entry in some public facilities is becoming the new standard of care according to many A&Es and security consultants, especially in a school environment. This approach allows a concerted effort when it comes to staffing, visitor monitoring and an integrated technology solution. The bottom line remains: most buildings are vulnerable to a security breach A proactive stance to securing a door entryway will use an integrated solution of electronic access control, turnstiles, revolving doors and mantraps that can substantially improve a facility’s security profile. The bottom line remains: most buildings are vulnerable to a security breach, so it’s not a matter of if there will be a next active shooter tragedy, it’s only a matter of where. Enhancing access control assurance “There is no easy answer to this question,” says Pisciotta referring to how a secured entrance can deter an active shooter. “There have been at least two high-profile incidents of adversaries shooting their way into a facility through access control barriers. So, if the threat so dictates, a ballistic resistant might be required.” He concludes: “There is obviously no question that turnstiles, revolving doors and man traps enhance access control assurance. Electronic access control is easy to integrate with these devices and providing that credentials are secure, approval processes are in place, change management is properly managed and the appropriate auditing measures in place, access control objectives can be met.”

Interlogix, a division of UTC Climate, Controls & Security, announces a plan to dismantle its businesses in the United States and Canada by the end of the year. Here is a statement from the company: “After a thorough portfolio review of our security business, we have communicated our plans to wind down our Interlogix U.S. and Canada businesses. This decision will allow us to focus on the significant growth opportunities for our other fire and security businesses, including LenelS2.” Fire detection and life safety Dealers can continue to purchase, install, register, and service Interlogix products with complete confidence" Interlogix products will be manufactured and orders fulfilled through 2019 and will be available for purchase from distributors and dealers during ‘a well-coordinated transition period,’ according to the company. “We will continue to provide customer support related to product technical services, timely fulfilment and comprehensive product warranty into 2020 and beyond,” says the company statement “Dealers can continue to purchase, install, register, and service Interlogix products with complete confidence.” Interlogix represents a full product line including intrusion detection, video surveillance, fire detection and life safety, access control and security/fire data transmission products. Enhanced video streaming capabilities Interlogix was created in the merger in 2000 of ITI Technologies and SLC Technologies. It was purchased by General Electric in 2002 and later renamed GE Security. United Technologies Corp. (UTC) bought the security business of General Electric in 2010 and reverted back to using the Interlogix brand. Last year, Interlogix introduced TruVision Navigator version 8.0 of its unified security software Last year, Interlogix introduced TruVision Navigator version 8.0 of its popular unified security software, including enhanced video streaming capabilities, integration with the Interlogix UltraSync Modular Hub systems and tighter integration with IFS networking switches. Voice-controlled digital devices Early this year, Interlogix reinvested in its UL-listed, professional-grade, security panel lineup and added two touchscreen controls. In addition, it began providing access to more device integrations – such as sensors, lights, locks, thermostats and garage door controls, video doorbell cameras and voice-controlled digital devices, among others. In the spring, the company re-launched its Interlogix Security Pro program, a national channel partner program offering Interlogix dealers an array of resources and incentives designed to help them successfully grow their businesses.

The winning products and services of the 2019 Innovation Awards were revealed at ESX 2019 on June 4 in Indianapolis. Each year, the ESX Innovation Awards programme recognises outstanding products and services that drive the electronic security and life safety industry forward. This year’s winners continue that legacy with novel innovations and improvements. To determine the best of the best, judges selected winners from a pool of applications from manufacturers and service providers serving the industry with innovative end-user offerings and tools that help dealers, integrators and monitoring professionals become more efficient and profitable. Category winners were as follows: Access control pdqSMART+, Grade 1 Cylindrical Lock by PDQ Industries Enterprise Access Control by Alarm.com OmniAssure Touch by Honeywell Commercial automation / control systems / networking TruProtect™ Integrated Security Solution by Interlogix Dealer services QuoteAnywhere G2.0 – Mobile Sales Quote & Sign Platform by WeSuite CSR Readiness PRO by CSR Privacy Solutions, Inc. Digital health / well-being systems Essence 3D Sense Fall Detector by Essence Smart Care Fire / life safety DynamixSmoke by Advanced Honeywell Home SiXCOMBO Two-Way Wireless Smoke/Heat and Carbon Monoxide Detector by Resideo Installation / service tools fireNspec by PnewSoft, LLC. System Surveyor by System Surveyor Intrusion systems BX Shield Outdoor Boundary PIR Series by Optex, Inc. IQ Panel 2 Plus by Qolsys 1122 Wireless (PIR) Motion Detector by DMP - Digital Monitoring Products BAT-Connect Communicator by Alula Mobile apps for consumers Honeywell Total Connect VISTA Partitions by Resideo Video Verification App by DICE Corporation Smart Signal by Alarm.com Monitoring station CHeKT Visual Verification Bridge by CHeKT Specialty products & services WattBox 150 IP Power Outlets with OvrC (1 controlled bank, 2 outlets) by SnapAV Video surveillance SecureCom Video NVR™ by DMP - Digital Monitoring Products Thermal-Optical DeepinView Turret Camera DS-2TD1217-3/V1 by Hikvision USA Umbo AICamera by Umbo Computer Vision DuraVisionDX0211 by EIZO Inc. Umbo Light by Umbo Computer Vision Next-gen products Judges from across the country were invited to provide their expert opinions  The winners selected are recognised as next-gen products and services that offer significant opportunities for growth. Judges from across the country were invited to provide their expert opinions based on thorough criteria. This year’s judges were: Rodger Reiswig, Johnson Controls (Florida); Grady Medcalf, Spectrum (Colorado); Michele Monheim, Amherst Alarm (Upstate New York); Steven E. Paley, Rapid Security Solutions (Florida) and Adam Thompson, Wired-Up Systems (Arizona). Criteria of judging Entrants to the Innovation Awards program were judged on: features and functions, innovation, end-user experience, ability to solve a problem, revenue growth potential, impact on company efficiencies and compliance with regulations. These metrics provided a rubric that determined the most innovative and exceptional products and services in the industry. Winners of the Innovation Awards were featured in the ESX Innovation Awards Showcase in Booth 615 during live expo hours.

