Business security systems
KnowBe4, a provider of security awareness training (SAT) and simulated phishing platform, has announced the acquisition of CLTRe - pronounced “Culture”- a Norwegian company focused on helping organisations assess, build, maintain and measure a strong security posture. CLTRe will continue to operate as an independent subsidiary of KnowBe4, and service customers globally. CLTRe’s Toolkit and Security Culture Framework will be available to all KnowBe4 customers later this year. C...
Integrated security manufacturer TDSi is proud to announce the launch of the latest enhanced version of its new GARDiS software. GARDiS Version 1.1 provides extra functionality and support for installers and end users. Tina Baker, Software Development Manager at TDSi commented, “The latest version of the GARDiS software adds considerable additions to the platform. These include Multiple Access Levels per person, an Office Mode (featuring a Double Tap) and the facility to import people det...
Vintra, a maker of video analytics powered by machine learning and artificial intelligence, announces an integration with Genetec Inc., unified security, public safety, operations and business intelligence solutions. Genetec customers can now benefit from FulcrumAI, Vintra’s deep learning video analytics solution integrated with Genetec Security Center to deliver real-time, total-environment intelligence from any camera source, fixed or mobile. Vintra has built its proprietary deep learni...
Deploying security robots at a company is about more than providing and programming the hardware. There is also an element of “change management” involved in smoothing the way for robots to play a security role working side-by-side with human counterparts. Rising popularity of security robots As security robots increase in popularity, more companies are adapting to such cultural challenges "As security robots increase in popularity, more companies are adapting to such cultural cha...
Cloud Security Alliance (CSA), globally renowned organisation dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, and AlgoSec, global provider of business-driven network and cloud security management solutions, has announced the results of a new study titled, ‘Cloud Security Complexity: Challenges in Managing Security in Native Cloud, Hybrid and Multi-Cloud Environments.’ Complexities of cloud securityThe survey of secur...
Aqua Security, global platform provider for securing container-based and cloud native applications, has announced that Aqua Cloud Native Security Platform (CSP) has attained VMware Partner Ready status for PKS. The validation of Aqua’s CSP validates that the solution has been tested and verified to interoperate with VMware Enterprise PKS, and can fully manage and secure workloads running on VMware Enterprise PKS. Cloud Native Security Platform We are pleased that Aqua Security has valida...
ExtraHop, provider of enterprise cyber analytics from the inside out, has announced the new ExtraHop Panorama Partner Program. The Panorama Program is designed to enable global channel partners to accelerate the adoption and integration of network traffic analysis (NTA) to help enterprise customers modernise their security operations. Panorama Partner Program Fueled by 10x growth in cybersecurity, ExtraHop is expanding its global channel program by working with global resellers, distributers, managed services, and integration partners with deep domain expertise in the international security market. The new Panorama Partner Program supports these channel partners with industry-leading accreditation that provides the foundational knowledge and tools to accelerate integration of NTA into security operations. The accreditation program also offers partner sales engineers a deeper technical view of the ExtraHop solutions, including demos, key use cases and competitive differentiation. Through the program, partners can leverage the robust integrations offered by ExtraHop In addition to partner accreditation, the new partner portal provides easy access to just-in-time (JIT) sales and training materials that help ExtraHop partners rapidly identify use cases and fast-track solutions specially tailormade for their customers. The Panorama Partner Program also makes it easier than ever for channel partners to pair ExtraHop with industry leading technology solutions. Through the program, partners can leverage the robust integrations offered by ExtraHop with products including ServiceNow, IBM QRadar, and Splunk to provide their enterprise customers with full detection, investigation, and remediation capabilities. AWS CPPO program Through the Panorama Program, partners also have the ability to deliver full cloud solutions using the AWS Consulting Partner Private Offer (CPPO) program. Through the AWS Consulting Partner Private Offer program, ExtraHop brings together sophisticated analytics, machine learning and threat investigation capabilities from Reveal(x), world-class security services and program development from channel partners to deliver best of breed cybersecurity for AWS customers. ExtraHop partners with leading organisations around the globe including Allentis, AppCentrix, Epicon, GuidePoint Security, KedronUK, Kite, Macnica, Miel, Optiv Security, Presidio and Trace3. “As the demand for ExtraHop Reveal(x) continues to expand, we look to the leading channel partners to support our rapid growth around the world,” said Mark Fitzmaurice, Vice President of Global Channel Sales, ExtraHop. “We depend on our partners to deliver the visibility, speed, and scale enterprise security teams need to rise above the noise of the endless traffic required for digital business. The Panorama Partner Program is designed to make our partners highly effective and more profitable based on their investments in ExtraHop.” What partners are saying: The ExtraHop Panorama Partner Program offers an enterprise-class approach to help our customers gain more visibility" "At Kedron, we take pride in offering our customers a seamless experience with the best technology for their environment," said Roland Stigwood, Managing Director and Owner, Kedron UK. "The ExtraHop Panorama Partner Program offers an enterprise-class approach to help our customers gain more visibility across the complex, hybrid IT environments of today.” “Kite Distribution specialises in bringing disruptive technologies to the UK channel, with the goal of driving incremental value for our customers,” said Kip Tumber, Director for Kite Distribution. “As one of the fastest growing distributors in the UK, we look for vendors that align to our own growth ambitions. ExtraHop is a leader in the real-time data analytics sector and provides valuable insights to IT security teams. Their Panorama Partner Program also demonstrates ExtraHop are fully committed to working collaboratively with the channel. Our joint early successes, reseller recruitment, and pipeline generation point to a strong successful partnership.” ExtraHop also offers partners a Sales Academy and an Accreditation Program to provide advanced knowledge and tools.
Ping Identity, the pioneer in Identity Defined Security, announced a cloud-based multi-factor authentication (MFA) and single sign-on (SSO) bundle, delivering security from identity-based attacks. Available today for a free 30-day trial, customers can protect applications, data and employees from pervasive security threats centred around phishing attacks, stolen credentials, and more. Organisations want ease of use, fast integrations and the ability to easily grow without needing to switch vendors as they mature. Ping’s cloud MFA and SSO bundle directly addresses this market need, with more than 2.5 million unique monthly users for the cloud MFA solution alone. The solution joins the rest of Ping’s product portfolio, which is used by more than 50% of the Fortune 100 and secures over two billion identities globally across the Ping customer base. Additional security for sensitive resources It’s equally important for customers to implement additional security for sensitive resources, high-value transactionsIdentity has become the most common vulnerability that hackers seek to exploit. While single sign-on solutions remain a high priority to increase user productivity and enterprise security, the surface area for cyber threats has expanded and attack methods have evolved. With these considerations, it’s equally important for customers to implement additional security for sensitive resources, high-value transactions and other elevated risk scenarios using multi-factor authentication. In Ping’s 2018 State of Enterprise IT Infrastructure & Security survey, it was revealed that 90% of respondents trust MFA as an effective security control to protect identity data in public clouds, yet only 60% of organisations have formally adopted it. The MFA and SSO bundle is specifically designed to help overcome these inherent challenges in MFA adoption by minimising associated burdens, while also providing seamless end user experiences and best-in-class solutions. Advanced features at an affordable price Ping’s new cloud MFA and SSO bundle helps enable fast and seamless integration of MFA for enterprises. Customers can benefit from the following features and functionality: Effortless integration: Integrations take place rapidly, making the transition seamless with existing infrastructures. Straightforward administration: With a centralised console and multiple self-service options, administration is easier than ever. Advanced access policies: Contextual policies—typically only found in the premium, high-priced MFA solutions in the market—grant administrators flexibility to help balance security and convenience for end users. Covering for many popular use cases: The cloud MFA and SSO bundle was built for easy deployment across popular use cases, including SaaS, cloud apps, VPN, Microsoft Azure, and more. Strongest security for enterprises “Ping Identity is committed to providing the strongest security possible for enterprises. The cloud MFA and SSO bundle delivers on this promise, while also maintaining a high-value user experience,” said Andre Durand, CEO, Ping Identity. “Organisations can benefit from the streamlined adoption process, pain-free management and cost-effective model, as it addresses the growing necessity for strong MFA and SSO.”
