The cyber security threat is constant and real. Entire businesses, large enterprises and even whole cities have been vulnerable to these attacks. Growing threat of cyber attacks The threat is not trivial. Recently, two cities in Florida hit by ransom ware attacks – Rivera Beach and Lake City – opted to capitulate and pay ransom totaling more than $1.1 million to hackers. The attacks had disrupted communications for first responders and crippled online payment and traffic-ticketing...
Microsoft and CyberArk are globally renowned companies in the identity management space for the security software sector, according to the latest Thematic scorecard from GlobalData. Identity management Identity management refers to software whose function is to ensure that the right people (or machines) have access to the parts of the IT system they require to fulfill their role. Both companies gained the highest Thematic score (5 out of 5) for the identity management theme in GlobalData&rsquo...
Ho Chi Minh City takes its place at the centre of Asia’s security world this week, as a record 380 exhibitors aim to catch the attention of trade buyers at the 12th edition of Secutech Vietnam. Displaying best-in-class products in the fields of safety, security and fire, the trade fair takes place at the Saigon Convention and Exhibition Centre from 14 – 16 August 2019. According to Ms Regina Tsai, the Deputy General Manager of Messe Frankfurt New Era Business Media Ltd, the fair has...
DMP is pleased to announce the expansion of its East Coast sales leadership team with the promotion of Ken Nelson to Director of Sales — East. Nelson joined DMP in 2017 as the Dealer Development Manager (DDM) for the company’s New York territory. In that short time, he has quickly proven his outstanding leadership abilities, making this transition a natural one. “Ken is a transformational sales leader,” says Jim Hawthorne, DMP Executive Director of Sales. “As one w...
The Spanish SMBs subscribed to Conexión Segura Empresas have avoided more than 80,000 potential cybersecurity incidents since the solution was launched in May. Of those, more than 89% of blocks occurred when users tried to access risky domains or websites, as a result of ‘phishing’. Combating rising cybercrime “The service that Telefónica Empresas offers to its customers has been launched at a moment of high level of cybercrime, in which a new threat is created...
A video analytics system that provides ‘behavioural understanding’ can yield more meaningful and actionable data for a range of applications. In public safety and security, such a system can alert on violent or suspicious behaviours, such as people fighting, vandalism, people with weapons, etc. In advanced traffic surveillance and monitoring, it can provide alerts to vehicle collisions (accidents), traffic hazards or vehicle that aren’t using the road properly, such as a car...
Genetec Inc., globally renowned technology provider of unified security, public safety, operations, and business intelligence solutions, has announced that it is now offering multiple FICAM-(Federal Identity, Credential, and Access Management) certified options for its Security Center Synergis access control system. Personal Identity Verification In a market that has been traditionally weighed down by limited solutions that are often proprietary, these new options offer non-proprietary, open-architecture choices to efficiently validate Personal Identity Verification (PIV and PIV-I) for federal employees and contractors. By unifying all systems in the Security Center Synergis platform, security teams can better mitigate risks" “Older physical security technology no longer meets federal standards or complies with the latest regulations, that’s why government agencies are looking to modernise their operations. By unifying all systems in the Security Center Synergis platform, security teams can better mitigate risks, increase operator efficiency and reduce cybersecurity efforts all while remaining compliant with the latest FIPS standards” said Justin Himelberger, Enterprise Systems Business Development Manager—Federal & DOD at Genetec. Genetec offers two FICAM-certified options: Onboard authentication using Mercury LP4502 controller: Ideal for new installations, this option is an efficient and cost-effective approach to achieving FIPS 201 compliancy. By embedding pivCLASS authentication firmware into a Mercury LP4502 controller, users reduce their hardware expenditure and benefit from a speedy authentication process. Authentication using HID PAM: Ideal for retrofits, customers can upgrade their existing systems by adding a dedicated pivCLASS Authentication Module (PAM) from HID to their installation. Genetec – Mercury Security partnership “Genetec and Mercury Security have been close partners for years and we are pleased to offer our US Federal market customers FICAM-compliant solutions that are nonproprietary and based on an open-architecture. The Mercury LP4502 controller with Genetec Synergis access control system enable customers to comply with the most stringent access and identity federal standards with the minimum amount of disruptions,” said Matt Barnette, President of Mercury Security.
Digital Defense, Inc. announces Frontline Network Map, an innovative feature offering IT security and operations professionals enhanced visibility of vulnerabilities and threats found on small, medium, and large networks. Frontline Network Map is accessible within Frontline.Cloud, the company’s SaaS security assessment platform and is being demonstrated at Black Hat 2019 conference currently underway in Las Vegas, Nevada. Risk network segments Through the Network Map capability, Fronline.Cloud users are able to view the relationships and interconnectivity of assets through a variety of clustering algorithms to pinpoint at risk network segments and areas of key vulnerability and active threat. “Our Network Map feature is a powerful tool for information security blue team members to quickly visualise the security of the networks and connected assets for which they defend from cybercriminal attacks,” states Mike Cotton, SVP, Engineering. “Frontline.Cloud users receive an accurate graphic depiction of their risk that enables rapid response to those assets or network clusters that present the greatest exposure.” Learn more about Frontline Network Map by visiting the Digital Defense booth #2411 at Black Hat and request for a demonstration.
SureCloud, a provider of cybersecurity services and cloud-based, Integrated Risk Management solutions, appoints Jon Taylor-Goy as EMEA Sales Manager for the cybersecurity division. Jon will be instrumental in helping drive business growth, as well as establishing complimentary new service lines. Jon’s expertise spans business growth, product development, and go-to-market strategies in the areas of IT risk management and governance. Cybersecurity service offering Jon brings more than 18 years of in-depth experience in IT sales, specialising in cybersecurity, risk, and compliance. Jon worked at NCC Group for 18 years, working his way up to Head of Business Development Prior to joining SureCloud, Jon worked at NCC Group for 18 years, working his way up to Head of Business Development, Risk Management, and Governance, where he formed a key role in the business development function that saw the company grow from 100 staff in one location to more than 2,000 worldwide. “SureCloud has a compelling proposition. Its cybersecurity service offering, Pentest-as-a-Service©, and approach to ongoing customer support sets the company apart from other providers and gives enormous potential for growth,” said Jon. Ever-evolving customer needs “I look forward to forging new customer relationships, developing strong relationships with current clients, and working with colleagues to bring new services to market that will meet ever-evolving customer needs.” Richard Hibbert, SureCloud CEO, said: “Enterprises across Europe are operating in a very challenging environment when it comes to IT security. Their networks are becoming more complex, the attacks they face are growing in number and sophistication, and their compliance obligations regarding data security are increasing. Jon’s work will bring our cybersecurity services, including SureCloud’s Pentest-as-a-Service, to a growing number of enterprises, ensuring that our offering continues to evolve and address the challenges they face.”
