As strong, heritage brands in the high security and rail industries, CLCS, ILS and Kaye each offer their own specialisms and sector expertise. By bringing these well-known brands together under one new group, ASSA ABLOY Opening Solutions UK & Ireland will provide a stronger, more comprehensive offering to different sectors. High security locking solutions Each brand enjoys its own areas of expertise, with CLCS a prominent supplier of high-security locks to custodial, secure healthcare, gov...
A new record in visitor numbers has underlined what has been the most successful edition yet for one of the world’s leading trade fair for security, safety, and fire protection in Dubai. The 21st edition of Intersec, which concluded its three-day run on 22nd January 2019 at the Dubai International Convention and Exhibition Centre, attracted 35,889 visitors from 126 countries, a 23 per cent year-on-year increase over the previous year (29,000 in 2018). Six sections at the event Intersec...
March Networks, a global video security and video-based business intelligence solutions provider, is pleased to announce that one of Qatar’s top banks is deploying the company’s business intelligence software and integrated analytics to improve customer service and operations. The customer is one of six Qatari financial institutions currently using March Networks systems for advanced video surveillance and fraud prevention. March Networks will showcase its security and busines...
Intersec 2019, one of the world's leading trade fair for security, safety, and fire protection, opened in Dubai, featuring 1,212 exhibitors from 54 countries. The annual three-day event, which runs until 22nd January at the Dubai International Convention and Exhibition Centre, is organised by Messe Frankfurt Middle East, and supported by the Dubai Police, Dubai Police Academy, Dubai Civil Defence, the Security Industry Regulatory Agency (SIRA), and the Dubai Municipality. They’re joined...
As part of the ongoing expansion of its banking and payments security and consultancy offering, FIME has confirmed the appointments of Arnaud Crouzet and Edouard Baroin. “Banking and retail are experiencing unprecedented change and, while the digitalisation of payments represents significant opportunities, each stakeholder must overcome a range of challenges,” comments Lionel Grosclaude, CEO at FIME. “Banks must balance the need to transform their strategies and infrastructure...
In the age of massive data breaches, phishing attacks and password hacks, user credentials are increasingly unsafe. So how can organisations secure accounts without making life more difficult for users? Marc Vanmaele, CEO of TrustBuilder, explains. User credentials give us a sense of security. Users select their password, it's personal and memorable to them, and it's likely that it includes special characters and numbers for added security. Sadly, this sense is most likely false. If it's anythi...
With access control for the simplest to the most complex application, ASSA ABLOY has a security solution to make any building smarter. Our wireless, battery-powered devices include Intersec’s Access Control Product of the Year, one of many created to secure buildings sustainably in the connected cities of the future. The ASSA ABLOY stand for Intersec 2019 (Sheik Saeed Hall 1, Stand A12) showcases the following commercial access control technologies and devices. Aperio H100: access control in a slimline handle The new H100’s stylish and robust design has proven a perfect fit for high-traffic office and facility doors"Intersec’s latest Access Control Product of the Year, the new Aperio H100 packs the power and flexibility of wireless access control into a simple door handle. With easy retrofitting to almost any interior door, broad RFID compatibility via an inbuilt credential reader, and simple integration with third-party systems, the H100 handle makes it cost-effective to extend access control to many more internal doors. A standard battery fits inside the H100, ensuring a minimal footprint. “The new H100’s stylish and robust design has proven a perfect fit for high-traffic office and facility doors,” says Murtaza Husaini, ASSA ABLOY Business Development & Marketing Director for the Middle East & Turkey. “The handle simply adds powerful access control functionality without wires.” Like all Aperio wireless door devices, the H100 is built to open standards for easy integration — including online, in real time — with access control systems around smart buildings. CLIQ: programmable keys for flexible, sustainable locking For small to medium-sized businesses, CLIQ Go enables managers to run an access system on the move via their smartphoneMechatronic locking system CLIQ combines high-end mechanical and electronic protection. A range of key-operated mechanical cylinders and weatherproof padlocks offer maximum attack resistance. CLIQ technology then layers encrypted, user-friendly electronic security on top, with the option to administer the system from a secure web interface or smartphone app. All CLIQ devices are wire-free: Power is supplied by a standard battery inside the programmable key. For small to medium-sized businesses, CLIQ Go enables managers to run an access system on the move via their smartphone. For managing remote sites or a mobile workforce (or both), CLIQ Remote with the CLIQ Connect app smooths mobile workflows. A key-holder no longer needs to update access rights in person, carry updating devices, or return to base. All they need is a smartphone and the app. With its unique combination of security and flexibility, CLIQ is deployed widely at sites with stringent safety requirements and ever-changing access needs, including critical infrastructure, emergency services, museums, banks and cash-in-transit businesses. Code Handle: secure handle with built-in PINpad Code Handle keeps sensitive files, private rooms, personal belongings or valuable stock separated and secureIt is impossible to keep watch over every private door in a public space: the storeroom in a shop or pharmacy, or a toilet for staff only. That's when you need Code Handle, a simple, secure handle with a built-in PINpad. Enter a 4-digit code and the door opens. Code Handle locks automatically when the door closes. Code Handle is easy to retrofit to the existing locking unit of almost any interior door: just change the handle for a battery-powered Code Handle. No need to cable the door or use mains power, and no need to install an electronic access control system. Code Handle keeps sensitive files, private rooms, personal belongings or valuable stock separated and secure. It keeps you hands-on, and everyone else’s hands off.
The Middle East is proving to be a hot bed of business for global suppliers of security, safety, and fire protection, with the world’s top industry players all set to converge at Intersec 2019 in Dubai to drive more double digit growth. From video surveillance technologies with Artificial Intelligence and deep learning capabilities, to cloud-based access control solutions and flame retardant protective clothing, Intersec 2019 will shine the spotlight on game changing solutions solving challenges faced by professionals spanning sectors from banking and retail, to infrastructure and energy. Top surveillance technology The 21st edition takes place from 20-22 January 2019, with more than 1,300 exhibitors from 60 countries spanning 50,000sqm of space at the Dubai International Convention and Exhibition Centre. Korean company IDIS, one of the world’s top surveillance technology manufacturers, is a regular Intersec exhibitor that’s hitting double digit year-on-year sales growth in the Middle East, a position that it largely attributes to contacts made at the annual three-day event. Many of our system integration partnerships resulted from engagement and introductions made at Intersec" “Many of our system integration partnerships resulted from engagement and introductions made at Intersec and we can track this back since our first appearance at the show in 2014,” said Harry Kwon, General Manager of IDIS Middle East and Africa. Commercial organisations “These include Almajal G4S in KSA, Almoayyed in Bahrain and EMS in Egypt to name but a few. The result is an extensive and broad range of successful deployments of IDIS technology across government, education, retail, banking and many other commercial organisations.” “We’re hitting double digit sales growth year-on-year and continuing to increase our market share and geographical reach by expanding our sales channels,” added Kwon. Kwon said IDIS will look to up the ante with a series of new product launches later this month at Intersec 2019, including the latest iteration of its IDIS Deep Learning Analytics (IDLA) Engine: “IDLA has opened a new door to the future of video analytics with ground-breaking 96 percent accuracy combined with a 200ips speed.” Fisheye advancements What’s more at Intersec we’ll launch the DV-2116, AI in the Box, which is a cost-effective, pre-built device with the graphical and processing power" “What’s more at Intersec we’ll launch the DV-2116, AI in the Box, which is a cost-effective, pre-built device with the graphical and processing power to quickly and easily transform existing surveillance into a powerful AI solution.” he said. “Also on show will be our latest fisheye advancements, which include improved peripheral resolution through an upgraded Panomorph lens on the 12MP model and a new 5MP compact model perfect for smaller applications and installation in confined spaces.” Intersec 2019 covers the seven sections of Commercial Security; Fire & Rescue; Perimeter & Physical Security; Safety & Health; Homeland Security & Policing; Information Security; and Smart Home & Building Automation. Protective clothing ULTITEC is one of more than 150 exhibitors in the Safety & Health section, and will showcase its extensive range of protective clothing used by professionals in the oil & gas, aviation, construction and automotive industries. Jason Lin, ULTITEC’s General Manager, said its range of technical textiles are widely used by global conglomerates and local companies alike such as Qatar Gas, Shell, ExxonMobil, and ADNOC (Abu Dhabi National Oil Company). “At Intersec, we’ll focus on chemical and liquid jet resistant protective clothing such as the ULTITEC 5000 and ULTITEC 4000 which recently won the tender to be applied in PETRONAS Malaysia, one of the world’s largest and most forward-looking oil and gas producers,” said Lin. Excessive heat environments Our unique fabric technology of microporous film provides breathability and is perfectly suitable for excessive