Digitalisation technologies promise great improvements in an enormous variety of logistics processes. German manufacturer Dallmeier is particularly well positioned for the combination of systems from video technology, sensor systems, data management and intelligent use of elements of AI. At transport logistic 2019 in Munich, from June 4-7, 2019, Dallmeier will present a broad portfolio of solutions especially for customers in general cargo logistics at Stand 620, Hall A3. Dallmeier's customer base also includes the very largest logistics corporations. Logistics management systems The German manufacturer Dallmeier can look back on more than 35 years of experience in the development of cameras, recording systems and software. Solutions for customers in the logistics sector represent a primary focus of the company's corporate strategy. The portfolio includes systems for protecting property, entrance and exit areas, claims management, yard management, and a broad range of logistics management systems from real-time localisation of unit goods up to automatic volume calculation. A very recent development is their cooperation with the SAP integrator T.CON A very recent development is their cooperation with the SAP integrator T.CON. The solutions developed jointly by the two companies enable the transmission of a wide variety of valuable business data straight from video systems into SAP ERP systems and address major challenges in the supply chain, HR and compliance area. SAP standard objects To date, the cooperation between Dallmeier and T.CON has produced two solutions for the supply chain area: The ‘Digital Gate’ automates vehicle registration and consignment notes management with a self-service portal running on SAP Fiori. The system recognises vehicle classes, registration numbers, ID numbers and hazardous substance categories. Depending on the requirement, the system can be integrated in yard management and hazardous substance handling functions. The freight data in SAP is supplemented with the optically acquired data using SAP standard objects. Accordingly, it can be integrated directly in SAP TM or LE-TRA (ECC 6.0). The ‘unit good measurement’ solution enable freight items to be measured and weighed automatically by video systems and wireless weighing forks, and the data can be integrated in SAP EWM or WM. Perimeter protection The many advantages of this innovation range from the optimal use of load capacities to plausibility checks and up to coordinated warehouse storage and retrieval strategies. For perimeter protection, Dallmeier combines its patented Panomera® camera technology with a two-tier object classification system using neural networks. This places customers in the position of being able to reduce the number of false alarms to practically zero This places customers in the position of being able to reduce the number of false alarms to practically zero. At the same time, the role of the cameras is changed so not only do they function as a verification system, they can also assume most of the responsibility for incident detection, and consequently fewer systems are needed to guarantee effective perimeter protection. Optimised vehicle control The combination of the Dallmeier video technology and the proprietary, modular process management software with a sensor system offers logistics companies very many advantages. Most significant among these are systems for real-time localisation of unit goods, permanently solving the problem of misplaced or lost packages, which in many medium-size firms happens to between five and ten percent of all items handled every day. With the Dallmeier system, the position of every package is known from the moment it is received until the moment it is shipped. A similar system also enables uninterrupted package tracking for large logistics businesses and privacy-compliant theft investigation among other capabilities. Other solutions on display at the Dallmeier stand are concerned with optimising the efficiency of all kinds of processes, such as improved yard management and optimised vehicle control, e.g., through the display of loading levels, automatic gate assignment or even optimised claims management.
Ping Identity, globally renowned identity defined security solutions provider, has announced its upcoming webinars and speaking engagements for the month of May, which will touch on topics ranging from zero trust to Artificial Intelligence and machine learning in API security. Enabling enterprise with IAM The webinar will provide a tour of PingOne for customers, Ping's cloud-delivered customer identity platform Ping’s very own Dustin Maxey, director of product marketing, and Zach Collier, product manager of developer experience will co-present at the Ping Identity Webinar webinar on May 14 at 11am MST. The webinar will provide a tour of PingOne for customers, Ping's cloud-delivered customer identity platform. Participants will learn how to enable their teams with secure customer IAM, facilitate their transition to the cloud with on-premises coexistence, and model existing identity architecture in the cloud – all while driving positive user experiences. A second session will run on May 15 at 2pm BST for Europe. Role of AI in detecting exploits Francois Lascelles, field CTO will present “Hacker vs AI” on May 15 at Austin, Texas, 11:10 am CDT. This presentation will explain how traditional API security is not bullet-proof, review recent API vulnerability examples, and discuss the role of AI and implicit security in detecting and stopping exploits of these specific vulnerabilities. On May 15, Richard Bird, chief customer information officer will join the panel “Placing Identity at the Center of Security Designs & Models” at 11am CEST in Munich, Germany. The panelists will discuss what it means to have identity at the center of security infrastructure. API Security, AI and cybersecurity Joe Zanini, solutions architect will present 'Secure Customer Access: The Role of ML and API Security' on May 16 At 3:30pm CEST on the same day, Loren Russon, vice president, product development will present “At the Intersection of API Security, cybersecurity and IAM: The Next Wave of intelligent solutions.” This session will focus on some of Ping Identity’s innovative technologies that intersect IAM, API and cyber security practices, and how modern solutions are leveraging AI and machine learning. Joe Zanini, solutions architect will present “Secure Customer Access: The Role of ML and API Security” on May 16 at 5pm CEST. In his session, Joe will cover the most common types of API attacks, how to secure customer data, how machine learning can defend against API attacks, and more. How to architect API Security Ping Identity’s Baber Amin and Francois Lascelles will co-present on how you can use the principles of Zero Trust in the context of API security on May 30 at the Ping Identity Webinar. The duo will share why API security and Zero Trust are more relevant than ever, best practices to architect API security for Zero Trust, AI-based tools that provide visibility for when your APIs are under attack, and lastly what you can do to mitigate ongoing and emerging threats against your APIs. A second session will run on June 4 at 2pm BST for Europe.
Digital Defense, Inc., global security technology and solutions provider, has announced that president and CEO, Larry Hurtado, has been selected as one of QuantumShift’s Top Entrepreneurs in America for 2019 by KPMG LLP’s Private Markets Group and the University of Michigan’s Ross School of Business. QuantumShift draws an impressive class of founders, owners and CEOs of private, high growth U.S.-based companies to boost their development through an intensive, five-day learning, networking and collaboration program featuring sessions with Ross School of Business faculty and talented industry professionals. Cybersecurity experts I’m blessed to be surrounded by some of the most talented cybersecurity and IT talent on the planet" “I’m blessed to be surrounded by some of the most talented cybersecurity and IT talent on the planet, that added to the fact we have industry leading technology and products, makes my role infinitely easier,” said Hurtado. "I’m always continuing to learn from my staff, my peers, my family and friends and looking forward to being among and gaining knowledge from the other top entrepreneurs at Michigan’s Ross School of Business.” Hurtado and Digital Defense were selected to be part of the QuantumShift 2019 class by the Michigan Ross QuantumShift Admissions Committee having demonstrated a strong track record for revenue growth and future growth potential. This collaborative project between KPMG LLP’s Private Markets Group – the U.S. audit, tax and advisory firm – and the University Of Michigan’s Ross School of Business offers CEOs access to an exclusive peer-to-peer Fellows Network focused on ongoing problem solving, development and mentorship in addition to the intensive program. Data security solutions veteran The QuantumShift program recognises the achievements of high-growth entrepreneurs who are at the top" “We are thrilled that Larry Hurtado from Digital Defence is part of a select group of entrepreneurs selected to complete the 2019 QuantumShift program,” said Brian Hughes, National Leader, KPMG LLP’s Private Markets Group. “We welcome him into this exclusive fellowship of high-growth business leaders and believe the week-long program at the University of Michigan will have a long-lasting positive impact on the participating founders and CEOs, and the companies they lead.” “The QuantumShift program recognises the achievements of high-growth entrepreneurs who are at the top of their game, and helps them lay a groundwork for the future,” said Stewart Thornhill, executive director of the Zell Lurie Institute at the University of Michigan’s Ross School of Business. “We’re looking forward to working with Larry and Digital Defense, and we are excited to see what they accomplish.”
