Business security systems
Could millions of burglar and fire alarm control units be recalled by the U.S. Consumer Product Safety Commission? That could be the upshot when the independent agency of the U.S. government rules on a 'Complaint of Non-Conforming Products' investigation requested on behalf of a consultant/forensic expert who says he has identified non-compliance dangers and vulnerabilities related to the devices. Breaching security standards Jeffrey Zwirn, an alarm and security forensic expert, s...
Confederation of European Security Services, CoESS and Euralarm have published a joint brochure on cyber security. The first copy of the brochure ‘Cyber security - Threat or Opportunity? It’s up to you!’ was launched during the General Assembly of CoESS held on 11 October in Rome. Cyber security breaks up the borders between product development, design, installation, operational continuity and alarm response. The guidelines highlight that when addressing cyber security, it is...
Fugue, the company delivering autonomous cloud infrastructure security and compliance, has announced its support for Open Policy Agent (OPA), an open source general-purpose policy engine and language for cloud infrastructure. Fugue is leveraging OPA and Rego, OPA’s declarative policy language, for cloud infrastructure policy-as-code to provide customers with maximum flexibility when implementing their custom enterprise policies. The Cloud Native Computing Foundation (CNCF) accepted OPA as...
The Security Industry Association (SIA) announces the 2019 keynote and featured speakers for Securing New Ground (SNG), the security industry’s annual executive conference taking place at the Grand Hyatt New York in Manhattan October 29-30. SNG 2019 will feature keynote remarks from Dr. Steven T. Hunt, chief expert for work and technology at SAP; George Oliver, chairman and CEO of Johnson Controls; and Gary Shapiro, president and CEO of the Consumer Technology Association (CTA). Signific...
Today, the world is connected like never before. Your watch is connected to your phone, which is connected to your tablet and so on. As we’ve begun to embrace this ‘smart’ lifestyle, what we’re really embracing is the integration of systems. Why do we connect our devices? The simplest answer is that it makes life easier. But, if that’s the case, why stop at our own personal devices? Connection, when applied to a business’ operations, is no different: it lowe...
Globally renowned cyber security company, BullGuard has announced releasing BullGuard Small Office Security, a new, powerful, cloud-managed endpoint security service for the small business market. BullGuard Small Office Security enables businesses to operate with the knowledge they are protected against identity and data theft, account takeover, malware such as ransom-ware, and other cyber threats. Robust endpoint protection BullGuard Small Office Security provides robust endpoint protec...
A new cybersecurity service brings professional 24-hour monitoring within reach of SMEs for the very first time. bluedog Security Monitoring, which has been launched by Freeparking.com founder Paul Lomax and cybersecurity expert Tim Thurlings, offers smaller firms the type of managed detection and response service previously only available to large corporates. Highly trained cybersecurity team The launch of bluedog comes as SMEs face increased pressure from customers, regulators and investors The London-based company has developed a low-cost device called Sentinel which plugs into a customer's network and uses machine learning to spot unusual activity. It then alerts bluedog's security operations centre, where a highly trained cybersecurity team can analyse and respond to potential threats. The bluedog service can detect both external and internal threats, such as phishing emails or the download of video or audio files packed with malicious malware, which often bypass traditional endpoint security and firewalls. It not only offers enhanced security and rapid response to incidents, but also helps companies comply with standards such as GDPR, Cyber Essentials or ISO/IEC 27001:2005 and keeps a full audit trail for reporting purposes. The launch of bluedog comes as SMEs face increased pressure from customers, regulators and investors as well as cyber criminals seeking ‘soft' targets. Firewalls and endpoint protection The UK government's Cyber Security Breaches Survey 2019 shows that while the number of businesses being attacked has been falling - down from 46 per cent in 2017 to 32 per cent this year - the number of attacks each victim suffers has risen from two to six over the same period. It suggests businesses with weaker defences are being targeted repeatedly. bluedog's CTO Tim Thurlings, a former ‘ethical hacker' who helped develop the EU's TIBER threat intelligence framework, says: "Firewalls and endpoint protection which SMEs have traditionally relied on are no longer adequate as experienced hackers can easily find ways round them. SMEs need to take their cybersecurity to the next level, yet at present few have a dedicated professional.” Bluedog's innovative model combines machine learning and human expertise to offer exceptional service" "bluedog gives them 24/7 access to a whole team of cyber experts for less than the cost of employing one part-time staff member. Bluedog's innovative model combines machine learning and human expertise to offer exceptional service and peace of mind." Analyst firm Gartner believes that by 2020, 15 per cent of organisations will be using services such as managed detection and response, compared to less than 1 per cent today. Combining machine learning and human expertise bluedog CEO Paul Lomax, whose Freeparking.com business was the UK's first self-service domain registrar, and who has also founded two hosting companies, says bluedog is targeting a gap in the market for SME monitoring services. "While technology is becoming more sophisticated, it still requires people to analyse the data and act on it," he explains. "Ideally all businesses should have 24/7 monitoring but with salaries for skilled professionals running into six figures, it is an expensive resource that up until now has been limited to blue-chip firms.” "With bluedog, we have developed a smarter model which enables us to revolutionise pricing and bring services within reach of SMEs for the first time. This is a $10bn untapped market and no-one else is offering a solution. bluedog's model gives us a competitive advantage and makes us well placed to become a global leader."
Panorays, a rapidly growing provider of automated third-party security lifecycle management, unveiled a security intelligence solution known as Dark Web Insights. The new feature enhances Panorays’ award-winning third-party security management solution and serves as an additional layer of cyber security protection. Using Panorays’ Dark Web Insights, companies can now become proactive about knowing in advance of in-the-wild threats to their supply chain. The evaluator company automatically receives a notification when there is abnormal activity on the Dark Web regarding the third party. The new Dark Web feature checks mentions of a company’s third party on hacker forums and other nefarious marketplaces. It provides the ability to monitor potentially malicious hacker chatter about opportunities to target the third party, sell databases of personal information or take advantage of system weaknesses for financial benefit. “With the latest rash of misconfigured servers and data leaks, many companies have discovered too late that a significant breach has occurred,” said Noam Maman, VP Product of Panorays. “Many third-party security solutions assess the attack surface of vendors, but do not venture into the Dark Web. With Panorays, companies receive further necessary visibility into the security posture of their third parties.”
