British businesses should drastically up their game when it comes to being prepared and able to effectively deal with cyberattacks, according to Cyber Security Connect UK (CSC UK), the industry forum for cybersecurity professionals.
The call to action comes during European Cyber Security Month, the EU’s annual awareness campaign that takes place each October across Europe and aims to raise awareness of cybersecurity threats, promote cybersecurity among citizens and organisations; and provide resources to educate and share good practices.
Identifying cybersecurity breaches or attacks
According to the Cyber Security Breaches Survey 2019, more than a third of UK businesses identified cybersecurity breaches or attacks in the last 12 months. Despite this, only 33% admitted having cyber security policies in place. With this in mind, CSC UK is calling for business leaders across Britain to arm themselves with the knowledge and tools required to protect the companies they represent and make adequate plans should the worst happen.
Martin Smith MBE, Cyber Security Connect UK Conference Chair and Chairman of the Security Awareness Special Interest Group (SASIG), said: “We have a duty as cybersecurity professionals to set the highest standards and be prepared to tackle cyberattacks. On top of this we must continue to push for a greater sharing of knowledge, benchmarking of best practice and ongoing learning so we can remain in the best position possible when it comes to staying ahead of cyber criminals.”
Cyber incident management
Aurore Domange, event director for Cyber Security Connect UK 2019, added: “European Cyber Security Month is the ideal time to raise awareness of the issues affecting our cyber resilience and educate businesses on how they can mobilise themselves against these challenges to best protect their company, its employees, partners and customers.”
Cyber Security Connect UK, the conference and industry forum for UK CISOs, takes place from 13-15 November, it will bring together more than 300 top-level cyber security professionals to debate strategic cyber security issues including; cyber resilience, identifying cyber criminals, securing the supply chain and cyber incident management.
Check Point announces the release of the new 1500 series security gateways for SMBs. The two new SMB appliances set new standards of protection against the most advanced fifth-generation cyberattacks, and offer unrivalled ease of deployment and management.
According to the 2019 Verizon Data Breach Investigations Report, 43% of all breach victims were small businesses, and 63% of attack attempts against SMBs were successful. The cost of disruption from cyber-attacks against SMBs can exceed $1M, according to a Ponemon Institute report, which can have a devastating effect on an organisation.
Multi-layered next-generation protection
The 1550 and 1590 gateways are powered by Check Point’s R80 release. R80 is the industry’s most advanced security management software, and includes multi-layered next-generation protection from both known threats and zero-day attacks using the award-winning SandBlast™ Zero-Day Protection, plus antivirus, anti-bot, IPS, app control, URL filtering and identity awareness.
The new 1500 series empowers Small and Midsize businesses with Enterprise Grade Security:
100% block score for malware prevention for email and web, exploit resistance and post-infection catch rate, as seen in the NSS Labs’ recent Breach Prevention Systems (BPS) Group Test
Up to 2 times more performance from previous generations. The 1550 Gateway offers 450Mbps of threat prevention performance, and the 1590 Gateway offers 660Mbps
The 1550 provides maximum firewall throughput of 2Gbps and the 1590 provides maximum firewall throughput of 4Gbps
The 1550 features six 1GbE ports and the 1590 features ten 1GbE ports both have Wi-Fi and integrated cellular modem architected for LTE and 5G
Check Point WatchTower mobile application, enables IT staff to monitor their networks and quickly mitigate security threats on the go from their mobile device
Out-of-the-box zero-touch provisioning allows for under 1-minute setup
IoT devices discovery and recognition for accurate security policy definition.
Truly enterprise-grade security
"Small businesses play a critical role in economic growth and innovation across the globe, but often lack the resources to fully protect themselves against today’s advanced cyber-threats,” said Itai Greenberg, VP of Product Management at Check Point Software Technologies.
“Now, small and midsize businesses can enjoy truly enterprise-grade security with industry-leading threat prevention capabilities, coupled with easy and intuitive management.”
Ping Identity, a pioneer in Intelligent Identity, announces an expansion of its Northern European operation with the opening of a new office in Utrecht, Netherlands.
The growth of the identity market has been rapid across Benelux and Scandinavia, and Ping Identity continues to drive attention to the importance of identity security in the cybersecurity landscape, as well as support for its local clients and channel partners.
Providing secure access to applications
The Ping Identity ecosystem in Northern Europe includes a variety of partners ranging from security specialists such as Arctic Group, Intragen and Traxion, to large scale systems integrators. Additionally, customers including ABN AMRO and Wolters Kluwer leverage Ping Identity’s solution to provide secure access to applications.
“Ping Identity is a strategic partner for us in the security space and we appreciate the commitment it has shown to support our technical needs within the region,” said an identity and access management professional with ABN AMRO. “We look forward to working closely together to deliver secure access that uses identity intelligence to detect and block cyberattacks, prevent security breaches and meet regulatory requirements.”
Excellent delivery support to the customers
"Our partnership with Ping, which combines its vendor technology and our consultancy expertise, has enabled excellent delivery support to our customers in their infrastructure and security projects," said Ian Yoxall, co-founder, Intragen. "The customer demand for easily integratable, standards-based technology—whether in the cloud or on premises—means Ping Identity solutions are ideally suited. We're thrilled to see Ping's expansion and continued commitment in the region."
“Traxion has implemented Ping Identity solutions for customers for many years. What we like about Ping Identity is the ease of implementing complex use cases and especially the scalability of its solutions. The combination of the quality of Ping’s products and Traxion’s skilled team create happy and successful customers,” commented Erik de Jong, founder and chief technology officer, Traxion B.V.
