Business security systems
At ISC West, in booth # 26061, Genetec Inc., a technology provider of unified security, public safety, operations, and business intelligence will unveil a new version of Security Center, the company’s open-architecture platform that unifies video surveillance, access control, automatic license plate recognition (ALPR), communications, and analytics. With customisable live dashboards, enhanced privacy protection features, a brand-new map-driven mobile app, and new functionalities that help...
It’s the first quarter of a New Year and businesses are already busy reviewing budgets for ways to save money. One line item that can impact business the most – loss. Employee theft alone is a crime that costs U.S. businesses $50 billion annually*, according to Statistic Brain. So if you aren’t sure who is keeping watch over your property and assets, and how they reduce preventable loss, it might be time for a security audit. According to GuardOne, the security patrol and remo...
The industry faces numerous challenges in the coming year. Physical and cyber security threats continue to become more complex, and organisations are struggling to manage both physical and digital credentials as well as a rapidly growing number of connected endpoints in the Internet of Things (IoT). We are witnessing the collision of the enterprise with the IoT, and organisations now must establish trust and validate the identity of people as well as ‘things’ in an environment of in...
In the physical security industry, the advent of artificial intelligence (AI) and deep learning is most commonly associated with potential improvements in video analytics performance. However, AI is also applicable to a variety of content analytics beyond video. This is part three of our 'AI in Physical Security' series. It will be interesting to watch how companies that take the next step beyond proving viability for security purposes to deliver true business applications to the market. Right...
It has been announced that next year will see IFSEC move to a brand-new dateline of 19 - 21 May and welcome three prestigious events alongside it at ExCeL London; Security & Counter Terror Expo (SCTX), Ambition and Forensics Europe Expo. Focal point for security industry Building on a rich history of the two exhibitions - IFSEC steeped in the trade and commercial security world and Security & Counter Terror Expo immersed in national security – the collaboration of these key event...
The PSIA will show continued momentum for its Physical Logical Access Interoperability (PLAI) spec at ISC West 2019. “In past demos we were able to show some exchange of records between PACS systems, but this year we will have six vendors, and demonstrate existing employee identity data sets, which can be passed to other systems in the security environment beyond having just a clean start,” said David Bunzel, Executive Director of the PSIA. Commercial PLAI agent One of the critical...
News
Cobalt Iron Inc., global provider of enterprise data protection SaaS, and Tech Data Corporation, a global technology distributor, have announced a distribution partnership for Cobalt Iron products, including the company's Adaptive Data Protection (ADP) SaaS enterprise backup solution, throughout the United Kingdom. Analytics-driven data protection Tech Data is globally renowned end-to-end technology distributor "As we continue to expand the Cobalt Iron footprint in the U.K. market, Tech Data will be a valuable partner in addressing customer and partner demand for next-generation automated and analytics-driven data protection," said Mark Ward, chief operating officer at Cobalt Iron. "Tech Data has both an impressive reputation and extensive reach in these markets, and we look forward to working together to drive business partners' awareness of the benefits that smart, secure, automated data protection everywhere brings to the enterprise." Tech Data is globally renowned end-to-end technology distributor, and the company offers not only a broad portfolio of products, services, and solutions, but also the specialised skills and expertise in next-generation technologies that enable channel partners to bring innovative products and solutions to market. Data security The new partnership between the two companies will make Cobalt Iron products and solutions even more visible and accessible to business partners in the U.K., enabling them to deliver increased cost savings, simpler operations, and greater flexibility in providing expansive data-protection environments to their end-user customers. Tech Data has a key role to play in enabling partners and MSPs to deliver intelligent, automated solutions" Cobalt Iron ADP enables partners to deliver a cloud-based backup-as-a-service leveraging the most intelligent analytics and automation. The solution modernises backup, delivering the features and scale of enterprise data protection along with the flexibility and economics of cloud consumption. ADP also eliminates complexity, reduces management, scales easily from terabytes to exabytes, and provides the simplicity absent in today's backup technologies and tools. Tech Data Ian Jeffs, business unit director — Data Center, at Tech Data U.K., said: "The addition of Cobalt Iron to our next-generation solutions portfolio means we can give resellers an opportunity to address the rapidly evolving backup needs of enterprise customers who are moving to hybrid and highly distributed infrastructures. As a trusted advisor to the channel, Tech Data has a key role to play in enabling partners and MSPs to deliver intelligent, automated solutions and thus increase customer satisfaction and grow their revenues and margin opportunities."
any2any is offering mobile services to enterprises and co-working space providers. They operate a cloud-based solution enabling secure and dynamic access to spaces. Configured to match the dynamic security needs of companies, building owners, and space providers, LEGIC and any2any have entered an official partnership. The aim is to further the use of LEGIC technology in enterprises and the flexible shared space market. LEGIC – any2any integration any2any welcomes the opportunity to partner and integrate LEGIC into their mobile applications as trusted access and authentication are key enablers to enterprise customers. any2any’s ability to combine different use cases and interact with different LEGIC OEM partners has increased their ability to create seamless experiences for their customers e.g. visitor experiences that combine branded visitor management, with parking, booking of conference rooms & desks, and vending opportunities. any2any welcomes the opportunity to partner and integrate LEGIC into their mobile applications as trusted access and authentication are key enablers to enterprise customers “LEGIC enables us to offer a great range of experiences that allow our customers to take greater responsibility of their experience ecosystem, leveraging existing technology that they trust, and on-boarding new services that ultimately improve the experiences of their employees, partners, and customers”, tells Allan Chester, CEO any2any. Secure and authenticated access He continues, “The LEGIC technology is helping us to unlock the availability to services and space, making them accessible, authenticated and secure. Together we are matching the demands for dynamically configuring the security and space needs for companies, building owners and space providers. In addition, we are increasing the opportunity for secure transactions to be done in those spaces, saving minutes for our users to do something better with their time.” any2any is a cloud-based enterprise experience platform whose passion revolves around using technology to improve the human experience. Since 2015, they have been growing rapidly delivering to large enterprises technologies and services that remove ‘frictions’, save minutes, and improve the individual experience. Secure connected solutions any2any translate any technology, any service into secure connected experiences with out-of-the-box solutions that include a unique visitor management solution, canteen services, liquid access, parking solutions, and a working solution offering for flexible co-working environments. All delivered via mobile applications, or web-based applications.
Cylance Inc., global provider of AI-driven, prevention-first security solutions, has announced the availability of its award-winning endpoint protection offering, CylancePROTECT on AWS Marketplace. CylancePROTECT AI-enabled platform Cylance has built the largest AI platform in the industry, enabling it to offer a portfolio of security solutions ranging from enterprise endpoint protection, detection, and response, to Smart antivirus for consumers, to OEM solutions. Under the new agreement with AWS, marketplace customers now have access to CylancePROTECT for advanced AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances. The lightweight Cylance agent offers high performance and resiliency and requires only minimal updates to its multi-generational AI model, providing powerful data science capabilities using deep learning algorithms designed to protect against future threat variants. AI and deep machine learning Cylance leads the evolution of endpoint security using sophisticated machine learning techniques" “Cylance leads the evolution of endpoint security using sophisticated machine learning techniques across our entire platform to protect more than 14.5 million endpoints,” said Didi Dayton, vice president of worldwide channels and alliances at Cylance. He adds, “As an Advanced Partner in the AWS Partner Network, we’re pleased to be extending our prevention offering to AWS Marketplace customers, who can now easily find, procure, and install our award-winning AI technology to protect against zero-day polymorphic attacks and packed or obscured threats.” Seamless software integration CylancePROTECT integrates with key technologies like Netskope and Splunk, JASK, Aruba HPE, Bitglass, Demisto, Phantom, Thycotic, Securonix, and more, all of which can be purchased on AWS Marketplace to further extend a strong AI security posture. CylancePROTECT available on AWS Marketplace is designed for easy installation and operationalisation. Paired with support from a trusted advisor from the Cylance professional services team, customers can be up and running right away, allowing them to focus on their business knowing their environment is secure.
