Eagle Eye Networks, the provider of cloud video surveillance worldwide, announced a new partnership with Salto Systems, a global provider of access control systems. In the new and improved Salto KS application, the Eagle Eye Cloud VMS Surveillance product has been integrated via cloud to provide Salto KS customers a more cyber-secure video experience connected to access control events. Within the Salto KS mobile app, a user can confirm a person’s identity before remotely granting access t...
NTT Security, the specialized security division and center of excellence in security for NTT, announced that it has completed the acquisition of WhiteHat Security, an application security provider committed to securing applications that run enterprises’ businesses. The acquisition will strengthen NTT Security’s ability to address modern enterprise security needs that range from IT infrastructure to critical business applications, covering the full lifecycle of digital transformation...
Cook Security Group (CSG) successfully unveiled its privately branded video surveillance solution, Piko VMS, during their 2019 Technology & Innovation Summit in Portland Oregon. Health monitoring Cook named Razberi Technologies as their hardware partner to provide the intelligent appliance and health monitoring component to the new VMS brand. “While we still have strong relationships with our traditional video partners, we wanted to provide an open cloud-enabled platform to deliver...
As a security service provider with a rich history in manguarding, Allied Universal is launching a new technology platform to increase productivity and accountability of security officers and to transform guard service operations from an ‘observe and report’ mission to a ‘detect and respond’ function. Mark Mullison, Allied Universal’s Chief Information Officer (CIO), says the new Heliaus platform also uses artificial intelligence (AI) to analyze data, predict outco...
Ping Identity, the pioneer in Identity Defined Security, announced a significant update to PingOne for Customers, the cloud-delivered Identity-as-a-Service (IDaaS) offering built for developers. The API-first solution can now deliver seamless and secure push notifications from custom mobile applications that can be used for passwordless and advanced multi-factor authentication. The cloud identity solution helps development teams speed time to launch their applications, while also taking securit...
Keysight, the test and measurement vendor, has announced that Ixia, its cybersecurity and visibility business, has announced BreakingPoint QuickTest, which enables organizations to quickly evaluate the performance and security of devices and networks to assess their cybersecurity readiness. Today’s IT departments struggle against increasing network security threats while suffering from a cybersecurity skills shortage. According to Jon Oltsik, principal analyst, Enterprise Strategy Group,...
Matrox Graphics Inc. is pleased to announce a series of major updates to its award-winning Matrox Maevex 6100 Series of multi-channel 4K enterprise encoders. Supporting all of today’s most widely-used streaming protocols, the Maevex 6100 Series enterprise encoder appliances and cards now include built-in HLS support that allows enterprises to deliver multiple, dynamically-optimized streams to a broad range of devices over the internet. Maevex 6100 encoders now also support IPv6 addressing that is essential for enterprises migrating to this new Internet Protocol (IP) standard. In addition, fMP4 file format support equips administrators with multi-recording redundancy functionality to reliably preserve all recordings, while the popular MOV format is ideal for video playback and video management applications. Cloud-Service transcoding Matrox Maevex 6120 and Maevex 6150 dual- and quad-4K enterprise encoders will be in action at InfoComm 2019 Matrox Maevex 6120 and Maevex 6150 dual- and quad-4K enterprise encoders will be in action at InfoComm 2019, in Matrox booth 3055. In addition to multiple-protocol support for LAN, WAN, and internet streaming—including RTSP, RTP, MPEG2.TS, RTMP, and SRT—Maevex 6100 Series encoders now support on-device, multi-channel HLS stream delivery. Using adaptive bitrate streaming supported by HLS, Maevex 6100 Series encoders enable small and medium-sized enterprises to stream to multiple remote devices over the internet, adapting instantly to each device’s unique circumstances to ensure the best quality stream possible. The ability to dynamically serve optimized streams directly from Maevex encoders also allows organizations to save on cloud-service transcoding and/or additional software licensing costs. Network infrastructures Supporting the next-generation Internet Protocol standard, IPv6 offers an enormous leap to 340-undecillion unique-address-spaces to succeed the 4.3 billion addresses used in IPv4. The transition to IPv6 addressing is significant as Maevex 6100 Series encoders can now integrate seamlessly with network infrastructures and devices leveraging updated IP addressing. Maevex 6100 encoders support fMP4 file recording to both network and local USB locations simultaneously fMP4 file format support allows recordings from Maevex 6100 Series encoders to be more resilient to network and power failures and allows files to be easily recoverable when recordings are interrupted by these types of unpredictable events. Maevex 6100 encoders support fMP4 file recording to both network and local USB locations simultaneously, allowing administrators to have significant redundancy safeguards built directly into the encoder. The MOV digital multimedia format developed by Apple® meanwhile, is widely adopted for high-quality video playback or video editing and management applications. Lowest possible cost “Matrox Maevex 6100 Series encoders continue to make video capture, streaming, and recording easier and more effective for enterprises of all sizes,” says Ron Berty, business development manager, Matrox Graphics Inc. “Organizations are placing a tremendous amount of value on building, sharing, and storing data and content. With these latest updates, Maevex encoders ensure that highly-produced rich-media content is being delivered worldwide—at the lowest possible cost, at the industry’s very best quality, latency, bitrate utilization, and reliability possible.” The new HLS, IPv6, fMP4, and MOV updates will be available as a free Maevex firmware download from the Matrox website in early Q3 2019.
Digital Defense, Inc. announced the availability of its Frontline.Cloud app on Cortex by Palo Alto Networks – the industry’s only open and integrated AI-based continuous security platform. Building on Cortex allows partners to use normalized and stitched together data from customers’ entire enterprises to build cloud-based apps that constantly deliver innovative cybersecurity capabilities to joint customers. Frontline.Cloud is the industry's only true on-demand vulnerability and threat asset risk posture assessment app built for hybrid cloud environments. The app lets security teams focus on identifying and prioritizing the most important assets to proactively harden them against an attack without requiring agents. Protection with active threat defense Utilizing data from Cortex Data Lake, the Frontline.Cloud app enables security teams to be more effective in identifying compromised assets in order to quickly prioritise and remediate systems under attack with active threat and business context. Palo Alto Networks customers can see the app in action at the Ignite ’19 Conference in Austin, Texas on June 3-6. We are proud to be one of the first vulnerability management and threat assessment apps to be built on Cortex" “Working with Cortex’s breakthrough AI-based continuous security platform accelerates our ability to bring proactive protection with active threat defense to our client’s security operations,” said Rosanna Pellegrino, SVP of Sales and Business Development for Digital Defense. “We are proud to be one of the first vulnerability management and threat assessment apps to be built on Cortex.” AI innovations for accurate security outcomes “Cortex partners can leverage the vast amount of rich data available from across the enterprise to create AI-based innovations that provide more automated and accurate security outcomes to our joint customers,” said Karan Gupta, SVP of Engineering for Cortex at Palo Alto Networks. “We’re proud to welcome Digital Defense to our expanding ecosystem of developers building innovative apps.” Cortex is designed to radically simplify and significantly improve security outcomes. Deployed on a global, scalable public cloud platform, Cortex allows security teams to speed the analysis of massive data sets. Cortex is enabled by the Cortex Data Lake, where customers can securely and privately store and analyze large amounts of data normalized for advanced artificial intelligence and machine learning to find threats and orchestrate responses quickly.