Crossword Cybersecurity Plc the technology commercialisation company focused solely on cyber security and risk, is pleased to announce that it has signed a Memorandum of Understanding (MoU) with Leonardo MW Ltd, a global high-tech Aerospace Defence and Security company.
Crossword is rapidly becoming a pioneer player in the provision of risk assurance systems. Rizikon Assurance allows organisations to assess, assure, visualise and, ultimately, control third party risk.
Risk assessment and management practice
The cooperation between Crossword and Leonardo will enable Leonardo’s National Cyber Security Centre’s certified cyber consultancy to use Rizikon Assurance to enhance its leading risk assessment and risk management practice for customers throughout the world.
Leonardo targets its cyber security offerings at Government, Defence and Critical National Infrastructure both in the UK and internationally. Supporting that offering with industry-leading tooling such as Rizikon Assurance, will further improve outcomes for customers.
Cyber and supply chain assurance capability
MoU states an intention to collaborate across multiple workstreams, including an agreement to bidThe MoU states an intention to collaborate across multiple workstreams, including an agreement to bid for certain significant contracts across multiple industries throughout 2020, utilising Crossword’s flagship third party risk management solution Rizikon Assurance and Leonardo’s extensive expertise in integration, cyber and third-party assurance.
A recent Ponemon Institute survey found that 56% of data breaches were caused by a third-party vendor and with this issue gaining in media and regulatory attention, it is critical that businesses understand their third-party risk and how to mitigate it. Crossword’s Rizikon Assurance and Leonardo’s cyber and supply chain assurance capability perfectly align to address this growing requirement.
Deliver technology commercialisation
The MoU also explores opportunities to partner to deliver technology commercialisation, focusing on cybersecurity research in UK universities and bringing cutting edge technology to market.
Jake Holloway, Crossword’s Business Development Director, said: “Having Leonardo as a partner will allow us to respond to much larger opportunities for our products like Rizikon Assurance. This is a big step in our development as a business.”
Rodrigue Zbinden, CEO at Morphean, discusses the business benefits from merging video surveillance and access control technologies as demand for ACaaS grows.
The big question facing businesses today is how they will use the data that they possess to unlock new forms of value using emerging technologies such as the cloud, predictive analytics and artificial intelligence. Some data is better utilised than others: financial services were quick to recognise the competitive advantages in exploiting technology to improve customer service, detect fraud and improve risk assessment. In the world of physical security, however, we’re only just beginning to understand the potential of the data that our systems gather as a part of their core function.
Benefits of ‘Integrated access control’
The first thing to look for is how multiple sources of data can be used to improve physical security functionsWhat many businesses have yet to realise is that many emerging technologies come into their own when used across multiple sources of data. In physical security, for example, we’re moving from discussions about access control and CCTV as siloed functions, to platforms that combine information for analysis from any source, and applying machine learning algorithms to deliver intelligent insights back to the business. ‘Integrated access control’ then looks not just to images or building management, but to images, building management, HR databases and calendar information, all at the same time. And some of the benefits are only now starting to become clear.
The first thing to look for, of course, is how multiple sources of data can be used to improve physical security functions. For example, by combining traditional access control data, such as when a swipe card is used, with a video processing platform capable of facial recognition, a second factor of authentication is provided without the need to install separate biometric sensors. CCTV cameras are already deployed in most sensitive areas, so if a card doesn’t match the user based on HR records, staff can be quickly alerted.
Making the tools cost-effective
In a similar vein, if an access card is used by an employee, who is supposed to be on holiday according to the HR record, then video data can be used to ensure the individual’s identity and that the card has not been stolen – all before a human operator becomes involved.
This is driving growth in ‘access control as a service’ (ACaaS), and the end-to-end digitalisation of a vital business functionThese capabilities are not new. What is, however, is the way in which cloud-based computing platforms for security analytics, which absorb information from IP-connected cameras, make the tools much more cost effective, accessible and easier to manage than traditional on-site server applications. In turn, this is driving growth in ‘access control as a service’ (ACaaS), and the end-to-end digitalisation of a vital business function.
With this system set up, only access control hardware systems are deployed on premise while the software and access control data are shifted to a remote location and provided as a service to users on a recurring monthly subscription. The benefits of such an arrangement are numerous but include avoiding large capital investments, greater flexibility to scale up and down, and shifting the onus of cybersecurity and firmware updates to the vendor.
Simple installation and removal of endpoints
What’s more, because modern video and access control systems transmit data via the IP network, installation and removal of endpoints are simple, requiring nothing more than PoE and Wi-Fi.
Of all the advantages of the ‘as a service’ model, it’s the rich data acquired from ACaaS that makes it so valuable, and capable of delivering business benefits beyond physical security. Managers are constantly looking for better quality of information to inform decision making, and integrated access control systems know more about operations than you might think.
Integrating lighting systems with video feeds and access control creates the ability to control the lightsRight now, many firms are experimenting with ways to find efficiencies and reduce costs. For example, lights that automatically turn off to save energy are common in offices today, but can be a distraction if employees have to constantly move around to trigger motion detectors. Integrating lighting systems with video feeds and access control creates the ability to control the lights depending on exactly who is in the room and where they are sitting.
Tracking the movement of employees
Camera data has been used in retail to track the movement of customers in stores, helping managers to optimise displays and position stocks. The same technology can be used to map out how employees move around a workspace, finding out where productivity gains can be made by moving furniture around or how many desks should be provisioned. Other potential uses of the same data could be to look for correlations between staff movement – say to a store room – and sales spikes, to better predict stock ordering.
What makes ACaaS truly exciting is it is still a very new field, and we’re only just scratching the surface of the number of ways that it can be used to create new sources of value. As smart buildings and smart city technology evolves, more and more open systems will become available, offering more ways to combine, analyse and draw insights from data. Within a few years, it will become the rule, rather than the exception, and only grow in utility as it does.