The Ministry of Interior’s Innovation and Future Foresight Conference was held on 5th-6th February. Day 1 of the Conference was a great success as speakers delivered world class presentations on various crime and technology related topics. Day 2 featured some of the finest and brightest brains in the technology and crime prevention industries from around the world. Keynote speakers from Austria and France addressed global concerns in criminal investigation and foresight modelling for future policing. Speakers from Finland, USA, United Kingdom, Netherlands, and Switzerland discussed topics related to artificial intelligence, crime, robotics, digital technological advancement and analytics. Confronting technology Two workshop round tables comprising speakers from France and Switzerland highlighted the important details concerning big data The speakers are drawn from a global pool of refined industry leaders, strategists, academicians, technology experts and security analysts. Using country-specific case studies, they addressed in great detail the crime issues confronting technology and how to combat these problems using emerging technology. Two workshop round tables comprising speakers from France and Switzerland highlighted the important details concerning big data, open data and future application in governance & policing and the future of virtual autopsy in crime scene brought the conference to an end. The conference was an excellent opportunity for The UAE’s law enforcement, government, security, and regulatory agencies, to connect with international thought leaders and experts at the conference and learn about groundbreaking initiatives. Handle emerging cybercrimes The Conference was vital for growing and established technology based companies looking to gain ample knowledge on how to handle emerging cybercrimes and other crime related issued. It allowed technology based companies and multinationals to learn new tricks, gain perspective on industry emerging trends and stay up to date with new crime issues affecting the global economies around the world. Some of the ‘who is who’ in the technology industries attended the conference to learn about shortcomings in software tools Some of the ‘who is who’ in the technology industries attended the conference to learn about shortcomings in software tools. They discovered new software capabilities, experimented with new equipment, and learnt how others have solved similar problems. This year’s conference specifically highlighted the many ways that digital disruption can be used by the government to forecast and plan future events. Anticipated threats Seasoned technology experts gave presentations and displayed their ongoing progress in matters of artificial intelligence, robotics, advanced analytics, and other indices of advanced future technology. Likewise security experts also reviewed the latest emerging technology in policing, patrol, intelligence, predictive crime analytics, investigation, and ICT to ensure anticipated threats are well managed and contained. Particular focus was given to the use of the latest disruptive technologies and innovations to help secure sea-ports and airports while supporting business growth and facilitating the efficient movement of good and people across international borders.
Matrix PRASAR UCS, an Enterprise Unified Communication Server connects internal and external decision makers at multiple locations for effective communication and real-time collaboration. It enables enterprises to enhance business processes by unifying communication mediums to simplify the daily workflow and increase their response time. Being a pure IP solution, PRASAR UCS is a single box solution, scalable up to 2,100 users, as per future communication needs of the organization. Bring people together anytime, anywhere, and on any device with our integrated collaboration infrastructure for voice and video calling, messaging, and mobility. Corporate directory integration Key Features of the Matrix PRASAR UCS include: Scalable up to 2,100 UC Users Up to 550 Concurrent Calls Up to 99 SIP Trunks 248 VoIP Channels Corporate Directory Integration Multi Lingual IVR - 128 Auto-attendant Menus 64 Party Simultaneous Conference - 21 Three-party Conference 1U Enclosure 64 Ports Voice Mail System - Record Conversations Presence Sharing - BLF Notification Unified Messaging Redundant Power Supply Port
STANLEY Security, one of the security providers, launches a new Dealer Programme aimed at independent installers looking to expand their businesses without the risks associated with rapid growth. The new STANLEY Security Dealer Programme provides installers with the considerable competitive benefits that come from being associated with a major global brand, backed up by national security infrastructure and expertise, whilst maintaining their independence. The Programme will enable partners to capture new growth opportunities in both commercial and residential security by helping them stand out in a competitive market place and by providing their customers with a wider range of security solutions and services than would be possible for a smaller, regional company. Customer satisfaction These security solutions include an array of products and systems for both home and business security These security solutions include an array of products and systems for both home and business security that have been heavily invested in by STANLEY Security and that are available at reduced costs as a result of the company’s substantial purchasing power. The range of services available to companies in the STANLEY Security Dealer Programme is equally impressive and includes STANLEY Assure in-house financing (a key consideration for end users and a major selling point); a Customer First Team, set up to provide top rate customer satisfaction; plus a selection of security monitoring options from a self-service app to STANLEY’s Category 2 NSI Gold Standard BS5979 accredited Alarm Receiving Centre (ARC). Lead generation support Under the STANLEY Security Dealer Programme, partners continue to work with their customers as before, but with STANLEY Security supporting them and providing the customer after-sales and service support. In other words, the dealer makes the sale, supplies and installs the equipment. STANLEY Security buys the service contract from the dealer and pays multiples based on the terms of the contract. To maximise ROI, the STANLEY Security Dealer Programme features fast onboarding, including training on STANLEY products and services and a certification process. Once certified, and with a partner agreement in place, dealers reap the rewards of affiliation with STANLEY Security. An attractive incentive programme is in place as part of the scheme, along with quick payments, a dedicated, experienced remote support team, lead generation support in the form of marketing and sales tools, and ongoing training to ensure dealers are kept up to date with the latest developments in security. Independent security companies Stanley Security’s dealer support is light years ahead of the competition" “The STANLEY Security Dealer Programme is the best of both worlds” comments Dan Hindley, STANLEY Security UK Channel Manager. “Independent security companies continue to use their skills in sales and installation, but with the added advantage of our expertise in designing, delivering and servicing security solutions. They get to fast track their business without the pain points and we have the benefit of extending our customer reach.” The STANLEY Security Dealer Programme model has already proven successful. “Stanley Security’s dealer support is light years ahead of the competition. We’re proud to be a Stanley Dealer as it reassures our clients that they’re in the best hands,” comments Trevor Williamson Operations Manager at TRECC. The STANLEY Security Dealer Programme will officially be launched on the 21st February at Security TWENTY 19 Birmingham, at the Hilton Metropole Hotel at the NEC, and supported by a wide media launch.