Radiflow, a provider of industrial cybersecurity solutions for industrial automation networks, announced the availability of its iSID Industrial Cybersecurity App on Cortex by Palo Alto Networks – the industry’s only open and integrated AI-based continuous security platform. Building on Cortex allows partners to use normalized and stitched together data from customers’ entire enterprises to build cloud-based apps that constantly deliver innovative cybersecurity capabilities to joint customers. The Radiflow iSID industrial cybersecurity app on Cortex provides critical infrastructure and industrial cybersecurity through non-intrusive monitoring of distributed production networks. The app utilizes data from Cortex Data Lake for added context to create a unique risk score for each device based on proprietary attacker models and defined defense strategies. Security analysts and risk managers can prioritise their actions based on the specific context of the OT network and the potential impact on the business if an attack occurred. AI innovations for accurate security outcomes Cortex is enabled by the Cortex Data Lake, where customers can securely and privately store and analyze large amounts of data“We are excited to continue our work with Palo Alto Networks and supply OT specific analytics on data collected by Palo Alto Networks,” said Rani Kehat, Vice President for Business Development at Radiflow. “This app enables customers to leverage their Palo Alto Networks investment and subscribe to value-added OT specific risk scoring and threat detection services provided by Radiflow.” “Cortex partners can leverage the vast amount of rich data available from across the enterprise to create AI-based innovations that provide more automated and accurate security outcomes to our joint customers,” said Karan Gupta, SVP of Engineering for Cortex at Palo Alto Networks. “We’re proud to welcome Radiflow to our expanding ecosystem of developers building innovative apps.” Cortex is designed to radically simplify and significantly improve security outcomes. Deployed on a global, scalable public cloud platform, Cortex allows security teams to speed the analysis of massive data sets. Cortex is enabled by the Cortex Data Lake, where customers can securely and privately store and analyze large amounts of data, normalized for advanced artificial intelligence and machine learning to find threats and orchestrate responses quickly.
After the Innovation Summits in Athens and Langmeil and the company’s attendance at the ISC West in Las Vegas, where MOBOTIX presented the latest research and R&D successes and trends to customers and partners, ‘Spring Splash’ marks the market launch of the latest innovations. MOBOTIX is demonstrating the company’s innovative strength to both its partners and customers. “We want to exploit the potential of MOBOTIX technology and DNA and focus on quality from Germany and cybersecurity,” said MOBOTIX CEO Thomas Lausten at the various launches. MOBOTIX also sees good opportunities and growth potential for video surveillance outside the traditional security sector: “We focus our research and development activities on continuously opening up new markets for MOBOTIX – whether in production monitoring, customer behavior in retail stores, in the health care sector or in logistics – in close co-operation with our technology partners,” explains Lausten. ONVIF-Compliant MxManagementCenter The Spring Splash event sees the launch of version 2.1 of the MxManagementCenter, which is ONVIF-compliantMOBOTIX works on regularly optimizing and expanding its range of products and solutions in order to develop market-driven and future-oriented innovations and to ensure the greatest possible cybersecurity for these innovations in Langmeil, Germany. Together with the R&D colleagues of the technology partners, such as Konica Minolta, new solutions for vertical markets were developed and brought to marketability: The Spring Splash event sees the launch of version 2.1 of the MxManagementCenter, which is ONVIF-compliant like all MOBOTIX IoT and MOVE camera models. This means it complies with the worldwide open standard for IP-based security products. MOBOTIX offers its customers a simple and scalable total solution for video-supported search for a variety of applications with its new Smart Data license, regardless of the industry. Real-Time secure transmission of data The MOBOTIX Smart Data solution enables the combination of almost any multi-layered data source, such as cash register or car license plate detection systems, using the video data from MOBOTIX IoT cameras. All data can be securely encrypted and transmitted in real time, and the results can be analyzed onsite or via an Internet connection from any MxMC workstation worldwide. “Our Smart Data solution is a valuable tool, especially for our solution and technology partners, for integrating their technological developments into our MxManagementCenter,” continues Lausten. MxBell 2.1, the MOBOTIX app, is the mobile remote station for MOBOTIX IP video Door Stations and IoT cameras There will be a firmware release going online for the MxThinClient, which will enable an IP video interface to display live images from all MOBOTIX IoT and MOVE camera models and Door Stations on a monitor/TV set. Both the stability and access security of the MOBOTIX system are increased thanks to the option of direct displaying camera images without the need for operating software or even a PC workstation. MxBell 2.1 app for IP video Door Stations MxBell 2.1, the MOBOTIX app, is the mobile remote station for MOBOTIX IP video Door Stations and IoT cameras. The app’s interface underwent a facelift to improve user-friendliness and now sends push notifications for all Door Stations and camera events. Especially valuable for the user is the visitor and event documentation, which makes it possible to track events quickly and easily at any time and from anywhere. The system release Mx-V188.8.131.52 for all Mx6 x16/x26 cameras reduces bandwidth and storage requirements by 25% thanks to 3D noise reduction, among other things. In addition to data security, data economy is indispensable in the world of the IoT and is therefore of utmost importance for MOBOTIX in the interests of its customers.
Reposify announced the availability of its app on Cortex by Palo Alto Networks – the industry's only open and integrated AI-based continuous security platform. Building on Cortex allows Cortex partners to use normalized and stitched-together data from customers' entire enterprises to build cloud-based apps that constantly deliver innovative cybersecurity capabilities to joint customers. Reposify's External Surface Security app allows enterprises to become aware of their blind spots, prevent Shadow-IT in real time and gain visibility and control over their assets globally. The platform allows customers to ‘zoom in’ and explore their company's visible and invisible perimeter, discover assets and the global external surface, identify Palo Alto Networks devices, keep track of supply chain security standards, assess merger and acquisition targets, and much more. The app can be used to draw actionable remediation steps using its asset classification & association mechanism, risk prioritization algorithm, security stack integrations, global perimeter insights, and more. Becoming aware of assets Customers can utilize Reposify's data to become fully aware of both their official, as well as unofficial assets""Reposify's External Surface Security app allows customers to manage and understand the rapidly changing world of digital assets and ensure any blind spots are being protected by their Palo Alto Networks products," says Lihi Ben Arie, head of product at Reposify. "Customers can utilize Reposify's data to become fully aware of both their official, as well as unofficial assets. By looking at the wider picture, and not just their known assets, customers can now significantly reduce the chance of being blindsided by unknown threats. We are honored to be a part of Cortex and help our mutual clients get a clear picture of their external surface vulnerabilities." Automated and accurate security outcomes "Cortex partners can leverage the vast amount of rich data available from across the enterprise to create AI-based innovations that provide more automated and accurate security outcomes to our joint customers," said Karan Gupta, SVP of engineering for Cortex at Palo Alto Networks. "We're proud to welcome Reposify to our expanding ecosystem of developers building innovative apps." Cortex is designed to radically simplify and significantly improve security outcomes. Deployed on a global, scalable public cloud platform, Cortex allows security teams to speed the analysis of massive data sets. Cortex is enabled by the Cortex Data Lake, where customers can securely and privately store and analyze large amounts of data normalized for advanced artificial intelligence and machine learning to find threats and orchestrate responses quickly.