The cyber security threat is constant and real. Entire businesses, large enterprises and even whole cities have been vulnerable to these attacks.
Growing threat of cyber attacks
The threat is not trivial. Recently, two cities in Florida hit by ransom ware attacks – Rivera Beach and Lake City – opted to capitulate and pay ransom totaling more than $1.1 million to hackers. The attacks had disrupted communications for first responders and crippled online payment and traffic-ticketing systems. It was reminiscent of the $4 billion global WannaCry attacks on financial and healthcare companies. A full two years after the WannaCry attack, many of the hundreds of thousands of computers affected remain infected.
And hackers are continuously devising new techniques, adapting the latest technology innovations including machine learning and artificial intelligence to devise more destructive forms of attack. Indeed, AI promises to become the next major weapon in the cyber arms race.
For enterprises, there is no choice but to recognise the threat and adopt effective countermeasures
For enterprises, there is no choice but to recognise the threat and adopt effective countermeasures. Not surprisingly, as the number, scale and sophistication of cyber-attacks has grown, so has the significance of the Chief Information Security Officer, or CISO, who owns the responsibility of sounding the alarm to the C-suite and the board – and recommending the best defense strategies.
Consider it a grim irony of the digital economy. As companies have migrated to the cloud to gain scale and efficiency and integrated new channels and touch points to make it easier for their customers and suppliers to do business with them, they have also created more potential points of entry for cyber-attacks.
IoT increases threat of cyber-attacks
Amplifying that vulnerability is the trend of allowing employees to bring their own laptops, smartphones and other digital devices to the office or use to work remotely. And thanks to the Internet of Things, as more devices connect to enterprise systems – from thermostats to cars – the threat surface or targets of intrusion are multiplying exponentially.
According to the McAfee Labs 2019 Threats Predictions Report, hackers will increasingly turn to AI to help them evade detection and automate their target selection. Companies will have no choice but to begin adopting AI defenses to counter these cybercriminals.
Importance of cyber security
This escalation in the cyber arms race reflects the sheer volume of data and transactions in modern life. In businesses like financial services and healthcare it is not humanly possible to examine every transaction for anomalies that might signal cyber snooping. Even when oddities are glimpsed, simply flagging potential problems can create so-called threat fatigue from endless false alarms.
What’s more, attacks like those from Trickbots are specifically designed to go undetected by end users. The fact is, even if throwing more people at the problem were a solution, there aren’t enough skilled cyber security workers in the world. By some estimates, as many as 10 million cyber security jobs now go unfilled.
AI is being used to conduct predictive analysis at a scale beyond human means
As a result, AI is being deployed on multiple cyber-defense fronts. So far, it is mainly being used to conduct predictive analysis at a scale beyond human means. AI programs can sift through petabytes of data, identifying anomalies and even helping an organisation recognise and diagnose intrusions before they turn into catastrophic attacks.
AI can also be used to continually monitor and allocate levels of access to a network’s multitude of legitimate users – whether employees, customers, partners or suppliers – to ensure that all parties have the access they need, but only the access they need.
Countering cyber security threats
To harden defenses, some AI programs can be configured to perform simulated war games
To harden defenses, some AI programs can be configured to perform simulated war games. Because cyber attackers have stealth on their side, organisations might need dozens of experts to counter only a handful of attackers. AI can help even the odds, scoping out the potential permutations of vulnerabilities.
As CISOs – and the CIOs they typically report to – advise C-suites and boards on their growing cybersecurity risk, they can also help those leaders recognize an enduring truth: AI programs cannot replace experienced cybersecurity professionals. But the technology can make staff smarter, more vigilant and more nimbly responsive.
AI-based cyber security tools
Financial and healthcare companies are leading this charge because of the sheer volume and variety of transactions they handle and because of the value and sensitivity of the data. Organisations like the U.S. Department of Defense and the space agency NASA, as well as governments around the world are also implementing AI-based tools to address the cyber threat.
For businesses of all types, the threat stretches from the back office to the supply chain to the store front. That is why recognising and countering that threat must involve everyone from the CISO to the CEO to the Chairman of the Board. The AI arms race is underway in security. To delay joining it is to risk letting your enterprise become one of the grim statistics.
We live in an information and data-led world, and cybersecurity must remain top-of-mind for any organisation looking to both protect business operation critical assets.
Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - from cybercriminals conducting targeted spear-phishing campaigns - like the 2018 Moscow World Cup vacation rental scam, to nation-state actors looking to collect intelligence for decision makers - no organisation is safe from innovative cyber threats.
Security solutions enterprises
Organisations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe
The evolving threat space means organisations need to ensure they have the most innovative prevention and detection frameworks in order to withstand adversaries using complex and persistent threats. When implementing new security solutions enterprises must start by assuming that there is already a bad actor within their IT environment. With this mindset, organisations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe.
As there is no one silver bullet that truly stops all cyberattacks, organisations must adopt a multipronged approach to be widely adopted to stop adversaries. This must include tracking, analysing and pinpointing the motivation of cyber actors to stay one step ahead through global intelligence gathering and proactive threat hunting. In addition, deploying new technologies leveraging the power of the cloud give a holistic view of the continuously evolving threat landscape and thereby secure data more efficiently.
Traditional security approach
In today’s landscape, the propagation of advanced exploits and easily accessible tools has led to the blurring of tactics between statecraft and tradecraft. Traditional security approaches are no longer viable when it comes to dealing with the latest trends in complex threats. To make defending against these threats even more complicated, adversaries are constantly adapting their tactics, techniques and procedures (TTPs), making use of the best intelligence and tools.