heat environments" “Our unique fabric technology of microporous film provides breathability and is perfectly suitable for excessive heat environments in the Middle East. It prevents occupational heat exposure as the microporous size is smaller than a water drop and larger than moisture vapour, offering exceptional comfort without compromising superior protection.” Elsewhere Matrix Comsec from India is one of more than 50 exhibitors at Intersec’s Information Security section that will look to capitalise on opportunities in a Middle East cyber security market that’s estimated to grow at a compound annual growth rate of 11 percent from 2018-2024. According to analysts 6Wresearch, revenues from the Middle East information security market will reach US$2.7 billion in 2024, compared to US$1.4 billion in 2018. High-end solutions With the cloud playing an increasingly important role in the storage and processing of important data, Abhay Joshi, Global Sales Head at Matrix Comsec, said Middle East organisations are taking measures to adopt high-end solutions that prevent unauthorised access and cyber-breaches. “Organisational data is the most important resource that companies have, so firms are opting for secure cloud-based solutions,” said Joshi. “At Intersec 2019, we’ll launch our cloud based Time-Attendance and Access Control solution COSEC VYOM.” “Up until now, Matrix offered on premise solutions, but now customers will have the choice of deploying the solution either on the cloud or on premises. We’ll also launch our mobile based COSEC APTA Face Recognition Technology. This might be helpful for corporates and manufacturing sectors whereby normal biometric technology fails to operate,” added Joshi. Commercial security providers Commercial Security will be the largest section on the exhibition floor, with more than 450 exhibitors, including two-thirds of the world’s top 50 commercial security providers. Fire & Rescue is the next largest section, with more than 400 exhibitors, followed by Safety & Health (150 exhibitors) Homeland Security & Policing (100 exhibitors); Perimeter and Physical Security (100 exhibitors), and Information Security (50). The one-day Intersec Fire Conference on 21st January will provide insights into the changing global trends in fire protection A revamped conference line-up will be spearheaded by the Intersec Future Security Summit, raising key issues on Artificial Intelligence, security integration, emergency preparedness and response, data protection, and the Internet of Things. The one-day Intersec Fire Conference on 21st January will provide insights into the changing global trends in fire protection and its implications on the Middle East, while Dubai’s Security Industry Regulatory Agency (SIRA) Forum will also return with the latest updates in security law and industry regulations in Dubai. Popular features Returning popular features to Intersec 2019 include the Drone Zone, an Outdoor Demo Area, a Smart Home Pavilion and the Safety Design in Buildings Pavilion. More than 150 exhibitors will also participate for the first time, while Canada, China, Czech Republic, France, Germany, Hong Kong, India, Italy, Korea, Pakistan, Singapore, Taiwan, UK, and the USA comprise the 14 country pavilions. Intersec is organised by Messe Frankfurt Middle East and held under the patronage of His Highness Sheikh Mansoor bin Mohammed bin Rashid Al Maktoum. Official supporters include the Dubai Police, Dubai Civil Defence, Dubai Police Academy, Dubai Municipality, and the Security Industry Regulatory Agency (SIRA).
Identiv, Inc., a global provider of physical security and secure identification, has secured new agreements with two major customers in the banking vertical. The first new agreement is a three-year software and services agreement with an existing customer that has been using Identiv’s 3VR video and analytics solution for bank branch security, fraud detection and ATM skimming prevention. Expanding recurring revenue base This top 5 U.S. bank customer has contracted with Identiv to provide maintenance services to support its video security and analytics infrastructure, which encompasses over 10,000 video surveillance cameras throughout North America. The aggregate value of the contract exceeds $3 million. Additionally, the company recently secured a win with a leading Mexican banking conglomerate. The initial deployment across more than 100 locations combines video security, customer experience and business enablement. Business-enabling solutions “These two wins reflect our focus on expanding our recurring revenue base, as well as continued growth and momentum in our banking vertical,” said Steven Humphreys, Identiv CEO. “It is representative of our emphasis on strategic verticals, as well as growing our recurring revenues across our customer base. “Through our comprehensive solutions and our strong customer relationships, we are expanding the software revenue and services aspects of our business, as well as expanding from pure security applications into business-enabling solutions. As we continue to leverage our installed base and secure new customers, we expect our recurring revenue business to continue to increase, generating more sustainable growth and margin expansion over time.”
Pulse Secure, the provider of secure access solutions to both enterprises and service providers, announced a Technical Alliance Partnership with BNTPRO to jointly sell and support a solution that offers SecTrail, an Identity Control and Management Platform developed by BNTPRO, as part of an integrated solution with Pulse Secure Connect Secure VPN appliances. The agreement will ensure that joint customers benefit from seamless compatibility, enhanced features and simplified support and upgrades. The SecTrail suite includes a One-Time-Password (OTP) and Two-Factor-Authentication (2FA) solution with support for mobile devices, sending single use passwords by SMS and email along with captcha support. In addition, the SecTrail HotSpot module provides ID verification necessary for wired and wireless network guest access with full audit trail to comply with Turkish legal requirements under Law #5651. Most widely used OTP and 2FA solution SecTrail is the most widely used OTP and 2FA solution across Turkey and our customers include the 40 largest banks and financial institutions"“SecTrail is the most widely used OTP and 2FA solution across Turkey and our customers include the 40 largest banks and financial institutions along with other regional customers,” explains Kenan Bilgiç, corporate communications and marketing specialist for BNTPRO. BNTPRO, a Pulse Secure Premier partner and winner of support partner of the year in 2017, has built a reputation across Turkey for its technical expertise and deep understanding of security best practice. Local customers include HSBC, Finansbank, Borusan Telekom, Turkcell and IBM amongst a growing list of national and international clients. “We have worked closely, first with Juniper Networks, and then Pulse Secure for over a decade and are now the single largest partner for Pulse Secure across Turkey,” says Bilgiç. “With this new Technical Alliance Partnership, we strengthen our relationship so our development teams can work closely together to deliver the highest levels of compatibility between our products, ensuring security and ongoing support for customers of our jointly marketed solution.” Authentication support for SAML 2.0 Pulse Connect Secure is available as both hardware and virtualised appliances and includes key features such as clientless accessPulse Secure Connect Secure is a pioneer in the VPN space and is used by 40 of the Fortune 50 companies with over 18 million endpoints secured. Pulse Connect Secure is available as both hardware and virtualised appliances and includes key features such as clientless access, group policy for seamless integration with directory services and strong authentication support for SAML 2.0, PKI, IAM and digital certificates. “Pulse Secure and BNTPRO have enjoyed a successful long-term relationship along with many joint customers across the region,” says Paul Donovan, VP EMEA for Pulse Secure. “At a technical level, we continue to jointly test and certify our products with each other and there is constant communication between our respective developers to ensure that our combined solutions provide the reliability and features that our customers expect. With this new agreement, we will ensure that this partnership continues to grow to serve Turkey and new customers across the region.” Pulse Secure and BNTPRO will be running several joint marketing initiatives including events and seminars during Q1 of 2019 to educate customers about the benefits of the combined solution.
Created more than 20 years ago, the French firm COSSILYS21 offers intelligent video-protection solutions. It equips major national banks, numerous regional banks, as well as shops. The COSSILYS21 firm is nowadays a reference in the banking sector. COSSILYS21 and FOXSTREAM have established a strong partnership for several years. When Mister Alain Ghaye, CEO and main shareholder of COSSILYS21, decided to hand over its firm to retire, the idea of bringing closer the two firms naturally made its way. This project was carried out in cooperation with the Managing Director of COSSILYS21, Mister François Bureau, entirely associated in this take-over project. Dealing with technological challenges The skills of these two teams represent a powerful asset to deal with tomorrow’s technological challenges, the Cloud, deep learning, cybersecurity"“COSSILYS21 offers a know-how in video manipulation and in the management of server farms. Their offer is strongly complementary to FOXSTREAM’s offer, as our know-how is oriented towards video analysis,” states Jean-Baptiste Ducatez, FOXSTREAM’s CEO. “The skills of these two teams represent a powerful asset to deal with tomorrow’s technological challenges in our market, the Cloud, deep learning, cybersecurity... It is a beautiful human adventure that begins.” “It is a strategic and industrial alliance of two growing companies, both recognised in their sectors,” adds François Bureau, Managing Director of COSSILYS21. “The synergy of both our technologies and our skills will allow our two firms to enhance our clients’ satisfaction. Starting 2019, an ambitious investment plan will reinforce our innovation capacities.” After the purchase of the firm BLUE EYE VIDEO at the end of 2014, FOXSTREAM now acquires COSSILYS21 and confirms its ambition to be a leading actor, strongly present in cutting-edge technologies, on the French and international security and flow management markets.