Expert commentary
With the coming of a New Year, we know these things to be certain: death, taxes, and… security breaches. No doubt, some of you are making personal resolutions to improve your physical and financial health. But what about your organisation’s web and mobile application security? Any set of New Year’s resolutions is incomplete without plans for protecting some of the most important customer touch points you have — web and mobile apps. Every year, data breaches grow in scope and impact. Security professionals have largely accepted the inevitability of a breach and are shifting their defense-in-depth strategy by including a goal to reduce their time-to-detect and time-to-respond to an attack. Despite these efforts, we haven’t seen the end of headline-grabbing data breaches like recent ones affecting brands such as Marriott, Air Canada, British Airways and Ticketmaster. App-level threats The apps that control or drive these new innovations have become today’s endpoint The truth of the matter is that the complexity of an organisation’s IT environment is dynamic and growing. As new technologies and products go from production into the real world, there will invariably be some areas that are less protected than others. The apps that control or drive these new innovations have become today’s endpoint — they are the first customer touch point for many organisations. Bad actors have realised that apps contain a treasure trove of information, and because they are often left unprotected, offer attackers easier access to data directly from the app or via attacks directed at back office systems. That’s why it’s imperative that security organisations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise. It’s imperative that security organisations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise In-progress attack detection Unfortunately, the capability to detect in-progress attacks at the app level is an area that IT and security teams have yet to address. This became painfully obvious in light of the recent Magecart attacks leveraged against British Airways and Ticketmaster, among others. Thanks to research by RiskIQ and Volexity, we know that the Magecart attacks target the web app client-side. During a Magecart attack, the transaction processes are otherwise undisturbed Attackers gained write access to app code, either by compromising or using stolen credentials, and then inserted a digital card skimmer into the web app. When customers visited the infected web sites and completed a payment form, the digital card skimmer was activated where it intercepted payment card data and transmitted it to the attacker(s). Data exfiltration detection During a Magecart attack, the transaction processes are otherwise undisturbed. The target companies receive payment, and customers receive the services or goods they purchased. As a result, no one is wise to a breach — until some 380,000 customers are impacted, as in the case of the attack against British Airways. The target companies’ web application firewalls and data loss prevention systems didn’t detect the data exfiltration because those controls don’t monitor or protect front-end code. Instead, they watch traffic going to and from servers. In the case of the Magecart attacks, the organisation was compromised and data was stolen before it even got to the network or servers. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications Best practice resolutions The Magecart attacks highlight the need to apply the same vigilance and best practices to web and mobile application source code that organisations apply to their networks—which brings us to this year’s New Year’s resolutions for protecting your app source code in 2019: Alert The key to success is quickly understanding when and how an app is being attacked First, organisations must obtain real-time visibility into their application threat landscape given they are operating in a zero-trust environment. Similar to how your organisation monitors the network and the systems connected to it, you must be able to monitor your apps. This will allow you to see what users are doing with your code so that you can customise protection to counter attacks your app faces. Throughout the app’s lifecycle, you can respond to malicious behavior early, quarantine suspicious accounts, and make continuous code modifications to stay a step ahead of new attacks. Protect Next, informed by threat analytics, adapt your application source code protection. Deter attackers from analysing or reverse engineering application code through obfuscation. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications. If an attacker tries to understand app operation though the use of a debugger or in the unlikely event an attacker manages to get past obfuscation, threat analytics will alert you to the malicious activity while your app begins to self-repair attacked source code or disable portions of the affected web app. The key to success is quickly understanding when and how an app is being attacked and taking rapid action to limit the risk of data theft and exfiltration. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organisation’s health and well-being in 2019 Encrypt Finally, access to local digital content and data, as well as communications with back office systems, should be protected by encryption as a second line of defense, after implementing app protection to guard against piracy and theft. However, the single point of failure remains the instance at which the decryption key is used. Effective encryption requires a sophisticated implementation of White-Box Cryptography This point is easily identifiable through signature patterns and cryptographic routines. Once found, an attacker can easily navigate to where the keys are constructed in memory and exploit them. Effective encryption requires a sophisticated implementation of White-Box Cryptography. One that combines a mathematical algorithm with data and code obfuscation techniques transforming cryptographic keys and related operations into indecipherable text strings. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organisation’s health and well-being in 2019. Protecting applications against data breach According to the most recent Cost of a Data Breach Study by the Ponemon Institute, a single breach costs an average of $3.86 million, not to mention the disruption to productivity across the organisation. In 2019, we can count on seeing more breaches and ever-escalating costs. It seems that setting—and fulfilling—New Year’s resolutions to protect your applications has the potential to impact more than just your risk of a data breach. It can protect your company’s financial and corporate health as well. So, what are you waiting for?
In the age of massive data breaches, phishing attacks and password hacks, user credentials are increasingly unsafe. So how can organisations secure accounts without making life more difficult for users? Marc Vanmaele, CEO of TrustBuilder, explains. User credentials give us a sense of security. Users select their password, it's personal and memorable to them, and it's likely that it includes special characters and numbers for added security. Sadly, this sense is most likely false. If it's anything like the 5.4 billion user IDs on haveibeenpwned.com, their login has already been compromised. If it's not listed, it could be soon. Recent estimates state that 8 million more credentials are compromised every day. Ensuring safe access Data breaches, ransomware and phishing campaigns are increasingly easy to pull off. Cyber criminals can easily find the tools they need on Google with little to no technical knowledge. Breached passwords are readily available to cyber criminals on the internet. Those that haven’t been breached can also be guessed, phished or cracked using one of the many “brute-force” tools available on the internet. It's becoming clear that login credentials are no longer enough to secure your users' accounts. Meanwhile, organisations have a responsibility and an ever-stricter legal obligation to protect their users’ sensitive data. This makes ensuring safe access to the services they need challenging, particularly when trying to provide a user experience that won’t cause frustration – or worse, lose your customers’ interest. After GDPR was implemented across the European Union, organisations could face a fine of up to €20 million, or 4% annual global turnover Importance of data protection So how can businesses ensure their users can safely and simply access the services they need while keeping intruders out, and why is it so important to strike that balance? After GDPR was implemented across the European Union, organisations could face a fine of up to €20 million, or 4% annual global turnover – whichever is higher, should they seriously fail to comply with their data protection obligations. This alone was enough to prompt many organisations to get serious about their user’s security. Still, not every business followed suit. Cloud security risks Breaches were most commonly identified in organisations using cloud computing or where staff use personal devices According to a recent survey conducted at Infosecurity Europe, more than a quarter of organisations did not feel ready to comply with GDPR in August 2018 – three months after the compliance deadline. Meanwhile, according to the UK Government’s 2018 Cyber Security Breaches survey, 45% of businesses reported breaches or attacks in the last 12 months. According to the report, logins are less secure when accessing services in the cloud where they aren't protected by enterprise firewalls and security systems. Moreover, breaches were most commonly identified in organisations using cloud computing or where staff use personal devices (known as BYOD). According to the survey, 61% of UK organisations use cloud-based services. The figure is higher in banking and finance (74%), IT and communications (81%) and education (75%). Additionally, 45% of businesses have BYOD. This indicates a precarious situation. The majority of businesses hold personal data on users electronically and may be placing users at risk if their IT environments are not adequately protected. Hackers have developed a wide range of tools to crack passwords, and these are readily available within a couple of clicks on a search engine Hacking methodology In a recent exposé on LifeHacker, Internet standards expert John Pozadzides revealed multiple methods hackers use to bypass even the most secure passwords. According to John’s revelations, 20% of passwords are simple enough to guess using easily accessible information. But that doesn’t leave the remaining 80% safe. Hackers have developed a wide range of tools to crack passwords, and these are readily available within a couple of clicks on a search engine. Brute force attacks are one of the easiest methods, but criminals also use increasingly sophisticated phishing campaigns to fool users into handing over their passwords. Users expect organisations to protect their passwords and keep intruders out of their accounts Once a threat actor has access to one password, they can easily gain access to multiple accounts. This is because, according to Mashable, 87% of users aged 18-30 and 81% of users aged 31+ reuse the same passwords across multiple accounts. It’s becoming clear that passwords are no longer enough to keep online accounts secure. Securing data with simplicity Users expect organisations to protect their passwords and keep intruders out of their accounts. As a result of a data breach, companies will of course suffer financial losses through fines and remediation costs. Beyond the immediate financial repercussions, however, the reputational damage can be seriously costly. A recent Gemalto study showed that 44% of consumers would leave their bank in the event of a security breach, and 38% would switch to a competitor offering a better service. Simplicity is equally important, however. For example, if it’s not delivered in ecommerce, one in three customers will abandon their purchase – as a recent report by Magnetic North revealed. If a login process is confusing, staff may be tempted to help themselves access the information they need by slipping out of secure habits. They may write their passwords down, share them with other members of staff, and may be more susceptible to social engineering attacks. So how do organisations strike the right balance? For many, Identity and Access Management solutions help to deliver secure access across the entire estate. It’s important though that these enable simplicity for the organisation, as well as users. Organisations need an IAM solution that will adapt to both of these factors, providing them with the ability to apply tough access policies when and where they are needed and prioritising swift access where it’s safe to do so Flexible IAM While IAM is highly recommended, organisations should seek solutions that offer the flexibility to define their own balance between a seamless end-user journey and the need for a high level of identity assurance. Organisations’ identity management requirements will change over time. So too will their IT environments. Organisations need an IAM solution that will adapt to both of these factors, providing them with the ability to apply tough access policies when and where they are needed and prioritising swift access where it’s safe to do so. Importantly, the best solutions will be those that enable this flexibility without spending significant time and resource each time adaptations need to be made. Those that do will provide the best return on investment for organisations looking to keep intruders at bay, while enabling users to log in safely and simply.