Matrix ETERNITY NENX is a small yet powerful phone system for small businesses, offering advanced features and functionalities as available with enterprise grade IP-PBXs. Based on modular architecture and state-of-the-art design, ETERNITY NENX provides connectivity to CO (FXO), GSM/3G and VOIP networks from a single platform. Range of phone options such as Analogue, IP and Mobile extensions provides flexibility to communicate from anywhere and at any time. Furthermore, ETERNITY NENX offers integrated voicemail system, multiple auto-attendants and web based remote management. Built-in resources The Built-in Resources of the ETERNITY NENX are: 50 IP Users 8 VOIP Trunks 8 IP to TDM Calls 25 IP to IP Calls 6 Party Conferencing 8 Video Calls 4 Voice Mail Channels (Optional) 2 GSM/3G Ports (Optional)
The industry faces numerous challenges in the coming year. Physical and cyber security threats continue to become more complex, and organisations are struggling to manage both physical and digital credentials as well as a rapidly growing number of connected endpoints in the Internet of Things (IoT). We are witnessing the collision of the enterprise with the IoT, and organisations now must establish trust and validate the identity of people as well as ‘things’ in an environment of increasingly stringent safety and data privacy regulations. Meanwhile, demand grows for smarter and more data-driven workplaces, a risk-based approach to threat protection, improved productivity and seamless, more convenient access to the enterprise and its physical and digital assets and services. Using smartphone apps to open doors Cloud technologies give people access through their mobile phones and other devices to many new, high-value experiencesEnterprise customers increasingly want to create trusted environments within which they can deliver valuable new user experiences. A major driver is growing demand for the ‘digital cohesion’ of being able to use smartphone apps to open doors, authenticate to enterprise data resources or access a building’s applications and services. Cloud technologies are a key piece of the solution. They give people access through their mobile phones and other devices to many new, high-value experiences. At the same time, they help fuel smarter, more data-driven workplace environments. With the arrival of today’s identity- and location-aware building systems that recognise people and use deep learning analytics to customise their office environment, the workplace is undergoing dramatic change. Improved fingerprint solutions Cloud-based platforms and application programming interfaces (APIs) will help bridge biometrics and access control in the enterprise, overcoming previous integration hurdles while providing a trusted platform that meets the concerns of accessibility and data protection in a connected environment. At the same time, the next generation of fingerprint solutions will deliver higher matching speed, better image capture quality and improved performance. The next generation of fingerprint solutions will deliver higher matching speed, better image capture quality and improved performance Liveness detection will ensure that captured data is from a living person. Biometrics authentication will also gain traction beyond access control in immigration and border control, law enforcement, military, defence and other public section use cases where higher security is needed. Flexible subscription models Access control solutions based on cloud platforms will also change how solutions are deployed. Siloed security and workplace optimisation solutions will be replaced with mobile apps that can be downloaded anywhere across a global ecosystem of millions of compatible and connected physical access control system endpoints. These connections will also facilitate new, more flexible subscription models for access control services. As an example, users will be able to more easily replenish mobile IDs if their smartphones are lost or must be replaced. Generating valuable insights with machine learning Machine learning analytics will be used to generate valuable insights from today’s access control solutionsEducation, finance, healthcare, enterprise, and other niche markets such as commercial real-estate and enterprises focussed on co-working spaces will benefit from a cloud-connected access control hardware foundation. There will be a faster path from design to deployment since developers will no longer have to create an entire vertically integrated solution. They will simply add an app experience to the existing access control infrastructure. New players will be drawn to the market resulting in a richer, more vibrant development community and accelerated innovation. Data analytics will be a rapidly growing area of interest. Machine learning analytics will be used to generate valuable insights from today’s access control solutions. Devices, access control systems, IoT applications, digital certificates and location services solutions, which are all connected to the cloud, will collectively deliver robust data with which to apply advanced analytics and risk-based intelligence. As organisations incorporate this type of analytics engine into their access control systems, they will improve security and personalise the user experience while driving better business decisions.
With the coming of a New Year, we know these things to be certain: death, taxes, and… security breaches. No doubt, some of you are making personal resolutions to improve your physical and financial health. But what about your organisation’s web and mobile application security? Any set of New Year’s resolutions is incomplete without plans for protecting some of the most important customer touch points you have — web and mobile apps. Every year, data breaches grow in scope and impact. Security professionals have largely accepted the inevitability of a breach and are shifting their defense-in-depth strategy by including a goal to reduce their time-to-detect and time-to-respond to an attack. Despite these efforts, we haven’t seen the end of headline-grabbing data breaches like recent ones affecting brands such as Marriott, Air Canada, British Airways and Ticketmaster. App-level threats The apps that control or drive these new innovations have become today’s endpoint The truth of the matter is that the complexity of an organisation’s IT environment is dynamic and growing. As new technologies and products go from production into the real world, there will invariably be some areas that are less protected than others. The apps that control or drive these new innovations have become today’s endpoint — they are the first customer touch point for many organisations. Bad actors have realised that apps contain a treasure trove of information, and because they are often left unprotected, offer attackers easier access to data directly from the app or via attacks directed at back office systems. That’s why it’s imperative that security organisations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise. It’s imperative that security organisations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise In-progress attack detection Unfortunately, the capability to detect in-progress attacks at the app level is an area that IT and security teams have yet to address. This became painfully obvious in light of the recent Magecart attacks leveraged against British Airways and Ticketmaster, among others. Thanks to research by RiskIQ and Volexity, we know that the Magecart attacks target the web app client-side. During a Magecart attack, the transaction processes are otherwise undisturbed Attackers gained write access to app code, either by compromising or using stolen credentials, and then inserted a digital card skimmer into the web app. When customers visited the infected web sites and completed a payment form, the digital card skimmer was activated where it intercepted payment card data and transmitted it to the attacker(s). Data exfiltration detection During a Magecart attack, the transaction processes are otherwise undisturbed. The target companies receive payment, and customers receive the services or goods they purchased. As a result, no one is wise to a breach — until some 380,000 customers are impacted, as in the case of the attack against British Airways. The target companies’ web application firewalls and data loss prevention systems didn’t detect the data exfiltration because those controls don’t monitor or protect front-end code. Instead, they watch traffic going to and from servers. In the case of the Magecart attacks, the organisation was compromised and data was stolen before it even got to the network or servers. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications Best practice resolutions The Magecart attacks highlight the need to apply the same vigilance and best practices to web and mobile application source code that organisations apply to their networks—which brings us to this year’s New Year’s resolutions for protecting your app source code in 2019: Alert The key to success is quickly understanding when and how an app is being attacked First, organisations must obtain real-time visibility into their application threat landscape given they are operating in a zero-trust environment. Similar to how your organisation monitors the network and the systems connected to it, you must be able to monitor your apps. This will allow you to see what users are doing with your code so that you can customise protection to counter attacks your app faces. Throughout the app’s lifecycle, you can respond to malicious behavior early, quarantine suspicious accounts, and make continuous code modifications to stay a step ahead of new attacks. Protect Next, informed by threat analytics, adapt your application source code protection. Deter attackers from analysing or reverse engineering application code through obfuscation. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications. If an attacker tries to understand app operation though the use of a debugger or in the unlikely event an attacker manages to get past obfuscation, threat analytics will alert you to the malicious activity while your app begins to self-repair attacked source code or disable portions of the affected web app. The key to success is quickly understanding when and how an app is being attacked and taking rapid action to limit the risk of data theft and exfiltration. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organisation’s health and well-being in 2019 Encrypt Finally, access to local digital content and data, as well as communications with back office systems, should be protected by encryption as a second line of defense, after implementing app protection to guard against piracy and theft. However, the single point of failure remains the instance at which the decryption key is used. Effective encryption requires a sophisticated implementation of White-Box Cryptography This point is easily identifiable through signature patterns and cryptographic routines. Once found, an attacker can easily navigate to where the keys are constructed in memory and exploit them. Effective encryption requires a sophisticated implementation of White-Box Cryptography. One that combines a mathematical algorithm with data and code obfuscation techniques transforming cryptographic keys and related operations into indecipherable text strings. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organisation’s health and well-being in 2019. Protecting applications against data breach According to the most recent Cost of a Data Breach Study by the Ponemon Institute, a single breach costs an average of $3.86 million, not to mention the disruption to productivity across the organisation. In 2019, we can count on seeing more breaches and ever-escalating costs. It seems that setting—and fulfilling—New Year’s resolutions to protect your applications has the potential to impact more than just your risk of a data breach. It can protect your company’s financial and corporate health as well. So, what are you waiting for?