ExtraHop, provider of enterprise cyber analytics from the inside out, launched the ExtraHop for IBM QRadar app, which integrates with IBM Security Intelligence technology to stream accurate, contextual network behavioral detections into the QRadar SIEM. With Reveal(x) detections in QRadar, organizations have a complete picture of suspicious or anomalous behavior on their network, as well as the ability to perform rapid, guided investigations. This bi-directional integration lets analysts move back to ExtraHop to explore forensic detail captured from network data. The new application is freely available to the security community through IBM Security App Exchange, a platform where developers across the industry can share applications based on IBM Security technologies. As sophisticated threats evolve, collaborative development among security providers is critical to helping organizations adapt quickly and to speeding innovation in the fight against cybercrime. Security teams can search for specific events, quickly drill down to investigate IP addresses of offenders and victims in Reveal(x) Advanced Analytics To Prioritize Threats The ExtraHop app complements IBM QRadar, the company’s Security Intelligence platform, which gives organizations complete visibility into their entire infrastructure in real-time and applies advanced analytics to prioritize critical threats. Leveraging QRadar’s open application programming interface (API), ExtraHop allows joint customers to stream Reveal(x) machine learning-powered detections of anomalous and malicious behaviours into QRadar, where they can sort the events by title, risk score, update time, and more. Security teams can also search for specific events, quickly drill down to investigate IP addresses of offenders and victims in Reveal(x), and create new rules based on Reveal(x) detections of anomalous and malicious behaviours. Each detection viewed within QRadar is linked to the Reveal(x) environment, enabling analysts to quickly pivot to Reveal(x) and extract immediate, contextual details they simply cannot gather from log and netflow data alone. Automated Threat Detection Real-time detections enable SOC analysts using IBM QRadar to recognise attacks earlierRich insights (4700 metadata types) extracted in real time from network traffic are especially important to identify late-stage attack activity, including lateral movement, privilege escalation, command and control (C2), and exfiltration. Real-time detections of these and other behaviours enable SOC analysts using IBM QRadar to recognize attacks earlier, with higher confidence, and access forensic-quality detail to validate and deposition an incident with less effort and time. "Hundreds of our joint enterprise-class customers have told us that IBM and ExtraHop working together helps them adopt a security-first approach. With our powerful technical integration, global enterprises will have access to invaluable automated threat detection, correlation, and investigation," said Raja Mukerji, Chief Customer Officer and Co-Founder at ExtraHop. "Now ExtraHop and IBM QRadar app customers will have complete real-time visibility into suspicious network activity and the ability to quickly detect and investigate threats to critical assets.”
In the next three years, software as a service ‘SaaS’ is likely to grow by around 23%. That’s according to reports by Cognizance. It’s growth rests on the adoption of cloud public, private and hybrid. Without the cloud applications can’t truly pervade an organization, nor can operational or customer benefits be derived. But there’s no point in adopting the cloud if it’s not secure - the proliferation of SaaS demands security, none more so in a GDPR world. Large cloud environment But modern applications are difficult to secure. SaaS based, web, mobile, or custom made all work on different platforms and frameworks. It’s a headache managing all the APIs needed to automate and sync tools. This introduces risk. The greater the number of apps the broader the attack surface and therefore the greater the chance there will be blind posts. Keeping up to date with updates and new security policies is never easy There are also added hazards. Applications are always changing. Keeping up to date with updates and new security policies is never easy, but especially hard in a large cloud environment. Failure to adopt changes puts the organization and customers at further risk. But the biggest obstacle is keeping applications and APIs out of harm’s way. It’s a near on impossible task when attack methods and sources are constantly changing. More advanced threats To be specific there are four emerging challenges when it comes to protecting apps. Firstly, managing the good and the bad bots and spotting which is which, secondly securing APIs as IoT adoption intensifies, thirdly the relationship between securing apps and DevOps and ensuring ownership of security, and finally denial of service attacks that use newer tactics such as brute force. Basic security hygiene dictates that security teams refer to the OWASP Top 10. It’s considered the ‘ten commandments’ in security circles, providing a starting point for ensuring the most common threats and vulnerabilities are managed, detected and mitigated. Web Application Firewalls also come into the fray with guidance on testing for the ways hackers exploit vulnerabilities. However, though the basics are good to have in place, there are always more advanced threats to take care of. Bots being a big one. Bot management The more sophisticated bots will go as far as to mimic human behaviorAstonishingly about half of internet traffic is bot generated. Half of it is from bad bots. Discerning the good from the bad isn’t easy though and explains why around 80% of organizations can’t make a clear distinction between the two. Bad bots can do a lot of damage like take over user accounts and payment information, scrape confidential data, or hold up inventory and skew marketing metrics. The more sophisticated bots will go as far as to mimic human behavior and bypass tools like CAPTCHA and even device fingerprinting based protection ineffective. Securing APIs Then there’s the complications derived from machine-to-machine and internet of things (IoT) communications. The more integrated ‘things’, the more data there is, the more events there are report on, and the more activity there is reliant on APIs to make the ‘things’ useful and agile. That’s what makes them a target and the threats to API vulnerabilities include injections, protocol attacks, parameter manipulations, invalidated redirects and bot attacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks. There’s the risk that business will grant access to sensitive data, without inspecting nor protecting APIs to detect cyberattacks Denial of service (DoS) You might think there’s little to add to the swathes of denial of service warnings. Yet when businesses are still being targeted and feeling the ill effects it’s worth mentioning again that different forms of application-layer DoS attacks are still very effective at bringing application services down. Even the greatest application protection is worthless if the service itself can be knocked down This includes HTTP/S floods, low and slow attacks (famous examples being Slowloris, LOIC, Torshammer), dynamic IP attacks, buffer overflow, Brute Force attacks and more. The IoT botnets are the culprits and have made application-layer attacks so popular that they have become the preferred DDoS attack vector. Even the greatest application protection is worthless if the service itself can be knocked down. Continuous security It may seem easy to say but for modern DevOps, agility is valued at the expense of security. We see time and again examples of where development and roll-out methodologies, such as continuous delivery, mean applications are exposed to threats each time they are modified. There’s no doubt it is extremely difficult to maintain a valid security policy and protect sensitive data in dynamic conditions without creating a high number of false positives. But we now find that this task has gone way beyond the capability of humans. Organizations now need machine-learning based solutions that map application resources, analyse possible threats, and create and optimise security policies in real time. Reaching this level in security planning should be a big wake-up call that security automation is an essential not a nice to have. Running security plans The board needs to know that investment is critical to protect their profits It’s critical that the security solution your company adopts protects applications on all platforms, against all attacks, through all the channels and at all times. The board needs to know that investment is critical to protect their profits. As such there are six things they need to know: Application security solutions must encompass web and mobile apps, as well as APIs. Bot management solutions need to overcome the most sophisticated bot attacks. DDoS mitigation must be an essential and integrated part of application security solutions. A future-proof solution must protect containerized applications, severless functions, and integrate with automation, provisioning and orchestration tools. To keep up with continuous application delivery, security protections must adapt in real time. A fully managed service should be considered to remove complexity and minimise resources. No amount of human power will beat the bots. That last point is the most critical. Skill is essential in designing and running security plans and policies that work. But the plans can’t be executed without automated tools. There are just too many decisions to make in a split second. Combining both is the path to an effective app protection strategy and a stronger brand to boot.