Genetec Inc., a technology provider of unified security, public safety, operations, and business intelligence solutions announced a new line of off-the-shelf analytics appliances within its Streamvault portfolio. Designed to analyse more camera streams per unit than traditional security appliances, the new devices come pre-loaded with Genetec Security Center and unified analytics modules, reducing the cost and time required to deploy video analytics in new and existing systems. Available immediately through Genetec certified distribution and channel partners, the new Streamvault analytics appliances come in two versions: Model SVA-100, a compact unit ideally suited for retail and banking customers who are looking to anonymise patron/clients identities in service environments, and model SVA-1000E, a rackmount unit designed for customers with high camera counts looking to automate the detection of potential threats or monitor large public spaces while respecting individual privacy. KiwiVision Privacy Protector The new appliances include KiwiVision Intrusion Detector, which detects individuals and objects in sensitive areasTo protect the privacy of people in public spaces, both models come pre-loaded with KiwiVision Privacy Protector, a real-time video anonymisation module that dynamically pixelates individuals within a camera’s field of view. This also maintains an operator’s ability to monitor actions, something that is impossible with static masking. The new appliances also include KiwiVision Intrusion Detector, which detects individuals and objects in sensitive areas, reducing reliance on visual monitoring and helping operators detect threats faster. Specifying a server for video analytics can quickly become a complex process; scene activity, composition, and lighting directly impact how many streams can be analysed by an appliance or a server. Previously, system integrators had to design servers themselves, test performance, and assume any risk associated with underspecifying a solution. Genetec Streamvault analytics appliances remove the uncertainties that come with deploying video analytics on a new or existing system and reduce the cost-per-video stream analysed by optimising appliance components. Not compromising video monitoring The Streamvault SVA-100 and SVA-1000E are designed to handle more streams than a typical video server with an analytics add-onThe Streamvault SVA-100 and SVA-1000E are designed to handle more streams than a typical video server with an analytics add-on. In the latter scenario, the server is not streamlined for analytics processing, but rather for video archiving. The new analytics appliance can be deployed alongside existing servers, ensuring surges in analytics activity do not compromise video monitoring or archiving operations. Once analysed, video and analytics data are then directed to other products in the Streamvault family. “Traditional servers are not adapted to video analytics requirements. When analytics add-ons are installed, they are limited in the number of streams they can analyse and require extensive customisation and configuration before deployment, resulting in higher equipment costs,” said David Grey, Streamvault Product Line Manager. “Streamvault analytics appliances are designed to complement them, allowing each device to focus on tasks they are best suited for. This allows us to deliver a more cost-effective, turnkey solution and decrease the total number of appliances needed for a project,” added Grey.
Timely and important issues in the security marketplace dominated our list of most-clicked-upon articles in 2018. Looking back at the top articles of the year provides a decent summary of how our industry evolved this year, and even offers clues to where we’re headed in 2019. In the world of digital publishing, it’s easy to know what content resonates with the security market: Our readers tell us with their actions; i.e., where they click. Let’s look back at the Top 10 articles we posted in 2018 that generated the most page views. They are listed in order here with a brief excerpt. 1. U.S. President Signs Government Ban on Hikvision and Dahua Video Surveillance The ban on government uses, which takes effect ‘not later than one year after … enactment,’ applies not only to future uses of Dahua and Hikvision equipment but also to legacy installations. The bill calls for an assessment of the current presence of the banned technologies and development of a ‘phase-out plan’ to eliminate the equipment from government uses. 2. Motorola Makes a Splash with Avigilon Video Surveillance Acquisition Early clues point to Motorola positioning Avigilon as part of a broader solution, especially in the municipal/safe cities market. The company says the acquisition will enable more safe cities projects and more public-private partnerships between local communities and law enforcement. Motorola sees Avigilon as ‘a natural extension to global public safety and U.S. federal and military’ applications, according to the company. 3. Impact of Data-Driven Smart Cities on Video Surveillance One of the major areas of technology that is going to shift how we interact with our cities is the Internet of Things (IoT). One benefit will be the ability to use video surveillance to analyse data on large crowds at sporting events The IoT already accounts for swaths of technology and devices operating in the background. However, we’re increasingly seeing these come to the forefront of everyday life, as data becomes increasingly critical. Bosch is highlighting its “Simply. Connected” portfolio of smart city technology to transform security as well as urban mobility, air quality and energy efficiency 4. CES 2018: Security Technologies Influencing the Consumer Electronics Market Familiar players at security shows also have a presence at the Consumer Electronics Show (CES). For example, Bosch is highlighting its “Simply. Connected” portfolio of smart city technology to transform security as well as urban mobility, air quality and energy efficiency. Many consumer technologies on display offer a glimpse of what’s ahead for security. Are Panasonic’s 4K OLEDs with HDR10+ format or Sony’s A8F OLED televisions a preview of the future of security control room monitors? 5. SIA Predicts Top Physical Security Trends for 2018 Traditional security providers will focus more on deepening the customer experience and enhancing convenience and service. The rise of IoT also places an emphasis on cybersecurity, and security dealers will react by seeking manufacturers and technology partners with cyber-hardened network-connected devices. 6. High-Speed Visitor Screening Systems Will Improve Soft Target Security The system is more expensive than a metal detector, but about a third the cost of familiar airport body scanners. Labor reduction (because of faster throughput) can help offset the system costs, but “it’s difficult to quantify the improvement in the visitor experience,” says Mike Ellenbogen, CEO of Evolv Technology. 7. How to Prevent ATM Jackpotting with Physical and Cyber Security A new crime wave is hitting automated teller machines (ATMs); the common banking appliances are being rigged to spit out their entire cash supplies into a criminal’s waiting hands. The crime is called “ATM jackpotting” and has targeted banking machines located in grocery shops, pharmacies and other locations in Taiwan, Europe, Latin America and, in the last several months, the United States. Rough estimates place the total amount of global losses at up to $60 million. The safety and security world bring a complex problem to solve- how to pick out a face in a moving and changing environment and compare it to several faces of interest 8. Why We Need to Look Beyond Technology for Smart City Security Solutions Although technology is necessary for an urban area to transition in to a safe and smart city, technology alone isn’t sufficient. Truly smart cities are savvy cities and that includes how they employ software, sensing, communications and other technologies to meet their needs. 9. How New Video Surveillance Technology Boosts Airport Security and Operations Employing airport security solutions is a complex situation with myriad government, state and local rules and regulations that need to be addressed while ensuring the comfort needs of passengers. Airport security is further challenged with improving and increasing operational efficiencies, as budgets are always an issue. As an example, security and operational data must be easily shared with other airport departments and local agencies such as police, customs, emergency response and airport operations to drive a more proactive approach across the organisation. 10. The Evolution of Facial Recognition from Body-Cams to Video Surveillance The safety and security world bring a complex problem to solve how to pick out a face in a moving and changing environment and compare it to several faces of interest. “One-to-many” facial recognition is a much harder problem to solve.