Keysight, the test and measurement vendor introduces its new Automotive Cybersecurity Program that delivers a broad cybersecurity portfolio, including hardware, software and services, to address the growing concern of cyber-attacks on connected vehicles. The cyber world is increasingly impacting the safe operation of automobiles, opening the risks of exposure, including malicious hacker activities. The new reality is that cyber-attacks against automobiles could result in the loss of human life. The most recent report from Consumer Watchdog has exposed the reality about the cybersecurity risk in connected vehicles. Deliver extensive security ISG’s visibility solutions deliver an enhanced infrastructure that improves the efficiency of security tool Keysight Technologies understands these risks and offers solutions to test and measure connected vehicle technologies, including the newly announced Automotive Cybersecurity Program that validates the resiliency of connected components of a vehicle, individually or as an entirely functioning automobile prior and post deployment. In addition, security solutions developed by Ixia Solutions Group (ISG), enables Keysight to deliver extensive security validations of the 4G/5G radio access network (RAN) infrastructure that connects vehicles, and the backend data centers that manage business operations. ISG’s visibility solutions deliver an enhanced infrastructure that improves the efficiency of security tool sets in production networks. Keysight provides test and measurement of cybersecurity effectiveness from the ECU level up to the cloud data center. Pre-deployment testing “Early assessment, prior to production, is essential to enabling our automotive customers to deliver safe and supportable vehicles,” stated Mark Pierpoint, president of Ixia Solutions Group, a Keysight business. “Potential issues identified post production, with the risk of recalls, cost orders of magnitude more to repair than when found during pre-deployment testing, notwithstanding the possible loss of human life." Cars today support multiple communication methods, like Bluetooth and USB" "Continued detection and mitigation of cybersecurity threats once vehicles are on the road are equally critical to keep consumers safe. Cybersecurity testing is an essential defence to ensure the design and implementation of a bullet-proof security posture in connected vehicles. Cars today support multiple communication methods, like Bluetooth and USB while a growing number of cars use mobile communication for a variety of services available in the car,” said Tom Goetzl, Automotive & Energy Solutions business general manager for Keysight. Available communication ports “Keysight’s Automotive Cyber security program can test for vulnerabilities on all available communication ports and provides direction to our customers on how to close such vulnerabilities.” Keysight offers a broad portfolio of solutions to help prevent vehicles from being cyber-hijacked, including: Automotive Cybersecurity Program – to validate and exploit the potential attack surfaces existing in connected vehicles Automotive Gateway Security Test – to validate the zoning and security posture of in-vehicle networks Network Security Test – to validate and stress a network infrastructure and backend data centers Application & Threat Intelligence (ATI) Research Center – to ensure testing that includes the latest application and security strike simulation Visibility for Network Security – to improve the performance of a security architecture with 100% visibility of all traffic on an automotive network
Ping Identity, globally renowned provider of identity defined security solutions, has announced the release of PingCloud Private Tenant, a private cloud identity solution for the enterprise. Cloud identity, access management PingCloud Private Tenant provides cloud identity and access management (IAM) by combining highly-configurable capabilities within a dedicated environment. Enterprises can provide authentication for all users with a highly-configurable global authentication authority that includes versatile single sign-on (SSO) and highly-scalable directory services, while also maintaining data and resource isolation. This allows global organisations the ability to automate IAM operations, simplify management and achieve their cloud-first objectives. PingCloud Private Tenant Enterprises need a dependable way for customers, employees and partners to sign-on to their services and applications Enterprises need a dependable way for customers, employees and partners to conveniently sign-on to their services and applications. However, this requires companies to support multiple standards, different authentication flows, a wide range of identity and service providers while operating and maintaining the solution. For this reason, PingCloud Private Tenant allows enterprises to automate the operation of their IAM solution, so IT staff can focus on innovation, in addition to providing a global authentication authority. PingCloud Private Tenant provides the following capabilities and benefits: Coud IAM: Practically limitless configuration options combined with a dedicated cloud environment means enterprises control their data and security while also automating IAM operations. Highly-configurable authentication and directory services: Regardless of where applications or resources reside, enterprises can leverage PingCloud Private Tenant’s extensibility for their diverse user populations and identity types. Simplified identity management and minimised costs: Moving IAM solutions from on-premises to the cloud can save companies significant IT operational costs. PingCloud Private Tenant provides the convenience of centralised configuration via self-service and concierge support options, allowing enterprises to save without compromising support for challenging and complex enterprise use cases. Architected for enterprise hybrid IT: PingCloud Private Tenant reaches every corner of an enterprise’s hybrid IT or multi-cloud environment without the need to install, update and manage separate on-premises proxies and agents. Automated operations to reduce complexity: IT teams are able to respond more quickly and easily to global demand for IAM services by reducing geographical deployment complexity and simplifying IAM operations. Multi-tenant cloud solutions PingCloud Private Tenant expands on the range of deployment options that Ping provides to enterprise customers PingCloud Private Tenant allows them to create different environments for development, test and production as needed, with regional configuration options to comply with geographic or regulatory constraints. PingCloud Private Tenant expands upon the broad range of deployment options that Ping provides to its enterprise customers, spanning multi-tenant cloud solutions, private cloud solutions and on premises software. These solutions cover the range of enterprise deployment preferences and use cases, and can operate independently or work together seamlessly as needed to support complex hybrid IT environments. Hybrid IT environments “Enterprises increasingly straddle hybrid IT and multi-cloud environments, as they prioritise a high standard of security and customer experience,” says Loren Russon, vice president of product management, Ping Identity. “PingCloud Private Tenant is designed to simplify identity management while providing the ability to retain full control of data and security.”
Digital Defense, Inc. and The University of Texas at San Antonio (UTSA) Department of Computer Science jointly announced a partnership that will provide students and faculty with access to an award-winning cloud-based information security platform to further enrich the students’ cybersecurity education. UTSA students and faculty will be able to utilise Digital Defense’s flagship Frontline.Cloud platform to evaluate the security posture of applications, systems and networks in classroom and lab environments both on and off campus. With Frontline.Cloud, students will not only be able to assess the security posture of software applications and systems they build and run on lab networks, but when coupled with the supervision and course curriculum provided by UTSA faculty, they will also learn how to use industry recognised tools to establish and execute an effective vulnerability lifecycle management program. Testing for hidden threats on target networks These systems will provide students with vulnerability and web application scanning capabilitiesUTSA will have access to three different systems available on the Frontline.Cloud platform. These systems will provide students with vulnerability and web application scanning capabilities, and Digital Defense’s new threat scanning solution (Frontline Active Threat Sweep), which allows testing for hidden threats on target networks. Mark Robinson, assistant professor in practice in the UTSA College of Sciences, will use the Frontline.Cloud platform in the classroom with his students this fall. “As the home of the nation’s top program in cybersecurity, UTSA is committed to developing partnerships that provide our students with unparalleled learning experiences so they can become the most competitive candidates in the marketplace,” said Robinson. “Frontline.Cloud is an incredibly powerful platform with a host of capabilities that will allow UTSA students and researchers to test their systems, applications and networks before they move into a production-style environment. We are also excited to evaluate integration possibilities for Frontline.Cloud into our security research and competitive events.” Enhanced classroom cybersecurity learning As a Security SaaS platform technology firm, Digital Defense is pleased to provide Frontline.Cloud's access to UTSA"“The alliance of our two San Antonio-based organisations is a natural fit,” states Larry Hurtado, president & CEO at Digital Defense. “We are excited to extend our existing relationship with UTSA, primarily focused on making paid internships available to UTSA students, to one that includes assisting UTSA faculty and students with more enhanced classroom cybersecurity learning. “As a global Security SaaS platform technology firm, Digital Defense is pleased to provide access to Frontline.Cloud to UTSA, one of the world’s leading cybersecurity education institutions. Working together with UTSA, we are able to provide a hands-on experience to students, enabling them to solve real-world information security challenges in a classroom setting. These types of skills are in high demand and the future will now be even brighter for these individuals as they enter the workforce.” Security research units of UTSA The UTSA Department of Computer Science offers bachelor’s, master’s and doctoral degrees supporting a dynamic and growing program with over 1,300 undergraduates, 74 master’s students and 67 doctoral students. The department’s research and experimental facilities are supported by federal research and infrastructure grantsIts major research units include the Institute for Cyber Security, which operates the FlexCloud and FlexFarm laboratories dedicated to both basic and applied cybersecurity research, and the Center for Infrastructure Assurance and Security (CIAS), which focusses on the cybersecurity maturity of cities and communities while also conducting national cyber security defence competitions for college and high school students. The department’s research and experimental facilities are supported by federal research and infrastructure grants. San Antonio is home to one of the largest concentrations of cybersecurity experts and industry leaders outside Washington, D.C., which uniquely positions the city and UTSA to lead the nation in cybersecurity research and workforce development.
