Business security systems
A study from Exabeam, the Smarter SIEM™ company, revealed that more than one-third of security professionals' defensive blue teams fail to catch offensive red teams. The survey, conducted at Black Hat USA 2019, also showed that 68% find red team exercises more effective than blue team testing, and more companies are practising red over blue team testing. As cyberattacks become increasingly sophisticated and hack techniques become more highly targeted, organizations must learn how di...
Ping Identity, a provider of Identity Defined Security, announced that Kevin Sellers has joined the company's leadership team as the global chief marketing officer. Sellers leads all aspects of the company's marketing function, with a focus on accelerating expansion in the enterprise market and growing Ping's brand globally. An accomplished business leader with a strong track record of scaling global brands, Sellers brings more than 20 years of global marketing leadership experience in the te...
DMP names Edward Zachar to the position of dealer development manager in the company’s Los Angeles region. He will be responsible for developing new sales and providing on-going service to the area’s DMP-authorized dealers, helping them grow their businesses. Zachar has had many successful years managing sales teams. Most recently, he worked the last 10 years with Johnson Controls Security Solutions as regional government account manager. He also served Johnson Controls as sales man...
The cyber security threat is constant and real. Entire businesses, large enterprises and even whole cities have been vulnerable to these attacks. Growing threat of cyber attacks The threat is not trivial. Recently, two cities in Florida hit by ransom ware attacks – Rivera Beach and Lake City – opted to capitulate and pay ransom totaling more than $1.1 million to hackers. The attacks had disrupted communications for first responders and crippled online payment and traffic-ticketing...
BitSight, the Standard in Security Ratings, announced BitSight Enterprise Analytics, the latest Security Performance Management solution available on the BitSight platform. BitSight Enterprise Analytics helps security and risk leaders quickly gain insight into the impact of risk introduced at the organizational group level – from subsidiaries to business units and departments – enabling them to identify the areas of highest risk concentration within their organizations. The solution...
The Spanish SMBs subscribed to Conexión Segura Empresas have avoided more than 80,000 potential cybersecurity incidents since the solution was launched in May. Of those, more than 89% of blocks occurred when users tried to access risky domains or websites, as a result of ‘phishing’. Combating rising cybercrime “The service that Telefónica Empresas offers to its customers has been launched at a moment of high level of cybercrime, in which a new threat is created...
Ring, whose mission is to make neighborhoods safer, announced Ring for Business to provide business owners with the ability to protect their companies with Ring Alarm and Ring Video Doorbells and Security Cams the same way that homeowners have been doing for years. Small businesses are an integral part of our communities and, thanks to Ring, they now have access to smart, DIY security that’s free from long-term commitments, hidden fees and professional installation. With Ring for Business, businesses across the U.S. and Canada can enhance their security while helping make neighbourhoods safer. Affordable security option for companies Traditional commercial security options are often rigid, expensive and difficult to install"Jamie Siminoff, founder and Chief Inventor of Ring, said: “One in 4 small businesses are impacted by burglary or theft. As an entrepreneur, I know firsthand that business owners put everything they have into their work, and it’s important to protect that. Traditional commercial security options are often rigid, expensive and difficult to install." “Because of this, we noticed some businesses using our devices to monitor and protect their properties. Developing Ring for Business, a more affordable and straightforward security option for companies, was a natural next step in our mission to make neighbourhoods safer – both at home and at work.” Remote monitoring and protection of property Ring for Business empowers customers to monitor and protect their property, across multiple locations, remotely from a single app. A professionally monitored security system that includes Ring’s wired and battery powered indoor and outdoor security cameras, Ring for Business offers affordable, commitment-free, 24/7 monitoring, and 60-day video event recording for unlimited cameras for just $10 per month per location. Battery and LTE cellular backup enable professional monitoring even if the power goes out or broadband is unavailable. With Ring for Business, we spend less time worrying about our building and our security""Ring for Business is super useful because it frees us from being at our business 24/7, and allows us to actually have a life of our own. We're able to travel and go out of town and know that our business is still running perfectly,” said Caroline Winata, Ring for Business customer and Chief Creativity Officer of Giggle & Riot. "With Ring for Business, we spend less time worrying about our building and our security, and more time on our company and our work." Alerts about potential trespassers Every Ring for Business kit is built around Ring Alarm, a smart security system that monitors one’s business and alerts them to potential trespassers or other unwanted activity. Accessories like door and window sensors, motion detectors and sirens can be added to the system and customized based on each business’ specific needs. Layer Ring Security Cams and Video Doorbells to further monitor the property and record important motion events in real-time. Add Key by Amazon to easily lock and unlock smart locks directly from the Live View of any Ring Doorbell or Cam, and eero for faster and more secure Wi-Fi throughout every inch of the business. And, with the launch of the Audio Toggle for all Doorbells and Cams, disable audio recording at home or the office to protect the privacy of family, friends, employees, and customers.
Ping Identity, globally renowned provider of identity defined security solutions, has announced the release of PingCloud Private Tenant, a private cloud identity solution for the enterprise. Cloud identity, access management PingCloud Private Tenant provides cloud identity and access management (IAM) by combining highly-configurable capabilities within a dedicated environment. Enterprises can provide authentication for all users with a highly-configurable global authentication authority that includes versatile single sign-on (SSO) and highly-scalable directory services, while also maintaining data and resource isolation. This allows global organizations the ability to automate IAM operations, simplify management and achieve their cloud-first objectives. PingCloud Private Tenant Enterprises need a dependable way for customers, employees and partners to sign-on to their services and applications Enterprises need a dependable way for customers, employees and partners to conveniently sign-on to their services and applications. However, this requires companies to support multiple standards, different authentication flows, a wide range of identity and service providers while operating and maintaining the solution. For this reason, PingCloud Private Tenant allows enterprises to automate the operation of their IAM solution, so IT staff can focus on innovation, in addition to providing a global authentication authority. PingCloud Private Tenant provides the following capabilities and benefits: Coud IAM: Practically limitless configuration options combined with a dedicated cloud environment means enterprises control their data and security while also automating IAM operations. Highly-configurable authentication and directory services: Regardless of where applications or resources reside, enterprises can leverage PingCloud Private Tenant’s extensibility for their diverse user populations and identity types. Simplified identity management and minimized costs: Moving IAM solutions from on-premises to the cloud can save companies significant IT operational costs. PingCloud Private Tenant provides the convenience of centralized configuration via self-service and concierge support options, allowing enterprises to save without compromising support for challenging and complex enterprise use cases. Architected for enterprise hybrid IT: PingCloud Private Tenant reaches every corner of an enterprise’s hybrid IT or multi-cloud environment without the need to install, update and manage separate on-premises proxies and agents. Automated operations to reduce complexity: IT teams are able to respond more quickly and easily to global demand for IAM services by reducing geographical deployment complexity and simplifying IAM operations. Multi-Tenant cloud solutions PingCloud Private Tenant expands on the range of deployment options that Ping provides to enterprise customers PingCloud Private Tenant allows them to create different environments for development, test and production as needed, with regional configuration options to comply with geographic or regulatory constraints. PingCloud Private Tenant expands upon the broad range of deployment options that Ping provides to its enterprise customers, spanning multi-tenant cloud solutions, private cloud solutions and on premises software. These solutions cover the range of enterprise deployment preferences and use cases, and can operate independently or work together seamlessly as needed to support complex hybrid IT environments. Hybrid IT environments “Enterprises increasingly straddle hybrid IT and multi-cloud environments, as they prioritize a high standard of security and customer experience,” says Loren Russon, vice president of product management, Ping Identity. “PingCloud Private Tenant is designed to simplify identity management while providing the ability to retain full control of data and security.”