CrowdStrike’s latest Global Threat Report tracked the speed of the most notable adversaries including Russian, Chinese, North Korean and Iranian groups. As the adversaries’ TTPs evolve into sophisticated attack vectors defenders need to recognise we are amidst an extreme cyber arms race, where any of the above can become the next creator of a devastating attack. Russian efficiency is particularly high; they can spread through an enterprise network in 18 minutes 48 seconds on average, following the initial cyber-intrusion.
Sophisticated cyber weapons
Actors tend to use a simple trial and error technique where they test the organisation's network
So, reacting to threats in real-time is a priority. Bad actors are extremely vigilant and committed to breaking down an organisation’s defences, and speed is essential to finding the threats before they spread. Actors tend to use a simple trial and error technique where they test the organisation's network, arm themselves with more sophisticated cyber weapons, and attack again until they find a vulnerability.
This has highlighted the need for tools that provide teams with full visibility over the entire technology stack in real-time in order to meet these threats head-on. Traditional solutions are scan-based, which means they don’t scale well and can’t give the security teams context around suspicious activity happening on the network. They lack full visibility when a comprehensive approach is needed.
Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - like the 2018 Moscow World Cup vacation rental scam
Through leveraging the power of the cloud and crowdsourcing data from multiple use cases, security teams can tap into a wealth of intelligence collated from across a vast community. This also includes incorporating threat graph data. Threat graphs log and map out each activity and how they relate to one another, helping organisations to stay ahead of threats and gain visibility into unknowns.
Threat graph data in conjunction with incorporating proactive threat hunting into your security stack creates a formidable 360-degree security package. Managed threat hunting teams are security specialists working behind the scenes facing some of the most sophisticated cyber adversaries through hands on keyboard activity. Threat hunters perform quickly to pinpoint anomalies or malicious behaviour on your network and can prioritise threats for SOC teams for faster remediation.
Security teams need to beat the clock and condense their responseIt is key for security teams to have an in-depth knowledge of the threat climate and key trends being deployed by adversaries. The TTPs used by adversaries leave are vital clues on how organisations can best defend themselves from real-life threats.
Intrusion ‘breakout time’ is a key metric tracked at CrowdStrike. This is the time it takes for an intruder to begin moving laterally outside of the initial breach and head to other parts of the network to do damage. Last year, the global average was four hours and 37 minutes. Security teams need to beat the clock and condense their response and ejection of attackers before real damage is done.
When managing an incident clients need to be put at ease by investigations moving quickly and efficiently to source the root of the issue. Teams need to offer insight and suggest a strategy. This can be achieved by following the simple rule of 1-10-60, where organisations should detect malicious intrusions in under a minute, understand the context and scope of the intrusion in ten minutes, and initiate remediation activities in less than an hour. The most efficient security teams working for modern organisations try to adhere to this rule.
As the threat landscape continues to evolve in both complexity and scale, adequate budget and resources behind security teams and solutions will be determining factors as how quickly a business can respond to a cyberattack. To avoid becoming headline news, businesses need to arm themselves with next-generation solutions.
The solution can then know when to remove an adversary before a breakout occurs
Behavioural analytics and machine learning capabilities identify known and unknown threats by analysing unusual behaviour within the network. These have the ability to provide an essential first line of defence, giving security teams a clear overview of their environment. With this at hand, the solution can then know when to remove an adversary before a breakout occurs.
Attackers hide in the shadows of a network’s environment, making the vast volume and variety of threats organisations face difficult to track manually. The automation of responses and detection in real-time is a lifeline that organisation cannot live without as adversaries enhance and alter their strategies.
Adversaries continue to develop new ways to disrupt organisations, with cybersecurity industry attempting to keep pace, developing new and innovative products to help organisations protect themselves. These technologies empower security teams, automating processes and equipping security teams with the knowledge to respond quickly. Organisations can set themselves up for success by integrating the 1-10-60 rule into their security measures, giving them an effective strategy against the most malicious adversaries.
A larger proportion of cyberattacks in the first half of 2019 can be attributed to electronic criminals (eCrime adversaries) compared to state-sponsored or unidentified attacks. CrowdStrike, a cybersecurity company that provides the CrowdStrike Falcon endpoint protection platform, observes that 61% of targeted cybersecurity campaigns in the first half of 2019 were sourced from eCrime adversaries, compared to 39% from other sources.
Technology was the top vertical market targeted by cyber-attacks in the first half of the year
CrowdStrike Falcon Overwatch platform
The eCrime portion more than doubled since 2018, reflecting an escalation of criminal players in search of more and larger payouts. The trend is among the information presented in CrowdStrike’s Overwatch 2019 Mid-Year Report: Observations from the Front Lines of Threat Hunting. Falcon OverWatch is the CrowdStrike-managed threat hunting service built on the CrowdStrike Falcon platform.
Technology was the top vertical market targeted by cyber-attacks in the first half of the year, followed by telecommunications and non-governmental organisations (including think tanks). Other targets (in decreasing order) were retail, financial, manufacturing, transportation and logistics, gaming, entertainment and engineering. Hospitality disappeared from the list so far this year, although Crowdstrike expects an increase in intrusions aimed at the hospitality industry to put it back in the top 10 by the end of the year.
In terms of intrusion adversaries, the top players so far in 2019 are Spiders (eCrime) and Pandas (China). Regarding initial access techniques, the most common remain, in order of prevalence, valid accounts, spear-phishing and exploitation of public-facing applications.
2009 is proving to be an active year with a significant increase in eCrime and the inter-relationships occurring across different groups as they strengthen their organisations, forge alliances and expand their footprint.
