The cyber security threat is constant and real. Entire businesses, large enterprises and even whole cities have been vulnerable to these attacks. Growing threat of cyber attacks The threat is not trivial. Recently, two cities in Florida hit by ransom ware attacks – Rivera Beach and Lake City – opted to capitulate and pay ransom totaling more than $1.1 million to hackers. The attacks had disrupted communications for first responders and crippled online payment and traffic-ticketing...
DMP is pleased to announce the expansion of its East Coast sales leadership team with the promotion of Ken Nelson to Director of Sales — East. Nelson joined DMP in 2017 as the Dealer Development Manager (DDM) for the company’s New York territory. In that short time, he has quickly proven his outstanding leadership abilities, making this transition a natural one. “Ken is a transformational sales leader,” says Jim Hawthorne, DMP Executive Director of Sales. “As one w...
The Spanish SMBs subscribed to Conexión Segura Empresas have avoided more than 80,000 potential cybersecurity incidents since the solution was launched in May. Of those, more than 89% of blocks occurred when users tried to access risky domains or websites, as a result of ‘phishing’. Combating rising cybercrime “The service that Telefónica Empresas offers to its customers has been launched at a moment of high level of cybercrime, in which a new threat is created...
A video analytics system that provides ‘behavioural understanding’ can yield more meaningful and actionable data for a range of applications. In public safety and security, such a system can alert on violent or suspicious behaviours, such as people fighting, vandalism, people with weapons, etc. In advanced traffic surveillance and monitoring, it can provide alerts to vehicle collisions (accidents), traffic hazards or vehicle that aren’t using the road properly, such as a car...
Genetec Inc., globally renowned technology provider of unified security, public safety, operations, and business intelligence solutions, has announced that it is now offering multiple FICAM-(Federal Identity, Credential, and Access Management) certified options for its Security Center Synergis access control system. Personal Identity Verification In a market that has been traditionally weighed down by limited solutions that are often proprietary, these new options offer non-proprietary, open-a...
The Dallmeier 5000 series single sensor cameras are equipped with a new encoder technology. The new versions of the dome, IR and fisheye cameras support H.265 HEVC (High Efficiency Video Coding) and offer improved object classification with camera-based, AI-enhanced Video Content Analysis (VCA). H.265 compression By its nature, the constantly improving resolution of video images demands high bandwidths and large amounts of memory. With the new generation H.265 encoder in the Dallmeier cameras,...
SureCloud, a provider of cybersecurity services and cloud-based, Integrated Risk Management solutions, appoints Jon Taylor-Goy as EMEA Sales Manager for the cybersecurity division. Jon will be instrumental in helping drive business growth, as well as establishing complimentary new service lines. Jon’s expertise spans business growth, product development, and go-to-market strategies in the areas of IT risk management and governance. Cybersecurity service offering Jon brings more than 18 years of in-depth experience in IT sales, specialising in cybersecurity, risk, and compliance. Jon worked at NCC Group for 18 years, working his way up to Head of Business Development Prior to joining SureCloud, Jon worked at NCC Group for 18 years, working his way up to Head of Business Development, Risk Management, and Governance, where he formed a key role in the business development function that saw the company grow from 100 staff in one location to more than 2,000 worldwide. “SureCloud has a compelling proposition. Its cybersecurity service offering, Pentest-as-a-Service©, and approach to ongoing customer support sets the company apart from other providers and gives enormous potential for growth,” said Jon. Ever-evolving customer needs “I look forward to forging new customer relationships, developing strong relationships with current clients, and working with colleagues to bring new services to market that will meet ever-evolving customer needs.” Richard Hibbert, SureCloud CEO, said: “Enterprises across Europe are operating in a very challenging environment when it comes to IT security. Their networks are becoming more complex, the attacks they face are growing in number and sophistication, and their compliance obligations regarding data security are increasing. Jon’s work will bring our cybersecurity services, including SureCloud’s Pentest-as-a-Service, to a growing number of enterprises, ensuring that our offering continues to evolve and address the challenges they face.”
Global provider of critical comfort and security solutions primarily in the residential sector, Resideo Technologies, Inc. has announced that Bob Appleby will join its ADI Global Distribution business as vice president and general manager of ADI North America, effective immediately. ADI North America head In his new role, Appleby will oversee all of ADI North America’s business operations across the United States, Canada and Puerto Rico, and will help ADI deliver on financial commitments, modernise operations and continue to reinforce its commitment to customer service excellence. Appleby will be based in Melville, N.Y., and report directly to ADI Global Distribution President Rob Aarnes. Appleby will be based in Melville, and report directly to ADI Global Distribution President Rob Aarnes Prior to joining Resideo, Appleby served in the pharmaceuticals distribution industry as president of H.D. Smith, now part of AmerisourceBergen. As president, he managed a business with 600 employees, 5,000 customers and 10 distribution facilities. During the first year of integration with AmerisourceBergen, Appleby and his team achieved more than 90% customer retention and over-delivered on their financial targets. Security services expert Prior to H.D. Smith, he spent a decade at Cardinal Health in various roles, including vice president of business development for the company’s Pharmaceuticals Supply Chain Services division. Appleby holds an MBA from Drexel University and a Bachelor of Science in Business Administration from Ohio State University. “Bob is an accomplished leader in the distribution industry with a proven track record of exceeding financial results while delivering exceptional customer service,” said Rob Aarnes, president of ADI Global Distribution. “His deep expertise and understanding of the needs of the customer will help ADI drive growth and deliver on our commitment to serving the professional contractor channel.”
Antaira Technologies is a developer and manufacturer of industrial networking devices and communication solutions for harsh environment applications and is proud to announce the expansion of its industrial networking infrastructure family with the introduction of the LMP-1802G-SFP and LMX-1802G-SFP Series. Antaira’s LMP-1802G-SFP and LMX-1802G-SFP series are industrial-grade equipment that is Ethernet ready to fulfil various markets’ edge-level networking applications in harsh and outdoor environments, such as manufacturing automation, security surveillance, power/utility, waste water treatment plants, oil/gas/mining, and transportation. Industrial switches These devices support high density Ethernet port connectivity, wide bandwidth, long distance data transmission, and have a superb reliability factor. The LMX-1802G-SFP Series is an ideal choice for campus ring solutions with its two fibre optic ports supporting an open standard ring technology (ERPS). These outdoor devices are able to communicate and send critical information back to an enterprise switch There are many proprietary ring technologies available but using an open standard like ERPS means that it is possible to have equipment from different manufacturers working together in the ring. For example, campuses have networking rings consisting of hardened and industrial switches for outdoor environments that require a wide temperature-rated device. These outdoor devices are able to communicate and send critical information back to an enterprise switch at a data center. Electromagnetic interference Antaira’s LMP-1802G-SFP Series can not only provide a large number of PoE ports (30 Watts) for high density security applications, but also fibre optic interfaces for long range connectivity (1 meter to 100 KM) that is 3 feet to over 60 miles. The SFP port will not only allow connectivity beyond the 100 meter/300-foot limitation of copper cable but also permits connectivity through areas where electromagnetic interference may cause issues such as on a factory floor. The Antaira management software on these switches helps monitor, react, and troubleshoot applications to reduce the cost of maintenance and downtime. Features such as SNMP Traps, Syslog, and port mirroring can be priceless when maintaining a system and reducing issues causing outages.