The Electronic Security Expo (ESX) will be held at the Indiana Convention Center, June 3-6, in Indianapolis. The show focusses exclusively on the electronic security and life safety industry, including companies that service the connected Internet of Things (IoT) space for homes and businesses. The ESX Main Stage will highlight inspirational presentations from motivational speakers, Dr. Rick Rigsby and Kevin Brown. In addition, there will be a founder of a drone security company and an Entrepreneur-in-Residence from Kleiner Perkins for OpenXchange, and a Secret Service agent for the Closing Keynote. Sharing best practices and trends In breakout sessions, colleagues and business thought leaders will share best practices, trends and opportunities that helped their own companies and careers, so that others might replicate their successes or minimise their failures. These sessions are aimed at propelling attendees to reimagine their business models and go-to-market strategies, says George De Marco, Chairman of ESX and Managing Partner for DECO Ventures LLC. Examples of breakout sessions include: CounterPoint Forum – “False Alarm Dispatches - A Real Threat or a Nuisance to the Industry?” “Top 3 Ways to Grow Your Video RMR” “5 Faster, Smarter Ways to Improve Cash Flow” “Artificial Intelligence Real Time Video Monitoring Solutions” Promoting security professionals’ growth Our goal is to develop next-gen methods that deliver industry content and promote professional growth"“Each year, we challenge ourselves to raise the bar of the educational sessions and main stage events,” says De Marco. “One of the ways is introducing new faces and voices for the peer-developed and peer-driven educational sessions that offer best practices and identify trends, opportunities and challenges for industry professionals to consider today and in the future. Our goal is to develop next-gen methods that deliver industry content and promote professional growth as the industry pivots to the future.” New entrants and disruptors are challenging traditional go-to-market strategies, causing traditional companies to rethink how they rise above the noise in a changing competitive landscape and handle new consumer buying behaviours, says De Marco. Exhibitors at ESX Exhibitors that support ESX include Interlogix (Diamond sponsor), Napco (Platinum sponsor), Alula and DMP (Gold sponsor), and ADI, Altronix, Bold Group, Essence, ICT, Quick Response, Resideo, Secura key, Security Central and WeSuite (Silver sponsors). ESX seeks to connect exhibitors with the influencers and decision-makers from companies that represent a cross section of dealers, integrators and monitoring companies in North America. The exhibit hall will be the focal point for exhibitors to showcase their latest technology in the city’s impressive convention centre. The exhibit hall will be the focal point for exhibitors to showcase their latest technology in the city’s convention centre “We recognise individuals and companies during the Opening Celebration that help propel the industry forward and at our VIP Event at the Indianapolis Motor Speedway,” says De Marco. “During the day, there are meals around the Main Stage sessions which gather attendees around the table for casual conversation before the presentation begins.” Indianapolis, home of the Indy 500, is a unique location that has a lot to offer the attendees of ESX. A special night at the Indianapolis Motor Speedway will invite a limited number of guests to share great food and drinks, to experience a trip around the track in an official pace car, and to ‘kiss the bricks’, a speedway tradition. Centrally located in the US, Indianapolis is a convenient convention destination for travel, whether flying or driving. Connecting with peers and colleagues Another benefit of the show is the cross-section of companies represented in the industry, whether large, medium or small There are also networking opportunities throughout the week. The Pub Crawl, an attendee favourite, is a night where long-time friends gather, and new friendships are made. “This is where the real conversations happen between peers and colleagues about real problems of running and growing a company, and solutions that can make a difference,” says De Marco. Another benefit of the show is the cross-section of companies represented in the industry, whether large, medium or small players. This enables professionals to come together to connect with their peers and colleagues, allowing for deep discussions on how to grow their people, revenues and profits, including mentoring opportunities that encourage leadership development, says De Marco. The subject of finding qualified employees is top of mind for almost every industry today, especially the security industry. Sessions that address hiring and managing employees for industry professionals include  “Hiring from Outside the Monitoring Industry: Surprising Resources for Great Operators” “Maximise New Employees: Why Onboarding is Critical to Their Success” “5 Tips for Effective Employee Performance Evaluations” Helping attendees to reinvent their business “Our focus is primarily on the attendee, helping them connect with suppliers, colleagues and opportunities that reimagine their businesses, so they can be stronger competitors,” says De Marco. “If we can provide the right knowledge to inspire or transform the attendees to take meaningful action or implement change that helps them remain relevant, we believe we have succeeded.” There will be an undercurrent of sadness at ESX this year because the industry recently suffered a loss. George Gunning, former CEO of USA Alarm Systems and one of the founding members of ESX, passed away in February. “We would be remiss if we didn’t recognise his contributions and influence on the industry and ESX over the years,” says De Marco. Another founding member of ESX who has passed away is John Murphy, formerly CEO of Vector Security.