Everbridge, Inc., the global provider of critical event management (CEM) and enterprise safety software applications to help keep people safe and businesses running, announced the acquisition of NC4, a global provider of threat intelligence solutions that empower businesses, government organizations, and communities to assess and disseminate risk data and information to manage and mitigate the impact of critical events. The combination of NC4’s real-time threat intelligence and analyst teams with Everbridge’s existing Global Intelligence Operations Center (GIOC) analysts and market-leading CEM platform creates the industry’s only end-to-end threat assessment and incident communications and management platform for reducing the impact of internal and external threats to people and assets. Together, NC4 and Everbridge are providing the most comprehensive solution for enterprises and government agencies to reduce the ‘time to know’ that a critical event has occurred through to remediation, all from a single pane of glass. Expands the overall situational awareness This acquisition dramatically expands the overall situational awareness Everbridge will provide to organizations"“With NC4, we are adding the industry leader in threat intelligence, making Everbridge one of the largest providers of data for enterprise security and operations in the world,” said David Meredith, CEO of Everbridge. “NC4 offers the most comprehensive threat data in the industry and this acquisition dramatically expands the overall situational awareness Everbridge will provide to organizations, from incident identification to response, mitigation or ultimately, avoidance and prevention.” NC4 combines thousands of the most trustworthy data sources with an experienced team of analysts creating the industry’s leading source of verified data and hyper local threat intelligence. NC4 generates more than 27,000 geo-targeted alerts and nearly 700 incident reports each day for many of the world’s largest businesses, global organizations and government agencies, including over 100 of the FORTUNE 500. AI-Enabled incident collection “Verified sources and analysis eliminate the noise and enable us to generate the most impactful information while eliminating false positives,” said Karl Kotalik, President and CEO of NC4. The acquisition includes the NC4 Risk Center solution and NC4’s E Team Emergency Operations Center software “It takes the best of both worlds, machine learning and AI-enabled incident collection and human analysis, to generate the most meaningful intelligence. Everbridge’s market-leading platform, the breadth of its offerings, and the experience of its global team made for a natural fit with NC4. We look forward to aligning with the market leader to jointly provide organizations with unprecedented visibility into the threats and incidents that can impact people and business.” Innovative solutions for critical event management NC4 has offices in El Segundo, California, Merrifield, Virginia and Richmond, Virginia. Together, Everbridge and NC4 form a global team of over 950 employees dedicated to delivering innovative, differentiated solutions for critical event management. The acquisition includes the NC4 Risk Center solution and the NC4 brand, as well as NC4’s E Team Emergency Operations Center software solution. The other NC4 products, including Celerium solutions for cyber security and Street Smart for law enforcement, will continue with the current owner. The aggregate consideration paid by Everbridge was approximately $83 million in cash and Everbridge stock. While the largest business component has been closed, additional components are not expected to be closed until the end of the third quarter. The acquisition, upon completion, is expected to be accretive to Everbridge’s non-GAAP financial results within twelve months, and Everbridge will provide further financial details after completion of the entire transaction.
SnapAV, a provider of A/V, surveillance, networking and remote management products for professionals, and Control4 Corporation, a provider of smart home solutions, announce the successful completion of their merger. Unified into a single organization, Control4® becomes a professional smart home brand in the company portfolio, SnapAV continues to bring technology professionals a trusted, end-to-end partner that invests relentlessly in growing the industry and helping their businesses succeed. Delivering fantastic experiences Our team shares a passion to deliver fantastic experiences to homeowners and businesses" "The smart home industry is poised for massive growth, and much of that growth will be driven and satisfied by professionals. Our team shares a passion to deliver fantastic experiences to homeowners and businesses,” said John Heyman, chief executive officer of SnapAV. "Through this combination of industry leaders, we have organized ourselves around delivering a unified and integrated company that gives dealers one place to go for the best and broadest selection of products, greatest technical support, most rewarding sales programs, robust training resources, and more.” The combination of these two companies brings together a robust product catalog of in-house brands and third-party products, backed by highly-experienced product engineering teams, award-winning customer service, education and training programs, and in-field technical support. Together they have the resources and logistics infrastructure to be a one-stop shop that drives value added services for technology professionals across the industries they serve. Great living experiences The SnapAV product development team led by Charlie Kindel as chief product & technology officer envisions a roadmap that blends deep innovation with simplicity, interoperability, and quality. “We know this to be true: the number of connected devices in the home will continue to increase. Homeowners want help removing complexity so they can enjoy life at home more and manage technology less,” says Charlie. “We’re focused on the vision of making end-customers rave about our fantastic products and the great living experiences our dealers create with those products. Through this merger, we will fulfill the true promise of the smart home.” Together the combined company offers a broad product portfolio. Adding the award-winning Control4 Smart Home OS, an operating system specifically designed for the modern, pro-installed smart home, gives SnapAV one of the most connected product portfolios with interoperability across nearly 14,000 devices from hundreds of manufacturers. International expansion The merger feels like a game-changer for my company, and for the industry" Control4 will continue to be available only through Control4 Authorized Dealers, and the high standards required for dealer certification will not change. All brands in the combined product portfolio – including Pakedge® and Araknis®, OvrC® and BakPak®, Triad® and Episode® – continue to be supported today, and dealers can use