Johnson Controls has updated its popular Illustra Pro camera family with a new generation of Illustra Pro Mini-Domes featuring Smart Wide Dynamic Range. Offering a choice of 2, 3, 5 and 8 megapixel models and a variety of lens options, the new Pro Mini-Domes are ideal for a wide range of deployments in both medium and large-sized facilities. Smart WDR technology This new Smart Wide Dynamic Range (WDR) technology built into the new Mini-Domes greatly improves the quality of images captured in varying lighting environments. By continuously analysing the scene, Smart WDR, without operator intervention, automatically adjusts tone mapping intensity and optimises the quality of the captured images by enhancing darkened areas, without over-saturating brighter areas. Setup times are also reduced with the addition of configuration profiles, such as auto, LPR, casino, indoor, outdoor, shutter priority and iris priority, where camera settings are automatically adjusted based on the environment, with a simple click of a button. The smart technology embedded in our latest generation of Illustra Pro cameras automates image tuning" Illustra Pro Mini-Domes “The smart technology embedded in our latest generation of Illustra Pro cameras automates image tuning and ensures that what you see is always dynamically optimised, even in changing scenes and lighting conditions. We are aiming to reduce operator setup and management costs while always delivering a perfectly configured picture,” said Ric Wilton, Director of Product Management for Illustra. “Adding intelligent, automated capabilities to our solutions, is core to our product design and the illustra portfolio.” Building off the previous generation of cameras, the Mini-Domes improve on important features such as Illustra IntelliZip bandwidth management, effective failover redundancy, cybersecurity, and video intelligence analytics. Video intelligence analytics The new Mini-Domes also offer wide field of view and narrow field of view options, and are packaged in a bubble-free IP66 environmentally sealed and IK10 vandal-resistant housing, instead of a transparent dome cover usually fitted to dome cameras. This negates the potential problem of IR diffused reflection and maximises image quality, regardless of the camera tilt angle. The new generation of Mini-Domes also have enhanced safeguards against cyber attacks The new Illustra Pro Mini-Domes feature video intelligence analytics, which means users can offload analytic streaming from network video recorders to the edge, saving time and resources. Users can select from a choice of 10 video analytics tools, including object detection, object abandoned/removed, crowd formation, dwell and perimeter protection in order to set up real-time, user-customisable event alarms which will enable them to respond quickly to any incidents and make best use of human resources. Cyber Solutions Product Security As part of the Johnson Controls, Cyber Solutions Product Security Program, the new generation of Mini-Domes also have enhanced safeguards against cyber attacks. With cyber-threat resilience in mind, the Mini-Domes feature ‘secure boot’ which prompts the installer to change the default password at the time of installation. Additional safeguard controls include an enhanced security mode which forces the use of complex, non-default passwords and encrypted communications.
Ping Identity, globally renowned provider of identity defined security solutions, has announced the release of PingCloud Private Tenant, a private cloud identity solution for the enterprise. Cloud identity, access management PingCloud Private Tenant provides cloud identity and access management (IAM) by combining highly-configurable capabilities within a dedicated environment. Enterprises can provide authentication for all users with a highly-configurable global authentication authority that includes versatile single sign-on (SSO) and highly-scalable directory services, while also maintaining data and resource isolation. This allows global organisations the ability to automate IAM operations, simplify management and achieve their cloud-first objectives. PingCloud Private Tenant Enterprises need a dependable way for customers, employees and partners to sign-on to their services and applications Enterprises need a dependable way for customers, employees and partners to conveniently sign-on to their services and applications. However, this requires companies to support multiple standards, different authentication flows, a wide range of identity and service providers while operating and maintaining the solution. For this reason, PingCloud Private Tenant allows enterprises to automate the operation of their IAM solution, so IT staff can focus on innovation, in addition to providing a global authentication authority. PingCloud Private Tenant provides the following capabilities and benefits: Coud IAM: Practically limitless configuration options combined with a dedicated cloud environment means enterprises control their data and security while also automating IAM operations. Highly-configurable authentication and directory services: Regardless of where applications or resources reside, enterprises can leverage PingCloud Private Tenant’s extensibility for their diverse user populations and identity types. Simplified identity management and minimised costs: Moving IAM solutions from on-premises to the cloud can save companies significant IT operational costs. PingCloud Private Tenant provides the convenience of centralised configuration via self-service and concierge support options, allowing enterprises to save without compromising support for challenging and complex enterprise use cases. Architected for enterprise hybrid IT: PingCloud Private Tenant reaches every corner of an enterprise’s hybrid IT or multi-cloud environment without the need to install, update and manage separate on-premises proxies and agents. Automated operations to reduce complexity: IT teams are able to respond more quickly and easily to global demand for IAM services by reducing geographical deployment complexity and simplifying IAM operations. Multi-tenant cloud solutions PingCloud Private Tenant expands on the range of deployment options that Ping provides to enterprise customers PingCloud Private Tenant allows them to create different environments for development, test and production as needed, with regional configuration options to comply with geographic or regulatory constraints. PingCloud Private Tenant expands upon the broad range of deployment options that Ping provides to its enterprise customers, spanning multi-tenant cloud solutions, private cloud solutions and on premises software. These solutions cover the range of enterprise deployment preferences and use cases, and can operate independently or work together seamlessly as needed to support complex hybrid IT environments. Hybrid IT environments “Enterprises increasingly straddle hybrid IT and multi-cloud environments, as they prioritise a high standard of security and customer experience,” says Loren Russon, vice president of product management, Ping Identity. “PingCloud Private Tenant is designed to simplify identity management while providing the ability to retain full control of data and security.”
Johnson Controls announces Tyco Cloud, a new cloud-based security suite developed to help customers move costly and complex security infrastructure for access control and video surveillance to the cloud. With Tyco Cloud, organisations can reduce costs, improve enterprise security management and scale security operations on demand, providing unlimited possibilities to deliver security services over the internet. Accelerating digital transformation Tyco Cloud empowers this digital transformation with on-demand security management" Tyco Cloud allows users to protect lives, assets and facilities through management of access control, video surveillance and other security operations using secure cloud services and connected devices such as cloud cameras and controllers. Cloud solutions from Tyco run on an open and modern microservices architecture to ensure fast, scalable and secure services. “Our customers worldwide are embracing and accelerating digital transformation to make their businesses more intelligent, agile and cost effective,” said Martin Renkis, general manager of Cloud Solutions, Global Security Products at Johnson Controls. “Tyco Cloud empowers this digital transformation with on-demand security management that enables organisations to securely and cost-effectively customise their video surveillance and access control solutions based on site-specific and enterprise-wide requirements.” Multiple recording parameters For video surveillance, organisations can enable Tyco Cloud with any Illustra Cloud Camera or leverage existing camera systems using Tyco Cloud Gateways, which will automatically locate existing cameras from dozens of different manufacturers on a network and enable secure cloud management of those cameras. Tyco Cloud enables video storage in camera, in gateway, in low latency cloud, in high latency cloud or a hybrid combination to support unlimited flexibility and cost effectiveness. The intuitive interface allows users to customise multiple recording parameters, such as which cameras to record and for how long, video resolution, as well as create unique upload schedules to minimise bandwidth consumption. The service also offers Cold Cloud video storage for cost effective, high latency online archiving. The new Hyper View feature enables users to search through 24 hours of recorded video from up to 100 cameras within 60 seconds. Smartphone based mobile credentials Tyco Cloud ioSmart was cloud first designed to deliver convenience, cost savings and advanced security Tyco Cloud surveillance also supports powerful analytics such as heat mapping, object detection and crowd formation to name a few. For access control, the new ioSmart solutions from Tyco Cloud empower smartphone based mobile credentials and smart key managed access control for companies to securely allow personnel to conveniently access facilities using their smartphones without the security risk of lost, stolen, or cloning of legacy card technologies. Tyco Cloud ioSmart was cloud first designed to deliver convenience, cost savings and advanced security for access control. The Tyco Cloud Enterprise Manager portal provides users with a comprehensive view of their entire security solution through a single interface. Proper password management It provides real-time status and management of every connected device on a clickable global map. This simple dashboard also enables tracking and management of users, bandwidth utilisation, cloud storage and device firmware. Additionally, Tyco Cloud secures all data from any device to the cloud and to the end user. Every connected device as well as the cloud platform are supported by the Johnson Controls Cyber Solutions Product Security Program, which delivers enhanced safeguards against cyber attacks, including additional controls for proper password management and end to end encrypted communications.