In the age of massive data breaches, phishing attacks and password hacks, user credentials are increasingly unsafe. So how can organisations secure accounts without making life more difficult for users? Marc Vanmaele, CEO of TrustBuilder, explains. User credentials give us a sense of security. Users select their password, it's personal and memorable to them, and it's likely that it includes special characters and numbers for added security. Sadly, this sense is most likely false. If it's anything like the 5.4 billion user IDs on haveibeenpwned.com, their login has already been compromised. If it's not listed, it could be soon. Recent estimates state that 8 million more credentials are compromised every day. Ensuring safe access Data breaches, ransomware and phishing campaigns are increasingly easy to pull off. Cyber criminals can easily find the tools they need on Google with little to no technical knowledge. Breached passwords are readily available to cyber criminals on the internet. Those that haven’t been breached can also be guessed, phished or cracked using one of the many “brute-force” tools available on the internet. It's becoming clear that login credentials are no longer enough to secure your users' accounts. Meanwhile, organisations have a responsibility and an ever-stricter legal obligation to protect their users’ sensitive data. This makes ensuring safe access to the services they need challenging, particularly when trying to provide a user experience that won’t cause frustration – or worse, lose your customers’ interest. After GDPR was implemented across the European Union, organisations could face a fine of up to €20 million, or 4% annual global turnover Importance of data protection So how can businesses ensure their users can safely and simply access the services they need while keeping intruders out, and why is it so important to strike that balance? After GDPR was implemented across the European Union, organisations could face a fine of up to €20 million, or 4% annual global turnover – whichever is higher, should they seriously fail to comply with their data protection obligations. This alone was enough to prompt many organisations to get serious about their user’s security. Still, not every business followed suit. Cloud security risks Breaches were most commonly identified in organisations using cloud computing or where staff use personal devices According to a recent survey conducted at Infosecurity Europe, more than a quarter of organisations did not feel ready to comply with GDPR in August 2018 – three months after the compliance deadline. Meanwhile, according to the UK Government’s 2018 Cyber Security Breaches survey, 45% of businesses reported breaches or attacks in the last 12 months. According to the report, logins are less secure when accessing services in the cloud where they aren't protected by enterprise firewalls and security systems. Moreover, breaches were most commonly identified in organisations using cloud computing or where staff use personal devices (known as BYOD). According to the survey, 61% of UK organisations use cloud-based services. The figure is higher in banking and finance (74%), IT and communications (81%) and education (75%). Additionally, 45% of businesses have BYOD. This indicates a precarious situation. The majority of businesses hold personal data on users electronically and may be placing users at risk if their IT environments are not adequately protected. Hackers have developed a wide range of tools to crack passwords, and these are readily available within a couple of clicks on a search engine Hacking methodology In a recent exposé on LifeHacker, Internet standards expert John Pozadzides revealed multiple methods hackers use to bypass even the most secure passwords. According to John’s revelations, 20% of passwords are simple enough to guess using easily accessible information. But that doesn’t leave the remaining 80% safe. Hackers have developed a wide range of tools to crack passwords, and these are readily available within a couple of clicks on a search engine. Brute force attacks are one of the easiest methods, but criminals also use increasingly sophisticated phishing campaigns to fool users into handing over their passwords. Users expect organisations to protect their passwords and keep intruders out of their accounts Once a threat actor has access to one password, they can easily gain access to multiple accounts. This is because, according to Mashable, 87% of users aged 18-30 and 81% of users aged 31+ reuse the same passwords across multiple accounts. It’s becoming clear that passwords are no longer enough to keep online accounts secure. Securing data with simplicity Users expect organisations to protect their passwords and keep intruders out of their accounts. As a result of a data breach, companies will of course suffer financial losses through fines and remediation costs. Beyond the immediate financial repercussions, however, the reputational damage can be seriously costly. A recent Gemalto study showed that 44% of consumers would leave their bank in the event of a security breach, and 38% would switch to a competitor offering a better service. Simplicity is equally important, however. For example, if it’s not delivered in ecommerce, one in three customers will abandon their purchase – as a recent report by Magnetic North revealed. If a login process is confusing, staff may be tempted to help themselves access the information they need by slipping out of secure habits. They may write their passwords down, share them with other members of staff, and may be more susceptible to social engineering attacks. So how do organisations strike the right balance? For many, Identity and Access Management solutions help to deliver secure access across the entire estate. It’s important though that these enable simplicity for the organisation, as well as users. Organisations need an IAM solution that will adapt to both of these factors, providing them with the ability to apply tough access policies when and where they are needed and prioritising swift access where it’s safe to do so Flexible IAM While IAM is highly recommended, organisations should seek solutions that offer the flexibility to define their own balance between a seamless end-user journey and the need for a high level of identity assurance. Organisations’ identity management requirements will change over time. So too will their IT environments. Organisations need an IAM solution that will adapt to both of these factors, providing them with the ability to apply tough access policies when and where they are needed and prioritising swift access where it’s safe to do so. Importantly, the best solutions will be those that enable this flexibility without spending significant time and resource each time adaptations need to be made. Those that do will provide the best return on investment for organisations looking to keep intruders at bay, while enabling users to log in safely and simply.