the solution that best fits their business needs. Bryan Naquin, owner of Acadian Home Theater and Automation in Baton Rouge, Louisiana is enthusiastic about the merger. “The merger feels like a game-changer for my company, and for the industry. As one company, it means more help with all my installation needs which would simplify my business, and make it much easier to support my customers,” Naquin said. “I’m looking forward to seeing how the combined company will evolve.” Dealers can expect to see continued investment in both local and international expansion. Broad industry growth Ordering products will remain the same for now, but over time, the combined portfolios will be made available through easy and convenient online ordering, shipping, and local pickup. SnapAV intends to invest further into the international markets Control4 has established including the UK, Ireland, China, Germany, Australia, New Zealand, and Switzerland. SnapAV is committed to investing relentlessly in the success of its dealers" “Today is day one of this journey, and we are just getting started. SnapAV is committed to investing relentlessly in the success of its dealers and fueling broad industry growth to better serve our shared customers. We believe in the importance of professionally installed systems, and we are laying the groundwork to ensure those businesses succeed long into the future,” concluded Heyman. Additional executives With a combined 1,200 employees, SnapAV CEO John Heyman will lead the merged teams as chief executive officer, while former Control4 CEO Martin Plaehn joins the board of directors of SnapAV’s parent company. Jeff Hindman joins the executive team as chief revenue officer, while former Amazon Alexa executive and Control4 SVP of products & services Charlie Kindel is named chief product & technology officer. Mike Carlet will serve as the chief financial officer. Additional executives of the combined company include Jeff Dungan, G Paul Hess, JD Ellis, Barrett Schiwitz, Bryce Judd, Carmen Thiede, Graham Jaenicke, and Wally Whinna. The company will have headquarters in Charlotte, North Carolina, and Salt Lake City, Utah, with offices and local facilities around the world.
ExtraHop, globally renowned cloud-first detection and response solutions provider for hybrid enterprises, has issued a security advisory exposing several cases of third-party vendors ‘phoning home’ proprietary data without the knowledge of or authorization from their customers. The advisory serves as a warning to all enterprises to hold their vendors more accountable for how they use customer data. Phoning home proprietary data The newly-issued advisory defines phoning home as a host connecting to a server for the purpose of sending data to the server, the ‘white hat’ term for exfiltrating data. According to the report, phoning data home is a common practice that can be used for legitimate and useful reasons with the customer’s consent. But when customers are unaware of this vendor exfiltration, it risks exposure of sensitive data, such as Personally Identifiable Information (PII), in violation of increasingly strict privacy regulations. We decided to issue this advisory after seeing a concerning uptick in this kind of undisclosed phoning home by vendors" “We decided to issue this advisory after seeing a concerning uptick in this kind of undisclosed phoning home by vendors,” said Jeff Costlow, ExtraHop CISO. “What was most alarming to us was that two of the four cases in the advisory were perpetrated by prominent cybersecurity vendors. These are vendors that enterprises rely on to safeguard their data. We’re urging enterprises to establish better visibility of their networks and their vendors to make sure this kind of security malpractice doesn’t go unchecked.” Data and cloud security The advisory highlights four cases spanning the financial services, healthcare, and food service industries where ExtraHop documented vendors phoning home their customers’ data without the customer’s knowledge or authorization, including: Foul-play in financial services: During a recent training session, ExtraHop noticed that domain controllers were shipping data to a public cloud instance. The customer had no idea that domain controllers were sending SSL traffic outbound to 50 different public cloud endpoints controlled by the vendor. The report documents how a prominent cybersecurity vendor had been doing this for at least two months. Medical device malpractice: A U.S. hospital was piloting a medical device management product that was only to be used on designated hospital Wi-Fi to ensure patient data privacy and HIPAA compliance. ExtraHop noticed that traffic from the workstation that was managing the initial device rollout was opening encrypted SSL:443 connections to vendor-owned cloud storage, in strict violation of HIPAA regulations. When shadow IT phones home to China: While ExtraHop was onsite with a large multinational food services customer, they discovered that approximately every 30 minutes, a network-connected device was sending UDP traffic out to a questionable IP address. The device in question was a Chinese manufactured security camera that was phoning home to an IP address known to be associated with malware downloads. When “on-box analysis” isn’t entirely “on box”: During a proof-of-concept (POC) with a financial services institution, ExtraHop noticed a large volume of outbound traffic headed from the customer’s S. datacenter to the United Kingdom. More than 400GB per day over two-and-a-half days (totaling more than 1TB of data) was exfiltrated by a security vendor that was also in a POC with the financial services institution. The customer was surprised because the vendor claimed to perform all analysis and machine learning ‘on-box’—meaning on the appliance deployed in the customer’s environment. Security advisory ExtraHop’s security advisory recommends that companies take the following actions to mitigate these kinds of phoning-home risks: Monitor for vendor activity: Watch for unexpected vendor activity on your network, whether they are an active vendor, a former vendor or even a vendor post-evaluation. Monitor egress traffic: Be aware of egress traffic, especially from sensitive assets such as domain controllers. When egress traffic is detected, always match it to approved applications and services. Track deployment: While under evaluation, track deployments of software agents. Understand regulatory considerations: Be informed about the regulatory and compliance considerations of data crossing political and geographic boundaries. Understand contract agreements: Track whether data is used in compliance with vendor contract agreements. ExtraHop also urges companies to ask questions of their vendors to ensure they understand how their data is being used, where their data is going and the vendor protocols for phoning home. ExtraHop believes these actions will hold vendors more accountable and ultimately limit the exposure of sensitive enterprise data.