Ping Identity, a pioneer in intelligent identity solutions, has announced the release of PingCentral, a self-service delegated administration and converged operating portal for enterprise identity and access management (IAM). The solution addresses common tasks across the Ping Intelligent Identity platform with simple, self-service workflows and standardised templates that can be delegated to business users and application teams that don’t have IAM expertise. Ping Intelligent Identity platform Dedicated IAM admins struggle to manage the high volume of requests required to keep application teams functioning Dedicated IAM administrators often struggle to manage the high volume of requests required to keep application teams functioning. An example of this is adding a connection for an application or API, or handling minor changes like updating configurations, security certificates and more. Meanwhile, business application teams generally have limited IAM knowledge and ability to make these modifications on their own. The result can be IAM changes that take up to several weeks of back and forth activities between IAM administrators and business application teams, including multiple requests, emails and meetings. This leaves little time for identity security teams to focus on value-add activities like enhancing security posture and improving end user productivity. PingCentral streamlines IAM processes PingCentral streamlines IAM processes and helps enterprises efficiently leverage IAM services as a valuable business driver for digital transformation. In doing so, it helps enable business application teams to rapidly onboard their own resources through delegated administration. This extends and increases the value of IAM teams, so they can do more with less, serve the business faster, and achieve widespread adoption and usage of centralised identity services. PingCentral puts IAM teams and application teams on the same page by providing the following capabilities and benefits: Delegated Administration Portal: Contains a self-service, user-friendly interface and template workflow that allows IAM administrators to create, update and deploy standard templates for single sign-on (SSO) and authentication. Orchestration Engine: Automates promotions across the application development and deployment lifecycle by maintaining configuration across environments, and allows IAM administrators to designate protected environments that require approval to reduce risk. Central Monitoring System: Provides visibility of application connections, clients and environment tiers from a single screen, and permits IAM and business application administrators to assign and/or update resource ownership. Lifecycle Management: Supplies an audit trail across the lifecycle of client configuration changes and promotions—so administrators always know who has done what and when to a connection and/or client—and allows for easy reversion back to previous configurations as needed. Enterprise identity and access management solutions Ping Identity is dedicated to providing implicit value to our customers through our IAM solutions" “Ping Identity is dedicated to providing implicit value to our customers through our IAM solutions, helping enterprises to achieve their digital transformation goals,” said Loren Russon, vice president, product management at Ping Identity. “By simplifying fundamental IAM processes and enabling non-technical business teams to manage standard administrative tasks, PingCentral helps enable organisations to save valuable time and resources while strengthening their overall security posture.” "We see enormous potential for PingCentral’s ability to positively impact our organisation,” said Dan Ricke, manager, information security at BlueCross BlueShield of Tennessee. “A range of staff roles will be able to collaborate on and work in this solution regardless of IAM sophistication, speeding up the connecting process and saving time for the identity and access management team.” Zero Trust identity-defined security The Ping Intelligent Identity platform provides customers, employees, partners and, increasingly, IoT, with access to cloud, mobile, SaaS and on-premises applications and APIs, while also managing identity and profile data at scale. Ping Identity helps enterprises achieve Zero Trust identity-defined security with a much more personalised, streamlined user experiences
Nedap and Touchless Biometric Systems (TBS) are hosting the first Security Integration Forum in the Middle East on 7th October 2019. Held at the Conrad hotel on Sheikh Zayed Road in Dubai, it will bring together technology businesses and experts. The aim is to enable discussion of the latest security industry trends and potential collaborations, and showcase advanced technologies and integrations. The highlight of this first Security Integration Forum is the live experience area. Here, in a live demo of a smart building, attendees can experience seamless integrations of technologies from TBS, and other manufacturers, with Nedap’s AEOS access control. Visitor registration and management The integrations on show will be from best-of-breed solution providers and security equipment manufactures It’s also an opportunity to learn more about the commercial and operational value offered by AEOS and TBS integrations. The integrations on show will be from best-of-breed solution providers and security equipment manufactures. This includes Milestone Systems, Axis communication, CNL Software, Samsotech, Traka, Assa Abloy and Boon Edam, as well as Nedap Identification Systems. The scenarios and features available to experience include: End-to-end security for access control Visitor identification and verification using biometrics Visitor registration and management Vehicle identification Key and asset management Wireless access control using online and offline locks Video management systems and CCTV Physical security information management Identifying new opportunities and partnerships All of the businesses involved will present the technology trends in their business area and market" Jochem van Ruijven, Managing Director at Nedap FZE says: “With this event, we aim to display the incredible strength and expertise of each participating technology partner. All of the businesses involved will present the technology trends in their business area and market.” “It’s an amazing opportunity for security industry experts in the Middle East to come together and get to know the people behind the leading security manufacturers. Not to mention the chance to identify new opportunities and partnerships for their business. More than ever before, decision makers must provide both security and convenience,” says Alex Zarrabi, CEO of TBS and co-host of the Security Integration Forum. “This calls for integrated rather than isolated solutions. Navigating the maze of technologies and interoperability takes more time than people have available. But during a few hours at our forum, decision makers can experience what happens when best-of-breed security manufacturers join forces to solve their challenges.”
Matrix has announced bagging the prestigious and highly coveted Good Design 2019 award for its new-age access control controller - COSEC ARGO. The award is given in recognition for excellence in product innovation and design. The Good Design Award evaluates and celebrates the quality of design whether tangible or intangible that has been created to fulfill some kind of ideal or purpose. Good Design awards The Good Design awards are produced by The Chicago Athenaeum Museum of Architecture and Design in cooperation with the European Centre for Architecture, Art, Design and Urban Studies. The awards are amongst the most prestigious global award programs for design excellence and design innovation, honoring both products and industry leaders in design and manufacturing for over seven decades since its inception. Each year, the organisation highlights and recognises the most innovative industrial, product and graphic designs. COSEC ARGO access control controller On winning this prestigious award, Ganesh Jivani, Chief Executive of Matrix said “Matrix is focused on designing and manufacturing high grade cutting-edge security and telecom solutions for modern organisations and enterprises. Matrix offers these products in more than 50 countries worldwide – most of them to the first-world technologically advanced nations.” He adds, “With 250+ R&D engineers and world-class infrastructure and equipment, Matrix is committed to R&D and cutting-edge products. This award is a validation of Matrix's state of the art innovation and design capabilities.” Cutting-edge security and telecom solutions Ganesh further said, “I thank all our customers and channel partners for their trust in Matrix and congratulate the entire Matrix team for this outstanding achievement. Such recognition would encourage us to work harder towards building future technologies and products.”
Videx, global manufacturer and supplier of access control and door entry systems, has improved its standalone offline Mifare proximity access solution, MiAccess, by introducing a new handle to compliment the current range of readers. Mifare proximity access control The handle, with a brushed aluminium finish, is a standalone and surface mount addition that includes an integrated offline Mifare proximity fob/card reader that is battery powered from an internal 6V lithium battery allowing up to 60,000 operations on average. Sian Luxton, Access Control Manager at Videx, said “The AL500-MF door handle can provide access to an unlimited number of users and used to create a multiple door system, making it ideal for a range of buildings which require specific access control solutions and minimum disruption during install. Installation is simple as no wiring is required. It’s designed to mount onto internal wooden doors ranging from 35mm to 55mm thickness. The handle is reversible for mounting onto left-hand or right-hand opening doors.” MiAccess readers The handle can be used standalone or as part of a multiple entrance system comprising of handles and MiAccess readers The handle can be used standalone or as part of a multiple entrance system comprising of both handles and MiAccess readers. It is compatible with both the free PROA MS and PROH MS MiAccess software, where programming, configuration settings and event logs can be transferred between the PC and the reader using micro-USB or Mifare cards. The programmed information is transferred from the card to the reader and from the reader to the card so there is no need for a connection between the readers and the PC. User cards are created via the software with the PROX-USB desktop enrolment reader where access rights are saved directly to the user’s card. Programming cards are also created in the same way to configure the reader’s settings. Personalised access control Other helpful features include the ability to collect events directly from the reader via the micro-USB port or from a programmed ‘events collect card’, ‘black list’ cards that have been lost or stolen (up to 500 cards) and personalise access rights for each user to restrict the users access to certain times, days and readers.