The Electronic Security Expo (ESX) will be held at the Indiana Convention Center, June 3-6, in Indianapolis. The show focusses exclusively on the electronic security and life safety industry, including companies that service the connected Internet of Things (IoT) space for homes and businesses. The ESX Main Stage will highlight inspirational presentations from motivational speakers, Dr. Rick Rigsby and Kevin Brown. In addition, there will be a founder of a drone security company and an Entrepreneur-in-Residence from Kleiner Perkins for OpenXchange, and a Secret Service agent for the Closing Keynote. Sharing best practices and trends In breakout sessions, colleagues and business thought leaders will share best practices, trends and opportunities that helped their own companies and careers, so that others might replicate their successes or minimise their failures. These sessions are aimed at propelling attendees to reimagine their business models and go-to-market strategies, says George De Marco, Chairman of ESX and Managing Partner for DECO Ventures LLC. Examples of breakout sessions include: CounterPoint Forum – “False Alarm Dispatches - A Real Threat or a Nuisance to the Industry?” “Top 3 Ways to Grow Your Video RMR” “5 Faster, Smarter Ways to Improve Cash Flow” “Artificial Intelligence Real Time Video Monitoring Solutions” Promoting security professionals’ growth Our goal is to develop next-gen methods that deliver industry content and promote professional growth"“Each year, we challenge ourselves to raise the bar of the educational sessions and main stage events,” says De Marco. “One of the ways is introducing new faces and voices for the peer-developed and peer-driven educational sessions that offer best practices and identify trends, opportunities and challenges for industry professionals to consider today and in the future. Our goal is to develop next-gen methods that deliver industry content and promote professional growth as the industry pivots to the future.” New entrants and disruptors are challenging traditional go-to-market strategies, causing traditional companies to rethink how they rise above the noise in a changing competitive landscape and handle new consumer buying behaviours, says De Marco. Exhibitors at ESX Exhibitors that support ESX include Interlogix (Diamond sponsor), Napco (Platinum sponsor), Alula and DMP (Gold sponsor), and ADI, Altronix, Bold Group, Essence, ICT, Quick Response, Resideo, Secura key, Security Central and WeSuite (Silver sponsors). ESX seeks to connect exhibitors with the influencers and decision-makers from companies that represent a cross section of dealers, integrators and monitoring companies in North America. The exhibit hall will be the focal point for exhibitors to showcase their latest technology in the city’s impressive convention centre. The exhibit hall will be the focal point for exhibitors to showcase their latest technology in the city’s convention centre “We recognise individuals and companies during the Opening Celebration that help propel the industry forward and at our VIP Event at the Indianapolis Motor Speedway,” says De Marco. “During the day, there are meals around the Main Stage sessions which gather attendees around the table for casual conversation before the presentation begins.” Indianapolis, home of the Indy 500, is a unique location that has a lot to offer the attendees of ESX. A special night at the Indianapolis Motor Speedway will invite a limited number of guests to share great food and drinks, to experience a trip around the track in an official pace car, and to ‘kiss the bricks’, a speedway tradition. Centrally located in the US, Indianapolis is a convenient convention destination for travel, whether flying or driving. Connecting with peers and colleagues Another benefit of the show is the cross-section of companies represented in the industry, whether large, medium or small There are also networking opportunities throughout the week. The Pub Crawl, an attendee favourite, is a night where long-time friends gather, and new friendships are made. “This is where the real conversations happen between peers and colleagues about real problems of running and growing a company, and solutions that can make a difference,” says De Marco. Another benefit of the show is the cross-section of companies represented in the industry, whether large, medium or small players. This enables professionals to come together to connect with their peers and colleagues, allowing for deep discussions on how to grow their people, revenues and profits, including mentoring opportunities that encourage leadership development, says De Marco. The subject of finding qualified employees is top of mind for almost every industry today, especially the security industry. Sessions that address hiring and managing employees for industry professionals include “Hiring from Outside the Monitoring Industry: Surprising Resources for Great Operators” “Maximise New Employees: Why Onboarding is Critical to Their Success” “5 Tips for Effective Employee Performance Evaluations” Helping attendees to reinvent their business “Our focus is primarily on the attendee, helping them connect with suppliers, colleagues and opportunities that reimagine their businesses, so they can be stronger competitors,” says De Marco. “If we can provide the right knowledge to inspire or transform the attendees to take meaningful action or implement change that helps them remain relevant, we believe we have succeeded.” There will be an undercurrent of sadness at ESX this year because the industry recently suffered a loss. George Gunning, former CEO of USA Alarm Systems and one of the founding members of ESX, passed away in February. “We would be remiss if we didn’t recognise his contributions and influence on the industry and ESX over the years,” says De Marco. Another founding member of ESX who has passed away is John Murphy, formerly CEO of Vector Security.
Despite any negativity you may hear, Hikvision is optimistic about their role in the U.S. market. “We demonstrate that we can be trusted, and that we should be trusted,” says Jeffrey He, Vice President, Hikvision, and President, Hikvision USA and Hikvision Canada. “We have sound products and technology. Our mission in the security industry is to protect, not to harm. Otherwise why would we be in this industry?” Hikvision is committed to investing in the North American market, where there was ‘positive year-over-year growth’ in 2018 and ‘strong’ sales in Q1 this year, according to Eric Chen, General Manager of Hikvision USA and Hikvision Canada. HikCentral central management software The company’s U.S. focus is shifting from products to solution sales, with emphasis on ‘mid-market’ small- and medium-sized businesses (SMBs). The largest verticals are retail and education, and there are emerging opportunities in the cannabis market. Launch of the HikCentral central management software (CMS) is a component of the company’s solution-sales approach. Launch of the HikCentral central management software is a component of the company’s solution-sales approachMr. He acknowledges the growth of ‘anti-China sentiment’ in the United States and other parts of the world, which he says will impact Hikvision’s operations globally. Specifically, in the U.S., ‘political’ elements impacting Hikvision’s business include ongoing tariffs and a trade war, Congressional calls for export controls and sanctions, and a provision of the National Defense Authorization Act (NDAA) that bans use of Chinese video surveillance products in government applications. Specifying cybersecurity initiatives at ISC West In spite of it all, Hikvision’s message at the recent ISC West show was overwhelmingly positive, and the company also detailed cybersecurity initiatives they say put the Chinese company ahead of many competitors in the industry. Eric Chen came in as General Manager last year; he previously spent a decade working for Hikvision in China. Chen reports solid 18.8% year-over-year growth for Hikvision globally, totalling $7.4 billion last year. He notes the company saw 40% compounded growth between 2010 and 2018. Globally, there are 34,000 employees, 16,000 of whom are research and development (R&D) engineers. Hikvision’s expanding global footprint includes 46 international branches. There are three manufacturing facilities in China, in addition to one in India. HikRewards program for HDP customers At ISC West, Hikvision’s theme was ‘Focus on Your Success’, including introduction of the HikRewards program that provides rebates to HDP (Hikvision Dealer Partner) customers, their core dealer base. A new online Hikvision Knowledge Library for HDPs provides training and reference materials dealers can share with employees. A new tech centre, introduced in December, provides data sheets, product information, and support resources. There is also a North American R&D team headquartered in Montreal. At the industry’s largest U.S. trade show, Hikvision unveiled a brand-new booth with plenty of open space and video walls A customer satisfaction survey launched in March provided good feedback from customers. “They know who to call if they have a problem,” says Chen. “We want to focus on making customers successful.” The success theme also extends to Hikvision employees, who are featured in videos describing their jobs and enthusiasm for Hikvision. There are some 400 employees in the North American operation. At the industry’s largest U.S. trade show, Hikvision unveiled a brand-new booth with plenty of open space and video walls. Half of the booth was focussed on solutions, especially retail and education, and also gaming and commercial real estate. Security products displayed at ISC West A variety of devices, including access control, intercoms and cameras, are