Edward Snowden’s name entered the cultural lexicon in 2013, after he leaked thousands of classified National Security Agency documents to journalists. He’s been variously called a traitor, a patriot, a revolutionary, a dissident and a whistleblower, but however you personally feel about him, there’s one way to categorise him that no one can dispute: He’s a thief. There’s no doubt about it: Snowden’s information didn’t belong to him, and the scary truth is that he is neither the first nor the last employee to attempt to smuggle secrets out of a building – and we need to learn from his success to try to prevent it from happening again. Since the dawn of the digital age, we’ve fought cyber pirates with tools like firewalls, encryption, strong passwords, antivirus software and white-hat hackers. But with so much attention on protecting against cyber risks, we sometimes forget about the other side of the coin: the risk that data will be physically removed from the building. Douglas Miorandi, director of federal programs, counter-terrorism and physical data security for Metrasens, recently discussed the major risks to physical data security with SourceSecurity.com. Q: What do you believe are the main physical threats to data? The biggest threats I have seen in the physical data security space have varied over the years, but there are four specific risks that remain the same across the board for any organisation, which are: Every organisation is at risk of having data walk out the building with that employee The Insider Threat The Outsider Threat The Seemingly Innocent Personal Item Poor or Nonexistent Screening To beginning with, every company or government agency has at least one disgruntled employee working for them, whether they know it or not, and that means every organisation is at risk of having data walk out the building with that employee. That is what security experts call the insider threat. Q: What do you think influences employees to steal data from their own organisation? People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially – meaning they don’t even need to be disgruntled; they might just want a quick way to make a buck. Financial data, too, is attractive, both for insider trading and selling to the competition. People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially This can happen to both private companies as well as government agencies. Take Natalie Mayflower Sours Edwards for example, a Treasury Department employee who was caught in the act just last month, when she disclosed sensitive government information about figures connected to the Russia investigation to a reporter. She didn’t hack the system, she simply used a flash drive. And let’s not forget that Snowden was a contractor working for the NSA. Q: Many of us think of security threats coming from an outsider, do companies still face these type of threats? Yes. Unfortunately, organisations do not only need to worry about their own employees – companies and government agencies need to be wary of threats from outsiders. COTS devices include SD cards, external hard drives, audio recorders and even smart phones They can come in the form of the corporate spy – someone specifically hired to pose as a legitimate employee or private contractor in order to extract information – or the opportunistic thief – a contractor hired to work on a server or in sensitive areas who sees an opening and seizes it. Either one is equally damaging to sensitive data because of the physical access they have. Q: Whether it be an insider threat or an outsider threat, what are ways these individuals can steal sensitive data? There are two types of personal items that can be used to steal data: the commercially available off-the-shelf (COTS) variety, and the intentionally disguised variety. This is considered risk number three – the seemingly innocent personal item. COTS devices include SD cards, external hard drives, audio recorders and even smart phones, any of which can be used to transport audio, video and computer data in and out of a building. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom Q: What is the difference between COTS and disguised devices? The difference between COTS and disguised devices is that if someone gets caught with a COTS device, security will know what it is and can confiscate it. The disguised device looks like a security-approved item anyone could be carrying into the workplace, making it especially devious. Sometimes these devices don’t just function to bring information out of a building; they are used to damage a server or hard drive once it’s plugged in to a computer or the network. Some are both – a recording device that extracts data and then destroys the hard drive. Companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening peopleQ: With these types of discrete items, can security personnel still catch individuals in the act? For example, through security screenings? Poor or nonexistent screening is the most substantial security threat to any organisation when it comes to sensitive data. Whether it’s an employee, an outside contractor or a device, the physical security risks are real, and everyone and everything entering and leaving a building needs to be screened. Unfortunately, screening often isn’t occurring at all, or is ineffective or inconsistent when it does occur. Even companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening people and stopping them from stealing data through recording devices. Q: It’s surprising that so many organisations would neglect physical security when protecting their data. It’s a huge mistake, and the consequences can be dire. They range from loss of customer trust, exorbitant lawsuits and tanking stock prices in the private sector; and risks to national security in the public sector. Costs and resource allocation increase as well during efforts to reactively fix or mitigate the effects of physically stolen data. For both the private and public sectors, the risk for data to be physically removed from a building has never been greater. Years ago, it was much harder for the average Joe to figure out where they could sell stolen data. Now, with the Deep Web, anyone with Tor can access forums requesting specific information from competing spy agencies, with instructions on how to deliver it, greatly reducing the risk of getting caught – and increasing the likelihood people will try it. Although it’s getting easier to sell data, the good news is that all of these threats are avoidable with the right measures. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack Q: So how can an organisation protect against these risks? There are a number of ways – and the first one requires a change of mindset. Not long ago, the building/physical security department and the IT/cybersecurity department were considered two different entities within an organisation, with little overlap or communication. Organisations now are realising that, because of the level of risk they face from both internal and external threats, they must take a holistic approach to data security. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack. Q: How can companies and government agencies combine both physical data security and cybersecurity initiatives? Physical security managers can advise cybersecurity managers on ways to reinforce their protocols – perhaps by implementing the newest surveillance cameras in sensitive areas, or removing ports on servers so that external drives cannot be used. Organisations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try In turn, the cybersecurity team can let the physical security team know that they have outside contractors coming in to work on the server, and the physical security team can escort the contractors in and stand guard as they work. Constant communication and a symbiotic relationship between the two departments are crucial to creating an effective holistic security protocol and, once you’ve got the momentum going, don’t let it slow down. Sometimes efforts start off strong and then peter out if priorities change. When guards are down, it’s an excellent time for a malicious actor to strike. Organisations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try. It’s not just about the mentality, though. Using the right technology is just as important. Q: What type of technology can you use to protect physical data? Many problems can be avoided by simply using the right technology to detect devices that bring threats in and carry proprietary information out. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them. Using a ferromagnetic detection system (FMDS) as people enter and exit a building or restricted area means that anything down to a small microSD card triggers an alert, allowing confiscation or further action as needed. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them Q: How does FMDS work? In the most basic terms, FMDS uses passive sensors that evaluate disturbances in the earth’s magnetic field made by something magnetic moving through its detection zone. Nothing can be used to shield the threat, because FMDS doesn’t detect metallic mass; it detects the magnetic signature, down to a millionth of the earth’s magnetic field. FMDS is the most reliable method of finding small electronics items and should be part of the “trust, but verify” model Although it is a passive technology, it is more effective and reliable than using hand wands or the walk-through metal detectors typically seen in an airport, which cannot detect very small ferrous metal objects. FMDS can see through body tissue and liquids, so items cannot be concealed anywhere on a person or with their belongings. Whether or not the items are turned on doesn’t matter; FMDS doesn’t work by detecting a signal, but rather by spotting the magnetic signature that electronics contain. This is ideal, because most recording devices do not emit any signal whatsoever. In my experience, FMDS is the most reliable method of finding small electronics items (as well as other ferrous metal objects, like weapons), and should be part of the “trust, but verify” model, in which companies assume the best of their employees and anyone else entering the building, but still take necessary precautions. Q: What are the key takeaways for organisations looking to enhance data security? The toughest challenge in the security sector – whether it’s cyber or physical – is remembering that the bad guys are constantly looking for ways to slip in through the cracks, and security departments need to stay one step ahead to ward off both internal and external threats. Recognising the existing threats, putting together a holistic security strategy, and using the right technology to detect illicit devices comprises an effective three-pronged approach to protecting an organisation’s data. Organisations cannot afford to be passive about security and assume employees won’t steal data and spies won’t sneak in. Strong countermeasures are necessary because data loss can come from both inside and outside, in both private and public sectors, from places not everyone thinks of – and with technology like FMDS acting as a backup to the human element, organisations can lock down their data and keep the wolves in sheep’s clothing from getting through the door.