We live in an information and data-led world, and cybersecurity must remain top-of-mind for any organisation looking to both protect business operation critical assets. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - from cybercriminals conducting targeted spear-phishing campaigns - like the 2018 Moscow World Cup vacation rental scam, to nation-state actors looking to collect intelligence for decision makers - no organisation is safe from innovative cyber threats. Security solutions enterprises Organisations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe The evolving threat space means organisations need to ensure they have the most innovative prevention and detection frameworks in order to withstand adversaries using complex and persistent threats. When implementing new security solutions enterprises must start by assuming that there is already a bad actor within their IT environment. With this mindset, organisations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe. As there is no one silver bullet that truly stops all cyberattacks, organisations must adopt a multipronged approach to be widely adopted to stop adversaries. This must include tracking, analysing and pinpointing the motivation of cyber actors to stay one step ahead through global intelligence gathering and proactive threat hunting. In addition, deploying new technologies leveraging the power of the cloud give a holistic view of the continuously evolving threat landscape and thereby secure data more efficiently. Traditional security approach In today’s landscape, the propagation of advanced exploits and easily accessible tools has led to the blurring of tactics between statecraft and tradecraft. Traditional security approaches are no longer viable when it comes to dealing with the latest trends in complex threats. To make defending against these threats even more complicated, adversaries are constantly adapting their tactics, techniques and procedures (TTPs), making use of the best intelligence and tools. CrowdStrike’s latest Global Threat Report tracked the speed of the most notable adversaries including Russian, Chinese, North Korean and Iranian groups. As the adversaries’ TTPs evolve into sophisticated attack vectors defenders need to recognise we are amidst an extreme cyber arms race, where any of the above can become the next creator of a devastating attack. Russian efficiency is particularly high; they can spread through an enterprise network in 18 minutes 48 seconds on average, following the initial cyber-intrusion. Sophisticated cyber weapons Actors tend to use a simple trial and error technique where they test the organisation's network So, reacting to threats in real-time is a priority. Bad actors are extremely vigilant and committed to breaking down an organisation’s defences, and speed is essential to finding the threats before they spread. Actors tend to use a simple trial and error technique where they test the organisation's network, arm themselves with more sophisticated cyber weapons, and attack again until they find a vulnerability. This has highlighted the need for tools that provide teams with full visibility over the entire technology stack in real-time in order to meet these threats head-on. Traditional solutions are scan-based, which means they don’t scale well and can’t give the security teams context around suspicious activity happening on the network. They lack full visibility when a comprehensive approach is needed. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - like the 2018 Moscow World Cup vacation rental scam Malicious behaviour Through leveraging the power of the cloud and crowdsourcing data from multiple use cases, security teams can tap into a wealth of intelligence collated from across a vast community. This also includes incorporating threat graph data. Threat graphs log and map out each activity and how they relate to one another, helping organisations to stay ahead of threats and gain visibility into unknowns. Threat graph data in conjunction with incorporating proactive threat hunting into your security stack creates a formidable 360-degree security package. Managed threat hunting teams are security specialists working behind the scenes facing some of the most sophisticated cyber adversaries through hands on keyboard activity. Threat hunters perform quickly to pinpoint anomalies or malicious behaviour on your network and can prioritise threats for SOC teams for faster remediation. In-depth knowledge Security teams need to beat the clock and condense their responseIt is key for security teams to have an in-depth knowledge of the threat climate and key trends being deployed by adversaries. The TTPs used by adversaries leave are vital clues on how organisations can best defend themselves from real-life threats. Intrusion ‘breakout time’ is a key metric tracked at CrowdStrike. This is the time it takes for an intruder to begin moving laterally outside of the initial breach and head to other parts of the network to do damage. Last year, the global average was four hours and 37 minutes. Security teams need to beat the clock and condense their response and ejection of attackers before real damage is done. Next-generation solutions When managing an incident clients need to be put at ease by investigations moving quickly and efficiently to source the root of the issue. Teams need to offer insight and suggest a strategy. This can be achieved by following the simple rule of 1-10-60, where organisations should detect malicious intrusions in under a minute, understand the context and scope of the intrusion in ten minutes, and initiate remediation activities in less than an hour. The most efficient security teams working for modern organisations try to adhere to this rule. As the threat landscape continues to evolve in both complexity and scale, adequate budget and resources behind security teams and solutions will be determining factors as how quickly a business can respond to a cyberattack. To avoid becoming headline news, businesses need to arm themselves with next-generation solutions. Behavioural analytics The solution can then know when to remove an adversary before a breakout occurs Behavioural analytics and machine learning capabilities identify known and unknown threats by analysing unusual behaviour within the network. These have the ability to provide an essential first line of defence, giving security teams a clear overview of their environment. With this at hand, the solution can then know when to remove an adversary before a breakout occurs. Attackers hide in the shadows of a network’s environment, making the vast volume and variety of threats organisations face difficult to track manually. The automation of responses and detection in real-time is a lifeline that organisation cannot live without as adversaries enhance and alter their strategies. Adversaries continue to develop new ways to disrupt organisations, with cybersecurity industry attempting to keep pace, developing new and innovative products to help organisations protect themselves. These technologies empower security teams, automating processes and equipping security teams with the knowledge to respond quickly. Organisations can set themselves up for success by integrating the 1-10-60 rule into their security measures, giving them an effective strategy against the most malicious adversaries.