The statistics are staggering. The death tolls are rising. And those who now fear environments that were once thought to be safe zones like school campuses, factories, commercial businesses and government facilities, find themselves having to add the routine of active-shooter drills into their traditional fire drill protocols. The latest active shooter statistics released by the FBI earlier this year in their annual active-shooter report designated 27 events as active shooter incidents in 2018. The report reveals that 16 of the 27 incidents occurred in areas of commerce, seven incidents occurred in business environments, and five incidents occurred in education environments. Deadly active-shooter events Six of the 12 deadliest shootings in the country have taken place in the past five years Six of the 12 deadliest shootings in the country have taken place in the past five years, including Sutherland Springs church, Marjory Stoneman Douglas High School, the San Bernardino regional center, the Walmart in El Paso and the Tree of Life Synagogue in Pittsburgh, which have all occurred since 2015. Although these incidents occurred in facilities with designated entry points common to churches, schools and businesses, the two most deadly active-shooter events since 2015 were the Route 91 Harvest music festival shooting in Las Vegas that left 58 dead and the Pulse nightclub killings in Orlando where 49 perished. As Christopher Combs, special agent in charge of the FBI field office in San Antonio, Texas, said during a news conference following the August 31 mass shooting in Odessa, Texas that claimed seven lives: “We are now at almost every two weeks seeing an active shooter in this country." Active shooter incidents Between December 2000 and December 2018, the FBI’s distribution of active shooter incidents by location looks like this: Businesses Open to Pedestrian Traffic (74) Businesses Closed to Pedestrian Traffic (43) K-12 Schools (39) Institutions of Higher Learning (16) Non-Military Government Properties (28) Military Properties—Restricted (5) Healthcare Facilities (11) Houses of Worship (10) Private Properties (12) Malls (6) What the majority of these venues have in common is they all have a front entrance or chokepoint for anyone entering the facilities, which is why any active-shooter plan must include a strategy to secure that entry point. Situational awareness in perimeter and door security Preventing people with the wrong intentions from entering the space is the goal" According to Paul Franco, an A&E with more than 28 years of experience as a consultant and systems integrator focusing on schools, healthcare and large public and private facilities, that while active shooter incidents continue to rise, the residual effect has been an increase in situational awareness in perimeter and door security. “Certainly, protecting people and assets is the number one goal of all our clients. There are multiple considerations in facilities like K-12 and Healthcare. Preventing people with the wrong intentions from entering the space is the goal. But a critical consideration to emphasise to your client is getting that person out of your facility and not creating a more dangerous situation by locking the person in your facility,” says Franco. High-security turnstiles “Schools today are creating a space for vetting visitors prior to allowing access into the main facility. Using technology properly like high-security turnstiles offer great benefits in existing schools where space constraints and renovation costs can be impractical.” What steps should they be taken when recommending the proper door security to ensure the building is safe As a consultant/integrator, when discussions are had with a client that has a facility in a public space like a corporate building, government centre or industrial facility, what steps should they be taken when recommending the proper door security to ensure the building is safe and can protect its people and assets? For Frank Pisciotta, President and CEO of Business Protection Specialists, Inc. in Raleigh, North Carolina, a fundamental element of his security strategy is making appropriate recommendations that are broad-based and proactive. Properly identifying the adversaries “As a consultant, my recommendations must include properly identifying the adversaries who may show up at a client’s door, the likelihood of that event occurring, the consequences of that event occurring, determining if there are tripwires that can be set so an organisation can move their line of defence away from the door, educating employees to report potential threats and creating real-time actionable plans to respond to threats. A more reactionary posture might include such thing as target hardening such as ballistic resistant materials at entry access points to a facility,” Pisciotta says. Veteran consultant David Aggleton of Aggleton & Associates of Mission Viejo, California recommends that clients compartmentalise their higher security areas for limited access by adding multiple credential controls (card + keypad + biometric), along with ‘positive’ access systems that inhibit tailgating/piggybacking such as secure turnstiles, revolving door and mantrap if your entrances and security needs meet the required space and access throughput rates. Integrated solution of electronic access control Defining a single point of entry in some public facilities is becoming the new standard of care according to many A&Es and security consultants, especially in a school environment. This approach allows a concerted effort when it comes to staffing, visitor monitoring and an integrated technology solution. The bottom line remains: most buildings are vulnerable to a security breach A proactive stance to securing a door entryway will use an integrated solution of electronic access control, turnstiles, revolving doors and mantraps that can substantially improve a facility’s security profile. The bottom line remains: most buildings are vulnerable to a security breach, so it’s not a matter of if there will be a next active shooter tragedy, it’s only a matter of where. Enhancing access control assurance “There is no easy answer to this question,” says Pisciotta referring to how a secured entrance can deter an active shooter. “There have been at least two high-profile incidents of adversaries shooting their way into a facility through access control barriers. So, if the threat so dictates, a ballistic resistant might be required.” He concludes: “There is obviously no question that turnstiles, revolving doors and man traps enhance access control assurance. Electronic access control is easy to integrate with these devices and providing that credentials are secure, approval processes are in place, change management is properly managed and the appropriate auditing measures in place, access control objectives can be met.”