Security beat
A futuristic alternative to plastic cards for access control and other applications is being considered by some corporate users in Sweden and the United Kingdom. The idea involves using a microchip device implanted into a user’s hand. About the size of a grain of rice and provided by Swedish company Biohax, the tiny device employs passive near field communication (NFC) to interface with a user’s digital environment. Access control is just one application for the device, which can be deployed in lieu of a smart card in numerous uses. Biohax says more than 4,000 individuals have implanted the device. Using the device for corporate employees Every user is given plenty of information to make an informed decision whether they want to use the deviceCurrently Biohax is having dialogue with curious corporate customers about using the device for their employees. “It’s a dialogue, not Big Brother planning to chip every employee they have,” says Jowan Österlund, CEO at Biohax. Every user is given plenty of information to make an informed decision whether they want to use the device. Data capture form to appear here! “Proof of concept” demonstrations have been conducted at several companies, including Tui, a travel company in Sweden that uses the device for access management, ID management, printing, gym access and self-checkout in the cafeteria. Biohax is also having dialogue with some big companies in the United Kingdom, including legal and financial firms. Österlund aims to have a full working system in place in the next year or so. A Swedish rail company accepts the implanted chip in lieu of a paper train ticket. They accept existing implants but are not offering to implant the chips. Österlund says his company currently has no plans to enter the U.S. market. The device is large enough to locate easily and extract if needed, and small enough to be unobtrusive Access control credential The device is inserted/injected below the skin between the index finger and the thumb. The circuitry has a 10-year lifespan. The device is large enough to locate easily and extract if needed, and small enough to be unobtrusive. The only risk is the possibility of infection, which is true anytime the skin is pierced, and the risk is mitigated by employing health professionals to inject the chip. Use of the device as an access control credential or any other function is offered as a voluntary option; any requirement by an employer to inject the device would be illegal, says Österlund. It’s a convenient choice that is made “based on a well-informed decision by the customer.” Aversion to needles, for example, would make some users squeamish to implant the device. More education of users helps to allay any concerns: Some 10% of employees typically would agree quickly to the system, but a larger group of 50% to 60% are likely to agree over time as they get more comfortable with the idea and understand the convenience, says Österlund. Protection of information The passive device does not actively send out any signals as you walk. It is only powered up by a reader if a user has access rightsIn terms of privacy concerns, information contained on the device is in physical form and is protected. The passive device does not actively send out any signals as you walk. There is no battery. It is only powered up by a reader if a user has access rights. With use of the device being discussed in the United Kingdom, there has been some backlash. For example, Frances O’Grady, general secretary of the Trades Union Congress (TUC), has said: “Microchipping would give bosses even more power and control over their workers.” A big misconception is that the chip is a tracking device, says Österlund. It isn’t. “We love people to get informed,” says Österlund. “If they’re scared or apprehensive, they can just read up. It’s not used to control you – it’s used to give you control.”
ADT Inc.’s acquisition of Red Hawk Fire & Security, Boca Raton, Fla., is the latest move in ADT Commercial’s strategy to buy up security integrator firms around the country and grow their footprint. In addition to the Red Hawk acquisition, announced in mid-October, ADT has acquired more than a half-dozen security system integration firms in the last year or so. Here’s a quick rundown of integrator companies acquired by ADT: Protec, a Pacific Northwest commercial integrator (Aug. 2017); MSE Security, the USA’s 27th largest commercial integrator (Sept 2017); Gaston Security, founded in 1994 as a video surveillance integration company and whose services have since expanded to include intrusion, access control, and perimeter protection (Oct. 2017); Aronson Security Group (ASG), which delivers risk and security program consultants and offers advanced integration services, consulting and design engineers and a National Program Management team (March 2018); Acme Security Systems, among the largest privately held security systems integrators in the Bay Area, focusing on electronic security systems, access control, video networks and more (March 2018); Access Security Integration, a regional systems integrator specialising in design, delivery, installation and servicing of electronic security systems including enterprise-level access control, video and visitor management solutions, perimeter security and security operation command centers (Aug. 2018); In addition to their moves in the commercial integrator space, ADT has also sought to expand their presence in cybersecurity with the following two acquisitions: Datashield, specialising in Managed Detection and Response Services (Nov 2017); Secure Designs, Inc., specialising in design, implementation, monitoring, and managing network defense systems, including firewall services and intrusion prevention, to protect small business networks from a diverse and challenging set of global cyber threats (Aug. 2018). ADT has acquired more than a half-dozen security system integration firms in the last year or so For additional insights into ADT’s game plan and the strategy behind these acquisitions, we presented the following questions to Chris BenVau, ADT’s Senior Vice President of Enterprise Solutions. Q: ADT has been actively acquiring regional integrators this year – more than a half a dozen to date. Please describe the history of how ADT came to embrace a strategy of acquiring regional integrators as a route to growth? ADT's acquisition of Red Hawk is set to close in December, and brings premiere fire and life/safety solutions BenVau: Our acquisition strategy started at Protection 1 when we embarked on our journey to build out our commercial and national account business and add enhanced integration capabilities to our portfolio. The merger of Protection 1 and ADT brought that foundation to ADT which up to that point was primarily a residentially and SMB-focused company. After the merger, we set out to identify and acquire additional regional integrators that would continue to build on that foundation and deliver enhanced technical solutions, advanced technologies and an expanded service, install and support footprint. Through our acquisitions we now operate two Network Operations Centers and three Centers of Excellence. We are also unique in the industry with the number and variety of certifications, like Cisco and Meraki, our engineers hold which ultimately allows us to offer Managed Security as a Service. They have also enhanced our operational capabilities. Q: What criteria do you use to evaluate whether an integrator is a good “fit” for ADT? BenVau: First and foremost, we look at the culture of the companies. The companies that we target for acquisition must be metrics- and customer service-driven. Secondly, we look at the leadership teams. ADT view their acquisitions more like mergers and take a patient approach to integrating them into their business We have been fortunate in the fact the leadership of the companies we acquired remain with us today in key management and executive positions helping to drive continued growth within their organisations. We also evaluate their current customer base, unique solutions and their ability to complement and enhance our portfolio with the goal of becoming a leading full-service, enterprise commercial provider. Our acquisitions have bolstered our network capabilities, brought enterprise risk management services, and a broader solution set in high-end video and access control solutions. Our most recent acquisition – Red Hawk, set to close in December – brings us premiere fire and life/safety solutions. Q: What changes are typically needed after an integrator is acquired in order to adapt it to the ADT corporate model? BenVau: We view our acquisitions more like mergers and take a patient approach to integrating them into ADT while taking into account their culture. We want to ensure that we find the right positions for their people, embrace the right messaging and put the right processes in place. We acquire these companies because they are the best in their respective businesses and geographies and bring their knowledge and experience in markets or with solutions that we may not have had previous access to. ADT can support clients with their own in-house technicians which helps to ensure a consistent security program Q: How can regional integrators benefit from the ADT brand? Have your newly acquired integrators realised additional growth? BenVau: The companies we have acquired, generally, have exceeded expectations and surpassed initial goals. ADT brings expanded opportunities for these companies as well with our national footprint. Our National Account Sales Team has seen impressive growth over the years and are only limited by our ability to deliver. These integrators help to deliver on that. In the past, the regional players may have had to rely on sub-contractors to service their larger clients. With ADT, we can now support those clients with our own in-house technicians which helps to ensure a consistent security program across multiple locations.Our National Account Sales Team has seen impressive growth over the years and are only limited by our ability to deliver" Q: Are additional integrator acquisitions planned this year and into 2019? How much is enough and when will it end (or slow down significantly)? BenVau: We expect to close on our latest acquisition, Red Hawk, before the end of 2018. Red Hawk brings a national footprint focused on fire/life safety and security to ADT. While ADT already had a robust security offering, Red Hawk will contribute significantly to the fire side of the business. In addition, we will continue to evaluate the companies in the industry to determine if additional acquisitions make sense. Q: Do you expect greater consolidation of the integrator channel in the industry as a whole? Why is this a good time for consolidation? Is it a good M&A market for buyers like ADT? BenVau: We will continue to evaluate companies in the industry to determine if further acquisitions make sense. As for the industry, we can only speak for ourselves. Our focus is on investing in our field organisation, in particular our service technicians, engineers and project management teams" Q: What other trend(s) do you see in the industry that will impact ADT (on the commercial side) in the next year or so, and how? BenVau: In addition to their moves in the commercial integrator space, ADT has also sought to expand their presence in cybersecurity Networking is a big one. As we continue to drive integration of devices and services, from AI, “the cloud,” machine learning and even analytics, there will be more focus on the network they ride on. A deeper knowledge of network design, bandwidth impact, and system integration will be critical. As part of our acquisition strategy, we focused on talent to add to the team and have been able to add to our bench strength in this area. Q: Any other comments/insights you wish to share about ADT’s strategy, future, and role in the larger physical security marketplace? BenVau: Our focus is on investing in our field organisation, in particular our service technicians, engineers and project management teams. The cornerstone of our success lies in our ability to deliver outstanding customer support and service. It starts with sales and the ability to deliver security and life safety technologies, but it ends with a delighted customer who partners with us to help secure the things that matter most to them. Our recent acquisitions have more than doubled our commercial field operations teams and are key to establishing the ADT Commercial brand as a leading full-service provider of enterprise solutions to the marketplace.