Need for a proactive security posture
Basic hygiene form the foundation for a strong cybersecurity program
Many of the techniques used by eCrime actors are easily defensible through strong security products and a proactive security posture, says CrowdStrike, which recommends the following measures to help maintain strong defense in 2019:
Be attentive to basic hygiene such as user awareness, asset and vulnerability management, and secure configurations, which form the foundation for a strong cybersecurity program.
User awareness programs can combat the continued threat of phishing and related social engineering techniques.
Asset management and software inventory ensures that an organisation understands it footprint and exposure.
Vulnerability and patch management can verify that known vulnerabilities and insecure configurations are identified, prioritised and remediated.
Multifactor authentication (MFA) should be established for all users because today's attackers are adept at accessing and using valid credentials.
A robust privilege access management process will limit the damage adversaries can do if they get in and reduce the likelihood of later movement.
Implementing password protection prevents disabling or uninstalling endpoint protection that provides critical prevention and visibility for defenders.
Countering sophisticated cyber attacks
As sophisticated attacks continue to evolve, enterprises face more than a "malware problem"
As sophisticated attacks continue to evolve, enterprises face more than a "malware problem." Defenders should look for early warning signs that an attack may be underway, such as code execution, persistence, stealth, command control and lateral movement within a network.
Contextual and behavioral analysis, when delivered in real time via machine learning and artificial intelligence, effectively detects and prevents attacks that conventional "defense-in-depth" technologies cannot address.
"1-10-60 rule" in combating advanced cyber threats
CrowdStrike recommends that organisations pursue a "1-10-60 rule" in order to effectively combat sophisticated cyberthreats. That is, they should seek to detect intrusions in under one minute; to perform a full investigation in under 10 minutes, and to eradicate the adversary from the environment in under 60 minutes.
A source at CrowdStrike said "Meeting this challenge requires investment in deep visibility, as well as automated analysis and remediation tools across the enterprise, reducing friction and enabling responders to understand threats and take fast, decisive action."
The healthcare market is rife with opportunity for security systems integrators. Hospitals have a continuous need for security, to update their systems, to make repairs, says David Alessandrini, Vice President, Pasek Corp., a systems integrator. “It’s cyclical. Funding for large projects might span one to two years, and then they go into a maintenance mode. Departments are changing constantly, and they need us to maintain the equipment to make sure it’s operating to its full potential.”
The experience of Pasek Corp. is typical of the opportunities available for security integrator companies in the healthcare vertical. A single large hospital system can supply a dependable ongoing source of revenue to integrator companies, says Alessandrini. Hospitals are “usually large enough to provide enough work for several people for an extended length of time.” Healthcare customers in Pasek’s service area around Boston provide the potential for plenty of work. “We have four major hospitals, each with in excess of 250 card readers and 200 cameras, in the Boston area,” Alessandrini says.
One appeal of the healthcare market for North Carolina Sound, an integrator covering central North Carolina, is the breadth of possible equipment they can sell into the healthcare market, including access control and video, of course, but also other technologies, such as audio-video systems in a dining room. North Carolina Sound has also installed sound masking in some areas with waiting rooms to protect private patient information from being overheard. Locking systems on pharmaceutical doors are another opportunity.
Data capture form to appear here!
IP based networked video systems
A facility’s IT folks must be convinced an IP solution will function seamlessly on their network
Among North Carolina Sound’s customers is Wayne Memorial Hospital, Goldsboro, N.C., which uses about 340 video cameras, with 80 percent or more of them converted to IP. The hospital is replacing analogue with IP cameras as budget allows, building network infrastructure to support the system. The healthcare market tends to have a long sales cycle; in general, sales don’t happen overnight or even within a month or two. In fact, the period between an initial meeting with a healthcare facility and installation of a system could stretch to a year or longer. A lot happens during that time.
Healthcare systems involve extensive planning, engineering, and meetings among various departments. Physical security systems that involve the information technology (IT) department, as do most systems today, can be especially complex. Installation of networked video systems based on Internet protocol (IP) requires deep and probing discussions with the IT team about how a system fits into the facility’s network infrastructure. A facility’s IT folks must be convinced an IP solution will function seamlessly on their network.
Compatible with the network
They must vet the technology to ensure the devices and solutions will be compatible with the network, and must sign off on technology choices. And even more important is determining if the security system will adhere to cyber security requirements of the facility. A complete solution that integrates nearly any system that lives on or uses a facility’s network is ultimately what the healthcare vertical is moving toward, says Jason Ouellette, General Manager – Enterprise Access Control & Video, Johnson Controls.
Healthcare security professionals are early adopters of technology, implementing the best technology available”
“We are hearing more and more from customers across industries that they want to be able to use their security systems and devices for more than just security: they want added value,” says Ouellette. Many want to use access control, video surveillance and other data sources to assess their business operations and/or workflows with the goal of improving efficiency.
Historically, three factors have prevented many organisations from moving forward with new technologies: lack of money, proprietary systems, and the need to “rip and replace” large parts of the installed systems, says Robert Laughlin, CEO and Chairman, Galaxy Control Systems. "Today, while funding is almost always a limiting factor at some level, the progression of industry standards and ‘open’ systems has made a big positive impact on the ability of organisations to upgrade cost-effectively,” he says.
Despite any obstacles, healthcare customers generally welcome new innovations. “I would say healthcare security professionals in general are early adopters of technology and like to implement the best technology available,” says Jim Stankevich, Global Manager – Healthcare Security, Johnson Controls/Tyco Security Products. “For most, rapid implementation is limited by budgets and available funding."
Read parts one and three of our heathcare mini series here and here.