In the next three years, software as a service ‘SaaS’ is likely to grow by around 23%. That’s according to reports by Cognizance. It’s growth rests on the adoption of cloud public, private and hybrid. Without the cloud applications can’t truly pervade an organisation, nor can operational or customer benefits be derived. But there’s no point in adopting the cloud if it’s not secure - the proliferation of SaaS demands security, none more so in a GDPR world. Large cloud environment But modern applications are difficult to secure. SaaS based, web, mobile, or custom made all work on different platforms and frameworks. It’s a headache managing all the APIs needed to automate and sync tools. This introduces risk. The greater the number of apps the broader the attack surface and therefore the greater the chance there will be blind posts. Keeping up to date with updates and new security policies is never easy There are also added hazards. Applications are always changing. Keeping up to date with updates and new security policies is never easy, but especially hard in a large cloud environment. Failure to adopt changes puts the organisation and customers at further risk. But the biggest obstacle is keeping applications and APIs out of harm’s way. It’s a near on impossible task when attack methods and sources are constantly changing. More advanced threats To be specific there are four emerging challenges when it comes to protecting apps. Firstly, managing the good and the bad bots and spotting which is which, secondly securing APIs as IoT adoption intensifies, thirdly the relationship between securing apps and DevOps and ensuring ownership of security, and finally denial of service attacks that use newer tactics such as brute force. Basic security hygiene dictates that security teams refer to the OWASP Top 10. It’s considered the ‘ten commandments’ in security circles, providing a starting point for ensuring the most common threats and vulnerabilities are managed, detected and mitigated. Web Application Firewalls also come into the fray with guidance on testing for the ways hackers exploit vulnerabilities. However, though the basics are good to have in place, there are always more advanced threats to take care of. Bots being a big one. Bot management The more sophisticated bots will go as far as to mimic human behaviourAstonishingly about half of internet traffic is bot generated. Half of it is from bad bots. Discerning the good from the bad isn’t easy though and explains why around 80% of organisations can’t make a clear distinction between the two. Bad bots can do a lot of damage like take over user accounts and payment information, scrape confidential data, or hold up inventory and skew marketing metrics. The more sophisticated bots will go as far as to mimic human behaviour and bypass tools like CAPTCHA and even device fingerprinting based protection ineffective. Securing APIs Then there’s the complications derived from machine-to-machine and internet of things (IoT) communications. The more integrated ‘things’, the more data there is, the more events there are report on, and the more activity there is reliant on APIs to make the ‘things’ useful and agile. That’s what makes them a target and the threats to API vulnerabilities include injections, protocol attacks, parameter manipulations, invalidated redirects and bot attacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks Denial of service (DoS) You might think there’s little to add to the swathes of denial of service warnings. Yet when businesses are still being targeted and feeling the ill effects it’s worth mentioning again that different forms of application-layer DoS attacks are still very effective at bringing application services down. Even the greatest application protection is worthless if the service itself can be knocked down This includes HTTP/S floods, low and slow attacks (famous examples being Slowloris, LOIC, Torshammer), dynamic IP attacks, buffer overflow, Brute Force attacks and more. The IoT botnets are the culprits and have made application-layer attacks so popular that they have become the preferred DDoS attack vector. Even the greatest application protection is worthless if the service itself can be knocked down. Continuous security It may seem easy to say but for modern DevOps, agility is valued at the expense of security. We see time and again examples of where development and roll-out methodologies, such as continuous delivery, mean applications are exposed to threats each time they are modified. There’s no doubt it is extremely difficult to maintain a valid security policy and protect sensitive data in dynamic conditions without creating a high number of false positives. But we now find that this task has gone way beyond the capability of humans. Organisations now need machine-learning based solutions that map application resources, analyse possible threats, and create and optimise security policies in real time. Reaching this level in security planning should be a big wake-up call that security automation is an essential not a nice to have. Running security plans The board needs to know that investment is critical to protect their profits It’s critical that the security solution your company adopts protects applications on all platforms, against all attacks, through all the channels and at all times. The board needs to know that investment is critical to protect their profits. As such there are six things they need to know: Application security solutions must encompass web and mobile apps, as well as APIs. Bot management solutions need to overcome the most sophisticated bot attacks. DDoS mitigation must be an essential and integrated part of application security solutions. A future-proof solution must protect containerised applications, severless functions, and integrate with automation, provisioning and orchestration tools. To keep up with continuous application delivery, security protections must adapt in real time. A fully managed service should be considered to remove complexity and minimise resources. No amount of human power will beat the bots. That last point is the most critical. Skill is essential in designing and running security plans and policies that work. But the plans can’t be executed without automated tools. There are just too many decisions to make in a split second. Combining both is the path to an effective app protection strategy and a stronger brand to boot.
Edge devices (and edge computing) are the future. Although, this does seem a little cliché, it is the truth. The edge computing industry is growing as quickly as technology can support it and it looks like we will need it to. IoT global market The IoT (Internet of Things) industry alone will have put 15 billion new IoT devices into operation by the year 2020 according to a recent Forbes article titled, “10 Charts That Will Challenge Your Perspective of IoT’s growth”. IoT devices are not the only edge devices we have to deal with as the total number of connected edge devices includes the likes of devices like security devices, phones, sensors, retail sales devices, and industrial and home automation devices. The IoT (Internet of Things) industry alone will have put 15 billion new IoT devices into operation by the year 2020 The sheer number of devices begins to bring thoughts of possible security and bandwidth implications into perspective. The amount of data that will need to be passed and processed with all of these devices will be massive. There needs to be consideration taken by all business owners and automation engineers into how this amount of data and processing will be conducted. Ever-expanding edge devices market As the number of edge devices in the marketplace and their use among consumers and businesses rises, the need to be able to handle the data from all of these devices is no longer going to be suitable for central server architectures. We are talking about hundreds of billions and even trillions of devices. According to IHS Markit researchers’ study, there were 245 million CCTV cameras worldwide. One has to imagine there are at least 25% of that many access control devices (61.25 million devices) based on a $344 million market cap also calculated by IHS Markit’s researchers. If all the other edge devices mentioned earlier are considered then one can see that trying to route them all through servers for processing is going to start to become difficult if it hasn’t already, -which arguably it already has, as is evidenced by the popularity of cloud-based solutions amongst those businesses that already use a lot of edge devices or are processing a lot of information on a constant basis. Cloud computing The question is whether cloud computing the most effective and efficient solution as the IoT industry grows The question is this; is cloud computing the most effective and efficient solution as the IoT industry grows and the amount of edge devices becomes so numerous? My belief is that it is not. Taking the example of a $399 USD device that is just larger than the size of a pack of cards and runs a CPU benchmarked at the same level as a mid-size desktop. This device has 8GB RAM and 64GB EMMC built-in and a GPU that can comfortably support a 4K signal at 60Hz with support for NVMe SSDs for add-on storage. This would have been unbelievable five years ago. As the price of edge computing goes down, which it has done in a dramatic way over the last 10 years (as can be seen with my recent purchase), the price to maintain a central server that can perform the processing required for all of the new devices being introduced to the world (due to the low cost of entry for edge device manufacturers) becomes more expensive. This introduces the guarantee that there will be a point where it will be less expensive for businesses, and consumers alike, to do the bulk of their processing at the edge as opposed to in central server architectures. Cloud computing is now being overtaken by edge computing, the method of processing data at the edge of the network in the devices themselves Edge computing There are a plethora of articles discussing and detailing the opposition between the two sides of the computing technology coin, cloud computing and edge computing. The gist of it is that “cloud computing” was the hot new buzzword three years ago and is now being overtaken by “edge computing.” The truth is that cloud computing is a central server architecture hosted at someone else’s location. Edge computing is going to be a necessary development in the technology industry Edge computing is the method of processing data at the edge of the network (in the devices themselves) and allowing for less resources required at a central location. There is certainly a use case for both, however the shift to edge computing amongst the general public and small to mid-sized businesses will not be a surprise to those players, who have been paying attention. One article titled, “Next Big Thing In Cloud Computing Puts Amazon And Its Peers On The Edge” by Investor’s Business Daily takes the stance that edge computing is going to completely displace centralised cloud computing and even coins the phrase, “Cloud computing, decentralised” to explain edge computing. It speaks for the stance that most experts in technology seem to be taking, including Amazon Web Services’ VP of Technology, Marco Argenti according to the same article. We know that edge computing is going to be a necessary development in the technology industry, and it is happening as I write this, and quickly at that. Cost efficiency of edge processing As time goes on, the intersection between the prices of network bandwidth, edge processing and maintaining super powerful central servers will cause edge processing to be the most efficient and cost-effective way to maintain a scalable network in any environment, including datacenters. Owning a central server or utilising edge computing become the better options As it currently stands, most residential users can only achieve a 1Gbps WAN (internet) connection, and small to medium-sized business can’t get much more but seem to get much less, based on my personal experience. When more than 1Gbps needs to be processed, cloud computing becomes very expensive at which point, owning a central server or utilising edge computing become the better options. Then you look a total cost of ownership and when the cost of edge computing is less expensive than the cost of maintaining central server architectures, edge computing becomes the single best option. So, I’ll say it again, edge devices (and edge computing) are the future.