We live in an information and data-led world, and cybersecurity must remain top-of-mind for any organisation looking to both protect business operation critical assets. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - from cybercriminals conducting targeted spear-phishing campaigns - like the 2018 Moscow World Cup vacation rental scam, to nation-state actors looking to collect intelligence for decision makers - no organisation is safe from innovative cyber threats. Security solutions enterprises Organisations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe The evolving threat space means organisations need to ensure they have the most innovative prevention and detection frameworks in order to withstand adversaries using complex and persistent threats. When implementing new security solutions enterprises must start by assuming that there is already a bad actor within their IT environment. With this mindset, organisations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe. As there is no one silver bullet that truly stops all cyberattacks, organisations must adopt a multipronged approach to be widely adopted to stop adversaries. This must include tracking, analysing and pinpointing the motivation of cyber actors to stay one step ahead through global intelligence gathering and proactive threat hunting. In addition, deploying new technologies leveraging the power of the cloud give a holistic view of the continuously evolving threat landscape and thereby secure data more efficiently. Traditional security approach In today’s landscape, the propagation of advanced exploits and easily accessible tools has led to the blurring of tactics between statecraft and tradecraft. Traditional security approaches are no longer viable when it comes to dealing with the latest trends in complex threats. To make defending against these threats even more complicated, adversaries are constantly adapting their tactics, techniques and procedures (TTPs), making use of the best intelligence and tools. CrowdStrike’s latest Global Threat Report tracked the speed of the most notable adversaries including Russian, Chinese, North Korean and Iranian groups. As the adversaries’ TTPs evolve into sophisticated attack vectors defenders need to recognise we are amidst an extreme cyber arms race, where any of the above can become the next creator of a devastating attack. Russian efficiency is particularly high; they can spread through an enterprise network in 18 minutes 48 seconds on average, following the initial cyber-intrusion. Sophisticated cyber weapons Actors tend to use a simple trial and error technique where they test the organisation's network So, reacting to threats in real-time is a priority. Bad actors are extremely vigilant and committed to breaking down an organisation’s defences, and speed is essential to finding the threats before they spread. Actors tend to use a simple trial and error technique where they test the organisation's network, arm themselves with more sophisticated cyber weapons, and attack again until they find a vulnerability. This has highlighted the need for tools that provide teams with full visibility over the entire technology stack in real-time in order to meet these threats head-on. Traditional solutions are scan-based, which means they don’t scale well and can’t give the security teams context around suspicious activity happening on the network. They lack full visibility when a comprehensive approach is needed. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - like the 2018 Moscow World Cup vacation rental scam Malicious behaviour Through leveraging the power of the cloud and crowdsourcing data from multiple use cases, security teams can tap into a wealth of intelligence collated from across a vast community. This also includes incorporating threat graph data. Threat graphs log and map out each activity and how they relate to one another, helping organisations to stay ahead of threats and gain visibility into unknowns. Threat graph data in conjunction with incorporating proactive threat hunting into your security stack creates a formidable 360-degree security package. Managed threat hunting teams are security specialists working behind the scenes facing some of the most sophisticated cyber adversaries through hands on keyboard activity. Threat hunters perform quickly to pinpoint anomalies or malicious behaviour on your network and can prioritise threats for SOC teams for faster remediation. In-depth knowledge Security teams need to beat the clock and condense their responseIt is key for security teams to have an in-depth knowledge of the threat climate and key trends being deployed by adversaries. The TTPs used by adversaries leave are vital clues on how organisations can best defend themselves from real-life threats. Intrusion ‘breakout time’ is a key metric tracked at CrowdStrike. This is the time it takes for an intruder to begin moving laterally outside of the initial breach and head to other parts of the network to do damage. Last year, the global average was four hours and 37 minutes. Security teams need to beat the clock and condense their response and ejection of attackers before real damage is done. Next-generation solutions When managing an incident clients need to be put at ease by investigations moving quickly and efficiently to source the root of the issue. Teams need to offer insight and suggest a strategy. This can be achieved by following the simple rule of 1-10-60, where organisations should detect malicious intrusions in under a minute, understand the context and scope of the intrusion in ten minutes, and initiate remediation activities in less than an hour. The most efficient security teams working for modern organisations try to adhere to this rule. As the threat landscape continues to evolve in both complexity and scale, adequate budget and resources behind security teams and solutions will be determining factors as how quickly a business can respond to a cyberattack. To avoid becoming headline news, businesses need to arm themselves with next-generation solutions. Behavioural analytics The solution can then know when to remove an adversary before a breakout occurs Behavioural analytics and machine learning capabilities identify known and unknown threats by analysing unusual behaviour within the network. These have the ability to provide an essential first line of defence, giving security teams a clear overview of their environment. With this at hand, the solution can then know when to remove an adversary before a breakout occurs. Attackers hide in the shadows of a network’s environment, making the vast volume and variety of threats organisations face difficult to track manually. The automation of responses and detection in real-time is a lifeline that organisation cannot live without as adversaries enhance and alter their strategies. Adversaries continue to develop new ways to disrupt organisations, with cybersecurity industry attempting to keep pace, developing new and innovative products to help organisations protect themselves. These technologies empower security teams, automating processes and equipping security teams with the knowledge to respond quickly. Organisations can set themselves up for success by integrating the 1-10-60 rule into their security measures, giving them an effective strategy against the most malicious adversaries.
In the next three years, software as a service ‘SaaS’ is likely to grow by around 23%. That’s according to reports by Cognizance. It’s growth rests on the adoption of cloud public, private and hybrid. Without the cloud applications can’t truly pervade an organisation, nor can operational or customer benefits be derived. But there’s no point in adopting the cloud if it’s not secure - the proliferation of SaaS demands security, none more so in a GDPR world. Large cloud environment But modern applications are difficult to secure. SaaS based, web, mobile, or custom made all work on different platforms and frameworks. It’s a headache managing all the APIs needed to automate and sync tools. This introduces risk. The greater the number of apps the broader the attack surface and therefore the greater the chance there will be blind posts. Keeping up to date with updates and new security policies is never easy There are also added hazards. Applications are always changing. Keeping up to date with updates and new security policies is never easy, but especially hard in a large cloud environment. Failure to adopt changes puts the organisation and customers at further risk. But the biggest obstacle is keeping applications and APIs out of harm’s way. It’s a near on impossible task when attack methods and sources are constantly changing. More advanced threats To be specific there are four emerging challenges when it comes to protecting apps. Firstly, managing the good and the bad bots and spotting which is which, secondly securing APIs as IoT adoption intensifies, thirdly the relationship between securing apps and DevOps and ensuring ownership of security, and finally denial of service attacks that use newer tactics such as brute force. Basic security hygiene dictates that security teams refer to the OWASP Top 10. It’s considered the ‘ten commandments’ in security circles, providing a starting point for ensuring the most common threats and vulnerabilities are managed, detected and mitigated. Web Application Firewalls also come into the fray with guidance on testing for the ways hackers exploit vulnerabilities. However, though the basics are good to have in place, there are always more advanced threats to take care of. Bots being a big one. Bot management The more sophisticated bots will go as far as to mimic human behaviourAstonishingly about half of internet traffic is bot generated. Half of it is from bad bots. Discerning the good from the bad isn’t easy though and explains why around 80% of organisations can’t make a clear distinction between the two. Bad bots can do a lot of damage like take over user accounts and payment information, scrape confidential data, or hold up inventory and skew marketing metrics. The more sophisticated bots will go as far as to mimic human behaviour and bypass tools like CAPTCHA and even device fingerprinting based protection ineffective. Securing APIs Then there’s the complications derived from machine-to-machine and internet of things (IoT) communications. The more integrated ‘things’, the more data there is, the more events there are report on, and the more activity there is reliant on APIs to make the ‘things’ useful and agile. That’s what makes them a target and the threats to API vulnerabilities include injections, protocol attacks, parameter manipulations, invalidated redirects and bot attacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks Denial of service (DoS) You might think there’s little to add to the swathes of denial of service warnings. Yet when businesses are still being targeted and feeling the ill effects it’s worth mentioning again that different forms of application-layer DoS attacks are still very effective at bringing application services down. Even the greatest application protection is worthless if the service itself can be knocked down This includes HTTP/S floods, low and slow attacks (famous examples being Slowloris, LOIC, Torshammer), dynamic IP attacks, buffer overflow, Brute Force attacks and more. The IoT botnets are the culprits and have made application-layer attacks so popular that they have become the preferred DDoS attack vector. Even the greatest application protection is worthless if the service itself can be knocked down. Continuous security It may seem easy to say but for modern DevOps, agility is valued at the expense of security. We see time and again examples of where development and roll-out methodologies, such as continuous delivery, mean applications are exposed to threats each time they are modified. There’s no doubt it is extremely difficult to maintain a valid security policy and protect sensitive data in dynamic conditions without creating a high number of false positives. But we now find that this task has gone way beyond the capability of humans. Organisations now need machine-learning based solutions that map application resources, analyse possible threats, and create and optimise security policies in real time. Reaching this level in security planning should be a big wake-up call that security automation is an essential not a nice to have. Running security plans The board needs to know that investment is critical to protect their profits It’s critical that the security solution your company adopts protects applications on all platforms, against all attacks, through all the channels and at all times. The board needs to know that investment is critical to protect their profits. As such there are six things they need to know: Application security solutions must encompass web and mobile apps, as well as APIs. Bot management solutions need to overcome the most sophisticated bot attacks. DDoS mitigation must be an essential and integrated part of application security solutions. A future-proof solution must protect containerised applications, severless functions, and integrate with automation, provisioning and orchestration tools. To keep up with continuous application delivery, security protections must adapt in real time. A fully managed service should be considered to remove complexity and minimise resources. No amount of human power will beat the bots. That last point is the most critical. Skill is essential in designing and running security plans and policies that work. But the plans can’t be executed without automated tools. There are just too many decisions to make in a split second. Combining both is the path to an effective app protection strategy and a stronger brand to boot.