There’s no denying that cyber-crime is one of the biggest threats facing any organisation with the devastating results they can cause painfully explicit. Highly publicised cases stretching from the US government to digital giant Facebook has made tackling cyber security a necessity for all major organisations. The consequences of breaches have just become more severe, with new GDPR rules meaning any security breach, and resultant data loss, could cost your organisation a fine of up to four per cent of global revenue or up to 20 million euros. Cyber-crime potentially affects every connected network device. In the biggest cyber-crime to date, hackers stole $1 billion from banks around the world, by gaining access to security systems. It’s more important than ever for organisations to be vigilant when it comes to their cyber security strategy. To help avoid becoming the next victim, I’ve put together a five-point cyber plan to protect your video surveillance system. 1. Elimination of default passwords A small change to a memorable, complex password could have huge consequences for your business It is estimated that over 73,000 security cameras are available to view online right now due to default passwords. ‘Password’ and ‘123456’ are among the top five most popular passwords with a staggering 9,000,000 login details matching this description. Guessable passwords create an unsecure security system which can result in an easy way for hackers to gain access to your organisation’s data, making you vulnerable to a breach. A small change to a memorable, complex password could have huge consequences for your business. Removing default passwords from products and software forces individuals to think of their own to keep their data safe. If a password system is not provided by your organisation we recommend that your password uses two or more types of characters (letters, numbers, symbols) and it is changed periodically. 2. Encrypted firmware Encrypting firmware is an important part of any organisations overall security system. Firmware can leave an open door, allowing hackers to access your data. All firmware should be encrypted to reduce the possibilities of it being downloaded from the manufacturers website and deconstructed. If the firmware posted is not encrypted, there is a risk of it being analysed by persons with malicious intent, vulnerabilities being detected, and attacks being made. With i-PRO cameras and recorders, all firmware is securely encrypted to mitigate analysis There have been cases where a device is attacked by firmware vulnerabilities even if there are no problems with the user's settings, rendering it inoperable, and DDoS attacks being made on other servers via the device. With i-PRO cameras and recorders, all firmware is securely encrypted to mitigate analysis. There is also a possibility of being attracted to spoofing sites by targeted attack email and firmware being updated with a version that includes a virus, so firmware must always be downloaded from the vendor's page. It may also be advantageous to combine this with an imbedded Linux operating system which removes all unused features of the device, it can help to reduce the chances of malicious entities searching for backdoor entities and inserting codes. 3. Removing vulnerabilities within the operating systems Vulnerability is the name given for a functional behaviour of a product or online service that violates an implicit or explicit security policy. Vulnerabilities can occur for a number of reasons for example, due to an omission in logic, coding errors or a process failure. Network attacks exploit vulnerabilities in software coding that maybe unknown to you and the equipment provider. The vulnerability can be exploited by hackers before the vendor becomes aware. You should seek to minimise these issues by looking for a secure operating system which is regularly updated. Panasonic has developed Secure Communications, a platform and package to protect against video tampering, altering, spoofing and snooping As a provider of security solutions, Panasonic is taking a number of steps to ensure its consumers remain safe and secure. We have developed Secure Communications, a platform and package to protect against video tampering, altering, spoofing and snooping. We have combined with a leading provider of highly reliable certificates and technology for detecting and analysing cyber-attacks with its own in-house embedded cryptography technology, to provide a highly secure and robust protection layer for its embedded surveillance products. 4. Avoiding remote login using Telnet or FTP Telnet and FTP are a very outdated source of software which as a result means they lack built-in security measures Telnet and FTP are a very outdated source of software which as a result means they lack built-in security measures. File transfer protocol or transfer through cloud-based services means the files and passwords are not encrypted and can therefore be easily intercepted by hackers. An encrypted software removes the risk of files being sent to the wrong person or forwarded on without your knowledge. Telnet predates FTP and as a result is even less secure. Hyper Transfer Protocol Secure is a protocol to make secure communications by HTTP, and it makes HTTP communications on secure connections provided by SSL/TLS protocols. The major benefits of using this system is that HTTPS and VPN encrypt the communications path, so data after communications is decrypted and recorded. If recorded data is leaked, it will be in a state where it can be viewed. With data encryption, however, it remains secure and can even be recoded to storage. Thus, even if the hard drive or SD card is stolen or data on the cloud is leaked, data cannot be viewed. 5. Use of digital certificates Private and public keys are generated at manufacture in the factory and certificates installed at the factoryDigital certificates are intended to safely store the public key and the owner information of the private key it is paired with. It provides assurance that the accredited data from a third party is true and that the data is not falsified. It is beneficial for all data to be encrypted with digital certificates. Digital certificates are far safer when issued by a third party rather than creating a self-signed version unless you are 100 percent sure of the receiver identity. From April 2016, some models of Panasonic series iPro cameras come with preinstalled certificates to reduce the risk of interception and the hassle of having to create one. With i-PRO cameras with Secure function, private and public keys are generated at manufacture in the factory and certificates installed at the factory. As there is no way to obtain the private key from the camera externally, there is no risk of the private key being leaked. Also, certificates are signed by a trusted third party, and the private key used for signing is managed strictly by the authority. In addition, encryption has been cleverly implemented to reduce the usual overhead on the IP stream from 20% to 2%.
Small business owners work hard. They are often the first ones there in the morning and the last to leave at night. Even then, they likely bring their work home with them. During that time, everything they do is aimed at making their business as successful as possible. Because of this, many business owners don’t take vacations, and if they do, they spend a lot of time worrying about their business while they’re away. In both cases, the potential for burnout is tremendously high. The primary concern for these individuals is loss, whether from theft, waste, vandalism or other causes. Depending on the degree of the loss, it can have a devastating effect on small business. Therefore, professional security solutions must be top of mind for these businesses. Small business owners can take advantage of advanced technology that can help them work smarter, not harder Video surveillance for small businesses One technology that can address loss, the feeling of helplessness that comes from not being on site and more is video surveillance. Sadly, it’s not always on the radar for small business owners, many of whom think video surveillance is very expensive and out of reach. But that couldn’t be farther from the truth. There are high-quality, relatively inexpensive solutions that don’t require much, if any, configuration, allowing an installer to place cameras, run cable, plug cameras into the recorder and use software to get end users up to speed on remote access. Best of all, almost all of these solutions come with a mobile app or other means of accessing video—both live and recorded—remotely from a smartphone or tablet. In a world where our phones have become our lifeline to a lot of information, including email, banking, inventory management and more, a security system simply has to provide this type of access. Given the availability of cost-effective video surveillance solutions and their ease of use, small business owners can take advantage of advanced technology that can help them work smarter, not harder in a few key areas. Video surveillance solutions come with a mobile app for accessing video remotely from a smartphone or tablet Efficient incident monitoring Having a high-quality video surveillance system with proper coverage means that any time an incident or loss occurs, a small business owner can go back and find it on the video and identify exactly what happened. For example, if something goes missing from a retail store, reviewing the video will reveal exactly what happened, when it happened, how it happened and—depending on lighting, camera resolution and field of view—possibly who took it. Video systems can also be valuable from a liability perspective. Slip-and-fall claims are not uncommon, but in many cases they turn out to be false. Thankfully, cameras can provide video that will support or refute a claim. Without video, such incidents could be costly for small businesses. A simple review of recorded videos will solve any mystery and eliminate the potential for a long argument with no evidence Video recording for incident verification Another example would be a customer who claims they were shorted on the change they received from a cashier. Rather than taking the time to count the money in the drawer and reconcile that with receipts, a small business owner could simply review video from a camera placed above the point of sale to determine if the customer’s claim is correct or if they may have been mistaken. This feature can also help alleviate or avoid a potentially awkward or difficult situation when there’s a difference of opinion with a supplier. Say for instance a delivery driver claims he or she brought three cases of product to the back door, but there are only two cases in the stockroom. A simple review of the video that’s been recorded will solve the mystery once and for all and eliminate the potential for a long, drawn-out argument with no evidence one way or the other. Smartphones for remote monitoring It’s natural for small business owners to feel stressed when they’re not at their physical location. After all, they’re the ones who have invested in the business and are responsible for making sure it runs smoothly and profitably from day to day. For small business owners with surveillance systems, vacations can become not only a reality but also the relaxing time they are supposed to be. For small business owners with surveillance systems, vacations can become not only a reality but also the relaxing time Rather than sitting on a beach and worrying about whether the store opened on time or if employees are doing what they’re supposed to be doing, an owner can pull out his or her smartphone, log in to remotely to the video system and know for sure. That peace of mind is invaluable for small business owners. This is also helpful for business owners with multiple locations. Because no one can be in two—or more—places at once, a video surveillance system can provide eyes and in some cases ears at a location, which can be accessed at the click of a button. Video surveillance for training For a small business, it’s imperative that employees follow established policies and that staffing levels are maintained at the most efficient level possible. These are two other areas where video surveillance can help. If a small business owner sees that something isn’t being done properly, whether by a single employee or if the problem is more widespread, he or she can use video for training purposes. They can sit down with the employee or employees to review the video and explain the proper policies and procedures. Conversely, video can be used to demonstrate proper techniques or even to recognise employees for a job well done. From a staffing standpoint, reviewing video could reveal unexpectedly busy or down times Maintaining staffing levels From a staffing standpoint, reviewing video could reveal unexpectedly busy or down times. A business owner can review video from 3 p.m. on a Saturday to see how many customers are in a location and determine the ratio of employees to customers. Looking at a variety of times over a period of weeks or months could help determine optimal staffing levels, which may lead to the decision to increase staffing on Saturday afternoons when a store is busy. This will help improve customer experience and potentially increase sales. Motion detection for accurate access control Cameras can be deployed with motion-detection sensors to alert business owners when someone enters a certain area, whether during or after business hours. In many cases, detected motion can trigger an alert and/or a video clip to be sent to the business owner’s smartphone so they can review and verify whether something is out of the ordinary. These deployments could be set up to monitor a variety of locations, such as an office, safe, doors and other sensitive areas at all times or just during specific hours. If motion is detected during off hours, the business owner can view video and alert police that an unauthorised individual is at their business. Surveillance videos can be used to demonstrate proper techniques or even to recognise employees for a job well done Cybersecure video surveillance systems From a cybersecurity perspective, manufacturers are constantly releasing firmware updates to protect cameras from malware and/or unauthorised intrusion. Once someone has accessed any device, all systems and devices connected to the same network become vulnerable. Updating these devices tends to be an afterthought for small business owners, who may either forget or simply not have the time to do it. So it should come as no surprise that these important updates often go uninstalled. Today’s advanced video systems overcome this obstacle with easy updating, which can be performed by small business owners or installers to ensure constant protection. Other systems are available with auto-updating capabilities, which remove the onus from small business owners completely. Today’s advanced video systems overcome cyberthreats with easy updating Cost-effective surveillance solutions These are just a few of the many benefits video surveillance systems offer small business owners. What’s important to note is that for each to be successful requires having to have the right camera for the right environment. For instance, a camera positioned at the back door of a business has to have wide dynamic range to deal with changing light levels throughout the day. A camera used to monitor transactions must offer high enough resolution to identify bill denominations. Today’s solutions are cost-effective, easy to use and offer the flexibility to monitor operations from anywhere at any time – giving small business owners the power to work smarter, not harder to grow their bottom line.