integrated using the HikCentral CMS systemProduct highlights at the ISC West booth included the 32-megapixel PanoVu multi-sensor dome camera, whose 180-degree panoramic image was displayed on a 65-inch monitor. A variety of devices, including access control, intercoms and cameras, are integrated using the HikCentral CMS system. Some products new to the North American market, including intercoms, turnstiles, emergency call stations, and under-vehicle inspection, were displayed. Hikvision’s deep learning products are moving into their second generation, including the ability to obscure private information on videos to comply with GDPR/privacy requirements (previewed at ISC West and released later in the year). Algorithm components of Hikvision’s DeepInMind artificial intelligence are being adapted into a platform called AcuSense for value-priced products, which can recognise a human or vehicle and help filter out false alarms. Also being adapted to products with lower price points are the ColorVu system that incorporates visible light LEDs to provide colour images at night, and DarkFighter low-light capabilities. Penetration testing of cameras and NVRs As a global manufacturer, Hikvision faces a high level of scrutiny about cybersecurity, which Mr. Chen says is “a good thing for us,” enabling them to highlight the steps they are taking to improve cybersecurity. Chuck Davis, Director of Cybersecurity, outlined specific milestones Hikvision has achieved in its quest to provide world-class cybersecurity. Chuck Davis, Director of Cybersecurity, outlined specific milestones Hikvision has achieved in its quest to provide world-class cybersecurity In September 2017, Hikvision began working with third parties (including Rapid7) for penetration testing (ethical hacking) of its cameras and recorders. That same month, Hikvision set up a Cybersecurity Hotline open to anyone with questions about cybersecurity, including white-hat hackers and researchers. Even before that, Hikvision had an open-door policy on cybersecurity and a program for patching and disclosing responsibility. In February of 2018, Hikvision released a 40-page Cybersecurity White Paper describing cybersecurity testing and processes built into the software development lifecycle. That same month, Hikvision launched an Opened Source Code Transparency Center and offered an open invitation to anyone wanting to inspect Hikvision’s source code and let them know of any vulnerabilities. FIPS 140-2 certification by NIST Hikvision has also become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA), which ensures their patching and incident reporting programs have been reviewed by a CNA partnering company. Hikvision's encryption module (HIKSSL) received Level 1 FIPS 140-2 certification to be used in both IP cameras and NVRsIn August, Hikvision received Federal Information Processing Standard (FIPS) 140-2 certification, a U.S. government encryption standard created by the National Institute of Standards and Technology (NIST). Hikvision's encryption module (HIKSSL) received Level 1 FIPS 140-2 certification to be used in both IP cameras and NVR products. Davis said the FIPS 140-2 certification process began before the NDAA ban on use of Hikvision products in the U.S. government, and in any case is a standard that ensures a high level of encryption. “We wanted to make sure we had the same level of technology,” he says. “It was not to win over the government.” Making industry more cybersecure “We are really trying to have third parties test and certify our equipment,” adds Davis. “We are trying to be open and transparent. Education and awareness are key.” “We need the trust of customers in the security community,” says Mr. He. “No matter what, we have to follow the highest standards to offset the concerns and accusations.” In April 2018, Davis became a member of the Security Industry Association (SIA) Cybersecurity Advisory Board to help make the entire industry more cybersecure through education, awareness and standards. Hikvision has also joined the Forum of Incident Response and Security Teams (FIRST at first.org), a global cybersecurity incident response consortium that cooperatively handles computer security incidents and promotes incident prevention programs. Davis has presented Cybersecurity Road Shows in 22 cities in the United States and Canada, and also in Australia and New Zealand. The 90-minute presentations focus on education awareness around cybersecurity and seek to get attendees engaged and aware about cybersecurity in business and also in their homes.
Cybersecurity involves a variety of risks and vulnerabilities to the enterprise, from distributed denial of service (DDoS) attacks to phishing to USB drives. Companies may also be at risk from use of interactive kiosks, or even from cyberattacks against traveling executives. Preventing phishing and cyberattacks The 'Management Hack' service is designed for C-level executives, such as CEO, CFO or event CIO Phishing is a fraudulent attempt to gain sensitive information such as user names, passwords or credit card details by disguising as a trustworthy entity in an electronic communication. These are among the most dominant forms of social engineering attacks. To avoid phishing attacks, NTT Security has expanded their suite of phishing attack simulation services using special social engineering techniques to check whether senior executives pose a security risk. The 'Management Hack' service is designed for C-level executives, such as CEO, CFO or event CIO. These executives are more likely to have unrestricted access to highly confidential company data, which makes them a valuable target. Simulated, personalised social engineering attacks are carried out, with the individuals involved unaware they are being targeted. NTT then analyses how executives respond, identities weaknesses, and recommends appropriate measures such as awareness training. Cybersecurity helps deter phishing and DDoS attacks ADT Cybersecurity partners with Cofense phishing defense solutions to offer phishing detection and response. Cofense Triage is a phishing-specific automated incident response platform that works as part of ADT Cybersecurity managed services. The system focuses on thwarting phishing attacks before they can cause damage by moving detection of such attacks up the kill chain. Data breaches caused by cyberattacks on networks are plaguing businesses of all sizes. The median time of compromise to discovery is 80 days, with the average cost of data breach costing organizations $3.62 million. Managing endpoint security There is a need for cybersecurity to extend beyond the firewall Another cybersecurity vulnerability for companies is the unauthorised use of USB ports. There is a need for cybersecurity to extend beyond the firewall, which requires restricting access to a system’s USB ports as a means of managing 'endpoint security.' However, blocking all USB ports can restrict productivity, and employees are not as efficient as they should be. A solution is the use of more encrypted USB drives to combine the productivity advantages of allowing USB access while protecting the information on the drives. Kingston Technology offers hardware-based encrypted USB drives that uses AES 256-bit encryption in XTS mode to ensure that if anyone finds a USB drive, they cannot access the information. Illustrating the value of encrypted drives was an incident when a USB drive from Heathrow Airport was found on a London street. It contained confidential information about accessing restricted areas at the airport and security measures used to protect the Queen. Data security and interactive kiosks Another possible cybersecurity vulnerability is use of interactive kiosks, which are computer terminals that feature specialised hardware and software that provide access to information and applications. Kiosks are typically placed in high foot-traffic environments such as retail stores, hospitals, banks, hotels, airports, courthouses, libraries and railway stations. A kiosk is particularly attractive to attackers because they know the security might not be as tight as it should be. Making kiosks more secure could be the difference between you being breached and remaining safe. A kiosk is attractive to attackers because they know the security is not very tight Executives who travel are another vulnerability to be considered. The international cybersecurity landscape has grown increasingly dynamic, with threats posed by government authorities (in some countries), terrorists, insurgents, and criminals, requiring travelers to be proactive and vigilant. U.S. citizens, particularly executives of U.S.-based technology companies, must be aware that they are considered high-value targets for nation-state intelligence services and criminally-motivated bad actors.Traveling executives should avoid using public Wi-Fi services—unless they use private VPN service for encryption WiFi and wireless connectivity There has been a shift from 'thrill hacking,' to an increase of 'hacking as a business' (through credential compromise and ransomware), to an increase in 'hacking for harm' - with the rise of 'nuke ware' and ransomware without a clear financial motivation. Traveling executives should avoid using public Wi-Fi services—unless they use private VPN service for encryption. They should also increase the privacy setting on technical devices and disable location identifiers. Other precautions include creating a new (unlinked) email for internet correspondence and use of temporary (i.e., burner) phones to protect data and contacts. Travelers should also consider purchasing international MyFi devices to decrease the risk of getting Personal Identification Information (PII) or Protected Healthcare Information (PHI) stolen.