Rodrigue Zbinden, CEO at Morphean, discusses the business benefits from merging video surveillance and access control technologies as demand for ACaaS grows. The big question facing businesses today is how they will use the data that they possess to unlock new forms of value using emerging technologies such as the cloud, predictive analytics and artificial intelligence. Some data is better utilised than others: financial services were quick to recognise the competitive advantages in exploiting technology to improve customer service, detect fraud and improve risk assessment. In the world of physical security, however, we’re only just beginning to understand the potential of the data that our systems gather as a part of their core function. Benefits of ‘Integrated access control’ The first thing to look for is how multiple sources of data can be used to improve physical security functionsWhat many businesses have yet to realise is that many emerging technologies come into their own when used across multiple sources of data. In physical security, for example, we’re moving from discussions about access control and CCTV as siloed functions, to platforms that combine information for analysis from any source, and applying machine learning algorithms to deliver intelligent insights back to the business. ‘Integrated access control’ then looks not just to images or building management, but to images, building management, HR databases and calendar information, all at the same time. And some of the benefits are only now starting to become clear. The first thing to look for, of course, is how multiple sources of data can be used to improve physical security functions. For example, by combining traditional access control data, such as when a swipe card is used, with a video processing platform capable of facial recognition, a second factor of authentication is provided without the need to install separate biometric sensors. CCTV cameras are already deployed in most sensitive areas, so if a card doesn’t match the user based on HR records, staff can be quickly alerted. Making the tools cost-effective In a similar vein, if an access card is used by an employee, who is supposed to be on holiday according to the HR record, then video data can be used to ensure the individual’s identity and that the card has not been stolen – all before a human operator becomes involved. This is driving growth in ‘access control as a service’ (ACaaS), and the end-to-end digitalisation of a vital business functionThese capabilities are not new. What is, however, is the way in which cloud-based computing platforms for security analytics, which absorb information from IP-connected cameras, make the tools much more cost effective, accessible and easier to manage than traditional on-site server applications. In turn, this is driving growth in ‘access control as a service’ (ACaaS), and the end-to-end digitalisation of a vital business function. With this system set up, only access control hardware systems are deployed on premise while the software and access control data are shifted to a remote location and provided as a service to users on a recurring monthly subscription. The benefits of such an arrangement are numerous but include avoiding large capital investments, greater flexibility to scale up and down, and shifting the onus of cybersecurity and firmware updates to the vendor. Simple installation and removal of endpoints What’s more, because modern video and access control systems transmit data via the IP network, installation and removal of endpoints are simple, requiring nothing more than PoE and Wi-Fi. Of all the advantages of the ‘as a service’ model, it’s the rich data acquired from ACaaS that makes it so valuable, and capable of delivering business benefits beyond physical security. Managers are constantly looking for better quality of information to inform decision making, and integrated access control systems know more about operations than you might think. Integrating lighting systems with video feeds and access control creates the ability to control the lightsRight now, many firms are experimenting with ways to find efficiencies and reduce costs. For example, lights that automatically turn off to save energy are common in offices today, but can be a distraction if employees have to constantly move around to trigger motion detectors. Integrating lighting systems with video feeds and access control creates the ability to control the lights depending on exactly who is in the room and where they are sitting. Tracking the movement of employees Camera data has been used in retail to track the movement of customers in stores, helping managers to optimise displays and position stocks. The same technology can be used to map out how employees move around a workspace, finding out where productivity gains can be made by moving furniture around or how many desks should be provisioned. Other potential uses of the same data could be to look for correlations between staff movement – say to a store room – and sales spikes, to better predict stock ordering. What makes ACaaS truly exciting is it is still a very new field, and we’re only just scratching the surface of the number of ways that it can be used to create new sources of value. As smart buildings and smart city technology evolves, more and more open systems will become available, offering more ways to combine, analyse and draw insights from data. Within a few years, it will become the rule, rather than the exception, and only grow in utility as it does.
The cyber security threat is constant and real. Entire businesses, large enterprises and even whole cities have been vulnerable to these attacks. Growing threat of cyber attacks The threat is not trivial. Recently, two cities in Florida hit by ransom ware attacks – Rivera Beach and Lake City – opted to capitulate and pay ransom totaling more than $1.1 million to hackers. The attacks had disrupted communications for first responders and crippled online payment and traffic-ticketing systems. It was reminiscent of the $4 billion global WannaCry attacks on financial and healthcare companies. A full two years after the WannaCry attack, many of the hundreds of thousands of computers affected remain infected. And hackers are continuously devising new techniques, adapting the latest technology innovations including machine learning and artificial intelligence to devise more destructive forms of attack. Indeed, AI promises to become the next major weapon in the cyber arms race. For enterprises, there is no choice but to recognise the threat and adopt effective countermeasures Enterprise security For enterprises, there is no choice but to recognise the threat and adopt effective countermeasures. Not surprisingly, as the number, scale and sophistication of cyber-attacks has grown, so has the significance of the Chief Information Security Officer, or CISO, who owns the responsibility of sounding the alarm to the C-suite and the board – and recommending the best defense strategies. Consider it a grim irony of the digital economy. As companies have migrated to the cloud to gain scale and efficiency and integrated new channels and touch points to make it easier for their customers and suppliers to do business with them, they have also created more potential points of entry for cyber-attacks. IoT increases threat of cyber-attacks Amplifying that vulnerability is the trend of allowing employees to bring their own laptops, smartphones and other digital devices to the office or use to work remotely. And thanks to the Internet of Things, as more devices connect to enterprise systems – from thermostats to cars – the threat surface or targets of intrusion are multiplying exponentially. According to the McAfee Labs 2019 Threats Predictions Report, hackers will increasingly turn to AI to help them evade detection and automate their target selection. Companies will have no choice but to begin adopting AI defenses to counter these cybercriminals. Importance of cyber security This escalation in the cyber arms race reflects the sheer volume of data and transactions in modern life. In businesses like financial services and healthcare it is not humanly possible to examine every transaction for anomalies that might signal cyber snooping. Even when oddities are glimpsed, simply flagging potential problems can create so-called threat fatigue from endless false alarms. What’s more, attacks like those from Trickbots are specifically designed to go undetected by end users. The fact is, even if throwing more people at the problem were a solution, there aren’t enough skilled cyber security workers in the world. By some estimates, as many as 10 million cyber security jobs now go unfilled. AI is being used to conduct predictive analysis at a scale beyond human means Deploying AI As a result, AI is being deployed on multiple cyber-defense fronts. So far, it is mainly being used to conduct predictive analysis at a scale beyond human means. AI programs can sift through petabytes of data, identifying anomalies and even helping an organisation recognise and diagnose intrusions before they turn into catastrophic attacks. AI can also be used to continually monitor and allocate levels of access to a network’s multitude of legitimate users – whether employees, customers, partners or suppliers – to ensure that all parties have the access they need, but only the access they need. Countering cyber security threats To harden defenses, some AI programs can be configured to perform simulated war games To harden defenses, some AI programs can be configured to perform simulated war games. Because cyber attackers have stealth on their side, organisations might need dozens of experts to counter only a handful of attackers. AI can help even the odds, scoping out the potential permutations of vulnerabilities. As CISOs – and the CIOs they typically report to – advise C-suites and boards on their growing cybersecurity risk, they can also help those leaders recognize an enduring truth: AI programs cannot replace experienced cybersecurity professionals. But the technology can make staff smarter, more vigilant and more nimbly responsive. AI-based cyber security tools Financial and healthcare companies are leading this charge because of the sheer volume and variety of transactions they handle and because of the value and sensitivity of the data. Organisations like the U.S. Department of Defense and the space agency NASA, as well as governments around the world are also implementing AI-based tools to address the cyber threat. For businesses of all types, the threat stretches from the back office to the supply chain to the store front. That is why recognising and countering that threat must involve everyone from the CISO to the CEO to the Chairman of the Board. The AI arms race is underway in security. To delay joining it is to risk letting your enterprise become one of the grim statistics.