ISC West in Las Vegas kicked off with a bang on Wednesday, reflecting a healthy physical security industry with an overall upbeat outlook on the future. Driving the optimism is a pending new wave of product innovation, propelled largely by developments in artificial intelligence (AI) and deep learning. Some of that new wave is evident at ISC West, but much of the talk still centres on what’s to come. Attendees flocked to the first day of the show to check out the newest technologies, and they were rewarded with a wide range of innovations. Tempering the optimism are ongoing concerns about ensuring the cybersecurity of IP-based physical security systems. Cybersecurity standards for physical security At least one news announcement is related to cybersecurity at the show: Johnson Controls is the first company to achieve UL (Underwriters Laboratories) certification 2900-2-3 for cybersecurity of life safety and security products and systems for their VideoEdge network video recording platform from American Dynamics. The UL brand ensures that the certification involves a standards-based and scientific approach to evaluating cybersecurity, and that JCI’s certified products meet the requirements. “We were able to be first because we understand issues of cybersecurity, and the UL standard matches very closely to what we have been doing in cybersecurity,” says Will Brown, Senior Engineering Manager, Cyber Protection at Johnson Controls. Tempering the optimism are ongoing concerns about ensuring the cybersecurity of IP-based physical security systems Neil Lakomiak, Director of Business Development and Innovation at Underwriters Laboratories, says relatively few companies have invested sufficiently in cybersecurity, and much of UL’s work in the physical security market is to help manufacturers develop a roadmap to meet cybersecurity goals. “A lot of companies have not invested, but Johnson Controls has,” said Lakomiak. He speculated that it could be some time before another security company achieves the certification; there certainly won’t be a rush of additional companies to do so in the near term, based on the progress he has seen to date, says Lakomiak. “Cybersecurity is a topic that has hit the Board of Directors level,” says Lakomiak. “They are definitely inquiring about it and trying to understand what their posture should be. The leadership teams of companies will be asking a lot of questions.” In terms of cyber-consciousness among the integrator community, Brown estimates about 10 percent are “on board” with the issue. Among the manufacturing community, more than half of the companies are pursuing cybersecurity goals, although the levels of those efforts run a full gamut, says Lakomiak. Vertical markets that are especially cyber-aware are enterprise, government, and critical infrastructure. Financial and retail companies are also coming on board, as well as companies — even small companies — in regulated industries such as utilities Cybersecurity is a topic that has hit the Board of Directors level Cybersecurity in the cloud Another company emphasising cybersecurity at ISC West is access control company Isonas. “What’s really new at the show for us is that we are being very transparent about the levels of cybersecurity we are applying to our cloud software platform and our IP network hardware,” says Rob Lydic, Isonas Global Vice President of Sales. “The levels of complexity we are putting into our cybersecurity, including the fact that we host our software on Amazon web services, ensures a really high level of security. We are taking painstaking efforts to subject ourselves to third-party penetration testing to give us the visibility of what is going on with our cybersecurity — are we actually as cybersecure as we believe?” The answer: “They have come back to us to say we have an amazing strategy for cybersecurity; the surface that is attackable is minuscule, and the complex layers underneath really prevent anybody from hacking the product.”We are being very transparent about the levels of cybersecurity we are applying to our cloud software platform" Lydic says he sees higher levels of awareness about cybersecurity at the show, especially among end users. Several other exhibitors agree. Because edge devices have often been targeted in cybersecurity attacks, they are especially an area of concern. “We’re raising that conversation, saying we are a cloud service provider that uses edge devices, and it is core to us to make sure we have a great cybersecurity profile, so the customer can be assured we are doing what we say we are doing and delivering on those promises,” says Lydic. Awareness is filtering through channel: Isonas is seeing many customers who want to have that cybersecurity conversation at the show. “We have had probably 20 or 30 conversations with end users at the show who want to understand what it means to be in the cloud, to understand how the level of communication is encrypted between devices,” says Lydic. Many end users at ISC West want to understand what it means to be in the cloud Ambitions for growth Successful companies often increase their ISC West booth size as a reflection of their ambition to grow as a company and their success in sales so far. One such company is Paxton Access Inc., which has increased its booth size from a 20x40-foot booth last year to a 30x50-foot space this year. Beyond the show, another reflection of Paxton’s growth is addition of personnel to cover 11 U.S. sales territories that have been newly restructured. New regional sales managers will work with dealers locally. At the show, Paxton is introducing its Net2 Entry Premium monitor, the latest addition to the company’s Net2 Entry line of door entry products. “The show is definitely a great way to promote who we are and what we offer,” says Linda Soriano, Paxton Marketing Communications Coordinator. “It’s great to meet new customers and interact with existing customers, to build new relationships. It’s an opportunity to promote the new things we have going on.” Paxton measures success at ISC West in terms of how many people they interact with at the show. In addition to welcoming booth visitors, the company is signing up attendance at free training through a show promotion. Anyone who signs up for training at the show is entered into a drawing for a $500 Visa gift card and a $1,000 discount off MSRP of Paxton products. Tim Shen, Director of Marketing at Dahua Technology USA, one of the larger exhibitors, says the company is emphasising solutions at ISC West, just one element of the successful international business model they are bringing to the United States.With AI and business analytics in transportation and retail markets, we are letting the market know that we can build solutions" Another topic for Dahua is artificial intelligence. “With AI and business analytics in transportation and retail markets, we are letting the market know that we can build solutions,” he says. Dahua sponsored a keynote address Wednesday on AI, including a presentation from Intel about AI trends. “AI is the future, but what can we use it for now?” asks Shen. “We need to give a very clear strategy of what we think about AI.” Dahua will bring AI cameras and an AI network video recorder to the U.S. market in the second quarter; in effect, they will be testing the water to see how well the AI concept is embraced here. Other new products from Dahua include multi-image and thermal cameras. In the thermal category, Dahua has developed their own chipset to help bring the price down and provide affordable thermal cameras to the U.S. market. Another focus will be e-POE (extended Power over Ethernet), which Dahua sees as a big differentiator. [Main photo credit: Abbey Masciarotte | Larry Anderson]
Cybersecurity talk currently dominates many events in the physical security industry. And it’s about time, given that we are all playing catch-up in a scary cybersecurity environment where threats are constant and constantly evolving. I heard an interesting discussion about cybersecurity recently among consultants attending MercTech4, a conference in Miami hosted by Mercury Security and its OEM partners. The broad-ranging discussion touched on multiple aspects of cybersecurity, including the various roles of end user IT departments, consultants, and integrators. Factors such as training, standardisation and pricing were also addressed as they relate to cybersecurity. Following are some edited excerpts from that discussion. The role of the IT department Pierre Bourgeix of ESI Convergent: Most enterprises usually have the information technology (IT) department at the table [for physical security discussions], and cybersecurity is a component of IT. The main concern for them is how any security product will impact the network environment. The first thing they will say, is “we have to ensure that there is network segmentation to prevent any potential viruses or threats or breaches from coming in.” The main concern for IT departments is how any security product will impact the network environment”They want to make sure that any devices in the environment are secure. Segmentation is good, but it isn’t an end-all. There is no buffer that can be created; these air gaps don’t exist. Cyber is involved in a defensive matter, in terms of what they have to do to protect that environment. IT is more worried about the infrastructure. The role of consultants and specifiers Phil Santore of DVS, division of Ross & Baruzzini: As consultants and engineers, we work with some major banks. They tell us if you bring a new product to the table, it will take two to three months before they will onboard the product, because they will run it through [cybersecurity testing] in their own IT departments. If it’s a large bank, they have an IT team, and there will never be anything we [as consultants] can tell them that they don’t already know. But we all have clients that are not large; they’re museums, or small corporations, or mom-and-pop shops. They may not be as vulnerable from the international threat, but there are still local things they have to be concerned about. It falls on us as consultants to let them know what their problems are. Their IT departments may not be that savvy. We need to at least make them aware and start there. Wael Lahoud of Goldmark Security Consulting: We are seeing more and more organisations having cybersecurity programs in place, at different maturity levels. At the procurement stage, we as consultants must select and specify products that have technology to enable cybersecurity, and not choose products that are outdated or incompatible with cybersecurity controls. We also see, from an access control perspective, a need to address weaknesses in databases. Specifying and having integrators that can harden the databases, not just the network itself, can help. The impact of physical security products on the network environment was a dominant topic at the MercTech4 consultants roundtable discussion The need for standards on cybersecurity Jim Elder of Secured Design: I’d like to know what standards we as specifiers can invoke that will help us ensure that the integrator of record has the credentials, knows what standards apply, and knows how to make sure those standards are maintained in the system. I’m a generalist, and cybersecurity