IndiaNivesh is one of the leading financial services conglomerate in India. IndiaNivesh is into various aspects of investment banking and consulting business. It plans to emerge as a dynamic, customer-centric, and progressive financial group in the country with PAN India presence. Having its head office in Mumbai, IndiaNivesh is growing with eight regional offices and 29 branch offices across India. Project specifics Application: Time-Attendance and Access Control Locations: 32 (PAN India) Users: 500 Units Installed: 60 Readers: Fingerprint and RFID Card IndiaNivesh being widely involved in financial services business with 29 branch offices and 8 regional offices across India, required eradication of forged attendance data and manual attendance process, as security is a crucial aspect for them. To streamline and manage attendance data of all employees accurately and perform calculation of error-free salary has been a tedious task. It has been challenging to integrate their existing payroll software with the time-attendance software. COSEC time-attendance solution Matrix offered COSEC time-attendance solution helped in connecting all its regional and branch offices to their head office in Mumbai Matrix offered COSEC time-attendance solution which has web-based architecture and helped in connecting all its regional and branch offices to their head office in Mumbai. Implemented automatic salary calculation as Matrix COSEC time-attendance software got easily integrated with existing payroll software. Result Real-time attendance of all employees at a centralised location Integration with its existing payroll software Ease of Implementation using the existing infrastructure Fraudulent timekeeping is completely eliminated Accurate In/Out time of each employee recorded Live monitoring of In/Out timing Generation of time-attendance and access control reports and charts for all branches Improved overall productivity of the organisation Continuous operations with excellent service support Biometric access control solutions COSEC DOOR FOP - Optical fingerprint-based door controller for access control and time-attendance COSEC DOOR CAS – Card-based door controller for access control and time-attendance COSEC PANEL - Site controller to manage multiple door controllers and advanced access control Features COSEC LE PLATFORM - Application server platform for 1000 users and expandable up to one million users COSEC LE TAM - Comprehensive time-attendance and leave management module for COSEC LE platform COSEC LE ACM - Comprehensive access control module for COSEC LE platform
3xLOGIC, Inc., a provider of integrated, intelligent security solutions, and a three-time Deloitte Technology Fast 500 winner, announces that the Bradley Business Center, located in Chicago, has installed a 3xLOGIC infinias CLOUD access control system throughout the redevelopment project. HTML Global, an IT Managed Services Provider (MSP), oversaw system installation and continues to provide remote system management. Bradley Business Center (BBC) is the largest redevelopment project on Chicago’s north side, comprising over 500,000 square feet, spread over 22 acres. The BBC offers a unique shared office environment for entrepreneurs and professionals and boasts a wide array of features and amenities. Controlling common areas Both organisations do the day-to-day administration of the system, with HTML Global providing back-up and higher-level functions At present, the 3xLOGIC infinias system manages a total of 43 internal doors throughout the complex, split between BBC-managed doors and those for a tenant company, Compass Health Center. The two organisations manage their own access separately but use some of the same network and PoE switches. BBC doors managed are mainly those controlling common areas and shared amenities— parking, fitness facility, rooftop terrace, and others—but also data rooms and other sensitive areas within the office space. Both organisations do the day-to-day administration of the system, with HTML Global providing back-up and higher-level functions when requested. “When we started with BBC, they were looking to us for our knowledge base, and we installed a few doors at that time. Then, we built out the system as they added new offices and common areas to be managed,” explained William Hunt, Managing Director, HTML Global. Cloud-based system “The distributed Ethernet network can easily handle all the doors and that simplified installation and on-going management. The BBC property management staff don’t want a server onsite, so a cloud solution nicely fits their needs. Another advantage for BBC is our RMR services and the fact that a cloud-based system is mainly operating expenses, not hardware capital expenses—that’s economically advantageous for a property management business.” “There are so many other advantages to a cloud-based system, especially our ability to add doors when any of the resident companies want to join the system, or to expand the number of doors for existing customers—we can add one door or hundreds of doors upon request,” said Hunt. “Compass likes the system functionality and ease-of-use so much, they recently expanded it to their Northbrook location, too. That way, when staff move between the two facilities, they only need one set of credentials.” Access control system Such high-level control and ease of use is accomplished with minimal hardware on site BBC controls access by zone and/or amenity for each credential holder, administrators can add zones and close access to other zones with a few keystrokes. Door control is granular, making it easy to provide all-areas access to senior staff and highly-limited access, for example, for contractors and temporary workers. Such high-level control and ease of use is accomplished with minimal hardware on site. Many administrators were up and running on the infinias system with very little training, if any. With a cloud-based access control system, new tenants can join the system with ease, or a tenant can be removed from the system in a matter of minutes. Fix things remotely Hunt again, “As an MSP, we are overseeing a system that updates itself automatically, and because BBC management doesn’t have a full-time IT person, that’s where we come in.” The future looks bright for HTML Global with the Bradley Business Center. Current office space is nearing fully-leased status, and BBC management is looking to expand their property offerings into additional buildings located on the same parcel. Hunt is impressed with another feature of the cloud-based system, “The network is set up on PoE switches, so if a door isn’t acting properly, we can fix things remotely, we don’t need to roll a truck—that’s very cost-effective.”
The retail industry is constantly looking to find new ways to be relevant in the ever-increasing shadow of online shopping. Researchers have predicted a 17.5 percent growth in the ecommerce share of global retail sales in 2021, rising from 13.7% in 2019. When designer brand Miniso opened new shops in Poland, they used Hikvision technology to give them the edge. The management team at Miniso had a number of specific questions they needed answers to in order to make the stores successful in the cut-throat high street environment. Best-selling products They resorted to sending people to individual stores to manually count the people – a very time-consuming and costly exercise How do we know if our marketing strategy is working? What is the conversion rate of purchases? What are the ‘hot areas’ of the store, and do these actually represent best-selling products? Originally, with no access to significant information, they relied on experience and conversation with staff. But there was no way to verify these findings. They also needed to be able to get this information remotely – i.e. management in their HQ in Warsaw wanted to be able to see the situation in the other four stores without having to visit them separately. Sometimes, they resorted to sending people to individual stores to manually count the people – a very time-consuming and costly exercise. Tailor-made solution Miniso turned to Hikvision AI products, with a solution built by Polish reseller Volta, including people counting cameras, fisheye cameras and NVRs. These were all coordinated using the HikCentral software platform. A people counting camera in each store counts people passing by, while another counts people entering and leaving. With this tailor-made solution management could calculate how many people were passing by to see a purchasing conversion rate. This also helps them to know whether marketing strategy is working. They can analyse the information further to see whether the rate of people entering the store is dropping, and whether that relates to the number of those passing outside. Miniso’s management can then look into the causes of these numbers, along with sales figures, to form a picture. For example, whether there is an external factor affecting shoppers either to pass by, or to enter. Video management platform The professional video management platform allows managers to access the information from different offices and mobile applications anywhere Because Miniso have the same technology set up in all the stores in Poland, they can compare different locations. This also comes in useful when it’s time to negotiate rent with shopping malls. Using ceiling installation of several fisheye cameras, the system can generate heat maps. This helps managers to see where ‘hot areas’ are, helping them to allocate products in the optimal place for promotion. Hot areas can also be compared with sales figures to provide further insights into shopping patterns. All the information provided by the system is coordinated, and business information on both layout and original image can be overlaid in Miniso’s HQ in Warsaw. The professional video management platform allows managers to access the information from different offices and mobile applications anywhere. This makes life a lot easier for the operations team as they need to check the situation in all stores. Fiercely competitive environment It also means that everything can be viewed simultaneously, so they can identify trends throughout the network of stores. Byron Zeng, Vice President of Miniso Poland, says: “The high accuracy of conversion rate the solutions provides really solves a number of our management issues. We can now easily see what’s going on in the other stores, including heat mapping, which makes management of the whole networks so much more efficient.” This is a great example of how AI surveillance products can change the landscape of business decision-making. In a fiercely competitive environment, like a shopping mall or high street, shopping trend data can help a retailer to survive. In fact, this worked so well for Miniso, they decided to use the solution in their stores across the whole of Europe – potentially about 200 stores in the next year.