Edge devices (and edge computing) are the future. Although, this does seem a little cliché, it is the truth. The edge computing industry is growing as quickly as technology can support it and it looks like we will need it to. IoT global market The IoT (Internet of Things) industry alone will have put 15 billion new IoT devices into operation by the year 2020 according to a recent Forbes article titled, “10 Charts That Will Challenge Your Perspective of IoT’s growth”. IoT devices are not the only edge devices we have to deal with as the total number of connected edge devices includes the likes of devices like security devices, phones, sensors, retail sales devices, and industrial and home automation devices. The IoT (Internet of Things) industry alone will have put 15 billion new IoT devices into operation by the year 2020 The sheer number of devices begins to bring thoughts of possible security and bandwidth implications into perspective. The amount of data that will need to be passed and processed with all of these devices will be massive. There needs to be consideration taken by all business owners and automation engineers into how this amount of data and processing will be conducted. Ever-expanding edge devices market As the number of edge devices in the marketplace and their use among consumers and businesses rises, the need to be able to handle the data from all of these devices is no longer going to be suitable for central server architectures. We are talking about hundreds of billions and even trillions of devices. According to IHS Markit researchers’ study, there were 245 million CCTV cameras worldwide. One has to imagine there are at least 25% of that many access control devices (61.25 million devices) based on a $344 million market cap also calculated by IHS Markit’s researchers. If all the other edge devices mentioned earlier are considered then one can see that trying to route them all through servers for processing is going to start to become difficult if it hasn’t already, -which arguably it already has, as is evidenced by the popularity of cloud-based solutions amongst those businesses that already use a lot of edge devices or are processing a lot of information on a constant basis. Cloud computing The question is whether cloud computing the most effective and efficient solution as the IoT industry grows The question is this; is cloud computing the most effective and efficient solution as the IoT industry grows and the amount of edge devices becomes so numerous? My belief is that it is not. Taking the example of a $399 USD device that is just larger than the size of a pack of cards and runs a CPU benchmarked at the same level as a mid-size desktop. This device has 8GB RAM and 64GB EMMC built-in and a GPU that can comfortably support a 4K signal at 60Hz with support for NVMe SSDs for add-on storage. This would have been unbelievable five years ago. As the price of edge computing goes down, which it has done in a dramatic way over the last 10 years (as can be seen with my recent purchase), the price to maintain a central server that can perform the processing required for all of the new devices being introduced to the world (due to the low cost of entry for edge device manufacturers) becomes more expensive. This introduces the guarantee that there will be a point where it will be less expensive for businesses, and consumers alike, to do the bulk of their processing at the edge as opposed to in central server architectures. Cloud computing is now being overtaken by edge computing, the method of processing data at the edge of the network in the devices themselves Edge computing There are a plethora of articles discussing and detailing the opposition between the two sides of the computing technology coin, cloud computing and edge computing. The gist of it is that “cloud computing” was the hot new buzzword three years ago and is now being overtaken by “edge computing.” The truth is that cloud computing is a central server architecture hosted at someone else’s location. Edge computing is going to be a necessary development in the technology industry Edge computing is the method of processing data at the edge of the network (in the devices themselves) and allowing for less resources required at a central location. There is certainly a use case for both, however the shift to edge computing amongst the general public and small to mid-sized businesses will not be a surprise to those players, who have been paying attention. One article titled, “Next Big Thing In Cloud Computing Puts Amazon And Its Peers On The Edge” by Investor’s Business Daily takes the stance that edge computing is going to completely displace centralised cloud computing and even coins the phrase, “Cloud computing, decentralised” to explain edge computing. It speaks for the stance that most experts in technology seem to be taking, including Amazon Web Services’ VP of Technology, Marco Argenti according to the same article. We know that edge computing is going to be a necessary development in the technology industry, and it is happening as I write this, and quickly at that. Cost efficiency of edge processing As time goes on, the intersection between the prices of network bandwidth, edge processing and maintaining super powerful central servers will cause edge processing to be the most efficient and cost-effective way to maintain a scalable network in any environment, including datacenters. Owning a central server or utilising edge computing become the better options As it currently stands, most residential users can only achieve a 1Gbps WAN (internet) connection, and small to medium-sized business can’t get much more but seem to get much less, based on my personal experience. When more than 1Gbps needs to be processed, cloud computing becomes very expensive at which point, owning a central server or utilising edge computing become the better options. Then you look a total cost of ownership and when the cost of edge computing is less expensive than the cost of maintaining central server architectures, edge computing becomes the single best option. So, I’ll say it again, edge devices (and edge computing) are the future.
Global Security Exchange (GSX) 2019 will blow into the Windy City this fall, combining a tradeshow, a full schedule of professional education sessions, plenty of industry networking opportunities, and an annual reunion of the top professionals from around the world tasked with protecting people, property and assets. GSX – the trade show and industry event 'formerly known as' the ASIS Annual Seminar and Exhibits – will be Sept. 8-12 at Chicago’s McCormick Place. The show promises to 'elevate the event experience with modern education learning experiences, revitalised networking opportunities, and a reimagined trade show floor.' More than 550 exhibitors will be featured in the expo hall (open Sept. 10-12), according to ASIS International. Chicago is a great location for GSX, as evidenced by the successful 2013 ASIS show. Cutting-edge solutions X1 Stage sessions are designed to highlight cutting-edge solutions and increase contextual understanding GSX seeks to attract more attendees to the exhibition hall with education events positioned alongside the industry’s latest-and-greatest equipment and technology exhibits. On the expo floor, the GSX: Disruption District will include new and enhanced programs such as the X Learning stages, the D3 (drones, droids, defence) Learning Theater, the Pitch Competition and the Innovative Product Awards. X Learning is a series of experiential sessions. X1 Stage sessions are designed to highlight cutting-edge solutions and increase contextual understanding of new technology. GSX: Startup Sector highlights new companies with emerging technologies; and GSX: Pitch Competition brings together entrepreneurs, investors and industry leaders to feature early-stage startup pitches. Career HQ will provide free resume reviews, career coaching, professional development and networking opportunities. A Sharpshooter Contest sponsored by Smart Simulators and SB Tactical will allow contestants donating $20 to compete for $500 in prizes each day. Pre-conference certification courses More than 300 security courses, plus pre-conference certification courses, will provide security professionals expertise to enhance their career development. Programming will be led by ASIS and InfraGard subject matter experts. (InfraGard is a non-profit organisation serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation.) Seventeen education tracks will serve the needs of security professionals interested in topics from business continuity to crime/loss prevention, law and ethics to national security, information security to physical and operational security. The show also provides opportunities for dealers, installers, integrators, consultants, specifiers, architects and engineers 'Game Changer' sessions will address hot and controversial topics, including 'The Ever-Changing Drone Landscape: What You Need to Know' and 'Accelerating Digital Transformation: Insights and Applications.' Ian Bremmer of Eurasia Group will speak on navigating the geopolitical landscape; Steve Demetriou and Joe Olivarez of Jacobs, a global professional services company, will speak about harnessing technology and big data to make strategic decisions. Providing new opportunities Wednesday morning, General John F. Kelly of the U.S. Marine Corps (Ret), will provide insight into the evolving geopolitical landscape around the world. His keynote presentation on Sept. 11 will kick off Military and Law Enforcement Appreciation Day. Tarah Wheeler, cyber security researcher, will speak on protecting assets in the age of cybersecurity leaks and scandals. More than 20,000 registered attendees are expected from 110-plus countries across the entire industry Although the attendee emphasis is on security end-users, the show also provides opportunities for dealers, installers, integrators, consultants, specifiers, architects and engineers. More than 20,000 registered attendees are expected from 110-plus countries across the entire industry, according to ASIS International. Networking events will include an ASIS Town Hall Meeting on the afternoon of Sept. 8, aimed at opening communication between ASIS staff and membership. There will be an Opening Night Celebration Sept. 8 centred on the theme 'Chicago on the Silver Screen' at Revel Motor Row, a popular Chicago landmark originally home to the Illinois Auto Club. Emphasis on education On Monday (Sept. 9) a networking luncheon will be followed by the Awards Reception later in the day. A reception in the evening will present the Karen Marquez Honors Award, recognising a female security professional. Tuesday (Sept. 10) will have a Happy Hour at the exhibit hall, followed later by a Women in Security and Young Professionals Happy Hour. Wednesday evening will be the President’s Reception at Wintrust Arena, with a 1980s theme. The annual trade show has declined in recent years, and ASIS International has implemented changes that seek to reinvigorate the show, culminating in the rebranding last year. One challenge is that the show’s emphasis on education keeps attendees engaged for hours of the day, making it harder to meet the expectations of exhibiting companies who want more booth traffic. More attractions on the show floor, including the Tuesday happy hour, are aimed at increasing overall foot traffic in the hall.