scares the hell out of me.We’re not just talking about access to cameras, we are talking about access to the corporate network and all the bad things that can happen with that. My emphasis would be on standards and compliance with standards in the equipment and technology that is used, and the way it is put in. It can be easier for me, looking at some key points, to be able to determine if the system has been installed in accordance. We are seeing more and more organisations having cybersecurity programs in place, at different maturity levels"I’m taking the position of the enforcement officer, rather than the dictator. It would be much better if there were focused standards that I could put into the specification— I know there are some – that would dictate the processes, not just of manufacturing, but of installation of the product, and the tests you should run accordingly. Pierre Bourgeix: With the Security Industry Association (SIA), we are working right now on a standard that includes analysed scoring on the IT and physical side to identify a technology score, a compliance score, a methodology, and best-of-breed recommendation. Vendor validation would be used to ensure they follow the same process. We have created the model, and we will see what we can do to make it work. Terry Robinette of Sextant: If a standard can be written and it’s a reasonable process, I like the idea of the equipment meeting some standardised format or be able to show that it can withstand the same type of cyber-attack a network switch can withstand. We may not be reinventing the wheel. IT is the most standardised industry you will ever see, and security is the least standardised. But they’re merging. And that will drive standardisation. Jim Elder: I look to Underwriters Laboratory (UL) for a lot of standards. Does the product get that label? I am interested in being able to look at a box on the wall and say, “That meets the standard.” Or some kind of list with check-boxes; if all the boxes are checked I can walk out and know I have good cybersecurity threat management. IT is the most standardised industry you will ever see, and security is the least standardised" The role of training Phil Santore: Before you do any cybersecurity training, you would need to set the level of cybersecurity you are trying to achieve. There are multiple levels from zero to a completely closed network. Wael Lahoud: From an integrator’s perspective, cybersecurity training by the manufacturer of product features would be the place to start – understanding how to partner the database, and the encryption features. We see integrators that know these features are available – they tick the boxes – but they don’t understand what they mean. Cybersecurity is a complex topic, and the risk aspects and maturity levels vary by organisation. That would be a good starting point. The role of integrators Wael Lahoud: Integrators like convenience; less time means more money. So, we see some integrators cut corners. I think it is our role (as consultants) to make sure corners are not cut. If you rely solely on integrators, it will always be the weak password, the bypass. We have seen it from small projects to large government installations. It’s the same again and again. Even having an internal standard within an organisation, there may be no one overseeing that and double-checking. Tools will help, but we are not there at this point. I will leave it up to manufacturers to provide the tools to make it easy for consultants to check, and easier for integrators to use the controls. Cybersecurity is a complex topic, and the risk aspects and maturity levels vary by organisation - so training is very important The impact of pricing Pierre Bourgeix: The race to the cheapest price is a big problem. We have well-intended designs and assessments that define best-of-breed and evaluate what would be necessary to do what the client needs. But once we get to the final point of that being implemented, the customer typically goes to the lowest price – the lowest bidder. That’s the biggest issue. You get what you pay for at the end of the day. With standards, we are trying to get to the point that people realise that not all products are made the same, not all integrators do the same work. We hope that through education of the end user, they can realise that if they change the design, they have to accept the liability.It’s not just the product that’s the weakest link, it’s the whole process from design to securing that product and launching it" The big picture Wael Lahoud: The Windows platform has a lot of vulnerabilities, but we’re still using it, even in banks. So, it’s not just the product that’s the weakest link, it’s the whole process from design to securing that product and launching it. That’s where the cybersecurity program comes into play. There are many vulnerable products in the market, and it’s up to professionals to properly secure these products and to design systems and reduce the risk. Pierre Bourgeix: The access port to get to data is what hackers are looking for. The weakest link is where they go. They want to penetrate through access control to get to databases. The golden ring is the data source, so they can get credentialing, so they can gain access to your active directory, which then gives them permissions to get into your “admin.” Once we get into “admin,” we get to the source of the information. It has nothing to do with gaining access to a door, it has everything to do with data. And that’s happening all the time.
A new crime wave is hitting automated teller machines (ATMs); the common banking appliances are being rigged to spit out their entire cash supplies into a criminal’s waiting hands. The crime is called “ATM jackpotting” and has targeted banking machines located in grocery shops, pharmacies and other locations in Taiwan, Europe, Latin America and, in the last several months, the United States. Rough estimates place the total amount of global losses at up to $60 million. What is jackpotting? ATM jackpotting is a combination of a physical crime and a cyberattack. Typically, a criminal with a fake ID enters a grocery shop or pharmacy posing as an ATM technician, then uses a crowbar to open the top of the ATM – the “top hat” – to gain access to the personal computer that operates the machine. If a legitimate customer approaches the machine in the meantime, it can operate as usual until activated otherwise by the malware Once he or she has access to the PC, they remove the hard drive, disable any anti-virus software, install a malware program, replace the hard drive and then reboot the computer. The whole operation takes about 30 seconds. The malware then enables the thief to remotely control the ATM and direct it to dispense all its cash on command. An accomplice – the “mule” – later approaches the ATM to collect the bounty, as the “technician” remotely directs the machine to dispense all its cash. If a legitimate customer approaches the machine in the meantime, it can operate as usual until activated otherwise by the malware. ATMs in supermarkets and pharmacies tend to be targeted because they may not be as well-protected, and store personnel likely would not know who is authorised to work on the ATM. In contrast, anyone approaching an ATM at a bank location would be more likely to be challenged. Emergence of criminal activity The crime first emerged in the United States several months ago, and the U.S. Secret Service, financial institutions and ATM manufacturers have been scrambling to find a solution. Older ATMs are particularly vulnerable. In some cases, financial institutions have not embraced the highest levels of security offered by ATM manufacturers because of costs, and because previously the crime was not common in the U.S. One estimate is that losses north of $10 million have occurred in the U.S. just in the last couple of months. “There are solutions, and then there are ways to get around the solutions,” says Samir Agarwal, Accelerite’s general manager for security. Hackers remove the hard drive, disable any anti-virus software, install a malware program, replace the hard drive and then reboot the computer ATM protection technology Accelerite is a California-based software company that focuses on the digital enterprise, including hybrid cloud infrastructure, endpoint security, Big Data analytics, and the Internet of Things. Accelerite’s solution to the ATM jackpotting problem is built on the company’s Sentient security framework. Accelerite’s approach to ATM jackpotting is to immediately stop the dispensing of cash when any sign of trouble is detected. The system can track alarms, such as when a “top hat” is opened, when a hard disk is removed, if the antivirus software has been tampered with, and so on. The system can send a notification within 20 seconds that the ATM is being hacked and then automatically shut down the machine. If the bad guy reboots the machine, the system can confirm there was a previous alert and shut it down over and over. “We create multiple lines of defense,” says Agarwal. “The criminal would decide it’s not worth his while and walk away.” The consequences of jackpotting impact every level of the industry, including ATM manufacturers and financial institutions Origins of ATM jackpotting ATM jackpotting originated back in 2010 when Barnaby Jack, a New Zealand hacker and computer expert, demonstrated how he could exploit two ATMs and make them dispense cash on the stage at the Black Hat computer security conference in Las Vegas. Since then, malware has been created and made available on the “Dark Web” that can instruct an ATM to dispense all its cash on demand. Previously ATM jackpotting attacks have focused on more cost-conscious global markets and those likely to use older-model ATMs with fewer security features. Strong U.S. law enforcement also likely prevented criminals from taking the risk – until now. Attacks in the United States have raised awareness. “There is more cognisance of the possibility of bad things happening,” says Agarwal. “This came out of nowhere and had not happened in the past in the United States. This crime is unlike what you hear about hacks or when data is stolen – there’s just money being stolen.” Best practices to prevent an attack However, the consequences impact every level of the industry, including ATM manufacturers and financial institutions. Also, the supermarket and grocery shops that are targeted face additional security challenges, and even consumers could lose confidence in ATMs if they think their personal information could be at risk. There are best practices that can also prevent an attack. For example, an ATM computer could have a “white list” of approved applications and not allow anything to be installed that is not on the list; for instance, no malware. Another approach is to encrypt the disk drive so that a key or certificate is needed in order to install new software. Agarwal notes that solving the challenge of ATM jackpotting illustrates the need to combine both physical and cybersecurity approaches to protect modern companies. “It’s the reality as we move into a more digital world,” he says. “Physical security at that level will be difficult to protect, and you will be depending more on cyber solutions. It’s the direction the world is moving into.”