The devil is in the details. The broader implications of the U.S. Government ban on Chinese video surveillance manufacturers are being clarified in the federal rule-making process, and a public hearing in July gave the industry a chance to speak up about the impact of the law. Ban on equipment The hearing centered on Section 889 of Title VII of the National Defense Authorisation Act (NDAA) for FY 2019, specifically paragraph (a)(1)(B). The paragraph "prohibits agencies from entering into a contract (or extending or renewing a contract) with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system." “Covered equipment” refers to products and services from Huawei, ZTE Corp., Hytera, Hikvision and Dahua “Covered equipment” refers to products and services from Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co. Hikvision and Dahua are two of the largest manufacturers of video surveillance equipment, and Huawei manufactures HiSilicon chips widely used in video cameras. ‘Chinese ban’ provision The public hearing was part of the rule-making process for paragraph (a)(1)(B), which the industry has informally referred to as the “blacklist” provision of the NDAA. However, the “Chinese ban” provision [Paragraph (a)(1)(a)] is not at issue, was not covered by the public hearing, and is already scheduled to go into effect a year after the law was signed by President Trump (August 13, 2018). There were seven presentations at the public hearing. Presenters included the Security Industry Association (SIA), two Hikvision integrators, a representative of communications manufacturer Hytera, an economist and an attorney on behalf of telecommunications company Huawei, and Honeycomb Secure Systems, a federal contractor. There was no livestream or transcription of the meeting, although PowerPoint summaries of the 10-minute presentations were published. SIA emphasises on clarity In its presentation, the Security Industry Association (SIA) emphasised that contractors need clarity, i.e., that paragraph (a)(1)(B) applies to an entity's use of covered equipment or services in the performance of federal contracts, but NOT to non-federal sales or use of covered equipment by a contractor that is unrelated to federal work. SIA also focused on the distinction (and contrasting risk profiles) between video surveillance equipment, which are endpoint devices that may or may not be on the Internet, and telecommunications equipment. In contrast, telecommunications equipment is essential to Internet infrastructure and manages all data on a network, encrypted or not. Fully-compliant video surveillance products Security equipment suppliers and integrators doing federal work can offer fully compliant video surveillance products" SIA's presentation included the following "outcome" statement: "Security equipment suppliers and integrators doing federal work can offer fully compliant video surveillance products in the federal market, while offering other products tailored to technical requirements, price points and specific customer needs that vary widely for non-government commercial sectors – e.g. malls, banks, convenience stores, etc.” In other words, involvement in government contracts should not restrict an integrator’s flexibility to offer any and all products and services (included those from the listed Chinese companies) to non-government customers. The two integrators made similar points, specifically about their business with Hikvision. One presenter was Rick Williams, General Manager of Selcom, a systems integrator in Selma, Ala., with 10 employees. They have been a Hikvision partner since 2012 with a year-to-date revenue from Hikvision products of approximately $400,000. Hikvision integrators speak out A second integrator at the hearing was Mark Zuckerman of Clear Connection Inc., a security company in Beltsville, Md., with 32 local employees, that focuses on electronic security, telecommunications and IT. Clear Connection designs, installs and services systems throughout Metro DC and Baltimore, including commercial entities, schools and non-profit organisations. They do about $120,000 a year in business as a Hikvision partner and have over $500,000 in business awaiting federal NSGP [Nonprofit Security Grant Program] approval. In two almost identical presentations, the integrators sought clear guidance on how to comply with the language of the law as written, specifically confirmation that Section 889 of the NDAA does not apply to non-federal sales or use of covered equipment. "This is critical to my company as I provide integrated security solutions across multiple government and commercial markets, using a mix of products from different manufacturers tailored to the technical requirements, price points and customer needs that vary widely for each sector," said Williams. Hytera speaks at hearing It is not clear what Section 889 means, who it applies to, or how far its prohibitions extend" "It is not clear what Section 889 means, who it applies to, or how far its prohibitions extend," commented Zuckerman. "If interpreted broadly, some of my customers would be barred from entering into a federal contract because they have covered products installed in their facility to protect their property and staff.” Also presenting at the hearing was Hytera, a manufacturer of open standard digital mobile radio technology. The presentation emphasised that Hytera does not sell to U.S. telecommunications carriers, and does not supply 5G components or video surveillance equipment. Hytera equipment is used by federal customers such as the National Gallery of Art, National Archives, National Zoo and the Holocaust Museum. Impact on clients and commerce "These federal entities do not play a role in national security, and the Hytera systems do not connect to any critical systems," says the company. "However, the lack of clarity in the implementation of the NDAA has a significant impact on Federal, state and commercial clients, impacting competition and choice." Hytera's presentation continues: "Hytera has never been informed by any U.S. government entity that its equipment posed a national security risk and as such has not been given the opportunity to respond to any concerns. The result of Section 889 is the creation and circulation of misinformation in the marketplace." Hytera also said that the federal proposed rules and regulations should exempt federal agencies that do not include a national security component, and equipment not interconnected with the public network. Impact on cybersecurity Consolidating the number of equipment suppliers hinders rather than helps cybersecurity" James E. Gauch, an attorney with James Day speaking on behalf of Huawei, offered a global argument that could be applied to any of the banned companies: “Virtually all equipment manufacturers rely on a global supply chain and face security risks from a wide range of sources, excluding may be one or two vendors based on their national origin will not address these risks.” He adds, “However, consolidating the number of equipment suppliers hinders rather than helps cybersecurity. Creating a small number of dominant suppliers, regardless of national origin, reduces the incentives of those suppliers to embrace industry-leading standards and creates greater exposure to vulnerabilities of a single supplier.”