Police in the United Kingdom have been testing the effectiveness of live facial recognition (LFR) for several years now, but future uses of the technology have been called into question. The Information Commissioner’s Office (ICO), an independent authority that seeks to uphold information rights in the public interest, has weighed in on issues of data privacy related to LFR, and Members of Parliament (MPs) have called for a moratorium on uses of the technology. The big question is whether the benefits of LFR outweigh its impact on privacy rights. Live facial recognition I believe that there needs to be demonstrable evidence that the technology is necessary" The House of Commons Science and Technology Committee has expressed concerns about bias, privacy and accuracy of facial recognition systems and urged the U.K. government to issue a moratorium on further live facial recognition trails until regulations are in place to address bias and data retention. According to Elizabeth Denham, U.K. Information Commissioner: “[Police trials of LFR] represent the widespread processing of biometric data of thousands of people as they go about their daily lives. And that is a potential threat to privacy that should concern us all.” Denham says live facial recognition (LFR) is a high priority area for ICO. “I believe that there needs to be demonstrable evidence that the technology is necessary, proportionate and effective considering [its] invasiveness,” she says. Potential public distrust “Any organisation using software that can recognise a face amongst a crowd and then scan large databases of people to check for a match in a matter of seconds, is processing personal data,” says Denham. General Data Protection Regulation (GDPR) wording specifies biometric data as a ‘sensitive’ category of personal information. London’s Metropolitan Police Service performed 10 trials of live facial recognition at various venues in 2016, 2017 and 2018. The London Police Ethics Panel reviewed the trials and concluded that additional use of the technology would be supported if certain conditions were met. One condition is if the “overall benefits to public safety [are] great enough to outweigh any potential public distrust in the technology.” Each deployment should be assessed and authorised as necessary and proportionate. Operators should be trained to understand associated risks and to be accountable, and there should be evidence that the technology does not promote gender or racial bias. Develop strict guidelines Met Police used NEC’s NeoFace technology to analyse images of the faces of people on a watch list The Ethics Panel also specified that both the Metro Police and Mayor’s Office for Policing and Crime should develop strict guidelines to ensure that deployments balance the benefits of the technology with the potential intrusion on the public. “We want the public to have trust and confidence in the way we operate as a police service, and we take the report’s findings seriously,” said Detective Chief Superintendent Ivan Balhatchet, who led the trials. In its 10 trials of live facial recognition, Met Police used NEC’s NeoFace technology to analyse images of the faces of people on a watch list. The system measured the structure of each face, including distance between eyes, nose, mouth and jaw to create facial data, which was used to match against the watch list. The system only kept faces matching the watch list, and only for 30 days. Non-matches are deleted immediately. More accurate identification An independent review of the trials, commissioned by the Metropolitan Police, concluded it is ‘highly possible’ that the Met’s ‘trial’ deployments would not satisfy the key legal test of being considered ‘necessary in a democratic society’ if challenged in the courts, according to U.K. human rights advocacy group Liberty. South Wales Police have partnered with NEC to formally pilot facial recognition technology. NEC’s real-time solution enables trained officers to monitor movement of people at strategic locations. “Facial recognition technology enables us to search, scan and monitor images and video of suspects against offender databases, leading to faster and more accurate identification of persons of interest,” says Assistant Chief Constable Richard Lewis. “The technology can also enhance our existing CCTV network in the future by extracting faces in real time and instantaneously matching them against a watch list of individuals, including missing people.” U.K. human rights advocacy group Liberty has taken legal action on behalf of one Cardiff resident against South Wales Police Intrusive technology “We are very cognisant of concerns about privacy, and we are building in checks and balances into our methodology to reassure the public that the approach we take is justified and proportionate,” says Lewis. U.K. human rights advocacy group Liberty has taken legal action on behalf of one Cardiff resident against South Wales Police over its use of facial recognition. “Facial recognition is an inherently intrusive technology that breaches our privacy rights,” says lawyer Megan Goulding at Liberty. “It risks fundamentally altering our public spaces, forcing us to monitor where we go and who with, seriously undermining our freedom of expression.” ICO’s Denham says any judgment resulting from the legal action will form an important part of ICO’s investigation and will be considered before ICO’s final findings are published. Information management South Wales Police offers the following assurance: “Data will only be retained as long as is necessary for a policing purpose, as per guidance within the Authorised Policing Practice on information management.” Facial recognition systems are yet to fully resolve their potential for inherent technological bias" One concern is that live facial recognition ‘discriminates’ against women and people of colour because it disproportionately misidentifies them, thus making them more likely to be subject to a police attention. ICO’s Elizabeth Denham comments: “Facial recognition systems are yet to fully resolve their potential for inherent technological bias; a bias which can see more false positive matches from certain ethnic groups.” Taking regulatory action ICO has also considered data protection ramifications of commercial companies using LFR. Denham says: “The technology is the same and the intrusion that can arise could still have a detrimental effect. In recent months, we have widened our focus to consider use of LFR in public spaces by private sector organisations, including where they are partnering with police forces. We will consider taking regulatory action where we find non-compliance with the law.” A 27-page U.K. Home Office Biometrics Strategy sets out an overarching framework within which organisations in the Home Office sector will consider and make decisions on the use and development of biometric technology. However, Biometrics Commissioner Paul Wiles says the document “doesn’t propose legislation to provide rules for the use and oversight of new biometrics, including facial images. Given that new biometrics are being rapidly deployed or trialed, this failure to set out more definitively what the future landscape will look like in terms of the use and governance of biometrics appears to be short-sighted.”
