There was a time when one of our biggest challenges was securing our physical assets, whether that was our people or our property from crime.

We researched and deployed the very latest in video solutions, intrusion systems, fire alarms and access control devices, all in an effort to keep the bad guys out and the good guys safe, along with protecting our facilities from break-ins, robberies and countless other crimes. However, times are changing. No longer must we only be concerned about keeping intruders out of our buildings but now—off our networks.

It should come as no surprise that cybercrime is one of the biggest threats organisations of all shapes and sizes face today. While attacks on major brands and Fortune 500 companies make headlines, there were purportedly 918 reported data breaches, compromising nearly 2 billion data records in just the first six months of 2017. Of those 918 breaches, 500 of them had an unknown number of compromised records.

Some in the industry referred to not locating cyberattacks in a swift manner as a breach detection gap or dwell time

Reducing breach detection gap

Depending on your organisation, these cybercrimes and the investigation into them, may be handled by your IT department. However, considering the magnitude of these crimes, it now falls on the entire organisation, including the traditional security or loss prevention executives, to band together to combat these threats.

One of the biggest challenges cyberattacks pose is timing. Often cyberattacks can go undetected for weeks, months or even years. Some in the industry referred to this timing as a breach detection gap or dwell time and is defined as the time elapsed between the initial breach of a network by an attacker and the discovery of that breach by the victim.

To put that into perspective, the most recent Ponemon report on the cost of a data breach showed dwell time for malicious attacks has stretched to an average of 229 days—a long time for bad actors to be lurking around your networks.

Many companies rely on heritage-based services offered by managed security service providers (MSSPs)

Traditional cybersecurity measures

We are familiar with traditional cyber lines of defence against these attacks like firewalls and anti-virus software. While these solutions are effective at identifying and potentially stopping known forms of malware and viruses that are attacking companies every day, they are blind to signatureless and zero-day malicious activity.

Unfortunately, this trend does not show signs of letting up as internal security processes are having trouble keeping up with increasingly sophisticated land pervasive threats.

Many companies rely on heritage-based services offered by managed security service providers (MSSPs) that use security information and event management (SIEM) software, or intrusion detection systems/intrusion prevention systems (IDS or IPS respectively) to monitor networks for malicious activities on a continuous basis.

However, these activities are based on known threats where a valid signature of the cyberattack or system logs are available and used to analyse activity. They then provide security alerts to the client and generate reports for compliance purposes.

This form of alerting often generates an overwhelming number of notifications causing what is coined in the industry as ‘alert fatigue’ making it hard to weed out what is important from what is not.

Cybercrime is one of the biggest threats organisations of all shapes and sizes face today
Managed detection response uses a combination of advanced technology and expert human analysis to combat cybercrime

Managed detection and response

The Ponemon Institute found that companies spend an average of 21,000 hours each year analysing false negative/false positive alerts trying to detect and contain cyberattacks. This translates to approximately 17,000 security alerts in a week of which only 4% were deemed reliable and investigated. This can potentially waste nearly $1.3 million per year on investigating and managing inaccurate data.

Based on this overwhelming challenge, it’s time for organisations to look at improving real-time threat detection and incident response capabilities beyond standard security screening and compliance requirements. In addition to the services provided by an MSSP, it would be wise to add or layer a managed detection and response (MDR) service to your arsenal of cyber defence weapons.

An MDR analyst can replay the event allowing him to dig deeper into the incident and determine remediation steps

Identifying real threats with MDR services

MDR services use a unique combination of advanced technology and expert human analysis. Equating MDR services to traditional physical security devices, it is more like having a DVR, where an analyst can go back and replay the incident on the network via packet capture technology.

Event logs and signatures by themselves don’t provide visibility and detail. Traditional cyber defences act like a conventional alarm system. The alarm sounds and a notification is sent, but there is no context or detail about the incident and it is up to the recipient to determine if the alarm is valid, what exactly happened and what to do about it.

With packet capture on the network, an MDR analyst can replay the event allowing him to dig deeper into the incident and determine remediation steps. This approach helps quickly identify real threats to the business, provides remediation specifics for timely resolution, and significantly cuts through the false positive noise so security teams can focus on the things that matter.

Efficient incident management

MDR services only notify clients after the incident is verified. The notifications provide granular detail of the scope and severity of an attack with recommendations for quick containment and response. MDR services offer 24/7/365 continuous monitoring of customer network data, provide analysis of the data to add context to the event and notify the customer of the incident.

With MDR services, clients have direct communication with the security analyst and rely less on using an alert portal

With MDR services, clients have direct communication with the security analyst and rely less on using a portal for alerting, investigations, case management and workflow activities.

Because MDR services rely on advanced tools and human analysis, they are more apt to uncover malicious activity that has breached the first line of defence and can reduce the time from infection to detection to minutes rather than months.

Combating cybercrime with secure networks

To sum it all up, MSSPs focus on perimeter devices like firewalls, or IDS/IPS and SIEM and provide device management such as updating firewall rules, anti-virus software and compliance reporting. They are typically used to supplement internal IT or security teams.