The past decade has seen unprecedented growth in data creation and management. The products and services that consumers use every day – and the systems businesses, large and small, rely on – all revolve around data. The increasing frequency of high-profile data breaches and hacks should be alarming to anyone, and there’s a danger data security could worsen in the coming years. According to DataAge 2025, a report by IDC and Seagate, by 2025, almost 90% of all data created in the global datasphere will require some level of security, but less than half of it will actually be secured. Nuanced Approach To Data Security Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its securityThe rapid proliferation of embedded systems, IoT, real-time data and AI-powered cognitive systems – as well as new legislation like the European Union’s GDPR – means that data security has to be a priority for businesses like never before. With data used, stored and analyzed at both the hardware and software level, we need a new and more nuanced approach to data security. Security is a circle, not a line. Every actor involved in the handling and processing of data has responsibility for ensuring its security. What this means in practice is renewed focus on areas of hardware and software protection that have previously not been top of mind or received large amounts of investment from businesses, with security at the drive level being a prime example. The Importance Of Data-At-Rest Encryption In a world where data is everywhere, businesses need always-on protection. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways. Hardware-level encryption, firmware protection for the hard drive, and instant, secure erasing technology allow devices to be retired with minimal risk of data misuse. Data-at-rest encryption helps to ensure that data is secure right down to the storage medium in which it is held in a number of ways A recent report from Thales Data Threat found that data-at-rest security tools can be a great way to help protect your data. However, it’s important to note that this must be used in conjunction with other security measures to ensure that those that fraudulently gain access to your key management system can’t access your data. Ensuring Drives To Be Common Criteria Compliant One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliantDespite the clear benefits, this kind of encryption lags behind other areas, such as network and endpoint security, in terms of the investment it currently receives. The same Thales Data Threat report found that data-at-rest security was receiving some of the lowest levels of spending increases in 2016 (44%), versus a 62% increase for network and a 56% increase for endpoint security. One straightforward test any business can do to ensure its storage is as secure as possible is to check whether the drives are Common Criteria compliant. Common Criteria is an international standard for computer security certification, and drives that meet this standard have a foundational level of protection which users can build on. Providing An Additional Layer Of Security The retail industry has seen a spate of security breaches recently, with several major US brands suffering attacks over the busy Easter weekend this year. As frequent handlers of consumer card information, retailers are particularly vulnerable to attack. Data-at-rest encryption could enhance security in these instances, providing an additional layer of security between customer records and the attacker The advanced threats retailers face can often evade security defences without detection. Such a breach could grant attackers unrestricted access to sensitive information for possibly months – some breaches are known to have been detected only after consumer payment details appeared on the dark web. These types of undetected attacks are highly dangerous for retailers, which are relatively helpless to protect consumer information once their defences have been compromised. Data-at-rest encryption could significantly enhance security in these instances, providing an additional layer of security between customer records and the attacker which has the potential to make the stolen data valueless to cyber criminals. Industries In Need Of Data-At-Rest Encryption Healthcare organizations, which hold highly sensitive customer and patient information, have a strong use case for data-at-rest encryption. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack. Recent research from the American Medical Association and Accenture revealed that 74% of physicians are concerned over future attacks that may compromise patient records. With the widespread adoption of electronic patient health records, that data is increasingly more vulnerable to attack The financial sector would also benefit from further investment in data-at-rest encryption, given 78% of financial services firms globally are planning on increasing their spending on critical data, according to Thales’ Data Threat Report. It’s helpful to view security as a circle in which every piece of hardware and software handling the data plays its partSMEs and enterprises are not immune to security threats either – with growing numbers of people traveling for work or working remotely, the risk of sensitive business data becoming exposed via device theft is heightened. Usernames and passwords have little use if thieves can simply remove unencrypted hard drives and copy data across. Securing Every Hardware And Software Technology vendors often focus on aspects of hardware and application security that are within their control. This is understandable, but it risks proliferating a siloed approach to data security. There is no single line for data security -- rather, it’s helpful to view it as a circle in which every piece of hardware and software handling the data plays its part. There’s a clear need for more industry dialog and collaboration to ensure data security is effectively deployed and connected throughout the security circle and across the value chain.
Edward Snowden’s name entered the cultural lexicon in 2013, after he leaked thousands of classified National Security Agency documents to journalists. He’s been variously called a traitor, a patriot, a revolutionary, a dissident and a whistleblower, but however you personally feel about him, there’s one way to categorize him that no one can dispute: He’s a thief. There’s no doubt about it: Snowden’s information didn’t belong to him, and the scary truth is that he is neither the first nor the last employee to attempt to smuggle secrets out of a building – and we need to learn from his success to try to prevent it from happening again. Since the dawn of the digital age, we’ve fought cyber pirates with tools like firewalls, encryption, strong passwords, antivirus software and white-hat hackers. But with so much attention on protecting against cyber risks, we sometimes forget about the other side of the coin: the risk that data will be physically removed from the building. Douglas Miorandi, director of federal programs, counter-terrorism and physical data security for Metrasens, recently discussed the major risks to physical data security with SecurityInformed.com. Q: What Do You Believe Are The Main Physical Threats To Data? The biggest threats I have seen in the physical data security space have varied over the years, but there are four specific risks that remain the same across the board for any organization, which are: Every organization is at risk of having data walk out the building with that employee The Insider Threat The Outsider Threat The Seemingly Innocent Personal Item Poor or Nonexistent Screening To beginning with, every company or government agency has at least one disgruntled employee working for them, whether they know it or not, and that means every organization is at risk of having data walk out the building with that employee. That is what security experts call the insider threat. Q: What Do You Think Influences Employees To Steal Data From Their Own Organization? People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially – meaning they don’t even need to be disgruntled; they might just want a quick way to make a buck. Financial data, too, is attractive, both for insider trading and selling to the competition. People steal data from their workplaces because they see some means to an end, whether it’s to expose something embarrassing or damaging due to a personal vendetta, or because they can sell it to a competitor or the media and benefit financially This can happen to both private companies as well as government agencies. Take Natalie Mayflower Sours Edwards for example, a Treasury Department employee who was caught in the act just last month, when she disclosed sensitive government information about figures connected to the Russia investigation to a reporter. She didn’t hack the system, she simply used a flash drive. And let’s not forget that Snowden was a contractor working for the NSA. Q: Many Of Us Think Of Security Threats Coming From An Outsider, Do Companies Still Face These Type Of Threats? Yes. Unfortunately, organizations do not only need to worry about their own employees – companies and government agencies need to be wary of threats from outsiders. COTS devices include SD cards, external hard drives, audio recorders and even smart phones They can come in the form of the corporate spy – someone specifically hired to pose as a legitimate employee or private contractor in order to extract information – or the opportunistic thief – a contractor hired to work on a server or in sensitive areas who sees an opening and seizes it. Either one is equally damaging to sensitive data because of the physical access they have. Q: Whether It Be An Insider Threat Or An Outsider Threat, What Are Ways These Individuals Can Steal Sensitive Data? There are two types of personal items that can be used to steal data: the commercially available off-the-shelf (COTS) variety, and the intentionally disguised variety. This is considered risk number three – the seemingly innocent personal item. COTS devices include SD cards, external hard drives, audio recorders and even smart phones, any of which can be used to transport audio, video and computer data in and out of a building. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom. Intentionally disguised devices are straight out of the spy novel; they could be a recording device that looks like a car key fob, or a coffee mug with a USB drive hidden in a false bottom Q: What Is The Difference Between COTS And Disguised Devices? The difference between COTS and disguised devices is that if someone gets caught with a COTS device, security will know what it is and can confiscate it. The disguised device looks like a security-approved item anyone could be carrying into the workplace, making it especially devious. Sometimes these devices don’t just function to bring information out of a building; they are used to damage a server or hard drive once it’s plugged in to a computer or the network. Some are both – a recording device that extracts data and then destroys the hard drive. Companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening peopleQ: With These Types Of Discrete Items, Can Security Personnel Still Catch Individuals In The Act? For Example, Through Security Screenings? Poor or nonexistent screening is the most substantial security threat to any organization when it comes to sensitive data. Whether it’s an employee, an outside contractor or a device, the physical security risks are real, and everyone and everything entering and leaving a building needs to be screened. Unfortunately, screening often isn’t occurring at all, or is ineffective or inconsistent when it does occur. Even companies with airtight cyber security protocols can sometimes fall down when it comes to physically screening people and stopping them from stealing data through recording devices. Q: It’s Surprising That So Many Organizations Would Neglect Physical Security When Protecting Their Data. It’s a huge mistake, and the consequences can be dire. They range from loss of customer trust, exorbitant lawsuits and tanking stock prices in the private sector; and risks to national security in the public sector. Costs and resource allocation increase as well during efforts to reactively fix or mitigate the effects of physically stolen data. For both the private and public sectors, the risk for data to be physically removed from a building has never been greater. Years ago, it was much harder for the average Joe to figure out where they could sell stolen data. Now, with the Deep Web, anyone with Tor can access forums requesting specific information from competing spy agencies, with instructions on how to deliver it, greatly reducing the risk of getting caught – and increasing the likelihood people will try it. Although it’s getting easier to sell data, the good news is that all of these threats are avoidable with the right measures. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack Q: So How Can An Organization Protect Against These Risks? There are a number of ways – and the first one requires a change of mindset. Not long ago, the building/physical security department and the IT/cybersecurity department were considered two different entities within an organization, with little overlap or communication. organizations now are realizing that, because of the level of risk they face from both internal and external threats, they must take a holistic approach to data security. Physical data security and cybersecurity must be considered the yin and yang of an airtight policy that effectively protects sensitive or confidential assets from a malicious attack. Q: How Can Companies And Government Agencies Combine Both Physical Data Security And Cybersecurity Initiatives? Physical security managers can advise cybersecurity managers on ways to reinforce their protocols – perhaps by implementing the newest surveillance cameras in sensitive areas, or removing ports on servers so that external drives cannot be used. Organizations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try In turn, the cybersecurity team can let the physical security team know that they have outside contractors coming in to work on the server, and the physical security team can escort the contractors in and stand guard as they work. Constant communication and a symbiotic relationship between the two departments are crucial to creating an effective holistic security protocol and, once you’ve got the momentum going, don’t let it slow down. Sometimes efforts start off strong and then peter out if priorities change. When guards are down, it’s an excellent time for a malicious actor to strike. organizations need to create an effective program and ensure it stays effective so people know it’s not worth the hassle to try. It’s not just about the mentality, though. Using the right technology is just as important. Q: What Type Of Technology Can You Use To Protect Physical Data? Many problems can be avoided by simply using the right technology to detect devices that bring threats in and carry proprietary information out. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them. Using a ferromagnetic detection system (FMDS) as people enter and exit a building or restricted area means that anything down to a small microSD card triggers an alert, allowing confiscation or further action as needed. Electronics such as hard drives, cell phones, smart watches, SD cards and recording devices have a magnetic signature because of the ferrous metals inside them Q: How Does FMDS Work? In the most basic terms, FMDS uses passive sensors that evaluate disturbances in the earth’s magnetic field made by something magnetic moving through its detection zone. Nothing can be used to shield the threat, because FMDS doesn’t detect metallic mass; it detects the magnetic signature, down to a millionth of the earth’s magnetic field. FMDS is the most reliable method of finding small electronics items and should be part of the “trust, but verify” model Although it is a passive technology, it is more effective and reliable than using hand wands or the walk-through metal detectors typically seen in an airport, which cannot detect very small ferrous metal objects. FMDS can see through body tissue and liquids, so items cannot be concealed anywhere on a person or with their belongings. Whether or not the items are turned on doesn’t matter; FMDS doesn’t work by detecting a signal, but rather by spotting the magnetic signature that electronics contain. This is ideal, because most recording devices do not emit any signal whatsoever. In my experience, FMDS is the most reliable method of finding small electronics items (as well as other ferrous metal objects, like weapons), and should be part of the “trust, but verify” model, in which companies assume the best of their employees and anyone else entering the building, but still take necessary precautions. Q: What Are The Key Takeaways For Organizations Looking To Enhance Data Security? The toughest challenge in the security sector – whether it’s cyber or physical – is remembering that the bad guys are constantly looking for ways to slip in through the cracks, and security departments need to stay one step ahead to ward off both internal and external threats. Recognizing the existing threats, putting together a holistic security strategy, and using the right technology to detect illicit devices comprises an effective three-pronged approach to protecting an organization’s data. Organizations cannot afford to be passive about security and assume employees won’t steal data and spies won’t sneak in. Strong countermeasures are necessary because data loss can come from both inside and outside, in both private and public sectors, from places not everyone thinks of – and with technology like FMDS acting as a backup to the human element, organizations can lock down their data and keep the wolves in sheep’s clothing from getting through the door.
Nexkey says its mission is to disrupt the access control market and ‘change the way people experience access to physical places’. The startup is embracing the latest buzzword for access control – frictionless – while also enabling electronic access control for doors currently protected by mechanical locks. The system is simple with only three components – a controller, an electronic replacement lock core, and a smart phone app. The ‘controller’, a combined reader and access control panel, is used to connect to existing electric strikes, mag locks, electronic push bars and other hardware components at the door. It also communicates via Bluetooth with a smart phone credential. Users approach a door, choose the door they want to open in the app, and wait for the app to say ‘unlocked’. Replacing Key Cards And Fobs With App Access rights are customized for each user, and doors can be unlocked remotely to allow a delivery guy or guest to enterThe electronic ‘core’ device can be switched out with existing mechanical lock cores to provide electronic access control in locks such as deadbolts, mortise locks, Euro-cylinders, levers and camlocks. It is compatible with 95 percent of mechanical locks, using a changeable tail piece to adapt to various configurations. The core communicates via Bluetooth with a smart phone credential that links to a cloud system. Users approaching a door open the app, tap the core, and wait for the app to say ‘unlocked’. A Nexkey goal is to ‘replace all keys, key cards and fobs with one app’. The Nexkey app recognizes which ‘key’ goes to which door and reveals the right key as you approach. ‘Keys’ are created and access rights are assigned from a smart phone, using email addresses and phone numbers to verify identity. Temporary codes can be texted for one-time entrance for cleaning crews or contractors. Access rights are customized for each user, and doors can be unlocked remotely to allow a delivery guy or guest to enter the building. The Nexkey Portal provides a snapshot of system operation, who enters which door at what time, and logs that can be reviewed and downloaded for audit reports. Affordable Access Control Systems For SMBs Nexkey is targeting the small- and medium-sized business (SMB) market, basically companies with 20 to 500 employees, which are looking for access control systems that are affordable and easier to manage. The Nexkey controller costs $999, and the core is $499. Monthly fees start at $15 to $29 per month per door, but the prices go down as additional doors are added. Nexkey is targeting the SMB market, which are looking for access control systems that are affordable and easier to manage Larger enterprises tend to want out-of-the-box integration with alarm systems and video, which Nexkey does not offer, so SMB is their “sweet spot,” says Eric Trabold, CEO. There is an API (application programming interface) that integrates with third-party applications. According to Nexkey’s customer surveys, 30 percent of customers say they bought Nexkey to have a simpler access control credential (a smart phone instead of a key, card or fob). Another 30 percent favor simplified management and quick access through the app. Some 17 percent like the ‘unified’ experience to manage shared, single and multiple workspaces using smartphone credentialing and a cloud-based system. Involving Security Dealers And Integrators Nexkey announced a ‘dealer program’ at the recent ISC West trade show in Las Vegas, and interest was highIn the early days, Nexkey looked to work directly with businesses to foster communication and to gain understanding of how the product can best be deployed. Having gained that insight, the ‘next level’ is to engage security dealers and systems integrators to install the system, says Trabold. Nexkey announced a ‘dealer program’ at the recent ISC West trade show in Las Vegas, and interest was high. Trabold says 134 integrators/dealers sought to engage. In coming weeks, the company will be finalizing that program, enhancing the dashboard to enable dealers to manage the system on behalf of their customers, for example. “We will be looking at how we can go from that amazing level of interest to being actively engaged with partners in the channel,” says Trabold. Using NPS To Measure Product Quality Nexkey uses the Net Promoter Score (NPS) as a benchmark for how well the product is accepted in the marketplace. NPS measures the quality of a product by analyzing how likely customers are to recommend it to a friend or colleague. As an example, Apple currently has an NPS of 65%. In comparison, Nexkey has achieved a score of 60 percent, and is looking to improve it even more. “A year from now, we want to get the same positive feedback from our dealer/integrator community,” says Trabold. “That’s the challenge, engaging with partners and scaling the business forward. We still have work to do.”