Many venues are using access control, video surveillance systems, sensors, and additional hardware solutions as part of a broader security strategy. By utilising so many disparate systems, corporate security teams are left with information “silos” that create inefficiencies and hamper communication. This abundance of hardware has left teams with too much data or too many tools, to manage effectively. Armored Things offers a software solution. The company’s “spatial intelligence platform” currently collects more data than other security intelligence solutions, utilising a broader range of sources and fusing data together rather than integrating it. The platform currently focuses on taking in data from WiFi, access control, and video surveillance systems and applying machine learning to deliver customers features such as real-time predictive analytics to prevent incidents like bottlenecks or overcrowding. Spatial Intelligence is an approach to physical security that enables users to collect, manage, and interpret data in a single platform. Combine machine learning with data The term can best be used to describe how digital transformation has affected physical security. Spatial Intelligence in its infancy looked like video surveillance data combined with machine learning to produce video analytics. The spatial intelligence solutions of today can combine machine learning with data of any source, type, and size to deliver value across a large organisation, not just the security team, says the company. Armored Things’ Spatial Intelligence platform unifies data from information silos to support data-driven decisions around operations and security. By fusing data from multiple sources, we can produce more consistent and useful insights for our customers” A suite of analytics, reporting and visualisation tools helps customers gain a real-time understanding of people and flow in their space. By removing the guesswork of everyday decisions, the product enables customers to make data-driven decisions at a moment’s notice, according to the company. Armored Things is more than a data management tool. “By fusing data from multiple sources (rather than only cameras or only WiFi), we can produce more consistent, accurate, and useful insights for our customers,” says Kevin Davis, Chief Security Officer at Armored Things. "Being able to collect the data is the first step, but turning it into actionable intelligence is where Armored Things excels.” IP cameras and other IoT-enabled devices The range of data sources includes IP cameras and other IoT-enabled devices and even outside data sources like bus schedules and weather reports. Armored Things has built a team of public safety and technical experts with the mission to keep people safe where they live, work, and play. By leveraging emerging technology to enhance physical security, the company built the software-centric Spatial Intelligence Platform for large organisations to enhance the safety and operations of their space. Schools and education facilities are among the customers that can benefit. The leadership at Armored Things cares deeply about school safety, so the recent epidemic of campus violence has definitely been a large topic of conversation, according to the company. “By delivering our products to a greater number of customers, Armored Things hopes to continue making schools a safe place to learn and gather,” says Davis. Recently, there was a significant bottleneck lasting nearly 30 minutes at the Syracuse-Clemson football game. Unifying data into one platform Digital transformation is disrupting the way our customers think about physical security,” Using Armored Things technology and providing real-time data to security and operations personnel could have identified the bottleneck as it began to form. This would have notified relevant personnel, who could have taken steps to mitigate the problem before it turned into a security risk. Keeping the security infrastructure simple is imperative to success. Integrating a software solution into the security strategy shouldn’t complicate existing operations, says the company. “Armored Things Spatial Intelligence Platform can bring your security and operations into focus by unifying all of your data into one platform for ease of use,” says Davis. For this reason, the team chose to integrate not only with customers’ existing security infrastructure but with non-traditional data sources (e.g. WiFi, event schedules, ticketing) as well. “By combining and analysing a more diverse dataset, Armored Things can help our customers make better decisions with deeper data-driven insights,” says Davis. "Digital transformation is disrupting the way our customers think about physical security,” says Davis. “As a team, our aim is to help our customers adapt to the digital age, as they transition from hardware to software-centric security solutions. Fostering organisational change is difficult, and our team hopes to make the transition process easier for our customers.”
Ethics is a particularly important subject in an industry such as fire and security because the result of unethical actions might make the difference in life and death. For example, if an employee acts unethically when servicing a fire extinguisher, the result could be to burn down the building. Although ethics is not a common topic of discussion in the fire and security industry, perhaps it should be. Chubb Fire and Security is a company that provides an example of how an emphasis on ethics can benefit a company, their employees, their customers and the whole world. Fire safety and security risks “The fire and security industry is different than others because lives and people’s safety are on the line,” says Harv Dulay, Director of Ethics and Compliance at Chubb Fire and Security. “Our purpose is to protect clients from fire safety and security risks. This is a business where no one should take short cuts. It is important to do the right thing all the time, every time, and it’s about protecting lives and property.” At Chubb, we have a code of ethics, our ‘bible,’ that is issued to employees when they start" “At Chubb, we have a code of ethics, our ‘bible,’ that is issued to employees when they start,” says Dulay. “Within the bible are core fundamental rules about what’s acceptable and not acceptable. We lay it out for employees very specifically. They understand and embrace the code of ethics, which is based on trust, integrity, respect, innovation and excellence.” “If you get those right, the business moves in the right direction. A key piece of our ethics policy is based on trust. We relate to others with openness, transparency, and empathy. It makes Chubb a better place to work and enables us to provide better service to customers.” Fire audit For Chubb, ethics is not just theoretical, but ethical concepts play out every day in practical ways. An example might be an engineer who goes to a customer’s site and is asked to do a task that is outside his or her duties and/or not allowed under the ethics policy. The pressure might be even greater if the employee is struggling to meet a sales figure. The code of ethics addresses specific situations and outlines the behaviour that is expected. In another example, a customer asked a Chubb technician to forge a certificate saying the customer had previously passed a fire audit in order to validate his previous year’s insurance. Showing ethical integrity, the technician was able to cite the company’s Code of Ethics and refuse to do it. The technician also reported the situation to his Ethics and Compliance Officer. Customers benefit, too. Delivering ethics excellence It’s a message heard from the top down, from everyone in the company" One of Chubb’s sales associates immediately reporting a situation in which all the tenders and competitors’ prices were visible as they prepared a tender for upload to a customer portal. Not only did the sales associate deliver ethics excellence by reporting the issue, he also helped a grateful customer who thereby avoided anti-trust issues, says Dulay. “Ethics is not just a current issue,” says Dulay. “It’s embedded in our values and has been since the beginning. Ethics is making sure people do the right things.” Ethics is integrated into the Chubb business model, and everyone knows what is expected of them. “It’s a message heard from the top down, from everyone in the company.” On-line training modules Ethics discussions begin for employees at Chubb when they join the company; clear instructions about ethics are included as part of employee induction. There are nine modules of ethics training during employee orientation, and a discussion with an Ethics and Compliance Officer is part of the onboarding process. The training program includes information about ethics, company expectations around ethics, where to go for questions about ethical issues, and details of the anonymous ombudsman program. Additionally, field staff are trained by their supervisors via regular face-to-face ethics toolbox talks. Office staff complete a series of on-line ethics training modules regularly. A series of supervisor-led trainings encourage managers to deliver face-to-face ethics training to their team, citing real-life examples. Healthy discussions are encouraged to deal with any ‘gray areas.’ Worldwide implementation of data security Some 14,000 employees globally have multiple options when it comes to reporting an issue Dulay estimates that ethics and compliance officers spend about half their time answering questions and clarifying for employees what’s expected in the code of ethics. Some 14,000 employees globally have multiple options when it comes to reporting an issue, and there are full-time Ethics and Compliances Officers in every country where Chubb does business. A reflection of Chubb’s global approach to compliance is their worldwide implementation of data security requirements of Europe’s General Data Protection Regulation (GDPR); the company saw the benefits of the program for any jurisdiction. Training and education are part of Chubb’s investment in ethics. For example, a recent module on ‘respect in the workplace’ covered the need to create a company culture in which everyone feels respected. “Training and continuous communication are embedded in the organisation,” says Dulay. Managing potential conflicts proactively “We invest in the process,” says Dulay. “We have had employees who left the company and then come back. They realised the importance of ethics and rejoined us. We start with the foundation that we would rather lose business than give up our ethical standards,” says Dulay. Some business is not worth getting if you don’t adhere to your values" “We won’t abandon our policies even if there is money at stake. Some business is not worth getting if you don’t adhere to your values. We manage potential conflicts proactively by creating and instituting methods in which employees have access to tools they can use to be successful and adaptable in times of change,” says Dulay. “Also, we will not tolerate retaliation against any employee who reports wrongdoing – regardless of the outcome of the investigation.” Forming good ethics behaviour And while there is no specific monetary value assigned to good ethical practices, success can be measured. “We measure it by people’s conduct, the number of cases we have, and awareness,” says Dulay. “It’s good for employee morale, and it’s good for customers and our business. It’s not measurable, but it is fundamental for business and customers.” “The work we do as a company can impact people’s lives so it is important that everyone has an understanding of the importance of their role,” says Dulay. A common misconception about ethics is: “If no one is watching, it must be ok.” However, Dulay says it is the things employees do when no one is watching or checking in on them that form good ethics behaviour. During training, Chubb emphasises that ethics is about doing the right thing, all the time even if no one is watching.