The Global Security Exchange (GSX) seems smaller this year, which is not surprising given the absence on the show floor of several big companies such as Hikvision and ASSA ABLOY (although their subsidiary HID Global has a big booth). A trend affecting the number of companies exhibiting at GSX 2018, and other trade shows, is industry consolidation, which is impacting the show even beyond the fewer exhibitors this year in Las Vegas. GSX is the new branding for the trade show formerly known as ASIS. There was an impressive crowd of visitors waiting for the show floor to open Tuesday morning; the conference part of the program began on Monday. After the attendees filed through the doors, the foot traffic seemed brisk throughout the morning, and was somewhat steady until the end of the first day. Exhibitors as a whole seemed pleased with the first day and cautiously optimistic about the rest of the show. Acquisitions and consolidation HID Global announced on the first day that they will acquire Crossmatch - emphasising the impact of consolidation Emphasising the impact of consolidation on the industry as a whole, and on this show, was an announcement from HID Global on the first day that they will acquire Crossmatch, a biometric identify management and secure authentication solutions provider. It’s a comparatively large acquisition for the company specialising in trusted identity solutions. Just days earlier, another acquisition also seemed to confirm the trend when UTC Climate, Controls and Security — the owner of Lenel — announced an agreement to acquire S2 Security. The fruits of another recent acquisition was on display at the GSX 2018 hall, where Isonas took its place near the front entrance as part of the Allegion booth, just three months after the global security provider acquired the ‘pure IP access control company.’ Isonas is well positioned in two of the three fastest growing segments of the access control market — IP hardware, which is growing 41 percent per year globally, and access control as a service, or ‘cloud’ technology, which is also outpacing the overall access control market. Allegion also has the third fast-growing segment, wireless locks, covered with its Schlage brand. "New avenues of growth" The early days of new ownership is opening fresh opportunities for both organisations as Allegion seeks to leverage Isonas’ intellectual property and the smaller company finds new avenues of growth in the larger organisation, says Rob Lydic, Isonas Global Vice President of Sales. Motorola joined Avigilon in a higher profile role at their booth, emphasizing consolidation in the industry Lydic sees a likelihood of additional acquisitions in the near future in the security space, given the large amount of capital currently available to be deployed, and the large number of entrepreneurial companies looking to make the leap, as Isonas did, from a small booth at the back of the hall to front-and-center as part of a big industry player. Another reflection of consolidation: Motorola Solutions is taking a much higher-profile role in the Avigilon booth. In addition to signage, ownership by Motorola is also impacting the Avigilon product offerings. For example, the Motorola Ally security incident management and communications system has been integrated with Avigilon’s analytics-based event detection, and is being positioned to serve the enterprise market. The system simplifies security operations with a single platform that allows access to critical data, including video and access control systems, directly from any web-enabled device. Another reflection of consolidation: Motorola Solutions is taking a much higher-profile role in the Avigilon booth Avigilon is displaying Motorola Solutions’ CommandCenter Aware integrated with Avigilon’s systems for use with public safety applications to provide dispatchers and intelligence analysts with video feeds, incident details, alerts, data mapping and responder location. Avigilon has also integrated its AI-driven Appearance Search technology with its Access Control Manager system, so video searches can be performed based on a badge credential. The system can automatically pull up any information, whether video or events in the access control system, based on the badge information. It can also be used to search for lost badges, or to view where a person is located in the building. Avigilon introduced an AI appliance that allows existing cameras to be integrated with Appearance Search The company introduced an AI appliance that allows existing (non-Avigilon) cameras (up to 20 two-megapixel cameras) to be integrated with Appearance Search. Also, the next generation of analytics allows detection of more things, such objects a person may be holding, or detection based on what they are wearing. The growth of the cannabis market Although attendees at GSX are generally understood to be more end users than integrators, Joe Grillo, CEO of ACRE, the parent company of Vanderbilt Industries and ComNet, says he sees little difference in attendees at GSX compared to the ISC West show in the spring. “We see all our resellers here,” he says. Grillo noticed that Day One booth traffic was “not consistently busy, but steady.” Grillo says ACRE expects to be active again soon in the mergers and acquisitions market. The company has grown through six acquisitions since its founding, and has had one divestiture (when it sold Mercury Security to HID last fall). Since selling Mercury, ACRE has been ‘back in the buying mode,’ just looking for the right opportunity, says Grillo. New markets are a theme at GSX, and one of the biggest new opportunities is the cannabis industry. Marijuana has been legalised in dozens of U.S. states, and Canada is on the verge of legalising the drug. March Networks works with multiple cannabis operators to provide video solutions, point-of-sale transaction data, and customer analytics March Networks is among the companies targeting the cannabis industry in a big way. Already across the U.S., March Networks works with multiple cannabis operators to provide video solutions, point-of-sale transaction data, and customer analytics. The business intelligence solutions also aid compliance in the highly-regulated industry. March Networks provides radio frequency identification (RFID) tag to track plants throughout the channel, and tracking is integrated with video systems to provide correlated video views. A couple of exhibitors mentioned to me the need for commercial companies to deploy a comparable level of automation as their employees are accustomed to in the smart home environment. That suggests a need for things such as smartphone integration and voice commands. One exhibitor putting its toe in the water is Hanwha Techwin, which showed an Amazon Echo device used to control a video management system (VMS) with voice commands. Could the simple integration be a preview of the future of control rooms, where security officers merely talk to their equipment rather than operating controls? We’ll be talking to more companies (and maybe a few machines) on Day Two of the show, and will be reporting what we hear.