In today’s technology-driven markets, a platform is a business model that connects producers and consumers in an interactive ecosystem. Some examples of platforms are Uber and Airbnb, which have disrupted and transformed traditional markets. Isn’t it time to deploy the platform model in the physical security industry? That’s the goal of the Open Security & Safety Alliance (OSSA), a non-profit organization. Interactions And Exchange The book ‘Platform Revolution’ defines a platform as ‘a business based on enabling value-creating interactions between external producers and consumers.’ The description continues: ‘The platform provides an open, participatory infrastructure for these interactions and sets governance conditions for them. The platform’s overarching purpose is to consummate matches among users and facilitate the exchange of goods, services, or social currency, thereby enabling value creation for all participants.’ Platform For Security And Safety Solutions OSSA’s plan is to build a common standardized platform for security and safety solutions. Founding members are Bosch Building Technologies, Hanwha Techwin, Milestone Systems, Pelco and VIVOTEK. Anyone can join the alliance, which is growing rapidly and gaining traction as the Internet of Things (IoT) expands. OSSA’s plan is to build a common standardised platform for security and safety solutions OSSA members could be found throughout the recent ISC West show in Las Vegas, and a social event after hours at the show brought them together and set the tone for development to come. A Technology Stack “We want to create an ecosystem, define a common market approach and open new market opportunities,” says Johan Jubbega, OSSA President. “We want to go from a product business to a platform business. It’s better for us and better for the end-users.” OSSA seeks to develop a specification for a common Technology Stack to cater to innovation and reduce fragmentation within the security and safety market, according to OSSA. Its mission is complementary to organizations like ONVIF. Video Information And Low Friction The video surveillance industry creates vast amounts of information in the form of video, but typically less than 1 percent of that data is used by today’s video surveillance systems – think about that one or two frames of video among thousands that might be used to solve a crime, for example. The rest of the data remains unused, and yet the potential value of the data is huge. OSSA seeks to create a platform to leverage the value of the data. “If we don’t unlock that value in our industry, someone will do it for us,” says Jubbega. OSSA is developing a vendor-agnostic operating system that simplifies low-level device integration and standardizes elements such as cybersecurity and security update patches Among the important elements in developing the platform are to create a level of trust among all the stakeholders involved, and to lower the ‘friction’ involved in participating in the platform. “We want to make it easy and fun to do business with anyone who joins the platform,” says Jubbega. “By taking away the friction, we will create scalability.” System-On-Chip Development of customisable system-on-chip (SoC) components in today’s video cameras provide the capacity to host a variety of ‘apps’ to expand system functionality and leverage the value of data. OSSA is developing a vendor-agnostic operating system that simplifies low-level device integration and standardizes elements such as cybersecurity and security update patches. Building on top of that operating system, vendors can create new levels of differentiation. “Our purpose is to start from a common business model to spur innovation and add value for users,” according to OSSA. Cybersecurity And Data Protection SAST is creating the operating system and setting up the IoT infrastructure to make apps available Simply speaking, app developers can use the standard operating system to build new functionalities that can easily be ‘loaded’ on cameras and sold in an ‘app store’ scenario. Security and Safety Things (SAST), a Bosch startup and member of OSSA, is creating the operating system and setting up the IoT infrastructure to make the apps available. Development of these elements is happening concurrently with the evolution of OSSA. “We offer you an opportunity to come with us on this journey,” Jubbega told attendees at the ISC West social event. “We want to have a common approach to tackling cybersecurity and data protection – to raise the bar in the industry. You can still differentiate, but from a higher base.” OSSA members who exhibited at ISC West included Anixter Inc., Bosch Building Technologies, Hanwha Techwin, Milestone Systems, NetApp Inc., Pelco, SAST, Socionext Inc., United Technologies and VIVOTEK Inc.
Unmanned aerial vehicles (UAVs), or drones, present a range of threats, from the careless and clueless to the criminal. While many incidents may seem harmless, the threat to any location at any time depends on a range of factors. Drones are inexpensive for criminals to buy or make, and there are continuously improving battery, airspeed, and payload capabilities. UAVs can also fly without an RF signal to jam or hack. Fortunately, sensor technologies including radar are available for security agencies and personnel to protect assets and the public. Radio-Wave Signals Radar works as a deterrent by sending out a radio-wave signal using a transmitter antenna, and a small portion of that signal reflects off objects in its path and returns to a receiver antenna. The highest performing radars use an antenna technology called Active Electronically Scanning Array (AESA), which enables all-electronic reconfiguration of the antennas. When an AESA radar detects an object, it can ‘focus’ its antennas to track the object, in much the same way as the zoom on a camera does. Multiple objects can be tracked while continuing to scan. Kirkland, WA-based Echodyne offers a radar product that brings these ESA capabilities to non-military security applications at commercial price points. Combining proprietary hardware with intelligent software, Echodyne produces a compact, solid-state, electronically scanning array Echodyne’s ESA Radar Echodyne says they are reinventing radar price-performance for security applications in the ground (people, vehicles) or air (counter-UAS) domains. Combining proprietary hardware with intelligent software, Echodyne produces a compact, solid-state, electronically scanning array (ESA) radar that is affordable for commercial, law enforcement, and governmental customers. The company is backed by high profile investors, including Bill Gates, Madrona Venture Group, Vulcan Capital, NEA, and Lux Capital. “Radar is a sensor,” says Leo McCloskey, Echodyne VP Marketing. “It is most applicable when security professionals can both understand its capabilities and define risk assessment and deployment requirements that call for those capabilities. Our customers are primarily security system integrators and consultancies, which integrate the performance of radar into a sensor array that meets mission requirements.” Radar Technology For Border Surveillance Echodyne was selected by the Science and Technology Directorate of the Department of Homeland Security (DHS) for its Silicon Valley Innovation Program (SVIP) to demonstrate the performance of its radar technology for border surveillance applications. The radar was deployed both in fixed remote surveillance towers and as a lightweight rapid deployment kit for field agents. Able to surveil ground and air domains, the radar combines versatility and commercial price with surveillance capabilities. “We set out to build the world’s best compact, solid-state ESA radar sensor, and we are demonstrating that we’ve reached that objective,” says McCloskey. “We’re excited to introduce these capabilities for other security applications.” Able to surveil ground and air domains, the radar combines versatility and commercial price with surveillance capabilities MESA Technology Echodyne’s proprietary technology provides a small true electronically scanning array (ESA) radar. Unlike expensive Active ESA (AESA) phased array radars, MESA requires no physical phase shifters, thus reducing the cost, size, weight, and power by several orders of magnitude while maintaining all the benefits of fast ESA radar. Echodyne combines its MESA technology with an intelligent software suite, Acuity, to produce a configurable, software-defined radar for commercial, law enforcement, and governmental security applications. The capability is also useful for temporary events such as rallies and marathons, and many other market applications “Technology seems to make everything more available to more people over time,” says McCloskey. “What is a retail product today will be a purchased self-assembly kit tomorrow and an improvised self-made drone the following day. The Federal Aviation Administration (FAA) is diligently at work on creating rules for safe UAV operation, though any final rules remain some distance off. As drone volumes increase, delineating friend from foe in the airspace requires clear legal and regulatory frameworks, which are nascent but would help distinguish the threat of nuisance flyers from illegal overflight.” Radar Sensor For Security Applications “Detecting and tracking airspace objects of interest is imperative for airports, chemical plants, oil and gas installations, refineries, water and energy utilities, stadiums and other public spaces”, says McCloskey. The capability is also useful for temporary events such as rallies and marathons, and many other market applications. “As with any product, our applicability will depend on variables like location, terrain, risk assessment, and existing security technologies,” says McCloskey. “Our mission is to deliver the very best radar sensor for security applications.”