Saudi Arabia’s National Commercial Bank (NCB) is using IDIS technology for one of the biggest financial surveillance system upgrades ever seen in the region, involving at least 1000 NVRs and over 2500 IP cameras. The bank, which serves over 5.4 million customers and is the second largest in the Arab world, chose an IDIS solution to modernise its security and comply with the latest standards introduced by the Saudi Arabian Monetary Authority (SAMA) and Ministry of Interior. Analogue infrastructure IDIS, which is the largest manufacturer of surveillance technology in South Korea, confirmed that the project involves an upgrade to full HD IP technology across 400 branches and more than 2580 ATMs, to be completed ahead of the 2021 deadline. Solutions provider Almajal G4S was appointed and following a competitive tender process IDIS technology was identified as performing better NCB, also known as AlAhli Bank, needed NVRs that would provide RAID 1 and RAID 5 support, and a solution that would allow integration of both IP and existing analogue infrastructure, and the capability to cost-effectively store video footage for a full year. Solutions provider Almajal G4S was appointed and following a competitive tender process IDIS technology was identified as performing better than alternatives in detailed and rigorous proof-of-concept testing. High level protection The IDIS solution operational benefits at the installation stage as well as in daily operations over the lifetime of the system. “Keys advantages for NCB in choosing an IDIS solution is the technology’s robustness, its resilience against data loss, and high level protection against cyber threats. Using IDIS technology is also ensuring a frictionless migration from existing analogue,” says Ahmad Said, ESS Director at Almajal G4S. Thanks to its hybrid capability, IDIS technology allows analogue and IP cameras to be used together, making the upgrade project easily manageable, with a seamless, staged switch-over. For this mission-critical project, IDIS’s Linux based servers and proprietory protocols also offered the highest level of resistance to hacking, while zero-configuration elminates the need to manage IP addresses for every device, all of which gave NCB the network security assurances they were looking for. Allow efficient maintenance NCB and the associated IDIS solution will be the first to achieve full compliance with the new SAMA standards An important consideration for NCB was IDIS Intelligent Codec which, together with dual H.264/H.265 performance, delivers up to 90% reduction in bandwidth and storage. This gives the bank significant, on-going savings allowing compliance with video data storage rules. It also speeds up recording retrieval and helps to make NCB’s new security system easier and more economical to run, says Harry Kwon, General Manager, IDIS Middle East and Africa. “With the upgrade already proving its value the bank’s central monitoring teams now work more efficiently, with their system providing event forwarding, acknowledgements, notifications and live pop-ups.” Providing the lowest total cost of ownership, the IDIS solution will allow efficient maintenance and simultaneous remote upgrades for multiple devices and gives NCB the assurance of IDIS Ultimate Warranty. The project is due for completion in 2019, NCB and the associated IDIS solution will be the first to achieve full compliance with the new SAMA standards.
March Networks, a global provider of video security and video-based business intelligence, is pleased to announce that one of Qatar’s top banks is deploying the company’s business intelligence software and integrated analytics to improve customer service and operations. The customer is one of six Qatari financial institutions currently using March Networks systems for advanced video surveillance and fraud prevention. The bank is already using an end-to-end March Networks video recording and management solution in all of its Qatari retail banking branches, hundreds of ATMs, and multiple corporate facilities. It is expanding that solution with Searchlight for Banking software to deliver an enhanced customer experience and strengthen its fraud investigation capabilities. Detecting suspicious transactions The software helps banks evaluate and improve customer service using dwell time, queue length and people counting analyticsMarch Networks Searchlight for Banking combines surveillance video with ATM/teller transaction data and analytics to deliver powerful fraud-fighting tools, such as the ability to rapidly detect suspicious transactions and potential cases of ATM skimming. The software also helps banks evaluate and improve customer service using dwell time, queue length and people counting analytics. The bank started using March Networks several years ago to ensure compliance with CCTV legislation first introduced by the Qatari Ministry of Interior (MOI) in 2011. The law mandates that all banks equip their locations with IP video surveillance, record at a minimum 3-megapixel resolution and 20 frames per second, and ensure 120 days of video storage. The bank, which was using an analogue video surveillance system at the time, needed an enterprise-class video solution that could meet the MOI regulation. It was also looking for a solution that offered remote video management, system health monitoring, and the ability to scale easily to accommodate future growth. Command Enterprise video management software March Networks products have proven highly reliable and are able to meet the parameters set by the Qatar Ministry of Interior regulations"When the project went to tender, only the March Networks solution performed to all of the bank’s criteria, said its group safety and security manager. “With the March Networks system, we are able to fully comply with the law. The usability and health monitoring features of the Command Enterprise video management software are also excellent, enabling us to investigate and resolve potential system issues before they become critical.” According to ISC Group Gulf, a systems integrator in Qatar with a specialised focus and expertise in the banking sector, the March Networks solution is the best choice for banks in the region. “March Networks products have proven highly reliable and are able to meet – and often exceed – the parameters set by the Qatar Ministry of Interior regulations, as our organisation has seen in our work with most of the country’s major financial brands,” said Cristian Ivan Nicolae, Project Manager, ISC Group Gulf. CCTV products for banking environments We are fortunate to be working with ISC Group Gulf, a systems integrator with a deep understanding of the video requirements of Qatari banks"“In addition, March Networks offers the sole CCTV products in Qatar purpose-built for banking environments, which means you are getting a secure, highly-professional solution that is easy to scale in complexity.” “We are proud of our long-standing partnership with this Qatari bank. It is a leader in the use of innovative video technologies, and clearly understands the value intelligent video offers to its organisation,” said Trevor Sinden, Director, Middle East and Africa Sales, March Networks. “We are also fortunate to be working with ISC Group Gulf, a systems integrator with a deep understanding of the video requirements of Qatari banks.” March Networks will showcase its security and business intelligence solution for banks, as well as its complete enterprise video portfolio, in Stand S1-J42 at Intersec 2019, January 20-22 in Dubai, UAE.