The devil is in the details. The broader implications of the U.S. Government ban on Chinese video surveillance manufacturers are being clarified in the federal rule-making process, and a public hearing in July gave the industry a chance to speak up about the impact of the law. Ban on equipment The hearing centered on Section 889 of Title VII of the National Defense Authorisation Act (NDAA) for FY 2019, specifically paragraph (a)(1)(B). The paragraph "prohibits agencies from entering into a contract (or extending or renewing a contract) with an entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system." “Covered equipment” refers to products and services from Huawei, ZTE Corp., Hytera, Hikvision and Dahua “Covered equipment” refers to products and services from Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co. Hikvision and Dahua are two of the largest manufacturers of video surveillance equipment, and Huawei manufactures HiSilicon chips widely used in video cameras. ‘Chinese ban’ provision The public hearing was part of the rule-making process for paragraph (a)(1)(B), which the industry has informally referred to as the “blacklist” provision of the NDAA. However, the “Chinese ban” provision [Paragraph (a)(1)(a)] is not at issue, was not covered by the public hearing, and is already scheduled to go into effect a year after the law was signed by President Trump (August 13, 2018). There were seven presentations at the public hearing. Presenters included the Security Industry Association (SIA), two Hikvision integrators, a representative of communications manufacturer Hytera, an economist and an attorney on behalf of telecommunications company Huawei, and Honeycomb Secure Systems, a federal contractor. There was no livestream or transcription of the meeting, although PowerPoint summaries of the 10-minute presentations were published. SIA emphasises on clarity In its presentation, the Security Industry Association (SIA) emphasised that contractors need clarity, i.e., that paragraph (a)(1)(B) applies to an entity's use of covered equipment or services in the performance of federal contracts, but NOT to non-federal sales or use of covered equipment by a contractor that is unrelated to federal work. SIA also focused on the distinction (and contrasting risk profiles) between video surveillance equipment, which are endpoint devices that may or may not be on the Internet, and telecommunications equipment. In contrast, telecommunications equipment is essential to Internet infrastructure and manages all data on a network, encrypted or not. Fully-compliant video surveillance products Security equipment suppliers and integrators doing federal work can offer fully compliant video surveillance products" SIA's presentation included the following "outcome" statement: "Security equipment suppliers and integrators doing federal work can offer fully compliant video surveillance products in the federal market, while offering other products tailored to technical requirements, price points and specific customer needs that vary widely for non-government commercial sectors – e.g. malls, banks, convenience stores, etc.” In other words, involvement in government contracts should not restrict an integrator’s flexibility to offer any and all products and services (included those from the listed Chinese companies) to non-government customers. The two integrators made similar points, specifically about their business with Hikvision. One presenter was Rick Williams, General Manager of Selcom, a systems integrator in Selma, Ala., with 10 employees. They have been a Hikvision partner since 2012 with a year-to-date revenue from Hikvision products of approximately $400,000. Hikvision integrators speak out A second integrator at the hearing was Mark Zuckerman of Clear Connection Inc., a security company in Beltsville, Md., with 32 local employees, that focuses on electronic security, telecommunications and IT. Clear Connection designs, installs and services systems throughout Metro DC and Baltimore, including commercial entities, schools and non-profit organisations. They do about $120,000 a year in business as a Hikvision partner and have over $500,000 in business awaiting federal NSGP [Nonprofit Security Grant Program] approval. In two almost identical presentations, the integrators sought clear guidance on how to comply with the language of the law as written, specifically confirmation that Section 889 of the NDAA does not apply to non-federal sales or use of covered equipment. "This is critical to my company as I provide integrated security solutions across multiple government and commercial markets, using a mix of products from different manufacturers tailored to the technical requirements, price points and customer needs that vary widely for each sector," said Williams. Hytera speaks at hearing It is not clear what Section 889 means, who it applies to, or how far its prohibitions extend" "It is not clear what Section 889 means, who it applies to, or how far its prohibitions extend," commented Zuckerman. "If interpreted broadly, some of my customers would be barred from entering into a federal contract because they have covered products installed in their facility to protect their property and staff.” Also presenting at the hearing was Hytera, a manufacturer of open standard digital mobile radio technology. The presentation emphasised that Hytera does not sell to U.S. telecommunications carriers, and does not supply 5G components or video surveillance equipment. Hytera equipment is used by federal customers such as the National Gallery of Art, National Archives, National Zoo and the Holocaust Museum. Impact on clients and commerce "These federal entities do not play a role in national security, and the Hytera systems do not connect to any critical systems," says the company. "However, the lack of clarity in the implementation of the NDAA has a significant impact on Federal, state and commercial clients, impacting competition and choice." Hytera's presentation continues: "Hytera has never been informed by any U.S. government entity that its equipment posed a national security risk and as such has not been given the opportunity to respond to any concerns. The result of Section 889 is the creation and circulation of misinformation in the marketplace." Hytera also said that the federal proposed rules and regulations should exempt federal agencies that do not include a national security component, and equipment not interconnected with the public network. Impact on cybersecurity Consolidating the number of equipment suppliers hinders rather than helps cybersecurity" James E. Gauch, an attorney with James Day speaking on behalf of Huawei, offered a global argument that could be applied to any of the banned companies: “Virtually all equipment manufacturers rely on a global supply chain and face security risks from a wide range of sources, excluding may be one or two vendors based on their national origin will not address these risks.” He adds, “However, consolidating the number of equipment suppliers hinders rather than helps cybersecurity. Creating a small number of dominant suppliers, regardless of national origin, reduces the incentives of those suppliers to embrace industry-leading standards and creates greater exposure to vulnerabilities of a single supplier.”
Ping Identity, the provider of Identity Defined Security, announces its successful completion of the Financial-grade API (FAPI) conformance testing, as part of the process defined by Open Banking Ltd. This builds on Ping Identity’s previous success as the first identity platform to pass all 70 technical security tests, as set by Open Banking Ltd., with zero warnings. The most recent set of FAPI conformance testing evaluated the latest versions of the Ping Intelligent Identity platform, including PingFederate, PingAccess and PingDirectory, within a mock banking environment. Additional technical requirements It switches to an API model with structured data that utilises a token model such as Open Authorisation The inclusion of FAPI within the Ping Identity solution for Open Banking helps allow banks to overcome insecure practices such as screen scraping by using stored user credentials. Instead, it switches to an API model with structured data that utilises a token model such as Open Authorisation. FAPI is a technical specification developed as a multi-industry standard by the FAPI Working Group of OpenID Foundation (OIDF). It leverages OAuth 2.0 and OpenID Connect (OIDC) to define additional technical requirements for the financial industry and other sectors requiring higher security. For banks specifically, FAPI provides various advantages. This includes enabling applications to securely interact with financial accounts, while also enhancing the user’s ability to control security and privacy settings. Secure identity requirements In concurrence with the specification, OpenID Foundation maintains a cloud-based testing suite for conformance testing by banks, certified third-party security providers and platform vendors—such as Ping Identity. The Ping Intelligent Identity platform is used by hundreds of financial services enterprises, including many of the CMA 9 and Open Banking Ltd. itself. Additionally, FAPI is of increasing relevance to the growing number of new fintech start-ups in areas such as investment, wealth management, insurance, payments and even real estate. “This is significant beyond the Open Banking and financial services sector,” explains Rob Otto, EMEA Field CTO, Ping Identity. “Other digitally-focused sectors, with similar secure identity requirements, now have a proven template that can allow them to quickly deploy their own security controls, which have been stringently tested by the largest financial institutions in the UK.”
Abu Dhabi is a major cultural and commercial centre in the United Arab Emirates (UAE), accounting for roughly two-thirds of the UAE’s economy. While oil and natural gas make up a large portion of its GDP, Abu Dhabi has positioned itself as a premiere tourist destination, with major investments in luxury resorts and business hotels. Consequently, public safety is a top priority — and FLIR Systems is playing a critical role in the city’s long-term safe city initiative. Recently, the Abu Dhabi Monitoring and Control Center (ADMCC) was tasked with integrating all public access cameras onto a single platform to provide fully uninterrupted coverage of the city. This is in compliance with the Safe City 2030 vision of His Highness Sheikh Mohammed bin Zayed Al Nahyan, Crown Prince of Abu Dhabi and President of the UAE. As part of this initiative, ADMCC launched the Falcon Eye project, where surveillance cameras and sensors would be installed across the city to enable real-time situational awareness, threat detection, data collection, data sharing among public safety organisations, and crime prevention. Updating video management system To manage such an extensive system under the Falcon Eye project, ADMCC needed to update its VMS softwareFalcon Eye expands Abu Dhabi’s existing surveillance system to thousands of license plate recognition cameras and surveillance cameras, with cameras equipped with video analytics and/or facial recognition capabilities. To manage such an extensive system under the Falcon Eye project, ADMCC needed to update its video management system (VMS) software. ADMCC sought a VMS that would provide enhanced image quality, as well as increased storage and integrity of streamed video. The VMS also needed to be able to incorporate current, emerging and future technologies, such as Big Data, cyber protection, smart cameras, analytics at the edge, and automated camera management. Additionally, ADMCC required a cost-effective VMS that would seamlessly integrate with the existing physical security management information (PSIM) without compromising any data or operations from subsystems. Reliable software solution for video surveillance Previously, ADMCC had a strong relationship with FLIR, having deployed an older FLIR United VMS version for several years. After careful research and evaluation, ADMCC chose to continue partnering with FLIR as the industry leader in advanced video solutions in the safe city sector. ADMCC selected the most recent FLIR United VMS release as its VMS for the Falcon Eye initiative. FLIR United VMS is a reliable, enterprise-level software solution for video surveillance supporting an unlimited number of cameras over IP networks. Complying with ONVIF Profile S, Latitude ensures greater compatibility between cameras and the VMS Part of FLIR’s award-winning United VMS platform, Latitude features enhanced cyber security protocols. Its distributed server architecture enables unlimited scalability, multi-site deployments and sophisticated network topologies. Latitude’s open platform functionality provides advanced edge device integration, bringing together hundreds of third-party technologies. Complying with ONVIF Profile S, Latitude ensures greater compatibility between cameras and the VMS. Integrating Latitude and PSIM solution ADMCC upgraded to the recent United VMS version in June 2017. With special support from the FLIR team, the integration of Latitude and ADMCC’s in-house PSIM solution was successfully completed without any data loss. Adding value to the integration was the presence of an in-house FLIR engineer, who provided insight and guidance throughout the process. “FLIR is considered one of ADMCC’s trusted vendors, delivering regular upgrades and specialist support to our operations when needed,” said His Excellency Saeed Al-Neyadi, Director General at ADMCC. “The on-site FLIR engineer provided an immeasurable value to ADMCC.” Ensures maximum integrity and reliability One of the defining characteristics of United VMS is its simplicity and easy user interface. United VMS offers simplified access in managing and controlling video operations for the support staff. For all safe city projects, the preservation and availability of data is paramount. United VMS ensures maximum integrity and reliability with exceptional failover, disaster recovery capabilities" “The use of actionable information through data collection is vital in running such a huge scale operation such as Safe City initiatives,” Mr. Khalfan Al Hassani (ICT Director) said. “United VMS ensures maximum integrity and reliability with exceptional failover, disaster recovery capabilities, and 24/7 redundant recording.” Day/night safety of city and residents ADMCC oversees one of the world’s leading safe city solutions that utilises license plate recognition, facial recognition, video analytics and video management from over 45,000 sensors spread across the Emirate. United VMS serves as the central operational platform for all data of this unified platform, providing an efficient combination of video software and server hardware. By utilising the state-of-the-art technologies and subsystems brought together by United VMS, ADMCC ensures the safety of the city and its residents at all hours of the day and night. “United VMS has given ADMCC a reliable, stable, robust and secure platform for the past six years,” said Al Hassani. “It underpins a custom PSIM solution that supports various government agencies in Abu Dhabi helping the city to be ranked the ‘Safest City in the World.’”