Verkada was founded by three computer scientists and security experts who studied together at Stanford University. They connected with a former founder of Meraki and created Verkada with a mission to “modernise the world of physical security”. The fast-growing company currently focuses on delivering an all-in-one hybrid cloud video security solution powered by edge processing inside the camera. On the surface, the product is simple: cameras record video, connect to the internet, and push data to the cloud. “What sets us apart is the system architecture that drives our solution,” says Brandon Davito, Verkada’s VP of Product and Operations. “Starting with edge processing, all data is instantly analysed and processed at the camera. This enables enterprise users to scale coverage without traditional limitations like bandwidth consumption or the costs of supporting additional equipment for processing footage. Simultaneously, all footage is stored directly on each camera and can be streamed securely via Verkada’s centralised management platform to any device.” The product is simple: cameras record video, connect to the internet, and push data to the cloud Hybrid cloud architecture Verkada’s goal is to make it easy to buy, deploy and manage large-scale enterprise video security systems across hundreds of cameras and dozens of sites. The hybrid cloud architecture makes it easy to access video footage from hundreds of cameras across any platform (web, mobile apps, tablets, and AppleTV). Verkada is appropriate for any business, school or enterprise that needs a scalable, secure and reliable video security solution, says Davito. “Our system streamlines surveillance management, removes the need of supporting equipment, and is ready to use, out-of-the-box, without the need for technical configurations,” says Davito. The simplicity and scalability of the end-to-end solution is attractive to security professionals, simplifying the day-to-day of surveillance management and providing insights that drive a business forward in other areas of the organisation. “This approach also allows us to provide customers with a complete experience, as we build our hardware and software to work seamlessly together,” Davito adds. Verkada does not integrate with other equipment or systems. “Taking an end-to-end approach ensures that we are able to develop and roll out features more quickly and take advantage of the edge-processing capabilities of our cameras,” Davito says. The simplicity and scalability of the end-to-end solution is attractive to security professionals Defending against IoT threats An end-to-end solution also increases defenses against threats in today’s Internet of Things (IoT) space. IP cameras have historically been some of the most vulnerable devices. Verkada cameras save time by updating automatically, and they are unable to accept 3rd party software (and the risks that come with it). Verkada partners with many of the leading channel distributors and is always recruiting new integrator/reseller partners. “The solution is easy to sell. It's a bolt-on value-add that doesn't require altering or configurations to existing infrastructure,” says Davito. “Sales cycles are also much shorter because implementation is simple and streamlined; it’s creating a lot of business efficiency.” The world of physical security is always evolving, so Verkada’s ongoing challenge is to continue delivering on the potential of hybrid cloud management of physical spaces. “We are always launching new features and enhancements, as well as ensuring the security and integrity of our customers’ environments,” says Davito. “We will look to continue to push the boundaries of physical security and deepen our use of technologies like machine learning and future advancements in video analytics and AI technologies.”
Physical security has been stuck in a forensic and siloed mindset for decades, while the rest of the enterprise has evolved and transformed into proactive, connected operations. A new security management platform based on artificial intelligence (AI) seeks to change that status quo by using modern tools for unification, analytics and controls. AI-based security management “Security teams are managing more moving parts than ever,” says Clayton Brown, Co-Founder of ReconaSense. “As it stands today, the industry can’t keep pace with the digital transformation and the ‘smart’ movement. Physical security must transition from forensic security to proactive, risk-adaptive security.” ReconaSense says the company is changing the physical security industry with AI-based technology and a risk-adaptive approach ReconaSense says the company is changing the physical security industry with AI-based technology and a risk-adaptive approach. “We’re focused on making security integrated, adaptive and proactive,” says Brown. The flagship product, ReconAccess, is a risk-adaptive physical access control system. It controls who can go where, when, in a building. Taken a step further, ReconAccess analyses risk to prevent an authorised person from entering a room if there is a danger or threat present. It also can spot abnormal activity that may warrant further investigation, i.e., insider threats. ReconAccess unification security solution ReconAccess is part of a unification platform that includes geospatial AI, mobile apps and analytics. ReconaSense helps organisations to mitigate risk effectively in two ways. First, the system pulls in data from disparate systems into a unified language. And then, it enables users to proactively identify risk and threats before they become issues. “We provide actionable guidance and unprecedented visibility so that they can implement appropriate controls for quick remediation and risk mitigation,” says Brown. In general, ReconaSense will improve life safety, future-proof physical security, and provide enhanced situational awareness, he says. Application programming interfaces (APIs) By creating a database translation layer through application programming interfaces (APIs), ReconaSense normalises diverse data into a common language, or database. Previous unification platforms have presented data from different systems into a common presentation layer. ReconaSense goes deeper by extracting, transforming and loading these diverse languages into a common format for humans and machines alike to understand what is going on across their operation in real-time. ReconaSense was honoured with the Security Industry Association (SIA) New Product Showcase Award for Access Control Software at ISC West 2019 Security and risk unification The ReconaSense security and risk unification platform integrates and translates siloed data across systems, devices and applications into a common language, which makes it easier to focus on what matters most and keep risk at bay. “We can change permissions in real time based on any individual behavior or environment,” says Brown. “Being able to assess risk on both sides of the door enables organisations to not only improve security but also improve life safety. We are also positioned to detect insider threats and to streamline operations overall.” Security and data integration ReconaSense provides a common operating picture integrating all the incoming security and relevant data across an organisation ReconaSense provides a common operating picture integrating all the incoming security and relevant data across an organisation. The security intelligence platform can detect early warning signs and abnormal events and implement remediation actions swiftly. The platform can more deeply integrate 3rd-party data systems, analyse and score the data for risk trends, and then activate changes with a native access control system based on this intelligence. ReconaSense works with traditional security integrators as its exclusive channel. They are actively adding more dealers to the network. At this point, distribution is not on the roadmap, but could be beyond the current horizon as the industry matures. Intelligent approach to physical security "The market is ready for the new technology", says Brown. “We must continue to educate integrators and end users on the need to move to a more proactive, intelligent and integrated approach for physical security,” he says. “We have to help demonstrate that AI is not as scary or far away as you think. It’s here today.” In one year, ReconaSense expects to grow its team and partner network significantly and to be deployed in a variety of sites across North America. The current team consists of technologists, engineers, IT and physical security experts and data scientists. ReconaSense is headquartered in Austin, Texas, and has a technology center in New York.