A video analytics system that provides ‘behavioural understanding’ can yield more meaningful and actionable data for a range of applications. In public safety and security, such a system can alert on violent or suspicious behaviours, such as people fighting, vandalism, people with weapons, etc. In advanced traffic surveillance and monitoring, it can provide alerts to vehicle collisions (accidents), traffic hazards or vehicle that aren’t using the road properly, such as a car that stops in the middle of the junction. For enterprise and campus security, it can provide advanced anti-tailgating and detect unauthorised activity. Video surveillance infrastructure viisights was founded by a group of entrepreneurs with track records in developing technology businesses These uses are among the benefits of viisights’ video analytics technology based on behavioural understanding of video content. “It means we can extract more meaningful data from the huge amount of video content that is captured, and we can transform that data to actionable insights that eventually justify the massive investment in video surveillance infrastructure,” says Asaf Birenzvieg, CEO of viisights. Their behavioural understanding systems for real-time video intelligence leverage artificial intelligence technology. viisights was founded by a group of serial entrepreneurs with track records in developing technology businesses. The Israeli company’s founders recognised a growing global need for intelligence to make physical and virtual public areas safer – and realised the role that smart video understanding technology can play. Developing artificial intelligence technologies viisights is committed to developing artificial intelligence technologies that facilitate human-like video understanding, which in turn serves as the basis for fully autonomous video intelligence systems powered by pattern prediction technology. “Behavioural recognition is the future of video analytics and the next generation of the object classification analytics systems that hold the majority of the market today,” says Birenzvieg. viisights has developed a video understanding technology for real-time video processing “To date most video analytics systems still base their product features on static analysis of objects from images using image recognition, even the ones that use ‘AI analytics.’ Products built using such object classification technology are extremely limited.” For example, object classification analytics cannot recognise behavioural events in a video such as people fighting or a car collision because such behaviours can’t accurately be concluded in large scale from analysing a single static image/frame. Video understanding technology viisights has developed a video understanding technology for real-time video processing. The technology can process live video feeds. In addition to recognising a particular object (e.g., person) and its attributes (e.g., red shirt), the system can understand an object’s actions, interactions with other objects (events), the scene being viewed (i.e., crowd is gathering, riots) and the context (a car is driving on the road or on the sidewalk). The main verticals are smart cities, enterprises and campuses, banks and ATM security “Basically, we are able to extract more meaningful data from a live video feed and therefore create actionable insights and greater ROI,” says Birenzvieg. The company focuses mostly on security and safety use-cases. The main verticals are smart cities, enterprises and campuses, banks and ATM security, security guard companies and transportation hubs. The company is working on a new product for in-vehicle monitoring mostly for security, safety, vehicle protection and proper vehicle use; it monitors passengers’ behaviour inside a bus, train, or taxi. The product will come to market next year. Video management system viisights’ video analytics offering is currently optimised for server-side deployment, and the integration architecture is similar to most video analytics systems. From one side it is integrated with the video management system (VMS). They are a Milestone verified partner and soon will be part of Milestone's marketplace. From the other end, it is connected to a command-and-control system for processing the data and presenting the alerts to the end-user. The analytics company makes most sales through system integrators. They have partnerships with big system integrators like Motorola Solutions and NEC and are also working with smaller ones. They are looking to expand their system integrator network, mostly in the USA and Europe. Behaviours can have many variations and they can be very diverse Cloud video surveillance “We will continue to invest in performance and accuracy, meaning higher recall and lower false positive rate,” says Birenzvieg. “Since our major value proposition is in behaviour recognition, behaviour events many times are not clearly defined, which is very different from object classification. Behaviours can have many variations and they can be very diverse.” An example is a simple behaviour like a person falling on the floor. A person can fall on the floor in many ways, but the challenge is to ignore similar behaviours that are not a person falling and that confuse the system, such as a person bending over to tie his shoelaces. With cloud video surveillance becoming a trend, viisights is also looking into offering some of their advanced functionalities in a video-analytics-as-a-service-model.
Bolloré Logistics is one of the top ten transport and logistics companies in the world. Its warehousing and logistics facility near Auckland Airport, New Zealand, has seen significant growth in recent years and often handles in excess of 2,000 items in a day. As a customs bonded warehouse, the location is subject to strict security requirements. All movements and processing in the warehouse must therefore be monitored closely, as the consequences of damage to facilities or loss of stock could be catastrophic. A combination of c25, v25 and i25 hemispheric cameras, along with several MOBOTIX Dual D15 cameras, provides complete coverage of the 6,600-square-meter site. The new system provides full visibility of the warehouse aisles to protect both employees and customers should an incident occur. Tool for risk management A security system that enables monitoring of business processes and guarantees the availability of historical footage can help companies avoid facing expensive compensation claims. As such, the MOBOTIX system is an invaluable tool for risk management, compliance enforcement and dispute resolution. The stream of metadata generated alongside the video feed cannot be manipulated, which ensures that the images will hold up in a court of law. Moreover, this kind of security system even helps save money: Some insurance companies reduce their premiums when this kind of system has been installed.