Case studies
Manufacturer ROCKWOOL International A.S. has chosen Nedap’s Global Client Programme to secure its offices and factories worldwide. AEOS, the physical security platform by Nedap, installed during the programme, enables ROCKWOOL to establish a truly global security policy and unified work processes. An advanced project rollout, the Global Client Programme is developed for large multinationals and offers several benefits, including standardisation across sites, shorter implementation times and cost efficiencies. Standardising company’s security measures The Global Client Programme connects all of ROCKWOOL’s factories and office premises, and standardises the company’s security measuresROCKWOOL has 28 factories across the world. The Global Client Programme connects all of these factories and ROCKWOOL’s office premises, and standardises the company’s security measures throughout the world. Fokko van der Zee, managing director at Nedap Security Management, says: “The implementation of a standardised security solution across the world is a complex process. It involves a large project spanning many years and involving many stakeholders, and demands a high level of project management. In the absence of a structured program with defined guidelines, a global security rollout is likely to be a stressful execution. That’s why we set up our carefully designed Global Client Programme.” ROCKWOOL Digital Service Lead, Matthew Thorne, agrees: “We’ve worked with Nedap over the past few years and recently became a member of their Global Client Programme. Now we’re equipped with the people and tools we needed to standardise our physical security solution. The Global Client Programme also minimises risk and guarantees compliance. It really meets our needs in every possible way.” Central security platform saves money The programme helps achieve cost savings by avoiding initial setup costs per site and having one central security platform instead of severalThe Global Client Programme is designed to ensure monitoring and control during every step of the rollout process. Timon Padberg, responsible for business development at Nedap Security Management, explains: “The repetitive nature of local site deployments allows us to work with models and templates, such as standard proposal and calculation documents. We can therefore produce a scalable process that ensures uniformity and a consistently high quality of implementation across each site.” By using the Global Client Programme, ROCKWOOL is aiming for uniformity and alignment across all sites. The programme also helps achieve cost savings by avoiding initial setup costs per site and having one central security platform instead of several. Moreover, there are significant savings on operational and maintenance costs due to shared services and economies of scale.
Genetec Inc., a technology provider of unified security, public safety, operations, and business intelligence solutions announces that the South Grand Community Improvement District (CID) in St. Louis, Missouri is using the Genetec Stratocast cloud-based video monitoring system to deter license plate theft in its parking lot and provide video access to the local police department to help reinforce security. License plate theft One of the services offered by the South Grand CID is free parking. At any time of the day, drivers can park in a central parking lot to visit businesses or residents. While this lot has always been convenient and safe, license plate theft was troubling nearby areas. Video recordings are sent over a wireless network which connects to the South Grand CID main office To deter license plate theft in their own community, the South Grand CID board decided to add video surveillance to the lot. Currently, three cameras monitor the entire 90-space parking lot. Video recordings are sent over a wireless network which connects to the South Grand CID main office, just a few blocks away from the lot. With this cloud-based video monitoring system, Rachel Witt, Executive Director at South Grand CID, can quickly and easily view video from anywhere, at any time. Cloud video system “Using the cloud video system, I am able to find and view the video in seconds. I can narrow down my search based on dates and time and watch the event unfold with all camera feeds up on the monitor. It’s really that simple,” commented Witt. Only two weeks after installing the Stratocast video monitoring system, a visitor reported that their license plates had been stolen. “The visitor provided a description of the car, and a timeframe in which the incident likely happened. Using the Stratocast system, I was able to find and view the video in seconds. I could clearly see the suspect enter the lot, remove the plates and leave in his own car. Since the police are very busy here, I was able to bookmark the video recording and then notify them that the video was ready,” said Witt. View video recordings Stratocast has made it easy for the South Grand CID to give video access to local police so that when a crime is reported in the district, officers can immediately begin to conduct investigations without leaving their desks. While the South Grand CID manages and owns the Stratocast solution, officers can log into the system and view video recordings when required While the South Grand CID manages and owns the Stratocast solution, officers can log into the system and view video recordings when required. This is enabled by the Genetec Federation feature, which gives an organisation access to manage multiple independent Genetec systems as one. A memorandum of understanding was signed so each parties’ responsibilities are clear. Better sense of safety “Instead of driving over and picking up a DVD, officers can directly access video from our cameras to see what happened. Not only does it help speed up investigations, it saves officers’ valuable time,” continued Witt. The installation of Stratocast is not only helping to reduce license plate theft but it is also helping residents and visitors feel safer than ever. “Business owners, residents, and visitors have a better sense of safety when they know cameras are up. But they also need to know that we’re equipped to respond quickly to any disturbance. And that’s what Stratocast helps us achieve. With the addition of Stratocast, we’re able to show everyone that we have strengthened the security in our community,” concluded Witt.
Exabeam, the next-gen SIEM company, announces that NTT DATA Corporation (NTT DATA), its partner and one of the providers of technology and services for government and business, has chosen to secure its global operations using Exabeam’s Security Management Platform (SMP), which provides unlimited data collection, machine learning and analytics for modern cyber threat detection and response. NTT DATA’s internal system is used throughout more than 50 countries and regions, 210 cities and by 34,500 employees in Japan and 75,500 employees overseas. It is a fast-moving company that has acquired many businesses over the last five to 10 years, resulting in the inheritance of a number of different legacy SIEM platforms. However, these solutions were lacking, and NTT Data wasn’t obtaining the visibility it needed to keep pace with modern cyberthreats. Disparate legacy systems Exabeam was already our valued partner, and we were so confident in the company’s security solution" “Exabeam was already our valued partner, and we were so confident in the company’s security solution, we decided to use it ourselves, to remove complexity and unify our disparate legacy systems that were ineffective at protecting against modern threats,” said Hiroshi Honjo, head of Cyber Security and Governance at NTT DATA. “Having Exabeam’s unlimited data lake and attractive pricing model made the difference for our large organisation.” Exabeam’s SMP provides NTT DATA with scalable, behavioural modelling, machine learning, and advanced analytics for comprehensive insider and entity threat detection throughout Japan, APAC, North America, and Europe. This functionality was vital to the NTT DATA team because they required greater visibility into potential cyberthreats throughout the organisation and in all locations around the world. Automated incident response “NTT DATA’s journey was a unique one, since they had multiple legacy logging platforms in use globally. Exabeam was able to replace or consolidate each system using our next generation platform, and we accomplished the initial rollout in a matter of months,” said Nir Polak, CEO, Exabeam. “The swiftness of that transition is critical to maintaining secure operations, especially when dealing with such a geographically dispersed enterprise.” Automated incident response allows teams to respond to security incidents rapidly and with less effort Automated incident response allows teams to respond to security incidents rapidly and with less effort. At the SMP’s foundation is the Exabeam security data lake, designed to store all event logs at a predictable and flat price. This frees the NTT DATA security team from manually analysing data logs – and instead they can focus on quickly identifying and responding to security threats. SIEM solution According to Honjo, “The second phase of our project will be to look at use cases and fine tune the SIEM solution to work for our business needs. Overall, we are very happy with how well Exabeam met our stated deadlines and how quickly we are able to realise value from the product. We look forward to introducing Exabeam to our global customers.” Recently, Exabeam was identified by Gartner, Inc. in the 2018 Magic Quadrant for Security Information and Event Management. The company was positioned as a Leader based on completeness of vision and ability to execute.