In the aging trend of 21th century with rapid aging population and high healthcare costs are creating a growing demand for care at home, especially for seniors with long-term health conditions. Home care is moving towards tele-health monitoring and telemedicine, including video conferencing and remote monitoring technology to help increase caregiver efficiency while still providing constant convenience to the patients. Living independently and aging gracefully are the ideals that every individual seeks to pursue, and the challenge is to ensure that all people can age with dignity and security. Climax’s GX Cubic Smart Care Medical Alarm is an all-in-one wellness, and personal safety medical alarm solution, designed to help the elderly to manage their long-term health conditions, bridging medical health monitoring information to care providers/hospitals and create points of care to keep them safe in their own homes. GX Cubic medical alarm GX Cubic can be flexibly connected with third-party Bluetooth (BLE) healthcare sensors GX Cubic can be flexibly connected with third-party Bluetooth (BLE) healthcare sensors, like blood glucose monitor, pulse oximeter, blood pressure monitor, or weight for tracking health data and providing customised alerts to meet individual needs. The measurements can be automatically sent to a health professional who can review the results and continuously keep an eye on the patient’s health needs and provide early treatment as necessary. In addition to medical health monitoring, GX Cubic is also compatible with Pivotell Advance Automatic Pill Dispenser to keep secure of all pills, and remind the user to take the correct medicine at the pre-set time. The solution allows health professionals to monitor pill taking timely results and keep an eye on the patients’ treatment as needed. For situation when remote monitoring care given is insufficient and the user requires onsite assistance, GX Cubic can raise an emergency alarm to inform the caregiver or medical personnel for immediate action. Seniors can be assured that they are always being taken care of, and provide their family members with a peace of mind. Voice recognition solution Voice recognition has innovated over time and continues to advance, allowing products to become even more intuitive and easier to use. GX Cubic has built-in voice recognition and can activate an emergency call to care provider or central monitoring center by preset vocal commands or keywords. This allows seniors to receive emergency attention even in situations where they are immobilised or cannot manually reach the panic button. Working with the leading voice ecosystems Amazon Alexa and Google Home via cloud, GX Cubic also features voice control to activate home electronic devices, complete daily tasks, and seek help during emergencies. Voice over Internet Protocol With the VoIP (Voice over Internet Protocol) feature, GX Cubic users can also initiate two-way voice callsWith the VoIP (Voice over Internet Protocol) feature, GX Cubic users can also initiate two-way voice calls to contact their caregivers or family members at any time. With the additional add-on of DECT, GX Cubic can pair with voice extenders, talking pendants, call points, and voice extenders placed strategically around the home to create a safety net. Smart Home Automation Comprehensive elderly-friendly health care should also have a focus on preventive action to maintain a healthy ageing process. To realise independent living in a smart way, GX Cubic pairs with Zigbee or Z-Wave sensors to enable the whole-home control with various protocol-of-choice. GX Cubic can be programmed to turn on the hallway lights automatically when a sensor reports a senior’s movement in the middle of the night, to reduce a chance of falling; or automatically adjusting air conditioning when there is a sudden temperature-drop. The scenarios are unlimited to fit individual requirements, ensuring a safest living experience for the senior users. GX Cubic can also integrate IP security cameras and camera PIR motion sensors to deliver real-time visual monitoring and verification. When an emergency occurs, alerts are immediately sent to family members, and Monitoring Center to verify the event and sending immediate assistance as needed. Lastly, GX Cubic can support wireless sensor devices, allowing users to add in smoke detectors, water leakage sensors, and gas sensors to monitor environmental emergencies; and motion sensors, door contacts, sensor pad transmitters for inactivity monitoring, to build a healthier, safer independent living.
Ping Identity, the provider of Identity Defined Security, announces its successful completion of the Financial-grade API (FAPI) conformance testing, as part of the process defined by Open Banking Ltd. This builds on Ping Identity’s previous success as the first identity platform to pass all 70 technical security tests, as set by Open Banking Ltd., with zero warnings. The most recent set of FAPI conformance testing evaluated the latest versions of the Ping Intelligent Identity platform, including PingFederate, PingAccess and PingDirectory, within a mock banking environment. Additional technical requirements It switches to an API model with structured data that utilises a token model such as Open Authorisation The inclusion of FAPI within the Ping Identity solution for Open Banking helps allow banks to overcome insecure practices such as screen scraping by using stored user credentials. Instead, it switches to an API model with structured data that utilises a token model such as Open Authorisation. FAPI is a technical specification developed as a multi-industry standard by the FAPI Working Group of OpenID Foundation (OIDF). It leverages OAuth 2.0 and OpenID Connect (OIDC) to define additional technical requirements for the financial industry and other sectors requiring higher security. For banks specifically, FAPI provides various advantages. This includes enabling applications to securely interact with financial accounts, while also enhancing the user’s ability to control security and privacy settings. Secure identity requirements In concurrence with the specification, OpenID Foundation maintains a cloud-based testing suite for conformance testing by banks, certified third-party security providers and platform vendors—such as Ping Identity. The Ping Intelligent Identity platform is used by hundreds of financial services enterprises, including many of the CMA 9 and Open Banking Ltd. itself. Additionally, FAPI is of increasing relevance to the growing number of new fintech start-ups in areas such as investment, wealth management, insurance, payments and even real estate. “This is significant beyond the Open Banking and financial services sector,” explains Rob Otto, EMEA Field CTO, Ping Identity. “Other digitally-focused sectors, with similar secure identity requirements, now have a proven template that can allow them to quickly deploy their own security controls, which have been stringently tested by the largest financial institutions in the UK.”
Crossword Cybersecurity plc, has announced that Stevenage Borough Council, Peterborough City Council and East Hertfordshire District Council (‘the Councils’), will use Rizikon Assurance to manage compliance with the GDPR (General Data Protection Regulation) with their suppliers and for wider information governance. GDPR compliance GDPR makes many requirements of organisations, including taking adequate steps to ensure data is both encrypted and anonymised, so that in the event of a breach, the data cannot be exploited. Infringements under GDPR can lead to fines of €20 million, or 4% of annual global turnover for an organisation. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack With a combined residential population of over 430,000, the Councils have a duty to ensure that the personal information of all residents is adequately protected against the risk of data breach, either by the Councils themselves or the third-party suppliers and agencies with which they work. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack. GDPR risk exposure Using Rizikon Assurance, the Councils will improve the process and accuracy of securing third party assurance. This will support compliance with GDPR, and establish a way to manage on-going assurance checks when needed at regular intervals. Additionally, the Councils will be in a position to identify GDPR risk exposure across their supplier portfolio, so that remedial action can be taken to improve the protection of citizen data. Jake Holloway, Director responsible for Rizikon Assurance, commented, “The role of every public service organisation is to serve its citizens, often holding personal information about them on many sensitive topics such as health, benefits and education. With that comes the responsibility of ensuring that information is protected, especially when it needs to be shared with partner organisations.” Rizikon Assurance Jake adds, “Rizikon Assurance will help any organisation dramatically improve the speed and reliability of its third-party assurance processes, covering areas such as GDPR, health & safety, the Modern Slavery Act and any other requirements that they may have. It moves third party assurance from a siloed and reactive activity, to a connected, proactive continuous process that delivers a complete view of third-party risk.”
Surveillance solutions business Synectics develops and delivers a solution to help enhance safety and security monitoring at Nottingham Trent University. With more than 28,000 students and 3,100 staff to protect, surveillance footage at Nottingham Trent University (NTU) is captured by over 1,300 cameras covering the estate of 75 buildings. Each of the university’s three main campuses has a 24/7 control room and its own security team, ensuring that safety measures enable free movement while protecting the community from both external and internal threats. Integrated surveillance solution Synectics deployed a tailored solution based around its Synergy 3 command A progressive development plan, coupled with the need to optimise legacy technology, meant the university required an integrated surveillance solution that would enable teams based at each control room to monitor and manage footage from both IP and analogue cameras, supporting a gradual transition to digital solutions and full-IP ambitions. In one of the UK’s first cloud-based surveillance contracts, and in collaboration with integrator PFS, Synectics deployed a tailored solution based around its Synergy 3 command and control platform to support NTU’s long-term objectives. Interactive camera map Mark Stacey, Security Systems Operational Manager, NTU, said: “Moving the university onto a sophisticated surveillance monitoring platform has significantly improved the provision of student security, saving our team vital minutes in the event of emergencies.” “As well as supporting both analogue and IP inputs, where many solutions on the market do not, Synectics’ Synergy 3 offers impressive functionality and is easy to use. The ability to import an interactive camera map means we can now bring up footage in just seconds, where operators previously had to spend time manually correlating sensor triggers to the relevant cameras – an enhancement that keeps our students safe in real time.” Cloud-based system “Synectics even created a new feature at our request, which enables us to circle an area of the on-screen map and immediately view up to nine local cameras in that zone. Furthermore, opting for a cloud-based system means we don’t have to look after a physical server, freeing up space and our resources.” The system will help us in our mission to provide an ever-safer environment for our students" “Throughout the process, Synectics has gone the distance to deliver, as highlighted by the tailored training sessions provided for the team and its commitment to support us throughout the life of the system. We’re delighted with the results and sure the system will help us in our mission to provide an ever-safer environment for our students.” Future-proof solutions Martin Bonfield, Sales Manager at Synectics, commented: “We passionately believe that command and control systems should be flexible enough to allow for the evolution of customer needs. Only then can you provide seamless, future-proof solutions that improve safety both now and in the long term.” “Working closely with the team at NTU to understand their needs, the Synergy 3 platform has been designed to ensure they have an intuitive system that saves staff-hours and significantly improves incident response times. Nottingham Trent University is nationally recognised, having received the University of the Year award three years in a row. I’m delighted that we’ve provided them with this leading-edge solution, along with support, and ongoing training, to help safeguard their students, staff, and premises.”