When you’re securing premises in Iceland, you need a reliable system that can cope with both plummeting temperatures and low-light levels. Hikvision cameras were used in such a solution – chosen by Securitas Iceland to secure a harbour for customer Samskip in Reykjavik. Global logistics company Samskip is one of the larger transport companies in Europe with offices in 24 countries in Europe, North and South America, Asia and Australia. They operate an extensive network of container services to and from Iceland, along with refrigerated cargo logistics and international forwarding around the world. Special kind of surveillance system One of their locations is a harbour in Reykjavik, which includes warehouses. Operating in sub-zero temperatures and with low-light even in daytime for some of the year, Samskip needs a special kind of surveillance system. When temperatures are as low as -30˚C, electronics can become unresponsive, or stop working completely When temperatures are as low as -30˚C, electronics can become unresponsive, or stop working completely. These are also the temperatures where maintenance is more challenging – these are not ideal environments for technicians to be working outside. The biggest snow depth ever recorded in Iceland was 279cm in North Iceland in March 1995, for example. Although this was the worst winter ever recorded, it gives an idea of the potential extremes. There are also snow storms and the high wind chill factor to contend with. Providing clear images in failing light Low light in the winter months means that solutions in Iceland need to be better able to provide clear images in failing light. During winter, Iceland’s high latitude means shorter days - the longest day in the middle of December has only 5 hours of light, for example, with the sunrise at around 11am and sunset between 3 and 4pm. Despite these unique conditions, Samskip needed to have a good overview over all that is happening around the harbour complex, both inside and outside. Specifically, they needed to be able to trace products and goods in the warehouse. Iceland’s security provider, Securitas, rose to the challenge, providing a solution using more than 150 Hikvision products, including PanoVu and DarkFighter® cameras. All these cameras can operate to a temperature of -30˚C. Identifying potential issues The PanoVu cameras provide excellent wide angle surveillance to cover as much of the area as possible. DarkFighter technology is a popular choice in Iceland because it gives clear, useful images even in the lowest of light scenarios. The smart function on the cameras means that operators are able to identify potential issues by analysing people's behaviour. The solution included Seagate’s high-stability Skyhawk drives, especially developed for surveillance applications They can also trace a product between locations and see its condition at receipt and delivery, enhancing both security and business efficiency. To complement the Hikvision solutions, Securitas chose Seagate as their preferred storage vendor with their Skyhawk. The solution included Seagate’s high-stability Skyhawk drives, especially developed for surveillance applications. Providing reliable security Skyhawk surveillance drives are equipped with enhanced ImagePerfect™ firmware to deliver ultimate reliability and zero dropped frames, and SkyHawk Health Management, a software designed for prevention, intervention and recovery. Bergvin Þórðarson, Samskip’s Security Manager, says: “The cameras meet the requirements for analysis of people and merchandise. We are confident with both Hikvision and Securitas – in both their product and people. We know that they will fix any issues and react quickly if there’s a problem.” Securing large areas can be a challenge all on its own, but the addition of potentially crippling weather conditions means a security solution needs to be robust. Hikvision cameras were up to the challenge and provided reliable security for the entire operation.
ADT, a security and automation provider serving residential and business customers, announces a partnership to integrate mobile safety solutions into the Lyft platform. Extending ADT’s safety and technology to mobile applications will bring an additional layer of security to Lyft’s rideshare experience. With ADT’s mobile safety platform, Lyft seeks to give riders and drivers more peace of mind. The pilot will focus on an ADT-powered safety feature within the Lyft app that will discreetly connect Lyft users who feel unsafe - by voice or SMS chat - with a security professional at one of ADT’s owned and operated monitoring centers. Detailed incident information After contacting the user, or if there is no response, the ADT security professional will alert authorities as needed so they can arrive at the user's location, equipped with detailed incident information. “As a rideshare company with an exceptional commitment to rider and driver safety, Lyft is the ideal partner for ADT,” said Jim DeVries, President and CEO of ADT. When it comes to safety, there is no better partner for Lyft than ADT" “We look forward to working closely with the Lyft team as together we bring our industry-leading technology to rideshare riders and drivers. We continue to leverage our deep expertise, technology and the trusted ADT brand to expand our reach into new areas of security beyond the home and business. Partnering with Lyft broadens our exposure while enabling ADT to further realise our mission and belief that people deserve to be safer and more secure wherever they are.” Professional monitoring services ADT’s data-driven mobile safety solution provides Lyft with a platform to extend the safety and security of ADT’s professional monitoring services to its users within its mobile app experience. Beginning in early 2020, Lyft intends to pilot the ADT mobile safety solution in nine U.S. markets including Chicago, Los Angeles and New Jersey, with potential to implement nationally to Lyft’s 30 million riders and 2 million drivers. “When it comes to safety, there is no better partner for Lyft than ADT,” said Ran Makavy, EVP and Chief Product Officer of Lyft. “We are extremely excited to enter into this partnership and look forward to a meaningful, industry-leading collaboration.”
With 15,000 visitors per day, and a watch list of about 3,000 people, the casino faced an impossible task to recognise persons of interest in real time. Surveillance staff manually detected only 5–7 known persons per week and was looking for an automated face recognition system to support two separate requirements: Detecting voluntarily excluded patrons to promote responsible gambling and to avoid compliance fines associated with allowing these people to play Detecting banned persons or people on the lookout list for loss prevention and security. Fully managed services At peak times, the system sees 20 persons per second in front of all cameras Cognitec offers the Face VACS-VideoScan Enterprise Solution as a fully managed service that allows the casino to benefit from the technology at affordable cost and with low implementation effort. The system for this casino includes the software, installed on three redundant servers, and 29 Cognitec C5 cameras at various entrances and in walkways. Some cameras have been installed to blend into the wall design, and not disrupt the overall casino decorum. At peak times, the system sees 20 persons per second in front of all cameras. The software stores the appearances of all persons for 30 days, collecting an average of 1 million faces. After this time window, all images, videos and biometric templates are deleted. Taking optimal photos with a hand-held camera When the surveillance team receives an alert, they verify the facial match, and send the person details to the database administrator. The security team receives the confirmed alert on a mobile device to discreetly find and approach the person on the floor. For new enrolments, staff have been instructed on taking optimal photos with a hand-held camera For new enrolments, staff have been instructed on taking optimal photos with a hand-held camera. The technology has been optimised to generate a high rate of true alerts while generating the lowest possible count of false alerts. The surveillance team evaluates the image pairs in an alert within seconds, and discards the alerts with questionable match results. Face recognition services The system currently generates up to 30 correct alerts per day. Self-excluded problem gamblers are now detected at a much higher rate, resulting in a significant reduction in fine payments compared to the past with traditional detection methods. Observing such reliable system performance has convinced the client to add more cameras to the system and implement the technology at additional locations. The casino also considers to use the technology for underage detection and VIP recognition. Furthermore, the casino has the option to report visitor demographics and statistics that help planning for staff resources and casino capacities. While Cognitec continues to provide reliable, fully-managed face recognition services, the casino continuously reaps the benefits: a secure environment for customers and staff, a profitable business, and support from the community.