Most enterprises today deploy a multitude of touchpoints where consumers can interact and access the information they require. For many organizations, APIs (Application Programming Interfaces) are the bread-and-butter for enabling inter-enterprise process automation, IoT devices and mobile applications. Even though they are working behind the scenes, APIs are ubiquitous. They help to deliver sports updates, post online messages, order food – enabling everything online. To stay competitive, businesses need to publicly expose and rely on API calls to applications that serve business-enabling data to consumers. Performance with uptime guarantees of 99.99% Red Hat 3scale API Management delivers on performance with uptime guarantees of 99.99%Imperva API Security is a new capability within Imperva’s Application Security suite. As a key part of our defense-in-depth stack, API Security allows users to see security events per API endpoint. API Security also automatically creates and enforces a positive security model layer from the customer’s Open API specification document. Scalability and flexibility are essential to API delivery. Red Hat 3scale API Management delivers on performance with uptime guarantees of 99.99%. For those of you already pushing your API calls through Red Hat, you know just how important it is to push hundreds or thousands of calls back and forth with no latency or round trips between your infrastructure. Customers of both Imperva and Red Hat can benefit from a more cohesive solution toward managing, publishing and securing their APIs. And customers of Imperva’s FlexProtect licensing plan can quickly and flexibly add API Security or any of the other capabilities in their comprehensive application security suite so they never have to choose between innovation and protection. Automatically updates positive security model Imperva API Security accomplishes this because of its simple integration with Red Hat 3scale API ManagementImperva is a Red Hat Ready Partner and Red Hat is an Imperva Technology Alliance partner. Red Hat 3scale API Management customers can now layer up to the next level of security features for their APIs without compromising on business agility. Imperva API Security accomplishes this because of its simple integration with Red Hat 3scale API Management. Every addition or change to the APIs on 3scale will immediately and automatically update the positive security model for said APIs. Additionally, security teams gain visibility to all APIs that are externally exposed, as well as to specific threats per API endpoint. To integrate Red Hat 3scale API Management easily with Imperva API Security, Imperva provides an open source tool which is hosted in GitHub and managed by the open source community.
We live in an information and data-led world, and cybersecurity must remain top-of-mind for any organization looking to both protect business operation critical assets. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - from cybercriminals conducting targeted spear-phishing campaigns - like the 2018 Moscow World Cup vacation rental scam, to nation-state actors looking to collect intelligence for decision makers - no organization is safe from innovative cyber threats. Security solutions enterprises Organizations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe The evolving threat space means organizations need to ensure they have the most innovative prevention and detection frameworks in order to withstand adversaries using complex and persistent threats. When implementing new security solutions enterprises must start by assuming that there is already a bad actor within their IT environment. With this mindset, organizations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe. As there is no one silver bullet that truly stops all cyberattacks, organizations must adopt a multipronged approach to be widely adopted to stop adversaries. This must include tracking, analyzing and pinpointing the motivation of cyber actors to stay one step ahead through global intelligence gathering and proactive threat hunting. In addition, deploying new technologies leveraging the power of the cloud give a holistic view of the continuously evolving threat landscape and thereby secure data more efficiently. Traditional security approach In today’s landscape, the propagation of advanced exploits and easily accessible tools has led to the blurring of tactics between statecraft and tradecraft. Traditional security approaches are no longer viable when it comes to dealing with the latest trends in complex threats. To make defending against these threats even more complicated, adversaries are constantly adapting their tactics, techniques and procedures (TTPs), making use of the best intelligence and tools. CrowdStrike’s latest Global Threat Report tracked the speed of the most notable adversaries including Russian, Chinese, North Korean and Iranian groups. As the adversaries’ TTPs evolve into sophisticated attack vectors defenders need to recognize we are amidst an extreme cyber arms race, where any of the above can become the next creator of a devastating attack. Russian efficiency is particularly high; they can spread through an enterprise network in 18 minutes 48 seconds on average, following the initial cyber-intrusion. Sophisticated cyber weapons Actors tend to use a simple trial and error technique where they test the organization's network So, reacting to threats in real-time is a priority. Bad actors are extremely vigilant and committed to breaking down an organization’s defenses, and speed is essential to finding the threats before they spread. Actors tend to use a simple trial and error technique where they test the organization's network, arm themselves with more sophisticated cyber weapons, and attack again until they find a vulnerability. This has highlighted the need for tools that provide teams with full visibility over the entire technology stack in real-time in order to meet these threats head-on. Traditional solutions are scan-based, which means they don’t scale well and can’t give the security teams context around suspicious activity happening on the network. They lack full visibility when a comprehensive approach is needed. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - like the 2018 Moscow World Cup vacation rental scam Malicious Behavior Through leveraging the power of the cloud and crowdsourcing data from multiple use cases, security teams can tap into a wealth of intelligence collated from across a vast community. This also includes incorporating threat graph data. Threat graphs log and map out each activity and how they relate to one another, helping organizations to stay ahead of threats and gain visibility into unknowns. Threat graph data in conjunction with incorporating proactive threat hunting into your security stack creates a formidable 360-degree security package. Managed threat hunting teams are security specialists working behind the scenes facing some of the most sophisticated cyber adversaries through hands on keyboard activity. Threat hunters perform quickly to pinpoint anomalies or malicious behavior on your network and can prioritize threats for SOC teams for faster remediation. In-Depth knowledge Security teams need to beat the clock and condense their responseIt is key for security teams to have an in-depth knowledge of the threat climate and key trends being deployed by adversaries. The TTPs used by adversaries leave are vital clues on how organizations can best defend themselves from real-life threats. Intrusion ‘breakout time’ is a key metric tracked at CrowdStrike. This is the time it takes for an intruder to begin moving laterally outside of the initial breach and head to other parts of the network to do damage. Last year, the global average was four hours and 37 minutes. Security teams need to beat the clock and condense their response and ejection of attackers before real damage is done. Next-Generation solutions When managing an incident clients need to be put at ease by investigations moving quickly and efficiently to source the root of the issue. Teams need to offer insight and suggest a strategy. This can be achieved by following the simple rule of 1-10-60, where organizations should detect malicious intrusions in under a minute, understand the context and scope of the intrusion in ten minutes, and initiate remediation activities in less than an hour. The most efficient security teams working for modern organizations try to adhere to this rule. As the threat landscape continues to evolve in both complexity and scale, adequate budget and resources behind security teams and solutions will be determining factors as how quickly a business can respond to a cyberattack. To avoid becoming headline news, businesses need to arm themselves with next-generation solutions. Behavioral analytics The solution can then know when to remove an adversary before a breakout occurs Behavioral analytics and machine learning capabilities identify known and unknown threats by analyzing unusual behavior within the network. These have the ability to provide an essential first line of defense, giving security teams a clear overview of their environment. With this at hand, the solution can then know when to remove an adversary before a breakout occurs. Attackers hide in the shadows of a network’s environment, making the vast volume and variety of threats organizations face difficult to track manually. The automation of responses and detection in real-time is a lifeline that organization cannot live without as adversaries enhance and alter their strategies. Adversaries continue to develop new ways to disrupt organizations, with cybersecurity industry attempting to keep pace, developing new and innovative products to help organizations protect themselves. These technologies empower security teams, automating processes and equipping security teams with the knowledge to respond quickly. Organizations can set themselves up for success by integrating the 1-10-60 rule into their security measures, giving them an effective strategy against the most malicious adversaries.