An MDR service concentrates on detecting threats that have penetrated the perimeter. MDRs deliver threat notification and remediation guidance. While both solutions provide value to their clients, their basic areas of focus are different.

Cybercriminals are becoming more coordinated in their efforts to steal our data, disrupt our operations and damage our brands. It is time that we coordinate our efforts across the entire organisation to combat them.

Download PDF version

In case you missed it

How artificial intelligence (AI) is changing video surveillance today
How artificial intelligence (AI) is changing video surveillance today

There’s a lot of excitement around artificial intelligence (AI) today – and rightly so. AI is shifting the modern landscape of security and surveillance and dramatically changing the way users interact with their security systems. But with all the talk of AI’s potential, you might be wondering: what problems does AI help solve today? The need for AI The fact is, today there are too many cameras and too much recorded video for security operators to keep pace with. On top of that, people have short attention spans. AI is a technology that doesn’t get bored and can analyse more video data than humans ever possibly could.AI is a technology that doesn’t get bored and can analyse more video data than humans ever possibly could It is designed to bring the most important events and insight to users’ attention, freeing them to do what they do best: make critical decisions. There are two areas where AI can have a significant impact on video surveillance today: search and focus of attention. Faster search Imagine using the internet today without a search engine. You would have to search through one webpage at a time, combing through all its contents, line-by-line, to hopefully find what you’re looking for. That is what most video surveillance search is like today: security operators scan hours of video from one camera at a time in the hope that they’ll find the critical event they need to investigate further. That’s where artificial intelligence comes in. The ability of AI to reduce hours of work to mere minutes is especially significant when we think about the gradual decline in human attention spans With AI, companies such as Avigilon are developing technologies that are designed to make video search as easy as searching the internet. Tools like Avigilon Appearance Search™ technology – a sophisticated deep learning AI video search engine – help operators quickly locate a specific person or vehicle of interest across all cameras within a site. When a security operator is provided with physical descriptions of a person involved in an event, this technology allows them to initiate a search by simply selecting certain descriptors, such as gender or clothing colour. During critical investigations, such as in the case of a missing or suspicious person, this technology is particularly helpful as it can use those descriptions to search for a person and, within seconds, find them across an entire site. Focused attention           The ability of AI to reduce hours of work to mere minutes is especially significant when we think about the gradual decline in human attention spans. Consider all the information a person is presented with on a given day. They don’t necessarily pay attention to everything because most of that information is irrelevant. Instead, they prioritise what is and is not important, often focusing only on information or events that are surprising or unusual. Security operators scan hours of video from one camera at a time in the hope that they’ll find the critical event they need to investigate further Now, consider how much information a security operator who watches tens, if not hundreds or thousands of surveillance cameras, is presented with daily. After just twenty minutes, their attention span significantly decreases, meaning most of that video is never watched and critical information may go undetected. By taking over the task of "watching" security video, AI technology can help focus operators’ attention on events that may need further investigation. As AI technology evolves, the rich metadata captured in surveillance video will add even more relevance to what operators are seeing For instance, technology like Avigilon™ Unusual Motion (UMD) uses AI to continuously learn what typical activity in a scene looks like and then detect and flag unusual events, adding a new level of automation to surveillance. This helps save time during an investigation by allowing operators to quickly search through large amounts of recorded video faster, automatically focusing their attention on the atypical events that may need further investigation, enabling them to more effectively answer the critical questions of who, what, where and when. As AI technology evolves, the rich metadata captured in surveillance video – like clothing colour, age or gender – will add even more relevance to what operators are seeing. This means that in addition to detecting unusual activities based on motion, this technology has the potential to guide operators’ attention to other “unusual” data that will help them more accurately verify and respond to a security event. The key to advanced security When integrated throughout a security system, AI technology has the potential to dramatically change security operations There’s no denying it, the role of AI in security today is transformative. AI-powered video management software is helping to reduce the amount of time spent on surveillance, making security operators more efficient and effective at their jobs. By removing the need to constantly watch video screens and automating the “detection” function of surveillance, AI technology allows operators to focus on what they do best: verifying and acting on critical events. This not only expedites forensic investigations but enables real-time event response, as well. When integrated throughout a security system, AI technology has the potential to dramatically change security operations. Just as high-definition imaging has become a quintessential feature of today’s surveillance cameras, the tremendous value of AI technology has positioned it as a core component of security systems today, and in the future.