ProdataKey (PDK), an innovator of cloud-based networked and wireless access control products and services, announced that Corning High School, in Corning, Arkansas, has increased its security and greatly enhanced its lockdown capabilities by installing the pdk io wireless access control system. Pdk io is a wireless, cloud-based solution that provides advantages such as around-the-clock accessibility, remote management, superior backup and redundancy, automated updates, and strong cyber security. The installation was undertaken by Blue Sky Technologies (Blue Sky) of Jonesboro, Arkansas. Wireless PDK solution The system is proving to be a useful tool for monitoring student traffic patterns and identifying problem behaviours Corning High School comprises seven buildings connected by breezeways, designed in an open style common to campuses constructed in the 1960s. Integrator Blue Sky chose the wireless PDK solution because it was perfectly suited to the multi-building layout, with no need to run copper or fibre cable to all connected door locations. As a result, material and labour costs were greatly reduced – a major plus for the small and budget-conscious school district. The installation includes exterior doors for each of the classroom buildings and a few other key locations. As budgets permit, additional doors will be added throughout the high school as well as in other district buildings. The wireless connectivity makes the solution exceptionally scalable; new doors can be immediately brought online through connection with the system’s wireless mesh network without additional infrastructure. Enhancing campus security In addition to enhancing the security of the campus by automating the unlocking and locking of exterior doors to align with the high school’s bell schedule, the system is also proving to be a useful tool for monitoring student traffic patterns and identifying problem behaviours. Faculty and support staff find the pdk io system to be much more convenient than the traditional locks and keysClassrooms are each allocated with ‘student fobs’ for use by students who need to travel between buildings during class periods when doors are otherwise locked. Their use of the fobs enables administrators to track where the students go, making sure they head to the intended destination (i.e. the library or nurse’s office) rather than elsewhere. Suitable access control solution for schools Faculty and support staff find the pdk io system to be much more convenient than the traditional locks and keys that previously secured most doors. Permission groups, managed through the pdk io software, control different access levels for teachers, administrators and custodians. Programming of special door schedules, as well initiating lockdown conditions, can all be handled by the IT staff using the mobile interface. Brian Duckworth, sales consultant with Blue Sky, says, “Pdk io has become our go-to access control solution for K-12 installations because the wireless aspect leads to such major cost savings for the schools, which are always budget-challenged. In addition, the installation process causes very little disruption for the students and teachers.” Keeping students safe and secure Pdk io is ideal for K-12 applications, providing educators with a tool that’s powerful and easy to manage"School Superintendent Kellee Smith adds, “We strive to make our campus a place where our students enjoy the freedom to focus fully on learning because they’re not worrying about safety and security. This solution is making our goal so much easier to meet. It’s also making the teachers’ daily routines less stressful and they really like it.” “PDK is passionate about creating technology that delivers security and peace-of-mind, and what could be more important than keeping our children safe?” says ProdataKey’s President, Jeffery Perri. “Pdk io is ideal for K-12 applications, providing educators with a tool that’s powerful and easy to manage, affordable, scalable over time, and is sure to provide value for the long term.”
Trackforce has entered the retail market with a leading security workforce and activities management platform that empowers retailers to effectively manage their physical security and loss prevention environment. The platform delivers actionable data analytics to anticipate, assess, and mitigate risk; it enhances compliancy management, and helps supervisors manage more resources at multiple sites from one centralised location. Retail security and loss prevention teams operate in a challenging and complex environment" Retail Security According to Guirchaume Abitbol, CEO and Founder of Trackforce, “Retail security and loss prevention teams operate in a challenging and complex environment. To be successful they must access the best type of technology to support their security and loss prevention teams and streamline management of the entire security and risk environment. Our platform is seamless. Simpler to operate and more cost effective, it helps retailers deliver enhanced shopper safety while optimising security and loss prevention management.” Trackforce supports security and loss prevention teams by giving them predictive and historical data analytics to boost their strategic decision-making capabilities. The SaaS platform’s predictive analytics capabilities facilitate easy identification and analysis of theft patterns so that weak areas within the store can be improved to reduce risk and loss. Historic data are analysed, cross-referenced with trends and industry best practices, and then broken down. The resulting intelligence can then be used to fine tune security both within the store and externally. Trackforce SaaS platform The platform also consolidates and centralises the security command and control function, eliminating the expense of posting multiple supervisors at various sites. “Now one supervisor using the Trackforce command center is empowered with communication and management capabilities to effectively oversee security at numerous retail sites. The supervisor can communicate over multiple communication channels to security officers at all locations they are responsible for,” adds Abitbol. “This delivers major budgetary savings for the retail enterprise without compromising quality in any aspect of its security environment.” The Trackforce platform prevents loss and mitigates risks by securely maintaining digital records Security and risk management within the retail environment is complex, with numerous code and compliancy requirements. Missing a deadline can result in severe fines, increased insurance premiums, or even prosecution. The Trackforce platform prevents loss and mitigates risks by securely maintaining digital records and proactively alerting stakeholders when licenses need renewing and audits and inspections are due. The security manager commands a dashboard view of the entire regulatory and compliancy landscape across all store locations. Security and risk management “No two retail security departments are the same,” concludes Abitbol. “So we help retail clients customise their Trackforce workforce management platform based on their unique security, loss prevention, and risk environment. Trackforce eliminates the need for time-consuming paper reports and antiquated guard tour devices. It assists security officers and loss prevention officers in fulfilling their duties effectively, giving them improved capabilities to help them face their security challenges with greater efficiency and economy.”
Round table discussion
One impact of Chinese companies entering the physical security market has been an erosion in product pricing, creating what has been called the "race to the bottom". However, political forces and cybersecurity concerns have presented new challenges for Chinese companies. Adding cybersecurity increases costs, and the addition of more functionality to edge devices is another trend that has impacted product pricing. We asked this week's Expert Panel Roundtable: Has price erosion ended (or slowed down) in the security market?
In the digital age, software is a component of almost all systems, including those that drive the physical security market. A trend toward hardware commoditisation is making the role of software even more central to providing value to security solutions. Software developments make more things possible and drive innovation in the market. We asked this week's Expert Panel Roundtable: How do software improvements drive physical security?
People are an essential component of any physical security system. Automation hasn’t taken over completely yet! But how has innovation changed the skillsets security operators need to operate systems effectively? The two elements – technology and manpower – must operate seamlessly and hand-in-glove to ensure that modern systems live up to their full potential. We asked this week’s Expert Panel Roundtable: How does technology innovation in security systems impact the skillsets needed by security operators and officers?