The industry faces numerous challenges in the coming year. Physical and cyber security threats continue to become more complex, and organizations are struggling to manage both physical and digital credentials as well as a rapidly growing number of connected endpoints in the Internet of Things (IoT). We are witnessing the collision of the enterprise with the IoT, and organizations now must establish trust and validate the identity of people as well as ‘things’ in an environment of increasingly stringent safety and data privacy regulations. Meanwhile, demand grows for smarter and more data-driven workplaces, a risk-based approach to threat protection, improved productivity and seamless, more convenient access to the enterprise and its physical and digital assets and services. Using Smartphone Apps To Open Doors Cloud technologies give people access through their mobile phones and other devices to many new, high-value experiencesEnterprise customers increasingly want to create trusted environments within which they can deliver valuable new user experiences. A major driver is growing demand for the ‘digital cohesion’ of being able to use smartphone apps to open doors, authenticate to enterprise data resources or access a building’s applications and services. Cloud technologies are a key piece of the solution. They give people access through their mobile phones and other devices to many new, high-value experiences. At the same time, they help fuel smarter, more data-driven workplace environments. With the arrival of today’s identity- and location-aware building systems that recognize people and use deep learning analytics to customize their office environment, the workplace is undergoing dramatic change. Improved Fingerprint Solutions Cloud-based platforms and application programming interfaces (APIs) will help bridge biometrics and access control in the enterprise, overcoming previous integration hurdles while providing a trusted platform that meets the concerns of accessibility and data protection in a connected environment. At the same time, the next generation of fingerprint solutions will deliver higher matching speed, better image capture quality and improved performance. The next generation of fingerprint solutions will deliver higher matching speed, better image capture quality and improved performance Liveness detection will ensure that captured data is from a living person. Biometrics authentication will also gain traction beyond access control in immigration and border control, law enforcement, military, defense and other public section use cases where higher security is needed. Flexible Subscription Models Access control solutions based on cloud platforms will also change how solutions are deployed. Siloed security and workplace optimization solutions will be replaced with mobile apps that can be downloaded anywhere across a global ecosystem of millions of compatible and connected physical access control system endpoints. These connections will also facilitate new, more flexible subscription models for access control services. As an example, users will be able to more easily replenish mobile IDs if their smartphones are lost or must be replaced. Generating Valuable Insights With Machine Learning Machine learning analytics will be used to generate valuable insights from today’s access control solutionsEducation, finance, healthcare, enterprise, and other niche markets such as commercial real-estate and enterprises focused on co-working spaces will benefit from a cloud-connected access control hardware foundation. There will be a faster path from design to deployment since developers will no longer have to create an entire vertically integrated solution. They will simply add an app experience to the existing access control infrastructure. New players will be drawn to the market resulting in a richer, more vibrant development community and accelerated innovation. Data analytics will be a rapidly growing area of interest. Machine learning analytics will be used to generate valuable insights from today’s access control solutions. Devices, access control systems, IoT applications, digital certificates and location services solutions, which are all connected to the cloud, will collectively deliver robust data with which to apply advanced analytics and risk-based intelligence. As organizations incorporate this type of analytics engine into their access control systems, they will improve security and personalize the user experience while driving better business decisions.
With the coming of a New Year, we know these things to be certain: death, taxes, and… security breaches. No doubt, some of you are making personal resolutions to improve your physical and financial health. But what about your organization’s web and mobile application security? Any set of New Year’s resolutions is incomplete without plans for protecting some of the most important customer touch points you have — web and mobile apps. Every year, data breaches grow in scope and impact. Security professionals have largely accepted the inevitability of a breach and are shifting their defense-in-depth strategy by including a goal to reduce their time-to-detect and time-to-respond to an attack. Despite these efforts, we haven’t seen the end of headline-grabbing data breaches like recent ones affecting brands such as Marriott, Air Canada, British Airways and Ticketmaster. App-Level Threats The apps that control or drive these new innovations have become today’s endpoint The truth of the matter is that the complexity of an organization’s IT environment is dynamic and growing. As new technologies and products go from production into the real world, there will invariably be some areas that are less protected than others. The apps that control or drive these new innovations have become today’s endpoint — they are the first customer touch point for many organizations. Bad actors have realized that apps contain a treasure trove of information, and because they are often left unprotected, offer attackers easier access to data directly from the app or via attacks directed at back office systems. That’s why it’s imperative that security organizations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise. It’s imperative that security organizations protect their apps and ensure they are capable of detecting and responding to app-level threats as quickly as they arise In-Progress Attack Detection Unfortunately, the capability to detect in-progress attacks at the app level is an area that IT and security teams have yet to address. This became painfully obvious in light of the recent Magecart attacks leveraged against British Airways and Ticketmaster, among others. Thanks to research by RiskIQ and Volexity, we know that the Magecart attacks target the web app client-side. During a Magecart attack, the transaction processes are otherwise undisturbed Attackers gained write access to app code, either by compromising or using stolen credentials, and then inserted a digital card skimmer into the web app. When customers visited the infected web sites and completed a payment form, the digital card skimmer was activated where it intercepted payment card data and transmitted it to the attacker(s). Data Exfiltration Detection During a Magecart attack, the transaction processes are otherwise undisturbed. The target companies receive payment, and customers receive the services or goods they purchased. As a result, no one is wise to a breach — until some 380,000 customers are impacted, as in the case of the attack against British Airways. The target companies’ web application firewalls and data loss prevention systems didn’t detect the data exfiltration because those controls don’t monitor or protect front-end code. Instead, they watch traffic going to and from servers. In the case of the Magecart attacks, the organization was compromised and data was stolen before it even got to the network or servers. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications Best Practice Resolutions The Magecart attacks highlight the need to apply the same vigilance and best practices to web and mobile application source code that organizations apply to their networks—which brings us to this year’s New Year’s resolutions for protecting your app source code in 2019: Alert The key to success is quickly understanding when and how an app is being attacked First, organizations must obtain real-time visibility into their application threat landscape given they are operating in a zero-trust environment. Similar to how your organization monitors the network and the systems connected to it, you must be able to monitor your apps. This will allow you to see what users are doing with your code so that you can customize protection to counter attacks your app faces. Throughout the app’s lifecycle, you can respond to malicious behavior early, quarantine suspicious accounts, and make continuous code modifications to stay a step ahead of new attacks. Protect Next, informed by threat analytics, adapt your application source code protection. Deter attackers from analyzing or reverse engineering application code through obfuscation. Today’s proven obfuscation techniques can help prevent application reverse engineering, deter tampering, and protect personal identifiable information and API communications. If an attacker tries to understand app operation though the use of a debugger or in the unlikely event an attacker manages to get past obfuscation, threat analytics will alert you to the malicious activity while your app begins to self-repair attacked source code or disable portions of the affected web app. The key to success is quickly understanding when and how an app is being attacked and taking rapid action to limit the risk of data theft and exfiltration. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organization’s health and well-being in 2019 Encrypt Finally, access to local digital content and data, as well as communications with back office systems, should be protected by encryption as a second line of defense, after implementing app protection to guard against piracy and theft. However, the single point of failure remains the instance at which the decryption key is used. Effective encryption requires a sophisticated implementation of White-Box Cryptography This point is easily identifiable through signature patterns and cryptographic routines. Once found, an attacker can easily navigate to where the keys are constructed in memory and exploit them. Effective encryption requires a sophisticated implementation of White-Box Cryptography. One that combines a mathematical algorithm with data and code obfuscation techniques transforming cryptographic keys and related operations into indecipherable text strings. Protecting encryption keys is often overlooked but should be considered a best practice as you forge into the new year with a renewed commitment to app security to ensure your organization’s health and well-being in 2019. Protecting Applications Against Data Breach According to the most recent Cost of a Data Breach Study by the Ponemon Institute, a single breach costs an average of $3.86 million, not to mention the disruption to productivity across the organization. In 2019, we can count on seeing more breaches and ever-escalating costs. It seems that setting—and fulfilling—New Year’s resolutions to protect your applications has the potential to impact more than just your risk of a data breach. It can protect your company’s financial and corporate health as well. So, what are you waiting for?
A video analytics system that provides ‘behavioral understanding’ can yield more meaningful and actionable data for a range of applications. In public safety and security, such a system can alert on violent or suspicious behaviors, such as people fighting, vandalism, people with weapons, etc. In advanced traffic surveillance and monitoring, it can provide alerts to vehicle collisions (accidents), traffic hazards or vehicle that aren’t using the road properly, such as a car that stops in the middle of the junction. For enterprise and campus security, it can provide advanced anti-tailgating and detect unauthorized activity. Video surveillance infrastructure viisights was founded by a group of entrepreneurs with track records in developing technology businesses These uses are among the benefits of viisights’ video analytics technology based on behavioral understanding of video content. “It means we can extract more meaningful data from the huge amount of video content that is captured, and we can transform that data to actionable insights that eventually justify the massive investment in video surveillance infrastructure,” says Asaf Birenzvieg, CEO of viisights. Their behavioral understanding systems for real-time video intelligence leverage artificial intelligence technology. viisights was founded by a group of serial entrepreneurs with track records in developing technology businesses. The Israeli company’s founders recognized a growing global need for intelligence to make physical and virtual public areas safer – and realized the role that smart video understanding technology can play. Developing artificial intelligence technologies viisights is committed to developing artificial intelligence technologies that facilitate human-like video understanding, which in turn serves as the basis for fully autonomous video intelligence systems powered by pattern prediction technology. “Behavioral recognition is the future of video analytics and the next generation of the object classification analytics systems that hold the majority of the market today,” says Birenzvieg. viisights has developed a video understanding technology for real-time video processing “To date most video analytics systems still base their product features on static analysis of objects from images using image recognition, even the ones that use ‘AI analytics.’ Products built using such object classification technology are extremely limited.” For example, object classification analytics cannot recognize behavioral events in a video such as people fighting or a car collision because such behaviors can’t accurately be concluded in large scale from analyzing a single static image/frame. Video understanding technology viisights has developed a video understanding technology for real-time video processing. The technology can process live video feeds. In addition to recognizing a particular object (e.g., person) and its attributes (e.g., red shirt), the system can understand an object’s actions, interactions with other objects (events), the scene being viewed (i.e., crowd is gathering, riots) and the context (a car is driving on the road or on the sidewalk). The main verticals are smart cities, enterprises and campuses, banks and ATM security“Basically, we are able to extract more meaningful data from a live video feed and therefore create actionable insights and greater ROI,” says Birenzvieg. The company focuses mostly on security and safety use-cases. The main verticals are smart cities, enterprises and campuses, banks and ATM security, security guard companies and transportation hubs. The company is working on a new product for in-vehicle monitoring mostly for security, safety, vehicle protection and proper vehicle use; it monitors passengers’ behavior inside a bus, train, or taxi. The product will come to market next year. Video management system viisights’ video analytics offering is currently optimized for server-side deployment, and the integration architecture is similar to most video analytics systems. From one side it is integrated with the video management system (VMS). They are a Milestone verified partner and soon will be part of Milestone's marketplace. From the other end, it is connected to a command-and-control system for processing the data and presenting the alerts to the end-user. The analytics company makes most sales through system integrators. They have partnerships with big system integrators like Motorola Solutions and NEC and are also working with smaller ones. They are looking to expand their system integrator network, mostly in the USA and Europe. Behaviors can have many variations and they can be very diverse Cloud video surveillance “We will continue to invest in performance and accuracy, meaning higher recall and lower false positive rate,” says Birenzvieg. “Since our major value proposition is in behavior recognition, behavior events many times are not clearly defined, which is very different from object classification. Behaviors can have many variations and they can be very diverse.” An example is a simple behavior like a person falling on the floor. A person can fall on the floor in many ways, but the challenge is to ignore similar behaviors that are not a person falling and that confuse the system, such as a person bending over to tie his shoelaces. With cloud video surveillance becoming a trend, viisights is also looking into offering some of their advanced functionalities in a video-analytics-as-a-service-model.