Everbridge, Inc., the global pioneer in critical event management, announced that it has been awarded a multi-year contract to support the deployment of Australia’s next-generation national early warning system. In combination with Australia’s major telecommunications companies, the Everbridge Public Warning solution will be used to power Emergency Alert in Australia, providing population-wide alerting to help reach the country’s over 25 million residents and approximately 9 million annual visitors. If residing within an area where a sudden, critical event occurs such as fire, extreme weather or a terror attack, residents and visitors to Australia will receive location-based SMS notifications on their mobile phones, in addition to smart phone mobile app notifications and fixed line voice alerts, among other modalities. Supports first responder communications Everbridge Public Warning leverages telecom infrastructure to reach everyone within a geographic areaEverbridge Public Warning leverages existing telecom infrastructure, with no opt-in required, to reach everyone within a geographic area to reduce disaster risk, support first responder communications, and analyze disaster communication effectiveness for subsequent mitigation activities. “Our Public Warning solution enables government organizations and public safety agencies to immediately connect with every person in an affected area during a critical event regardless of nationality, residency or mobile telephone handset type,” said Jaime Ellertson, Chief Executive Officer and Chairman of Everbridge. “Australia has served as a model example for population-wide alerting and emergency preparedness over the past decade, and we are honored to support them on the evolution of their national system.” The next-generation system is scheduled to become operational in 2020.
Everbridge, Inc., the global pioneer in critical event management software that helps keep people safe and businesses running, announced that its mass notification solution will be used to power alerts for Nashville and Davidson County, Tennessee in times of emergency. The Metro Emergency Alert & Notification System (MEANS) will deliver safety instructions via cell phone, landline, and SMS for localized emergencies such as flooding, public health emergencies or active shooter situations. “This is an important way for us to keep the community updated on incidents happening in Nashville and Davidson County,” said Chief William Swann, Director, Nashville Fire Department. “The Everbridge system will be leveraged by Metro Government to communicate directly to the public. Residents and visitors can feel confident that when they receive alerts, they are getting accurate information straight from a Metro public safety agency.” Everbridge Mobile App delivers alerts to cell phones based on a user’s physical location during emergency Receiving alerts on cell phones Metro officials also urge residents to download the Everbridge Mobile App, which brings the added security of delivering alerts to cell phones based on a user’s physical location at the time of an emergency. “The Everbridge app provides Metro with a key alerting capability because it enables us to send safety instructions to residents who happen to be in the vicinity of an emergency in real time,” said Department of Emergency Communication’s Director Michele Donegan. Nashville joins a growing list of America’s largest cities, counties, and entire states that have rolled out the Everbridge platform including the cities of New York, Philadelphia, New Orleans, Atlanta, Houston, Phoenix, San Francisco, Tampa, and Washington, DC; hundreds of counties including Napa, Sonoma, Ventura, Miami-Dade, Palm Beach, Cook, Harris, and Maricopa; and the states of Florida, Connecticut, Vermont, and New York.
Mobile-device and application-security technology company Trustonic announces that Hyundai Motor America will demonstrate its new Digital Key app, secured by Trustonic Application Protection, at the New York International Auto Show 2019. The Digital Key will launch with the all-new 2020 Hyundai Sonata in the fall. Hyundai’s Digital Key is a downloadable smartphone app that can replace a traditional car key by leveraging Near Field Communication (NFC) to detect an authorized smartphone. An NFC antenna is located in the driver’s door handle for locking and unlocking while a second antenna for starting the engine is located in the wireless charging pad in the center console. Seamless Vehicle Sharing The Digital Key allows a smartphone to control select vehicle systems remotely using Bluetooth Low Energy (BLE) communication Once authorized, the Digital Key allows a smartphone to control select vehicle systems remotely using Bluetooth Low Energy (BLE) communication. A user can lock and unlock the vehicle, activate panic alert and start the engine within a range of about 30 feet of the car. The new Digital Key can be utilised by up to four authorized users, facilitating seamless vehicle sharing. Users’ preferred settings are also stored in the car, meaning that when a user is recognized, the vehicle automatically adjusts settings for side mirrors, radio presets, sound settings, and seat positioning. Hyundai is using Trustonic Application Protection (TAP) to secure the Digital Key. TAP ensures that Digital Key transfer requests are securely displayed to and approved by a real, authenticated user on a trusted device. Cybersecurity Approach TAP utilizes a multilayered industry-recognized security approach for communication to and from the customer’s phone. “Hyundai has been a leader in connected car technology for a long time now, with new features like Apple CarPlay, Android Auto, Smartwatch and Smart-speaker integration into our vehicles,” said Manish Mehrotra, director of digital business planning and connected operations, Hyundai Motor America. “Digital Key adds convenience for 2020 Sonata owners and allows us to be ready for future shifts in the mobility space, such as car sharing. We chose Trustonic because of their multilayered, industry recognized cybersecurity approach.” Vehicle-Function Permissions Hyundai’s Digital Key will enable easy car sharing and improved user experiences" Car owners have a deeper level of access than other authenticated users, enabling them to set vehicle-function permissions and the duration of access for each shared user. This enables uses beyond car sharing, such as enabling couriers to access the trunk within a pre-agreed window of time to deliver a package. Future uses that the app could enable include car rentals, triggering an alarm when a vehicle travels outside a designated area and remote control of features, such as autonomous parking. Ben Cade, CEO, Trustonic, adds, “Consumers expect to be able to manage their lives on their smartphones, and this includes their vehicles. Hyundai’s Digital Key will enable easy car sharing and improved user experiences for drivers—and as international leaders in app security, it’s up to us to ensure this can happen in a scalable and secure way.”