As the deal/no deal prospects of Brexit are tossed in a whirlwind of UK and EU politics, the uncertainty of the back-and-forth has broadly impacted general economic trends, and by extension, the physical security market. The new deadline for a Brexit agreement is October 31, already postponed six months from the scheduled April 12 departure date.
Numbers show that Britain’s GDP shrank in the second quarter, possibly reflecting fewer exports because of Brexit uncertainty. And beyond the current indecision lies the long-term impact of a possible change in trading status between the United Kingdom and continental Europe. Other issues include capital flow and labor mobility.
Brexit uncertainty leading to security concerns
Loss of shared information with the EU will make the UK less safe
“Companies … are unclear about their future,” comments Martin Warren of the Institute of Chartered Accountants in England and Wales. “Companies are making decisions now about jobs, supply chains, headquarters and asset locations, incurring significant, and possibly unnecessary, cost and upheaval.” Warren fears the destructive effects of a ‘no deal’ outcome and hopes politicians will break the deadlock and restore business confidence.
Security implications of Brexit extend beyond economics. Loss of shared information with the EU will make the UK less safe. Extradition across EU borders will be more difficult, and exchange of data such as fingerprints and vehicle registrations is at risk. The Irish border after Brexit is of particular concern to security professionals.
Countering threat of international terrorism
Robert Hall of London First and Alison Wakefield of Security Institute say the security impact of departing the EU will be long lasting and profound. “In security terms, the UK will still have to contend with international terrorism, transnational crime and the global movement of people, all challenges that require wide scale cooperation.” They add that leaving the EU will require “a significant investment in people, resources and databases to cope with the anticipated volumes of traffic through ports, airports and tunnels.”
Analyst company IHS Markit earlier commented about the impact on the security industry of Brexit’s drag on the UK economy, “Access control, intruder and fire alarm markets typically track construction rates closely and are forecast to be affected most. However, a large cut to infrastructure spending would be just as damaging to the video surveillance market.”
UK security companies prefer ‘soft exit’ from EU
If a ‘soft exit’ trade deal is not negotiated, the UK would have to revert to WTO trade rules
If a ‘soft exit’ trade deal is not negotiated, the UK would have to revert to World Trade Organisation (WTO) trade rules, which means tariffs on trade between the UK and the EU, says IHS Markit.
There are five British-based access-control and intruder-alarm vendors supplying the European market in significant quantity – each with revenue exceeding $10 million. IHS Markit estimates these companies combined account for less than 10 percent of total European, Middle-Eastern and African (EMEA) market revenues for both industries.
Uncertain future of UK security marketplace
Asset protection specialist VPS Security Services has warned that the ongoing Brexit saga will likely lead to a rise in vacant commercial and residential properties as developers and investors are more reluctant to move forward with their UK real estate strategies.
Seemingly endless machinations and shifting proposals are making the eventual outcome of Brexit very much a guessing game. Uncertainty translates into a volatile and changing outlook, and the eventual impact on the broader economy is an open question. As a reflection of that economy, the security marketplace will inevitably feel the economic impact, too, not to mention the new security challenges likely to ensue.
Located in Eastern China, Hangzhou is the capital and most populous city of Zhejiang Province. It has registered population of 9,800,000, with total area of 16,596 km². Jianggan District is one of the five main urban areas of Hangzhou.
With a floating population of about 1.06 million, Jianggan District ranks first among Hangzhou's main urban areas. As the new administrative center of Hangzhou, it boasts the most important CBD and the largest train station and car hub in Hangzhou, bringing together various traffic elements such as highway junctions and bridges across the river.
The entire Jianggan District is promoting vital transformation in urban areas
Intelligent surveillance system
Covering 8 streets, 141 communities and 4 villages, the entire Jianggan District is promoting vital transformation in urban areas. Nevertheless, the non-registered population, accounted for about 40% of the total population, makes it hard for the local government to improve urban management in the district.
Every policeman needs to manage 1,700 citizens on average. The shortage of police force affected their work precision and led to difficulties in providing timely police response. In addition, insufficient surveillance coverage and limited intelligence system in the area resulted in inactive security measures, making it difficult for the police to achieve their goals
Integrating DoT, IoT and the internet
Based on the Dahua Heart of City (HOC) architecture supported by "Full Sensing, Full Intelligence, Full Computing and Full Ecosystem (4 Full) capabilities, Dahua Technology firmly focused on the construction needs of the area and built the overall plan of establishing an ‘online police’.
Integrating the Internet, DoT and IoT, Dahua Technology has successfully assisted the Hangzhou Jianggan Public Security in building a multi-dimensional network that targets customer value, and combines AI, big data, and cloud computing in order to obtain accurate real-time data and strengthen the current technology of “online police” operations.
Sensors and monitoring products
Dahua Technology deployed 19 sensors, hundreds of monitoring products and a sophisticated network
Moreover, Dahua Technology deployed 19 sensors, hundreds of monitoring products and a sophisticated network. It also set up 46 actual police investigation models to provide accurate instructions for Jianggan police, including property crimes analysis, situation analysis, vehicle management, people management, psychiatric control, online apprehension of violators, as well as missing person search, etc.
Compared with traditional police operation, Dahua HOC Safe City Solution has built an “Online Police” mechanism to obtain the most authentic real-time data through information technology, and carry out accurate computer applications for a more scientific service deployment, efficient police force and powerful security control.
Dahua HOC Safe City Solution
It ensures that the Jianggan police can perform properly at a given time. It also promotes the transformation of police affairs from passive to active, from extensive to subtle, from imprecise to accurate, and from offline to online, gradually carrying out the prediction, early-warning, and prevention measures of police operations.