Manufacturer ROCKWOOL International A.S. has chosen Nedap’s Global Client Programme to secure its offices and factories worldwide. AEOS, the physical security platform by Nedap, installed during the programme, enables ROCKWOOL to establish a truly global security policy and unified work processes. An advanced project rollout, the Global Client Programme is developed for large multinationals and offers several benefits, including standardisation across sites, shorter implementation times and cost efficiencies. Standardising company’s security measures The Global Client Programme connects all of ROCKWOOL’s factories and office premises, and standardises the company’s security measuresROCKWOOL has 28 factories across the world. The Global Client Programme connects all of these factories and ROCKWOOL’s office premises, and standardises the company’s security measures throughout the world. Fokko van der Zee, managing director at Nedap Security Management, says: “The implementation of a standardised security solution across the world is a complex process. It involves a large project spanning many years and involving many stakeholders, and demands a high level of project management. In the absence of a structured program with defined guidelines, a global security rollout is likely to be a stressful execution. That’s why we set up our carefully designed Global Client Programme.” ROCKWOOL Digital Service Lead, Matthew Thorne, agrees: “We’ve worked with Nedap over the past few years and recently became a member of their Global Client Programme. Now we’re equipped with the people and tools we needed to standardise our physical security solution. The Global Client Programme also minimises risk and guarantees compliance. It really meets our needs in every possible way.” Central security platform saves money The programme helps achieve cost savings by avoiding initial setup costs per site and having one central security platform instead of severalThe Global Client Programme is designed to ensure monitoring and control during every step of the rollout process. Timon Padberg, responsible for business development at Nedap Security Management, explains: “The repetitive nature of local site deployments allows us to work with models and templates, such as standard proposal and calculation documents. We can therefore produce a scalable process that ensures uniformity and a consistently high quality of implementation across each site.” By using the Global Client Programme, ROCKWOOL is aiming for uniformity and alignment across all sites. The programme also helps achieve cost savings by avoiding initial setup costs per site and having one central security platform instead of several. Moreover, there are significant savings on operational and maintenance costs due to shared services and economies of scale.
Genetec Inc., a technology provider of unified security, public safety, operations, and business intelligence solutions announces that the South Grand Community Improvement District (CID) in St. Louis, Missouri is using the Genetec Stratocast cloud-based video monitoring system to deter license plate theft in its parking lot and provide video access to the local police department to help reinforce security. License plate theft One of the services offered by the South Grand CID is free parking. At any time of the day, drivers can park in a central parking lot to visit businesses or residents. While this lot has always been convenient and safe, license plate theft was troubling nearby areas. Video recordings are sent over a wireless network which connects to the South Grand CID main office To deter license plate theft in their own community, the South Grand CID board decided to add video surveillance to the lot. Currently, three cameras monitor the entire 90-space parking lot. Video recordings are sent over a wireless network which connects to the South Grand CID main office, just a few blocks away from the lot. With this cloud-based video monitoring system, Rachel Witt, Executive Director at South Grand CID, can quickly and easily view video from anywhere, at any time. Cloud video system “Using the cloud video system, I am able to find and view the video in seconds. I can narrow down my search based on dates and time and watch the event unfold with all camera feeds up on the monitor. It’s really that simple,” commented Witt. Only two weeks after installing the Stratocast video monitoring system, a visitor reported that their license plates had been stolen. “The visitor provided a description of the car, and a timeframe in which the incident likely happened. Using the Stratocast system, I was able to find and view the video in seconds. I could clearly see the suspect enter the lot, remove the plates and leave in his own car. Since the police are very busy here, I was able to bookmark the video recording and then notify them that the video was ready,” said Witt. View video recordings Stratocast has made it easy for the South Grand CID to give video access to local police so that when a crime is reported in the district, officers can immediately begin to conduct investigations without leaving their desks. While the South Grand CID manages and owns the Stratocast solution, officers can log into the system and view video recordings when required While the South Grand CID manages and owns the Stratocast solution, officers can log into the system and view video recordings when required. This is enabled by the Genetec Federation feature, which gives an organisation access to manage multiple independent Genetec systems as one. A memorandum of understanding was signed so each parties’ responsibilities are clear. Better sense of safety “Instead of driving over and picking up a DVD, officers can directly access video from our cameras to see what happened. Not only does it help speed up investigations, it saves officers’ valuable time,” continued Witt. The installation of Stratocast is not only helping to reduce license plate theft but it is also helping residents and visitors feel safer than ever. “Business owners, residents, and visitors have a better sense of safety when they know cameras are up. But they also need to know that we’re equipped to respond quickly to any disturbance. And that’s what Stratocast helps us achieve. With the addition of Stratocast, we’re able to show everyone that we have strengthened the security in our community,” concluded Witt.
Exabeam, the next-gen SIEM company, announces that NTT DATA Corporation (NTT DATA), its partner and one of the providers of technology and services for government and business, has chosen to secure its global operations using Exabeam’s Security Management Platform (SMP), which provides unlimited data collection, machine learning and analytics for modern cyber threat detection and response. NTT DATA’s internal system is used throughout more than 50 countries and regions, 210 cities and by 34,500 employees in Japan and 75,500 employees overseas. It is a fast-moving company that has acquired many businesses over the last five to 10 years, resulting in the inheritance of a number of different legacy SIEM platforms. However, these solutions were lacking, and NTT Data wasn’t obtaining the visibility it needed to keep pace with modern cyberthreats. Disparate legacy systems Exabeam was already our valued partner, and we were so confident in the company’s security solution" “Exabeam was already our valued partner, and we were so confident in the company’s security solution, we decided to use it ourselves, to remove complexity and unify our disparate legacy systems that were ineffective at protecting against modern threats,” said Hiroshi Honjo, head of Cyber Security and Governance at NTT DATA. “Having Exabeam’s unlimited data lake and attractive pricing model made the difference for our large organisation.” Exabeam’s SMP provides NTT DATA with scalable, behavioural modelling, machine learning, and advanced analytics for comprehensive insider and entity threat detection throughout Japan, APAC, North America, and Europe. This functionality was vital to the NTT DATA team because they required greater visibility into potential cyberthreats throughout the organisation and in all locations around the world. Automated incident response “NTT DATA’s journey was a unique one, since they had multiple legacy logging platforms in use globally. Exabeam was able to replace or consolidate each system using our next generation platform, and we accomplished the initial rollout in a matter of months,” said Nir Polak, CEO, Exabeam. “The swiftness of that transition is critical to maintaining secure operations, especially when dealing with such a geographically dispersed enterprise.” Automated incident response allows teams to respond to security incidents rapidly and with less effort Automated incident response allows teams to respond to security incidents rapidly and with less effort. At the SMP’s foundation is the Exabeam security data lake, designed to store all event logs at a predictable and flat price. This frees the NTT DATA security team from manually analysing data logs – and instead they can focus on quickly identifying and responding to security threats. SIEM solution According to Honjo, “The second phase of our project will be to look at use cases and fine tune the SIEM solution to work for our business needs. Overall, we are very happy with how well Exabeam met our stated deadlines and how quickly we are able to realise value from the product. We look forward to introducing Exabeam to our global customers.” Recently, Exabeam was identified by Gartner, Inc. in the 2018 Magic Quadrant for Security Information and Event Management. The company was positioned as a Leader based on completeness of vision and ability to execute.
Round table discussion
Statistically speaking, incidents of terrorism are unlikely to impact most businesses and institutions. However, the mere possibility of worst-case-scenario attacks is enough to keep security professionals awake at night. Compounding the collective anxiety is the minute-by-minute media coverage when an attack does occur. The immediacy of the shared experience of global tragedy impacts us all – including security system decision-makers. We asked this week’s Expert Panel Roundtable: How is the rise in terrorism impacting the physical security market?
The new year 2019 is brimming with possibilities for the physical security industry, but will those possibilities prove to be good news or bad news for our market? Inevitably, it will be a combination of good and bad, but how much good and how bad? We wanted to check the temperature of the industry as it relates to expectations for the new year, so we asked this week’s Expert Panel Roundtable: How optimistic is your outlook for the physical security industry in 2019? Why?
The concept of how security systems can contribute to the broader business goals of a company is not new. It seems we have been talking about benefits of security systems beyond “just” security for more than a decade. Given the expanding role of technologies in the market, including video and access control, at what point is the term “security” too restrictive to accurately describe what our industry does? We asked the Expert Panel Roundtable for their responses to this premise: Is the description “security technology” too narrow given the broader application possibilities of today’s systems? Why?