Boon Edam Inc., a provider of security entrances and architectural revolving doors, announces that RagingWire Data Centers has installed Boon Edam’s Tourlock 180+90 security revolving doors as part of its integrated access systems that protect their data centers in Ashburn, Va. and Sacramento, Calif. Founded in 2000, RagingWire was one of the first companies that helped to build the multi-billion dollar global data center colocation industry. Now, RagingWire is the North American data center platform within the portfolio of NTT Communications, which operates 140 data centers in 20 countries worldwide, making RagingWire one of the largest and most financially solid data center companies in the world. Demanding Hyperscale Cloud RagingWire is recognized as an industry leader in data center security and overall customer experience"RagingWire uses Tourlock security revolving doors at its Ashburn VA3 Data Center, which features 245,000 square feet of space and 16 megawatts of critical power, and its Sacramento CA3 Data Center, which is a 180,000 square foot facility with 14 megawatts of critical power. VA3 and CA3 are part of RagingWire’s portfolio of data centers in Ashburn, Northern California and Dallas, Texas. “As the colocation data center of choice for some of the most demanding hyperscale cloud and enterprise companies, RagingWire is recognized as an industry leader in data center security and overall customer experience,” said Mark Borto, CEO of Boon Edam Inc. “We are proud to provide an important part of RagingWire’s sophisticated, multi-layer, integrated security system.” Provide Efficient Passage Boon Edam’s security revolving doors provide efficient passage for hundreds of people daily at RagingWire’s data centers. The doors prevent piggybacking and tailgating during both entry and exit by using a combination of sensors to recognize shapes, size and volume in three dimensions, and then stopping the door when a violation occurs. Our customers expect our security entrances and anti-tailgating technologies to be extremely fast and accurate" The state-of-the-art system also generates an accurate picture of exactly who is in the building at all times. “Our customers expect our security entrances and anti-tailgating technologies to be extremely fast and accurate,” said Eddie Ankers, Director of Corporate Security at RagingWire. Analyze Suspicious Behavior “By adding these doors to our defense-in-depth security strategy, we are providing the best possible protection system for our customers’ mission critical equipment.” In addition to Boon Edam’s Tourlock security revolving doors, RagingWire’s layered security approach features highly trained, 24x7 security staff, biometric scanners, badge readers, intelligent high-definition video cameras that analyze suspicious behavior, anti-tailgate mantraps, a building-within-a-building design, anti-climb perimeter fencing, concrete bollards in front of building entryways, and an anti-ram security gate.
Vicon Industries Inc. (VCON: OTCQB Venture Market) ("Vicon"), designer and manufacturer of video surveillance and access control software, hardware and components, announced today that Louisa County Public Schools, in Northern Virginia, has completed installation of a district-wide Vicon Valerus video management solution that encompasses its six school buildings and connects nearly 400 cameras. The system includes multiple application servers and NVRs running Valerus VMS software, as well as a wide range of Vicon IP megapixel camera models. The district has opted to share camera access with the Louisa County Sheriff’s Department, whose officers can use iPads and smartphones to immediately call up video through the Valerus VMS interface in case of an emergency. This allows them to visually assess any situation and locate the perpetrator before sending in officers. Vicon Sponsored Training Class The Valerus solution was chosen by Louisa County Public Schools because of Vicon’s willingness to provide the district’s in-house electricians and technical team with as much autonomy as possible in setting up and managing the system. After participating in a Vicon sponsored training class, the district has been self-sufficient in its ability to install, program and troubleshoot Valerus. David Szalankiewicz, LCPS Facilities Director, says "Vicon’s technical team has supported our in-house guys directly with training and certification so that we feel completely in control." Ron Lapsley, Vicon’s Regional Sales Manager who worked on the project, explains, "Vicon understands that the technical capabilities and service needs are different for each customer, and we’re glad to provide the right level of support that makes sense. In many cases, the manufacturer relationship is as important as the product itself in making sure a customer is satisfied."
HID Global, a worldwide provider in trusted identity solutions, announced that 85-year-old fire protection provider RAEL Automatic Sprinkler Company and integrator Automated Decision have deployed HID Trusted Tag Services at one of Manhattan’s most iconic skyscrapers. The combined solutions help secure, digitize, automate and streamline inspection and maintenance of the building’s massive fire and safety sprinkler system. "HID Trusted Tag Services are a real competitive differentiator for us when we bid for projects now," said David Israel, President, RAEL Automatic Sprinkler Company. "We plan to deploy it in other noteworthy buildings and we’re exploring using it for other mission-critical equipment we inspect and repair as well." The RAEL solution incorporates HID Trusted Tag Services into Automated Decisions’ work order management system and mobile inspection app HID Trusted Tag Services HID Trusted Tag Services empower robust Internet of Things (IoT) applications by attaching unique and trusted identities to virtually any object that can be read by mobile devices. Smartphones and other devices can then be used for innovative use cases, without compromising the privacy of end users. The RAEL solution incorporates HID Trusted Tag Services into Automated Decisions’ work order management system and mobile inspection app. The deployment includes HID’s trusted and tamper-evident NFC tag using dual NFC and QR code technology; unique cryptographic authentication and a unique QR code placed on every component of the RAEL sprinklers. After authenticating to HID’s cloud authentication service, RAEL technicians move through the building, tapping each applied tag with their mobile devices to authenticate upon completion of their component inspection or repair. Proof Of Presence Each individual tap generates a unique encrypted code appended to a URL to provide proof of presence. This process confirms the technician was physically at the site and conducted the required sprinkler inspections and repairs. "Proof of presence was critical for us,” said Israel, “as property managers are now expected to deliver a much higher level of compliance reporting." The solution also logs the user, tap time and date into the Automated Decisions work order management platform. Mobile online access provides inspectors with service request maintenance records, sprinkler part specifications, diagrams and photographs. Combined HID and Automated Decisions solution has enabled faster, more efficient inspections and repairs Combined Tag Services And Mobile Devices "That RAEL and Automated Decisions are leveraging our offering for fire and safety at an immense, iconic skyscraper reinforces the breadth of IoT use cases that our identification and sensing portfolio addresses," said Mark Robinton, Director of Business Development & Strategic Innovation, Identification Technologies with HID Global. "Facility managers are also increasingly seeking to combine the use of HID Trusted Tag Services and mobile devices to automate other safety and security functions, including guard tour and key management, as buildings become more intelligent and connected." In addition to providing peace of mind to RAEL and their property management clients, RAEL also reported the combined HID and Automated Decisions solution has enabled faster, more efficient inspections and repairs, improved first-time fix rates and fewer repeat visits.
Round table discussion
Ethical hackers are familiar to the world of cybersecurity. As cybersecurity awareness increases in physical security, they are also playing a larger role to ensure the safety of networked and information technologies used in our market. We asked this week’s Expert Panel Roundtable: What is the role of ‘ethical hackers’ to ensure cybersecurity of networked products in the physical security market?
The new year 2019 is brimming with possibilities for the physical security industry, but will those possibilities prove to be good news or bad news for our market? Inevitably, it will be a combination of good and bad, but how much good and how bad? We wanted to check the temperature of the industry as it relates to expectations for the new year, so we asked this week’s Expert Panel Roundtable: How optimistic is your outlook for the physical security industry in 2019? Why?
The concept of how security systems can contribute to the broader business goals of a company is not new. It seems we have been talking about benefits of security systems beyond “just” security for more than a decade. Given the expanding role of technologies in the market, including video and access control, at what point is the term “security” too restrictive to accurately describe what our industry does? We asked the Expert Panel Roundtable for their responses to this premise: Is the description “security technology” too narrow given the broader application possibilities of today’s systems? Why?