Since 2016, the Dahua HOC Safe City Solution has helped Jianggan Public Security achieve outstanding results including enhanced police intelligence, reduced crime cases, increase in case closure rate and efficiency, improvement in public service, and speedy recovery of missing individuals, opening a new chapter for intelligent police operations.
Genetec Inc., globally renowned technology provider of unified security, public safety, operations, and business intelligence has announced that the city of New Orleans (NOLA) is relying on Security Center, the company’s unified IP security platform, to improve public safety and enhance city-wide collaboration.
With about 400,000 residents, New Orleans (NOLA) is the most populous city in the State of Louisiana. Like other big cities, NOLA is focused on enhancing public safety for its citizens and the 1.2 million visitors who flock to the city’s French Quarter for Mardi Gras celebrations.
Using Security Center, the NOHSEP agency has saved police officers about 2000 hrs of investigative work in just a year
Genetec Security Center
As part of a Citywide Public Safety Improvement Plan that included the deployment of a new citywide public safety system and the construction of a Real-Time Crime Center (RTCC), the New Orleans Homeland Security and Emergency Preparedness (NOHSEP) chose the Genetec Security Center unified platform to support all city agencies.
Using Security Center, the NOHSEP agency has saved police officers about 2000 hours of on-foot investigative work in just one year. “It might take a police officer over an hour to visit business locations, speak with owners, look through video, find what they are looking for, get a copy of video onto USB keys, drive back to the precinct, and then submit that into evidence." said George Barlow Brown, IT Manager at the New Orleans Real Time Crime Center.
Video and ALPR cameras
He adds, “So, we have essentially saved the department over 2000 hours of manual labor in physically collecting and storing video evidence. That’s more time for officers to respond to calls of service and be present in our many neighborhoods, which helps build community confidence. The ROI is there for us in terms of the efficiency,”
The team can now easily retrieve evidence from over 325 city-owned video cameras and 100 automatic license plate recognition (ALPR) cameras (60 of which are Security Center AutoVu cameras) from the Real-Time Crime Center. The new security platform is integrated with other public safety solutions such as a Briefcam analytics system and a computer-assisted dispatch (CAD) system. All this information gets routed through to a central command center, speeding up emergency response.
Share video access with RTCC
“Our operators do the full investigative work right from within Security Center. It’s just one of the most intuitive solutions that I have ever seen. We can display up to six video tiles and hit ‘synchronise video’ to see various angles of the same scene playing at the same time. We can then select the segment of video we need and hit export. Each 10-minute segment from all the video tiles is then archived for viewing later on,” said Brown.
NOLA is also leveraging Security Center to foster a true public-private partnership. The city launched a platinum version of the SafeCam project, which allows businesses to share access to external video cameras with the RTCC.
Using the Genetec Federation feature, the NOHSEP team can access video from participating companies’ systems
Using the Genetec Federation feature, the NOHSEP team can access video from participating companies’ systems. Participating businesses can be identified by discrete signage at their front entrances. This tells on-the-ground officers that this business has shared their outdoor cameras with the RTCC, and there is no reason to disturb the establishment or their customers. The officer can simply call RTCC operators to get the evidence they need.
Brown and his team also have motion-detection alarms set up on cameras facing some known illegal dumping sites. As soon as someone dumps refuge in these locations, the team can proactively notify the Sanitation Department so they can collect the debris.
Mining video and data
NOLA is making the most of its security investments to improve city life too. For one, the RTCC operates a backup emergency operations center for the city of New Orleans. The NOHSEP team has also shared video feeds with other city departments such as the Sewage and Water Board, so they can determine the rate at which an intersection floods.
As plans continue to evolve, the RTCC team is taking full advantage of the new technology to keep NOLA safer. “As far as investigations and the ability to mine video and data, Security Center is hands-down the best product out there. With this platform, we’re extending greater efficiency to responding officers, and we’re also forging stronger partnerships with our community. Together, we’re all working smarter and faster to keep New Orleans safe,” concluded Brown.
Delfina Chain, Sr Associate Customer Engagement & Development at Flashpoint, discusses what resources defenders must access to in order to keep a finger on the pulse of the cybercriminal underground.
Artificial intelligence (AI) is already being applied to diverse use cases, from consumer-oriented devices - such as voice-controlled personal assistants and self-directed vacuum cleaners - to ground-breaking business applications that optimise everything from drug discovery to financial portfolio management. So naturally, there is growing interest within the information security community around how we can leverage AI - which encompasses the concepts of machine learning (ML) and deep learning (DL) - to combat cyber threats.
AI-enhanced cyber security
The effectiveness and scalability of cybersecurity-related tasks has already been enhanced by AI
The effectiveness and scalability of cybersecurity-related tasks, such as malware and spam detection, has already been enhanced by AI, and many expect ongoing AI innovations to have a transformative impact on cyber defence capabilities. However, security practitioners must also recognise that the rise of AI presents a potent opportunity for cybercriminals to optimise their malicious activities.
Much like the rise of cybercrime-as-a-service offerings in the underground economy, threat-actor adoption of AI technology is expected to lower barriers to entry for lower-skilled actors seeking to conduct advanced malicious operations. A report from the Future of Humanity Institute emphasises the potential for AI to be used toward beneficial and harmful ends within the cyber realm, which is amplified by its efficiency, scalability, diffusibility, and potential to exceed human capabilities.
Encrypted chat services
Potential uses of AI among cybercriminals could include the development of highly evasive malware, the ability for automated systems to exhibit human-like behaviour during denial-of-service attacks, and the optimisation of activities such as vulnerability discovery and target prioritisation. Fortunately, defenders have a leg up over adversaries in this arms race to harness the power of AI technology, largely due to the time- and resource-intensive nature of deploying AI at its current stage in development.