STANLEY Security, one of the most trusted names in the world of security, has installed an intruder alarm system at Wraps & Tints’ new premises, which houses high value vehicles. The system not only protects the contents but also meets the insurance company’s needs, keeping everyone happy! Based in Leyland, Lancashire, Wraps & Tints is the North West’s Paint Protection Film, Vehicle Wrapping and Window Tinting installers. The company has gone from strength to strength and recently moved into larger premises to meet customer demand and to better represent the quality of the service with a smarter, more professional working environment. Provide certification With supercars and high-end vehicles occasionally stored, and to meet insurance requirements, an intruder alarm system was requisite within the new premises. After initially employing a small, local security company to undertake the job who were unable to provide the certification needed by Wraps & Tints’ insurance company, Jonathan Burke, Director of Wraps & Tints, approached STANLEY Security. The system incorporates dual technology detectors, door contacts and roller shutter contacts, interconnected and fed back to a control panel Following a risk assessment of the building content and the building’s fabric and structure, STANLEY Security installed a hard wired Texecom intruder alarm system to Grade 2 (low to medium risk). The system incorporates dual technology detectors, door contacts and roller shutter contacts, interconnected and fed back to a control panel. A maintenance contract is in place with STANLEY Security to ensure the system remains fully functional. Highly skilled technicians Jonathan is pleased with the outcome, finding the system easy to use. He’s also happy with the service he received, which was ‘straight forward and efficient’. Ultimately, the new intruder alarm system has enabled him to cost-effectively meet his insurer’s requirements and to focus on his business with the peace of mind that comes from knowing his property and its contents are well protected. STANLEY Security provides security services to a wide range of organisations. Its SME division offers high-quality business security systems regardless of the size of office, building, store or facility. All installation work is handled by a team of highly skilled technicians, each of whom is locally based across offices located across the UK.
Wilson James has appointed SmartTask as preferred technology partner and awarded it a deal for the supply of a mobile patrol and electronic smart form solution for a new security contract with National Museums. Under the agreement, the company will now roll out the SmartTask workforce management software to 10 sites including the Natural History Museum, V&A and Science & Industry Museum. This follows a successful trial that achieved significant time savings by removing paperwork and streamlining operational processes. The new partnership between Wilson James and SmartTask will replace an incumbent supplier agreement that no longer met the business and operational requirements of the security, construction logistics and business services provider. Identify potential benefits In particular, the retender process for the security contract with National Museums required a single provider of a highly-configurable mobile patrol and electronic smart form solution. An initial trial at the Natural History Museum focused on use of electronic forms via SmartTask-enabled smartphones to reduce administration and increase productivity of operational staff. The trial highlighted the clear benefits of using the SmartForms, most notably around confiscated items and vehicle forms It was designed to identify potential benefits based on the precise requirements of the customer as well as create a suite of seven SmartForms and reports that could deliver standardised data capture and analysis. This included confiscated items and vehicle check SmartForms, scenario testing and incident reporting. The trial highlighted the clear benefits of using the SmartForms, most notably around confiscated items and vehicle forms. Required monthly reports Confiscated items, following bag searches carried out at point of entry, historically required between 10-15 minutes to complete and during that time the security officer was away from the floor resulting in lost productivity. Following the adoption of SmartTask, reports can now be created automatically using highly-accurate data, while paper usage and printing requirements have been dramatically reduced. The time savings achieved at the Natural History Museum by the Wilson James team have led to higher productivity, greater capacity to carry out bag searches and increased visibility of security staff. Management time saving have also been realised in production of required monthly reports, as well as administration savings of 12-hours per week for the Security Duty Managers. Ease of deployment Don McCann, Technology Systems Consultant at Wilson James commented: “SmartTask provided significant support throughout the contract bid and contributed to the successful re-signing for a further five years.” SmartTask has also handled a separate project for Bradford Science Festival, which further demonstrated the flexibility of the system" “The solution is now fully operational at five locations – Natural History Museum, National Science & Media Museum, National Railway Museum, Science & Industry Museum and a Wandsworth storage site – with the Science Museum and V&A to follow shortly. SmartTask has also handled a separate project for Bradford Science Festival, which further demonstrated the flexibility of the system, ease of deployment and its suitability for the security sector.” Enhance customer satisfaction Paul Ridden, CEO of SmartTask said: “This latest agreement demonstrates our ability to work closely with our customers to develop advanced workforce management solutions that support business development, customer retention and quality service delivery. We are now partner of choice for a growing number of security organisations based on our proven track record helping to tackle some of the most common and difficult operational challenges they face.” SmartTask is an advanced and simple-to-use employee scheduling and mobile workforce management solution that enables security companies to better plan and manage their workers, so they are at the right place, at the right time. The cloud-based software solution combines intelligent rostering, live monitoring and integrated proof of attendance across both static and mobile teams, making it the ideal tool to improve operational control, enhance customer satisfaction, and support duty of care to staff.
Cosmo Music was established in Richmond Hill, Ontario, Canada in 1968. Its current 56,000 sq ft store opened in 2008, making it the largest music instrument store in North America. It is also home to the Cosmopolitan Music Hall venue. Needing to replace a 20-year-old analogue video system, Cosmo Music Vice President and COO Rudi Brouwers, started researching modern video management software (VMS). Initially he intended to purchase IP cameras and a basic VMS with the ability to record and playback. But Brouwers soon learned of the vast capabilities of modern systems. He turned his focus to finding one that went beyond basic video management to offer business intelligence. Identify suspicious customers Brouwers ultimately decided on Axis cameras and Senstar’s Symphony VMS with its Face Recognition analytic In particular, he was interested in face recognition, which would enable Cosmo Music to identify suspicious customers to prevent shoplifting. Working with integrator Northern Alarm Protection Ltd. (NAP), Brouwers looked at a number of different systems, and ultimately decided on Axis cameras and Senstar’s Symphony VMS with its Face Recognition analytic. “I was sold on Symphony when I got to actually use it,” said Brouwers. “It floored me how easy it is to work, how straightforward it is. It is so user friendly it is unbelievable.” Brouwers likes several of Symphony’s core features, including: the ability to save video for up to six months (he had been hoping for 90 days) customisation options (for example, recording only when motion is detected) ability to bookmark video the mobile app, which lets users connect to Symphony via a smartphone or tablet to view and playback video, control pan-tilt-zoom (PTZ) cameras, manage I/O devices, receive alarm notifications, and more. Face recognition analytic Before implementing Senstar’s Face Recognition video analytic, when a suspicious customer was identified through video surveillance, Brouwers would screen capture an image, email it to staff, and ask them to keep an eye out for that person. With Senstar’s Face Recognition video analytic, Brouwers can flag suspicious customers in Symphony. When that person enters the store again, Brouwers is automatically notified. One of our staff had a full beard one day and it was shaved off the next day and the system still picked him up" Brouwers tested the analytic thoroughly and was amazed by its capabilities. “One of our staff had a full beard one day and it was shaved off the next day and the system still picked him up,” said Mr. Brouwers. “That’s what sold me on it.” Symphony and the Face Recognition analytic, deployed on Senstar’s R-Series network video recorder (NVR) hardware, have been running at Cosmo Music since April 2018 and Brouwers couldn’t be happier. Business intelligence applications “It’s everything I dreamed of and more,” he said. From an integrator perspective, NAP, who had significant VMS experience but never used Symphony, thinks the product is a great option for business intelligence applications. “Symphony is the right fit for any application that requires enhanced security such as analytics. It’s superior to many other systems out there,” said NAP President and CEO Dave Koziel. “From a deliver what is promised standpoint, it’s 12 out of 10 on the scale.” Senstar’s Face Recognition analytic adds an additional layer of security to any video surveillance deployment Identify known and unknown individuals Create allow and deny lists, and be alerted when someone on that list is identified Save time and resources with a robust search functionality that lets users look for registered and unknown people in video Search across multiple cameras, and filter search results by match score or date and time Two-factor authentication processes for access control applications


Products


White papers

How to get buy-in from IT departments on IP video installations
Download
Making your surveillance cyber secure
Download
Convergence of physical and logical access
Download
Is access control in the cloud more cost effective?
Download
How to catch shoplifters with thermal imaging
Download
Is your access control system as secure as you think?
Download
Three Reasons to Upgrade Your Access Control Technology
Download
House Of Smart Cards - How assumptions can open dangerous security gaps
Download
Mobile Access - What you need to know
Download
Expanding video surveillance in the enterprise market
Download
9 Opportunities To Upgrade Your Access Control Technology
Download