Retail banking combines a demand for high security with complex workflows. Staff need efficient access. Facility managers need the flexibility to design access permissions around individual needs, so not everyone can access every area whenever they choose. Nobody wants to carry or track large numbers of keys. These were the requirements, managers of Creval — a regional bank in Italy — faced when seeking an alternative to a mechanical master-key system. Creval needed new access control devices to become an integral part of a security system for assets and people with the highest level of protection. They sought locks to offer a durable, secure and flexible alternative to standard mechanical security. They found an easy, electronic way to administer a powerful, user-friendly system based on battery-powered physical keys and secure, advanced microelectronics. Flexible high-security locking Staff carry a single, battery-powered eCLIQ key, programmed with only the right preauthorised access permissionsCreval chose eCLIQ key-based wireless access control for its banking premises. Bank doors across the Lombardy region are guarded by more than 30 durable eCLIQ cylinders, putting Creval managers in complete control of entrance security. eCLIQ is a scalable electronic extension of the CLIQ access control system deployed in critical infrastructure sites across Europe. Cylinders are fully electronic, protected against manipulation and with 128-bit AES encryption built into both lock and key microelectronics. Staff carry a single, battery-powered eCLIQ key, programmed with only the right preauthorised access permissions. Time-limited access rights Creval’s security manager is now able to grant access based on scheduled times and specific doors, and right down to the level of the individual site user. It is also straightforward to set time-limited access rights for a user key, increasing security if a key is lost. Audit trails and event logs are collected to the same, fine-grained degree. Key management is easy with software operated from a local PC or securely on the web via a standard browser. In the unlikely event a key is misplaced, Creval administrators simply delete its validity from the system. “We are satisfied with the results of the new access control system,” says Claudio Brisia, Logical Security Manager at Creval headquarters in Sondrio.
Surveon Technology, the complete megapixel solutions provider, announces that one of the banks in Bangladesh has adopted Surveon end-to-end solutions. With Surveon Avatar Failover, which supports the system to continuously record through collaborative NVRs, the bank can easily secure the assets of its clients and ensure the safety for all people in every aspect. To avoid any confidential video loss, the bank needed dual copies of recording videos for all time, even if one of NVRs fails. Surveon provides total 14 CAM4471HEV, including two spare cameras and 12 cameras for recording, its videos will be saved in 2 NVR7316A1 simultaneously, providing dual video copies for the bank, ensuring 0% loss with valuable data. Non-stop recording To prevent any dispute between bank and customers, the bank required the solution provides sufficient reliability for 24/7 recording, once the conflicts happened, the evidences like videos can assist the investigation. The bank has adopted Surveon Avatar Failover, which supports mutual failover among NVRs and is composed by 2 sets of NVR7316A1 + JBOD, each NVR7316A1 is with 12 recording licenses and 12 failover licenses.When disaster happened, the failover NVR can not only take over the recording work of protected NVR but also clone the original settings of it When disaster happened, the failover NVR can not only take over the recording work of protected NVR but also clone the original settings of it, making itself become an avatar of protected NVR, realising non-stop recording for 24/7. Any parts fail will make the system to stop recording, especially hard disks. Different protection levels The bank asked the system to well operate even if hard disks fail. Surveon RAID + Spare volume gives the bank a hot-spare that is ready to synchronise data immediately should a hard disk fail. If a hard disk fails, the data will start to synchronise with the spare, giving the bank enough time to replace the failed hard disk after being notified. NVR7300 Series provides different protection levels with RAID1, 5, 6, 1+Spare, 5+Spare, 6+Spare options, and the bank choose to backup its valuable videos with RAID6+Spare mode whether in normal or failover recording. "From camera, NVR, JBOD to VMS, Surveon total solutions always support Navana to win clients' heart. The unique Avatar Failover keeps bank's confidential videos and data in safe, making our customer very satisfied with the result." said Navana InterLinks, the major partner of Surveon in Bangladesh.
We all assume, in fact expect, a bank to be secure. The major challenge: the customers should not notice the actually highly complex security equipment. As they definitely should not have the feeling of being watched. Apart from Regiobank Solothurn being our house bank, the collaboration between the bank and Siaxma has already extended over ten years. With the new building in Zuchwil, there was the opportunity for the first time to plan and install a totally digital system All the branches have the video surveillance equipment which is controlled at a computer workstation at the Solothurn headquarters, where the data is analysed too. The access control was added gradually and is initially being used in Biberist and Zuchwil. With the new building in Zuchwil, there was the opportunity for the first time to plan and install a totally digital system. This includes access control, door management, video surveillance, a burglar alarm system and alarm management – all from one source. This was one of the requirements the Regiobank specified. Authorisation using one badge Digital access control has one major advantage for all users: they can enter all the buildings and rooms they have authorisation for with just one badge. These badges are issued and managed at the Solothurn headquarters. Mechanical keys have largely disappeared from everyday business at the Zuchwil and Biberist branches. The administrator can change or extend the access rights in comfort at their PC workstation. Saves cost for additional licenses Using their personal badge, customers can now use the lift to the basement, on their own or accompanied, and open their boxHow do customers get to their deposit boxes now? Keys are also a thing of the past here. Customers report to the desk where the bank employee then authorises them with access to the vault for one whole day. Using their personal badge, they can now use the lift to the basement, on their own or accompanied, and open their box. So that the Regionbank does not have to release and pay for hundreds of additional licences, we manage the vault in the system like a client. This means: one license with as many users as you like. Advantages for the end user: Centralised administration with customised issuing of rights by user, building, day and time frame One system for all locations Clear responsibilities Traceability
Located in Moscow, the International Investment Bank (IIB) is an inter-state organisation which promotes economic and social development among members, including Hungary, the Republic of Bulgaria, the Socialist Republic of Vietnam, the Republic of Cuba, Mongolia, the Russian Federation, Romania, the Slovak Republic and the Czech Republic. Following a review of security in 2015 the bank’s senior management identified a need to rationalise and expand their video surveillance capability. A staged solution was sought that would allow them to manage the process in easy steps. AVIX recommended a seamless, integrated solution using IDIS technology, including cameras, peripheral switching devices and recorders. The IDIS solution would be easy and cost effective to install and would allow efficient, staged replacement of all existing video infrastructure. Corresponding passwords At the heart of the new system is IDIS DirectIP which makes set-up and launch incredibly simple by utilising zero configuration technology for the implicit pairing of devices. This eliminates the need for installers to manage multiple IP addresses that can often lead to human factors leading to weaknesses in network security, such as saved IP device names and corresponding passwords in spreadsheets. Robust network security is also assured through embedded IDIS proprietary protocols not familiar to hackers Robust network security is also assured through embedded IDIS proprietary protocols not familiar to hackers. IDIS NVRs also force installers to implement an encrypted password as well as recommending two-factor authentication. Importantly, for IIB at no point thereafter can IDIS access any NVR, dispelling the bank’s concern of any ‘back doors’ that could present a potential network security breach. Various bank premises A range of specialist IDIS cameras now protects the various bank premises, including DC-T1833WHR 8MP external bullet cameras and full HD DC-T3233HRX units giving crisp real-time views of immediate street surroundings. These cameras come with built in IR LEDs, making them ideal for covering extensive perimeter areas in all lighting conditions. The external cameras feature IDIS Intelligent Codec, which can save up to 90% of disk space and network bandwidth. Crucially, they are also fitted with a 2TB memory card so that should a camera be disconnected from its NVR, the camera’s SD card instantly begins recording and automatically transfers the data to the NVR after recovery, leaving no incident unrecorded. The bank’s existing video system had been built up gradually over time and now included equipment and software from various manufacturers. Integrated solution This piecemeal approach had resulted in problems of compatibility, which hampered further expansion, and had also brought with it the disadvantage of costly licence update requirements with different suppliers. To solve this problem, Russian security solutions distributor AVIX, was asked to deliver a robust, high quality integrated solution using IP technology from a single manufacturer than would allow the bank to scale and adapt the system to meet its future security needs. Internal areas are fitted with a range of IDIS 2MP motorised IR dome cameras connected to an DR-6232P NVR In addition, for efficient operation in winter weather conditions, these vandal proof units incorporate energy-saving heaters that do not require an additional external power supply. Internal areas are fitted with a range of IDIS 2MP motorised IR dome cameras connected to an DR-6232P NVR that allows the connection of up to 32 12MP cameras to perform simultaneous recording and play back. Trouble free operation The system also utilises IDIS rack mounted eSATA storage and PoE switches to ensure real-time monitoring from remote sites during peak loads across the network. The International Development Bank’s new surveillance system is now less complex, less costly and much more powerful than the old technology it replaces. The system is managed through the cost and license free IDIS Center video management software providing a simple and effective interface for operators. “It was definitely the right decision to move away from a complex system, based on equipment from multiple manufacturers. Our security operation now benefits from the latest advances in video technology and the assurance of affordable, trouble free operation into the future as well as robust network security that is absolutely paramount in the banking sector.” Aleksandr Funk, Head of Technical Protection Department, The Investment Development Bank. Now, as the bank’s security needs change, the surveillance system will be easy to adapt and expand, taking advantage of continual video advances from IDIS.