Delfina Chain, Sr Associate Customer Engagement & Development at Flashpoint, discusses what resources defenders must access to in order to keep a finger on the pulse of the cybercriminal underground. Artificial intelligence (AI) is already being applied to diverse use cases, from consumer-oriented devices - such as voice-controlled personal assistants and self-directed vacuum cleaners - to ground-breaking business applications that optimise everything from drug discovery to financial portfolio management. So naturally, there is growing interest within the information security community around how we can leverage AI - which encompasses the concepts of machine learning (ML) and deep learning (DL) - to combat cyber threats. AI-enhanced cyber security The effectiveness and scalability of cybersecurity-related tasks has already been enhanced by AI The effectiveness and scalability of cybersecurity-related tasks, such as malware and spam detection, has already been enhanced by AI, and many expect ongoing AI innovations to have a transformative impact on cyber defence capabilities. However, security practitioners must also recognise that the rise of AI presents a potent opportunity for cybercriminals to optimise their malicious activities. Much like the rise of cybercrime-as-a-service offerings in the underground economy, threat-actor adoption of AI technology is expected to lower barriers to entry for lower-skilled actors seeking to conduct advanced malicious operations. A report from the Future of Humanity Institute emphasises the potential for AI to be used toward beneficial and harmful ends within the cyber realm, which is amplified by its efficiency, scalability, diffusibility, and potential to exceed human capabilities. Encrypted chat services Potential uses of AI among cybercriminals could include the development of highly evasive malware, the ability for automated systems to exhibit human-like behaviour during denial-of-service attacks, and the optimisation of activities such as vulnerability discovery and target prioritisation. Fortunately, defenders have a leg up over adversaries in this arms race to harness the power of AI technology, largely due to the time- and resource-intensive nature of deploying AI at its current stage in development. The purpose of intelligence is to inform a course of action. For defenders, this course of action should be guided by the level of risk (likelihood x potential impact) posed by a threat. The best way to evaluate how likely a threat is to manifest is by monitoring threat-actor activity on the deep-and-dark-web (DDW) forums, underground marketplaces, and encrypted chat services on which they exchange resources and discuss their tactics, techniques, and procedures (TTPs). Cobalt Strike threat-emulation software Flashpoint analysts often observe cybercriminals abusing legitimate technologies in a number of way Cybercriminal abuse of technology is nothing new, and by gaining visibility into adversaries’ ongoing efforts to develop more advanced TTPs, defenders can better anticipate and defend against evolving attack methods. Flashpoint analysts often observe cybercriminals abusing legitimate technologies in a number of ways, ranging from the use of pirated versions of the Cobalt Strike threat-emulation software to elude server fingerprinting to the use of tools designed to aid visually impaired or dyslexic individuals to bypass CAPTCHA in order to deliver automated spam. EMV-chip technology Flashpoint analysts also observe adversaries adapting their TTPs in response to evolving security technologies, such as the rise of ATM shimmers in response to EMV-chip technology. In all of these instances, Flashpoint analysts provided customers with the technical and contextual details needed take proactive action in defending their networks against these TTPs. When adversaries’ abuse of AI technology begins to escalate, their activity within DDW and encrypted channels will be one of the earliest and most telling indicators. So by establishing access to the resources needed to keep a finger on the pulse of the cybercriminal underground, defenders can rest easy knowing they’re laying the groundwork needed to be among the first to know when threat actors develop new ways of abusing AI and other emerging technologies.
Pulse Secure, the provider of software-defined Secure Access solutions, has announced the successful delivery of a project to help Hogarth Worldwide refresh its secure access platform as part of a Zero Trust approach to security. Hogarth Worldwide is a creative production business, providing marketing production and adaptation services for some of the world’s most recognisable brands and global multinationals. Security is a critical part of this service and Hogarth manages its own multi-layered secure access platform. Having grown rapidly over the last decade, the company had reached capacity on its legacy Juniper VPN solution that was also heading towards end of support. With the need to upgrade fast approaching, Hogarth decided to both refresh its secure access platforms to meet greater demand and gain access to more advanced capabilities. Requirement of VPN and NAC platform Hogarth contacted ANSecurity, a trusted cyber security advisor that it had worked with previously on several projectsPeter Smith, Global Network Architect at Hogarth, said, “We initially created a shortlist of vendors from the Gartner Magic Quadrant and started examining a few options. Our key criteria was a VPN and NAC platform that was easy to deploy and manage, with strong compatibility across a wide range of devices, plus the ability to adapt.” Hogarth contacted ANSecurity, a trusted cyber security advisor that it had worked with previously on several projects. The team at ANSecurity provided guidance to help scope the project and design a technical implementation. “We looked at a number of options, but we felt that Pulse Secure offered the best combination of features and compatibility along with the flexibility we needed to meet our current requirements and future needs,” said Smith. Pulse Connect Secure (PCS) virtual appliances Based on these requirements, Hogarth selected Pulse Connect Secure (PCS) virtual appliances deployed within its main data centres in London and several branch offices across the world to provide VPN access. This is supported by Pulse Policy Secure (PPS), a next-generation NAC appliance that enables Hogarth to gain deeper visibility and understanding of its security posture. The combined solution is deployed as part of a Zero Trust approach to security allowing Hogarth to ensure its distributed workforce is authenticated, authorised and secure when accessing applications and resources across its own data centre and cloud-based resources. The data from all these systems is passed to a SIEM to allow the IT department to quickly detect any issues The solution is integrated into its Ruckus based Wi-Fi network, Radius authentication server and multi-factor authentication which runs in Azure. The data from all these systems is passed to a SIEM to allow the IT department to quickly detect any issues and automate threat response to mitigate malware, rogue devices, unauthorised access and data leakage risks. Meeting the requirements of TISAX “The virtual appliance offered better performance than our legacy solution and the Pulse Secure VPN and NAC appliances were easy to deploy with a low management overhead,” commented Smith. “We have a high availability configuration and the built-in licence server makes it easy to add more users or devices as needed.” The new solution has also helped Hogarth to meet the requirements of TISAX (Trusted Information Security Assessment Exchange) that enables mutual acceptance of Information Security Assessments which was a key requirement for several of its clients within the automotive industry. “The upgrade to Pulse Secure has gone very smoothly, we have had no issues and the solution has delivered as expected with the potential to adapt as our security needs evolve,” Smith concluded.
Round table discussion
Artificial intelligence is on the verge of changing the face of multiple industries – from healthcare to entertainment to finance, from data security to manufacturing to the cars we drive (or that will drive themselves!) In the physical security market, AI has garnered a lot of attention as a buzzword and as a harbinger of things to come. We asked this week's Expert Panel Roundtable: What security markets are most likely to embrace artificial intelligence (AI)?
There will be more artificial intelligence, more machine learning, video systems with more capabilities, and all of it will add greater value to our solutions. Those are among the expectations of our Expert Panel Roundtable as they collectively look ahead to the remainder of 2019. One unexpected prediction is that AI will not prove to be a game changer – at least not yet. We asked this week’s Expert Panel Roundtable: What will be the biggest surprise for security in the second half of 2019?
Cybersecurity has become the ultimate buzzword in the physical security market. And it also represents one of the industry’s most intractable challenges. Several years ago, the problem with cybersecurity was lack of awareness among physical security practitioners. It’s now safe to say that awareness has increased. Everyone today talks about cybersecurity, but has it helped the larger problem? We asked this week’s Expert Panel Roundtable: Is greater awareness helping to increase the cybersecurity of physical security systems?