Crossword Cybersecurity plc, has announced that Stevenage Borough Council, Peterborough City Council and East Hertfordshire District Council (‘the Councils’), will use Rizikon Assurance to manage compliance with the GDPR (General Data Protection Regulation) with their suppliers and for wider information governance. GDPR compliance GDPR makes many requirements of organisations, including taking adequate steps to ensure data is both encrypted and anonymised, so that in the event of a breach, the data cannot be exploited. Infringements under GDPR can lead to fines of €20 million, or 4% of annual global turnover for an organisation. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack With a combined residential population of over 430,000, the Councils have a duty to ensure that the personal information of all residents is adequately protected against the risk of data breach, either by the Councils themselves or the third-party suppliers and agencies with which they work. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack. GDPR risk exposure Using Rizikon Assurance, the Councils will improve the process and accuracy of securing third party assurance. This will support compliance with GDPR, and establish a way to manage on-going assurance checks when needed at regular intervals. Additionally, the Councils will be in a position to identify GDPR risk exposure across their supplier portfolio, so that remedial action can be taken to improve the protection of citizen data. Jake Holloway, Director responsible for Rizikon Assurance, commented, “The role of every public service organisation is to serve its citizens, often holding personal information about them on many sensitive topics such as health, benefits and education. With that comes the responsibility of ensuring that information is protected, especially when it needs to be shared with partner organisations.” Rizikon Assurance Jake adds, “Rizikon Assurance will help any organisation dramatically improve the speed and reliability of its third-party assurance processes, covering areas such as GDPR, health & safety, the Modern Slavery Act and any other requirements that they may have. It moves third party assurance from a siloed and reactive activity, to a connected, proactive continuous process that delivers a complete view of third-party risk.”
Faced with a number of security challenges and planned future expansion, a major airport decided it was time to implement a scalable security surveillance solution. Let’s take a look at how to manage such a scenario to ensure the selected solution provides scalability for growth. With the existing proprietary solution at the airport locked down to one manufacturer and littered with issues resulting in high maintenance and expansion costs, a new solution was required that would allow the airport to scale its surveillance solution in line with future expansion plans. Difficult in identifying people The low-resolution analogue cameras made it difficult to identify people during incidents Not only was the existing surveillance solution analogue and proprietary, it wasn’t intuitive and was difficult for operators to use. There were several ‘satellite’ security installations scattered in the various terminal buildings that weren’t viewable in the centralised Control Room which meant extra operators were required. The low-resolution analogue cameras made it difficult to identify people during incidents and coupled with the lack of video coverage, it gave operators poor situational awareness. Reviewing past events with the existing VMS was difficult as playback wasn’t synchronised and, without bookmarks, it was time-consuming to find important events. The combination of multiple terminal buildings and the Centralised Analogue Architecture resulted in bottlenecks and latency issues as all processing must pass through the centralised server. There was also no redundancy so if there was any failure in the system, the Control Room would no longer have the capability to view live or recorded video. Additionally, as the system was locked down to one manufacturer and the whole system had to be hardwired to the centralised server, there were very expensive expansion costs. Addressing security and scalability concerns New NVRs were specified to cope with the increase in camera streams and an extra NVR for redundancy and failoverThe required solution had multiple requirements to ensure that the existing issues were resolved and that the solution could scale with the planned expansion. With expansion planned to facilitate growing passenger numbers, an open IP based solution was specified to replace the existing analogue solution to improve situational awareness, provide scalability and integrate with a number of other systems operating in the airport. The architecture needed to limit bottlenecks, reduce latency issues, provide redundancy advantages and be scalable to allow for multiple new terminal buildings to be connected with ease. New HD cameras were specified to improve image quality and coverage, with a Video Wall required in order to view and manage the increase in video streams in the centralised Control Room. New large capacity NVRs were also specified to cope with the increase in camera streams and an extra NVR for redundancy and failover. Distributed Architecture reduces data bottlenecks A solution with Distributed Architecture was chosen as it solved multiple issues with the existing solution and facilitated future expansion without the need for a centralised server. Distributed Architecture allows data to be kept close to where it is produced or needed. When cameras, surveillance workstations, NVRs, alarm servers, integration gateways, all participate in a Distributed Architecture, data bottlenecks are minimised as all processing doesn’t need to pass through a centralised server. Distributed Architecture provides a truly unlimited and scalable solution that can easily accommodate the largest airports in the world. Enhancing situational awareness Distributed Architecture enables future expansion as it can support thousands of cameras, workstations and NVRsDistributed Architecture minimised the existing bottlenecks, reduced latency, and provided higher availability and faster access to data. It also allowed all ‘satellite’ security installations to be viewed in the centralised Control Room enhancing situational awareness. New HD cameras were installed and due to the scalability of Distributed Architecture, future cameras can easily be connected when needed. Furthermore, the scalability of Distributed Architecture enabled the airport to build new terminal buildings and connect with ease to the security solution when ready. Distributed Architecture enables planned future expansion as it can support thousands of cameras, workstations and NVRs, dramatically reducing the Total Cost of Ownership (TCO). The scalability of Distributed Architecture allows the airport to continue with planned expansion and add a single camera/NVR or a whole new terminal when needed.
Ping Identity, the provider of Identity Defined Security, announced that Bentley Systems, a software development company, has selected the Ping Intelligent IdentityTM platform to advance the priority it has placed on driving exceptional user experiences. Bentley Systems selected Ping Identity to help strengthen Bentley’s ability to bring applications to market faster and build a flexible data model to support various current and future compliance requirements. Ping stood out as the market leader of choice because of its strict adherence to standards, which is critical in supporting Bentley Systems’ aim towards providing an increasingly open and extensible technology offering. Deploying Ping Identity solutions Bentley Systems will leverage PingFederate for secure authentication and standards-based single sign-on for usersAs part of its ‘going digital’ initiative, Bentley Systems will deploy PingFederate, PingAccess, PingDataGovernance and PingDirectory in order to offer more flexibility in the solutions that support its global business. Bentley Systems will leverage PingFederate for secure authentication and standards-based single sign-on (SSO) for Bentley users. The addition of PingAccess will enable centralised authorisation as well as architectural flexibility to meet the access needs of Bentley's users around the world. With PingDataGovernance, the organisation will enforce fine-grained access controls for identity data and APIs, while PingDirectory will store and secure identity data at scale. Flexible solutions to support business and users “From our first interaction with Ping Identity, it’s been clear to us that the organisation is dedicated to our successful deployment and is a true technology partner,” said Lori Hufford, vice president of Digital Foundations, at Bentley Systems. “As a global company, having flexibility in the solutions that support our business and user base is essential. Ping offers that flexibility, while also providing standards leadership to help advance our user experience and digital priorities.”