8 tips for visiting a large security trade show
8 tips for visiting a large security trade show

Security trade fairs can be daunting for attendees. At big shows like IFSEC International and Security Essen, there can be hundreds of physical security manufacturers and dealers vying for your attention. Stands are sometimes spread out across multiple halls, often accompanied by a baffling floor plan. As the scope of physical security expands from video surveillance and access control to include smart building integrations, cyber security and the Internet of Things (IoT), there is an increasing amount of information to take in from education sessions and panels. Here, SourceSecurity.com presents eight hints and tips for visitors to make the most out of trade shows: 1. Outline your objectives. As the famous saying goes, “Failing to plan is planning to fail!” Before you plan anything else, ensure you know what you need to achieve at the show. By clearly noting your objectives, you will be able to divide your time at the show appropriately, and carefully choose who you speak to. If there is a particular project your organisation is working on, search out the products and solutions that address your security challenges. If you are a security professional aiming to keep up with the latest trends and technologies, then networking sessions and seminars may be more appropriate. 2. Bring a standard list of questions Prepare a list of specific questions that will tell you if a product, solution or potential partner will help you meet your objectives. By asking the same questions to each exhibitor you speak to, you will be able to take notes and compare their offerings side by side at the end of the day. This also means you won’t get bogged down in details that are irrelevant to your goals. Most trade fair websites provide the option to filter exhibitors by their product category  3. Do your homework Once you know your objectives, you can start to research who is exhibiting and decide who you want to talk to. Lists of exhibitors can be daunting, and don’t always show you which manufacturers meet your needs. Luckily, most trade fair websites provide the option to filter exhibitors by their product category. Many exhibitions also offer a downloadable floor plan, grouping exhibitors by product category or by relevant vertical market.  It may be easier to download the floor plan to your phone/tablet or even print it out, if you don’t want to carry around a weighty map or show-guide. 4. Make a schedule Once you have shortlisted the companies you need to see, you can make a schedule that reflects your priorities. Even if you are not booking fixed meetings, a schedule will allow you to effectively manage your time, ensuring you make time for the exhibitors you can’t afford to miss. If the trade show spans several days, aim to have your most important conversations early on day one. By the time the last afternoon of the show comes around, many companies are already packing up their stand and preparing to head home. When scheduling fixed meetings, keep the floor plan at hand to avoid booking consecutive meetings at opposite ends of the venue. This will ensure you can walk calmly between stands and don’t arrive at an important meeting feeling flustered! Look for panels and seminars which address the specific needs of your project, or which will contribute to your professional growth 5. Make time for learning If you’re on a mission to expand your knowledge in a given area, check the event guide beforehand to note any education sessions you may want to attend. Look for panels and seminars which address the specific needs of your project, or which will contribute to your professional growth. This is one of the best opportunities you will have to learn from industry leaders in the field. Be sure to plan your attendance in advance so you can schedule the rest of your day accordingly. 6. Keep a record Armed with your objectives and list of questions, you will want to make a note of exhibitors’ responses to help you come to an informed decision. If you’re relying on an electronic device such as a smartphone or tablet to take notes, you may like to consider bringing a back-up notepad and pen, so you can continue to take notes if your battery fails. Your record does not have to be confined to written bullet points. Photos and videos are great tools remind you what you saw at the show, and they may pick up details that you weren’t able to describe in your notes. Most mobile devices can take photos – and images don’t need to be high quality if they’re just to refresh your memory. 7. Network – but don’t let small talk rule the day It may be tempting to take advantage of this time away from the office to talk about anything but business! While small talk can be helpful for building strong professional relationships, remember to keep your list of questions at hand so you can always bring conversations back to your key objectives. Keeping these goals in mind will also help you avoid being swayed by any unhelpful marketing-speak. It may seem obvious, but don’t forget to exchange business cards with everyone you speak to, or even take the opportunity to connect via LinkedIn. Even if something doesn’t seem relevant now, these contacts may be useful in future. Have a dedicated section in your bag or briefcase for business cards to avoid rummaging around. With your most important conversations planned carefully, there should be time left to explore the show more freely 8. Schedule time for wandering With your most important conversations planned carefully, there should be time left to explore the show more freely. Allowing dedicated time to wander will give you a welcome break from more pressing conversations, and may throw up a welcome surprise in the form of a smaller company or new technology you weren’t aware of.  Security trade fair checklist: Photo Identification: As well as your event pass, some events require photo identification for entry. Notebook & pen: By writing as you go, you will be able to compare notes at the end of the day. Mobile device: Photos and videos are great tools to remind you what you saw at the show, and may pick up details you missed in your notes. Paper schedule & floor plan: In case batteries or network service fail. Business cards: Have a dedicated pouch or pocket for these to avoid rummaging at the bottom of a bag. Comfortable shoes: If you’re spending a whole day at an event, and plan on visiting multiple booths, comfortable shoes are a must!

What are the obstacles to adoption of mobile credentials for access control?
What are the obstacles to adoption of mobile credentials for access control?

Using a smart phone as an access control credential is an idea whose time has come – or has it? The flexible uses of smart phones are transforming our lives in multiple ways, and the devices are replacing everything from our alarm clocks to our wallets to our televisions. However, the transformation from using a card to using a mobile credential for access control is far from a no-brainer for many organisations, which obstacles to a fast or easy transition. We asked this week’s Expert Panel Roundtable: When will mobile credentials dominate access control, and what are the obstacles to greater adoption?