The purpose of intelligence is to inform a course of action. For defenders, this course of action should be guided by the level of risk (likelihood x potential impact) posed by a threat. The best way to evaluate how likely a threat is to manifest is by monitoring threat-actor activity on the deep-and-dark-web (DDW) forums, underground marketplaces, and encrypted chat services on which they exchange resources and discuss their tactics, techniques, and procedures (TTPs).
Cobalt Strike threat-emulation software
Flashpoint analysts often observe cybercriminals abusing legitimate technologies in a number of way
Cybercriminal abuse of technology is nothing new, and by gaining visibility into adversaries’ ongoing efforts to develop more advanced TTPs, defenders can better anticipate and defend against evolving attack methods.
Flashpoint analysts often observe cybercriminals abusing legitimate technologies in a number of ways, ranging from the use of pirated versions of the Cobalt Strike threat-emulation software to elude server fingerprinting to the use of tools designed to aid visually impaired or dyslexic individuals to bypass CAPTCHA in order to deliver automated spam.
Flashpoint analysts also observe adversaries adapting their TTPs in response to evolving security technologies, such as the rise of ATM shimmers in response to EMV-chip technology. In all of these instances, Flashpoint analysts provided customers with the technical and contextual details needed take proactive action in defending their networks against these TTPs.
When adversaries’ abuse of AI technology begins to escalate, their activity within DDW and encrypted channels will be one of the earliest and most telling indicators. So by establishing access to the resources needed to keep a finger on the pulse of the cybercriminal underground, defenders can rest easy knowing they’re laying the groundwork needed to be among the first to know when threat actors develop new ways of abusing AI and other emerging technologies.
Pulse Secure, the provider of software-defined Secure Access solutions, has announced the successful delivery of a project to help Hogarth Worldwide refresh its secure access platform as part of a Zero Trust approach to security.
Hogarth Worldwide is a creative production business, providing marketing production and adaptation services for some of the world’s most recognisable brands and global multinationals. Security is a critical part of this service and Hogarth manages its own multi-layered secure access platform.
Having grown rapidly over the last decade, the company had reached capacity on its legacy Juniper VPN solution that was also heading towards end of support. With the need to upgrade fast approaching, Hogarth decided to both refresh its secure access platforms to meet greater demand and gain access to more advanced capabilities.
Requirement of VPN and NAC platform
Hogarth contacted ANSecurity, a trusted cyber security advisor that it had worked with previously on several projectsPeter Smith, Global Network Architect at Hogarth, said, “We initially created a shortlist of vendors from the Gartner Magic Quadrant and started examining a few options. Our key criteria was a VPN and NAC platform that was easy to deploy and manage, with strong compatibility across a wide range of devices, plus the ability to adapt.”
Hogarth contacted ANSecurity, a trusted cyber security advisor that it had worked with previously on several projects. The team at ANSecurity provided guidance to help scope the project and design a technical implementation. “We looked at a number of options, but we felt that Pulse Secure offered the best combination of features and compatibility along with the flexibility we needed to meet our current requirements and future needs,” said Smith.
Pulse Connect Secure (PCS) virtual appliances
Based on these requirements, Hogarth selected Pulse Connect Secure (PCS) virtual appliances deployed within its main data centres in London and several branch offices across the world to provide VPN access. This is supported by Pulse Policy Secure (PPS), a next-generation NAC appliance that enables Hogarth to gain deeper visibility and understanding of its security posture.
The combined solution is deployed as part of a Zero Trust approach to security allowing Hogarth to ensure its distributed workforce is authenticated, authorised and secure when accessing applications and resources across its own data centre and cloud-based resources.
The data from all these systems is passed to a SIEM to allow the IT department to quickly detect any issues
The solution is integrated into its Ruckus based Wi-Fi network, Radius authentication server and multi-factor authentication which runs in Azure. The data from all these systems is passed to a SIEM to allow the IT department to quickly detect any issues and automate threat response to mitigate malware, rogue devices, unauthorised access and data leakage risks.
Meeting the requirements of TISAX
“The virtual appliance offered better performance than our legacy solution and the Pulse Secure VPN and NAC appliances were easy to deploy with a low management overhead,” commented Smith. “We have a high availability configuration and the built-in licence server makes it easy to add more users or devices as needed.”
The new solution has also helped Hogarth to meet the requirements of TISAX (Trusted Information Security Assessment Exchange) that enables mutual acceptance of Information Security Assessments which was a key requirement for several of its clients within the automotive industry.
“The upgrade to Pulse Secure has gone very smoothly, we have had no issues and the solution has delivered as expected with the potential to adapt as our security needs evolve,” Smith concluded.
Video storage is an important – and expensive – aspect of almost any surveillance system. Higher camera counts equate to a need for more storage. New analytics systems make it easier for operators to manage video, but that video must be dependably stored and easy to access if and when it is needed. To keep up to date on the latest developments, we asked this week’s Expert Panel Roundtable: What’s new in video storage solutions?
Video storage is an important – and expensive – aspect of almost any surveillance system. Higher camera counts equate to a need for more storage. New analytics systems make it easier for operators to manage video, but that video must be dependably stored and easy to access if and when it is needed. To keep up to date on the latest developments, we asked this week’s Expert Panel Roundtable: What’s new in video storage solutions?
Securing large campus environments can be particularly demanding and requires a range of technology solutions. In effect, a campus may represent a dozen or more individual facilities to be secured, in addition to protecting the overall environment. Seeking more insight into the number and variety of needs of securing a campus, we asked this week’s Expert Panel Roundtable: What are the security challenges of protecting large campus environments?