Wintec (The Waikato Institute of Technology), established in 1924 is a major New Zealand Government-funded tertiary institution, which has three Hamilton campuses; a city site overlooking the central business district, Avalon campus on the northern outskirts of the city, and a horticultural campus at Hamilton Gardens. In addition, it has regional operations at Te Kuiti and Thames and also an office in Beijing. The Avalon campus, a ten-minute drive from the city, is home to specialist trades training facilities, a state-of the-art sport and exercise complex and custom designed facilities for the School of International Tourism, Hospitality and Events. The third Hamilton campus, the Horticultural Education Centre, is situated amidst the 58 hectares of Hamilton Gardens. On-line distance education Wintec’s programmes and qualifications are nationally and internationally recognised Wintec is one of the largest institutes of technology in New Zealand, and has more than 35,000 full-time and part-time students, more than 500 full and part time staff and eleven schools within its academic faculty. International enrolments exceed 1000 from 47 countries. A range of student services provide its domestic and international students with a high level of support so they enjoy a positive, safe and secure study experience. Wintec’s programmes and qualifications are nationally and internationally recognised and its degrees have equal status to those from universities. The degree programmes include Media Arts, Midwifery, Nursing, Occupational Therapy, Early Childhood Education, Business Studies, Engineering, Technology, Information Technology, and Sport and Exercise Science and a wide range of full and part time courses for those already in the workforce. Wintec is also recognised nationally in the delivery of on-line distance education for those unable to attend regular classes for reasons of geographical access or other constraints. Electronically controlled doors Wintec strives for a balance of unobtrusive yet robust control of site activity, essential for maintaining an open campus environment. Shane Goodall, Security Manager at Wintec, describes the approach to security as highly proactive and collaborative: “by focusing on preventing issues arising, we now have a minimal policing role and the crime resolution rate is high”. This environment is underpinned by Gallagher’s security system, a core access control, intruder alarms and integration platform. Wintec first installed the Gallagher system (formerly Cardax FT) in 1999 and has since migrated this legacy system to Gallagher’s latest security technology platform. Security for the entire organisation, including satellite sites, is managed and monitored centrally from Wintec’s single Gallagher security system. Since initial installation, Wintec’s Gallagher access control system has grown from 7 to 240 electronically controlled doors in 2009, with another 40 planned - testimony to the scalability and flexibility of the system. Network friendly system communications The organisation first installed 6 cameras in 2004 which has increased to 7 DVRs and 85 cameras Wintec has integrated its imaging system to the Gallagher system delivering a visual record which can be matched to the audit trail of events in Gallagher Command Centre software. The organisation first installed 6 cameras in 2004 which has increased to 7 DVRs and 85 cameras (both analogue and IP). Another compelling aspect of the system for Wintec is the scalability and TCP/IP network friendly system communications. As well as monitoring and controlling staff and student access, equipment including computers, TVs, printers, audio visual resources at Wintec are also monitored through the Gallagher system. The ‘Gallagher Hub’, a new computer laboratory offering comprehensive IT resources is open 24 hours. The Hub contains 125 workstations, and there are plans to extend that number. Active monitoring of equipment though the Gallagher system has significantly reduced theft. Students and staff have scheduled access to shared IT resources, classrooms and lecture theatres. Manage cardholder data ‘Cardholder Import’, an XML Interface, supports the importation of cardholder data including course enrolments from their student record system to Gallagher Command Centre. Shane comments, “Student card issuing is an automated process which is enrolment-driven – a student’s access privileges are assigned according to their enrolled courses.” “To implement this, we defined a rules-based allocation of access groups in the Gallagher system using the XML interface. The interface is ‘live’ so that changes in the student enrolments database are immediately reflected in the Gallagher system. The student’s updated access privileges come into effect without delay.” Staff that interact directly with students are now empowered to manage cardholder data enabling the security team to focus on security. Students and staff utilise Mifare SmartCard functionality extensively, embracing them as an integral multiapplication tool in their modern educational environment – SmartCards are used to issue resources from the library and as pre-stored value cards enabling prepaid printing and photocopying. In the near future they will also be used in Wintec’s Pay and Display car-park and potentially as passes onto city council buses. Electronic access control At Wintec, security is not viewed as a discrete functional activity relegated to security staff only Stewart Brougham, Director of Internationalisation at Wintec, says students have given very positive feedback about their ID cards. In particular, the ability to verify the identity of staff members from their ID access cards provides peace of mind for students. The end result is a people-friendly campus. Future enhancements of Wintec’s security may include the utilisation of the CommCard solution from Gallagher to manage and monitor access to student accommodation. CommCard is a unique high level integration between the Gallagher Command Centre software and Salto off-line readers, delivering offline, non-monitored electronic access control for lower security doors. An overriding philosophy of collaboration has seen Wintec take a lateral approach to security, the value of which many organisations have yet to realise. At Wintec, security is not viewed as a discrete functional activity relegated to security staff only. The ongoing management of security is a joint effort between the security services team and the information services team. Increasing operational security The security services team manages the Gallagher system while IT looks after back end functions such as installation on the network and backup. Wintec has leveraged the convergence of security (access control) and other operational business functions recognising the tremendous potential for reducing risk and increasing operational security, safety, performance and efficiency. Looking beyond simply controlling and monitoring who goes where and when on site, Wintec is harnessing the reporting capabilities of Gallagher Command Centre to meet regulatory requirements. The Gallagher system enables the institution to report on actual space utilisation (not just space booking). Decisions are made for best use, and also to substantiate funding, based on these reports. “The key to space utilisation reporting are the frequency of reporting and the integrity and reliability of information,” states Stewart Brougham. It’s a national issue for educational institutes in New Zealand. Extending external partnerships “For Wintec, reporting is about ensuring compliance with regulatory requirements and is also a staff time management issue – reducing the administration load on lecturers, who would otherwise have to track student attendance manually.” Brian Fleming, Director of Gallagher Channel Partner, Concord Technologies, sites this lateral application of a security system as key to maximising the value of Gallagher to Wintec. Wintec has a strong relationship with Gallagher in the ongoing development of its technologies This collaborative philosophy extends to proactive external partnerships with their Gallagher Channel Partner, Concord Technologies, for the installation and maintenance of the Gallagher system, and with system designer and manufacturer, Gallagher. Having signed an agreement to continue in the capacity of a Gallagher field test site, Wintec has a strong relationship with Gallagher in the ongoing development of its technologies. Wintec’s success, in the last 5 years, as a test site reflects the competence of both its IT and security staff and the institute’s commitment to edge student services. Minimal training has been required. Software maintenance agreement There is open communication and information sharing between all internal and external parties involved, which means any issues that arise can be quickly addressed. Wintec has committed to a site maintenance plan with their security partner, Concord Technologies. The plan incorporates both software and hardware maintenance to ensure the system is maintained on the latest operating platforms within a known cost structure. A Software Maintenance Agreement also ensures enhanced ongoing system performance and reliability of the Gallagher system. Acknowledgements Gallagher would like to acknowledge the support of Wintec and security partner, Concord, with the development of this in-site study. Gallagher would also like to particularly acknowledge and thank Shane Goodall for the pivotal role he plays in championing the collaboration of these parties and for his outstanding support of the Northern Region Cardax User Group (NZ) in the capacity of Chairman of the group.
Round table discussion
One impact of Chinese companies entering the physical security market has been an erosion in product pricing, creating what has been called the "race to the bottom". However, political forces and cybersecurity concerns have presented new challenges for Chinese companies. Adding cybersecurity increases costs, and the addition of more functionality to edge devices is another trend that has impacted product pricing. We asked this week's Expert Panel Roundtable: Has price erosion ended (or slowed down) in the security market?
Artificial intelligence is on the verge of changing the face of multiple industries – from healthcare to entertainment to finance, from data security to manufacturing to the cars we drive (or that will drive themselves!) In the physical security market, AI has garnered a lot of attention as a buzzword and as a harbinger of things to come. We asked this week's Expert Panel Roundtable: What security markets are most likely to embrace artificial intelligence (AI)?
In the digital age, software is a component of almost all systems, including those that drive the physical security market. A trend toward hardware commoditisation is making the role of software even more central to providing value to security solutions. Software developments make more things possible and drive innovation in the market. We asked this week's Expert Panel Roundtable: How do software improvements drive physical security?