Physical security has been stuck in a forensic and siloed mindset for decades, while the rest of the enterprise has evolved and transformed into proactive, connected operations. A new security management platform based on artificial intelligence (AI) seeks to change that status quo by using modern tools for unification, analytics and controls. AI-based security management “Security teams are managing more moving parts than ever,” says Clayton Brown, Co-Founder of ReconaSense. “As it stands today, the industry can’t keep pace with the digital transformation and the ‘smart’ movement. Physical security must transition from forensic security to proactive, risk-adaptive security.” ReconaSense says the company is changing the physical security industry with AI-based technology and a risk-adaptive approach ReconaSense says the company is changing the physical security industry with AI-based technology and a risk-adaptive approach. “We’re focused on making security integrated, adaptive and proactive,” says Brown. The flagship product, ReconAccess, is a risk-adaptive physical access control system. It controls who can go where, when, in a building. Taken a step further, ReconAccess analyses risk to prevent an authorized person from entering a room if there is a danger or threat present. It also can spot abnormal activity that may warrant further investigation, i.e., insider threats. ReconAccess unification security solution ReconAccess is part of a unification platform that includes geospatial AI, mobile apps and analytics. ReconaSense helps organizations to mitigate risk effectively in two ways. First, the system pulls in data from disparate systems into a unified language. And then, it enables users to proactively identify risk and threats before they become issues. “We provide actionable guidance and unprecedented visibility so that they can implement appropriate controls for quick remediation and risk mitigation,” says Brown. In general, ReconaSense will improve life safety, future-proof physical security, and provide enhanced situational awareness, he says. Application programming interfaces (APIs) By creating a database translation layer through application programming interfaces (APIs), ReconaSense normalizes diverse data into a common language, or database. Previous unification platforms have presented data from different systems into a common presentation layer. ReconaSense goes deeper by extracting, transforming and loading these diverse languages into a common format for humans and machines alike to understand what is going on across their operation in real-time. ReconaSense was honored with the Security Industry Association (SIA) New Product Showcase Award for Access Control Software at ISC West 2019 Security and risk unification The ReconaSense security and risk unification platform integrates and translates siloed data across systems, devices and applications into a common language, which makes it easier to focus on what matters most and keep risk at bay. “We can change permissions in real time based on any individual behavior or environment,” says Brown. “Being able to assess risk on both sides of the door enables organizations to not only improve security but also improve life safety. We are also positioned to detect insider threats and to streamline operations overall.” Security and data integration ReconaSense provides a common operating picture integrating all the incoming security and relevant data across an organization ReconaSense provides a common operating picture integrating all the incoming security and relevant data across an organization. The security intelligence platform can detect early warning signs and abnormal events and implement remediation actions swiftly. The platform can more deeply integrate 3rd-party data systems, analyze and score the data for risk trends, and then activate changes with a native access control system based on this intelligence. ReconaSense works with traditional security integrators as its exclusive channel. They are actively adding more dealers to the network. At this point, distribution is not on the roadmap, but could be beyond the current horizon as the industry matures. Intelligent approach to physical security "The market is ready for the new technology",says Brown. “We must continue to educate integrators and end users on the need to move to a more proactive, intelligent and integrated approach for physical security,” he says. “We have to help demonstrate that AI is not as scary or far away as you think. It’s here today.” In one year, ReconaSense expects to grow its team and partner network significantly and to be deployed in a variety of sites across North America. The current team consists of technologists, engineers, IT and physical security experts and data scientists. ReconaSense is headquartered in Austin, Texas, and has a technology center in New York.
While security salesmen are touting megapixels and anti-passback features, they are missing an opportunity to communicate the role of technology in the broader context of risk management and incident response – and in saving lives. That’s the message of Gerald Wilkins, PSP, Vice President of Active Risk Survival. Incident response is at the core of how an enterprise reacts to risk and is a standardized approach to the command, control, and coordination of emergency response. Effective incident response requires integrating a combination of facilities, equipment, personnel, procedures, and communications operating within a common organizational structure. All the elements must work together to achieve the desired outcome – to mitigate a risk using countermeasures. Capabilities of systems during emergencies I want to see us have more meaningful conversations with security directors and emergency operations planners"Equipment such as CCTV, access control and mass notification systems can provide effective countermeasures, but salesmen in the physical security market are not ‘connecting the dots’ between equipment specifications and its capabilities as part of the broader incident command system. “Historically, purchases of security technologies have not been considered in that context,” says Wilkins. “Rather, the industry’s sales pitches have been about features and capabilities – pixels or communication distances or intelligence – not about how those capabilities are useful in the specific context of emergency response.” “My goal is to change the industry,” says Wilkins. “I want to see us have more meaningful conversations with security directors and emergency operations planners.” Focusing on the Emergency Operations Plan “We are in the life safety business, and we need to have more conversations about where technology fits into the Emergency Operations Plan (EOP). When was the last time you [as a security salesman] asked a client to look at their Emergency Operations Plan? No one knows the technology better than we do.” What’s missing, however, is attention to how technology is applied to risk management and response“There are so many folks in our industry who are technology gurus, who ‘get’ the technology, and are good at selling it,” he says. What’s missing, however, is attention to how technology is applied to risk management and response. “As an industry, even guys who have been in the business a long time have never heard about incident command,” says Wilkins. “How are we weaponizing technology to maximize the outcome? We don’t talk about it. We want to talk about megapixels and wide dynamic range. But when are we going to talk about how we can apply that technology to mitigate our tangible and intangible risks?” Importance of security equipment In the wake of each active shooter or other incident in the news, Wilkins looks back to consider the missed opportunities and how security equipment could have saved lives. “What technology did we have to help first responders – video, access control and paging – but they weren’t used?” he asks. An example is the San Bernandino shooting in 2015, when police officers were heard asking “has anybody found that access control card?” In effect, a law enforcement officer was asking for technology that should have been included as part of the emergency plan. Situational awareness, such as that provided by video systems, can help responders judge which areas are safe fasterSituational awareness, such as that provided by video systems, can help responders judge which areas are safe faster and provide Emergency Medical Services (EMS) personnel more time to save lives. However, video is not being viewed in that light as a part of the broader life-saving mission. “Our industry needs to sit down with a security director or operations manager and ask: How are you using technology as a resource tool that will become part of your critical response?” says Wilkins. Understanding how equipment works Technology is often not being incorporated in emergency planning, even with something as simple as a fire drill. Most fire drills are ‘one size fits all’ – every person knows where they should go and how they should exit. But what if there is a fire in a particular part of the building? Today’s fire alarms operate in zones to communicate the location of a fire, but this capability is not being used to practice a variety of resulting scenarios that could save lives. “We need to understand as an industry how our partners in law enforcement and EMS do their jobs,” says Wilkins. “We can help stakeholders in a building understand how our equipment works every day and how they can use it in a critical incident. We need to understand Emergency Operations Plans (EOPs), how incident command works, and how we can help emergency responders.” Security training for salespeople I want to know everything I can know to help guys sell things that can change the outcome if something bad happens"“If a guy wants to talk about his pixels or his anti-passback, he should instead consider having a meaningful conversation with the client about best practices and how to mitigate risk. This creates a different position [for the salesman], and if there is a critical incident, something you said or did might save someone’s life.” When it comes to training and taking a more strategic approach to sales, to some extent, the security technology industry has been a victim of its own success. When business is good, security companies are less likely to look for ways to train their salespeople. “We’re in the life safety business, not in the ‘stuff’ business,” says Wilkins. “I want to know everything I can know to help guys sell things that can actually change the outcome if something bad happens.” Another problem is “we don’t know what we don’t know.”
Thermal imaging is a technology that can provide many benefits in a wide range of applications. In particular, thermal imaging cameras have been deployed successfully as highly affordable solutions in the security industry. Accepted throughout the industry as the best 24-hour visual surveillance imaging solutions available, thermal security cameras are vital tools in securing borders, airports, sea ports, nuclear facilities, and other critical infrastructure. Today these affordable solutions are also protecting homes, corporate campuses, industrial facilities and retail businesses. Infrared-Illuminated cameras They can easily detect intruders and other potential hazards in any weather Thermal security cameras let people see what their eyes can’t: invisible heat radiation either emitted or reflected by all objects, regardless of lighting conditions. Because they see heat, not light, thermal cameras are effective tools in any security setting. They can easily detect intruders and other potential hazards in any weather, as well as day and night. Cameras that create images based on visible light—such as conventional CCTV or infrared-illuminated cameras— have the advantage of creating images that are familiar and easy to interpret. Unfortunately, the ability of a given detector, whether the human eye or a camera sensor, to create these images relates directly to the amount of light available. At night, for instance, when there isn’t much visible light, objects appear faint, or not at all. Thermal imaging cameras In contrast, thermal cameras make pictures from heat, not light, having nothing whatsoever to do with reflected light energy. They see the heat given off by everything under the sun. Everything we encounter in daily life creates or reflects heat energy, called a ‘heat signature,’ which thermal cameras can see clearly. Another limitation of relying on visible-light detection is visual contrast. Regular cameras that capture only visible light can be fooled by visual camouflage, or situations where similar colors or patterns blend together and, thus, obscure objects or people that need to be detected. Thermal imaging cameras don’t suffer this same problem. For example, an intruder standing under a densely-branched tree may be hard to detect using an IR-illuminated camera, but with a thermal imaging camera, the intruder would be clearly visible. Providing constant protection One of the biggest benefits of thermal imaging comes in the domain of security These advantages over visible cameras have led to the wide spread use of thermal to detect the presence of people in restricted or suspect areas, assess the tactical situation, and respond accordingly. No one within the view of a thermal camera can hide their heat. Thermal security cameras are the best tool to determine how many intruders are present, and, consequently, how many officers or agents should respond to meet the threat. One of the biggest benefits of thermal imaging comes in the domain of security. Security cameras have become a staple of protection for many (if not all) major businesses across the globe. In such a domain, the need to produce images of surrounding perimeters is critical to providing constant protection against potential intruders. False alarms experienced No matter what you need to see, or what perimeter you need to protect, thermal security cameras let you see clearly, even in total darkness, and through camouflaging foliage, smoke, dust, and light fog. Another reason why thermal imaging cameras often prove cost-effective is that they help reduce the number of false alarms experienced in a business protection scenario. Visible light cameras can be easily fooled by many naturally-occurring phenomena, such as blowing trees, shadows, insects, birds, or oncoming cars. In terms of motion detection, microwave, fence sensors, motion sensors, RAFID, and radar can all detect a possible intrusion, but they are essentially ‘blind’ technologies compared to thermal imaging. When a motion sensor is triggered, a user still needs an additional method of assessing the nature of the alarm, in order to determine the most appropriate response. For example, is it a person climbing the fence or just a harmless squirrel? CCTV security system Because of thermal security cameras’ high-contrast video output, security professionals have found that they work very well with video analytics. They can provide more reliable alarming with fewer false reports than visible-light cameras, even during the day. Thermal imaging security cameras offer both alarming capabilities and reliable images – two solutions in one. Prices for thermal imaging cameras have come down substantially in recent years Thermal imaging cameras are an affordable option for many businesses that want to ensure they have the best security and protection available. Prices for thermal imaging cameras have come down substantially in recent years, to the point where they are on par with regular visible-light cameras, while providing the superior ability to capture images that in many situations regular cameras simply cannot match. In addition, the total cost of ownership of a security system with thermal imaging cameras is, in general, much lower than a CCTV security system, for two main reasons. Monitor multiple areas First, a business would require fewer thermal imaging cameras than if deploying CCTV cameras, thanks to the excellent range performance of thermal imaging cameras. Since each camera needs only a mast for mounting, power, and a video feedback connection, fewer cameras are required. Business can keep their infrastructure simple, minimizing maintenance costs. Another area of cost savings is that thermal imaging cameras work perfectly in complete darkness and don’t require any lighting to maintain security and protection. Not only is lighting expensive to install, it also requires a great deal of electricity to keep those lights on all night. Businesses that wish to monitor multiple areas of their premises would be wise to deploy one or more thermal imaging cameras to provide the best protection against potential intruders, especially at night, when visible light is either low or non-existent. In short, any business that wants to achieve the maximum level of security and protection of their intellectual and physical property should consider deploying a thermal imaging solution.
Traka has launched a new downloadable white paper to open a discussion on the changing nature of retail banking in the UK, using latest case examples to consider branch management and shifting customer expectations. The white paper, titled ‘Shaping the retail banking industry’ looks at several factors influencing the sector, including the increasing expectations and values of customers demanding a more personalized branch experience. Key and equipment management Incorporating analysis from globally renowned financial services, including PwC, Accenture and Deloitte, the paper highlights the opportunities for innovation, together with collaboration and adoption of new operational processes. This incorporates key and equipment management to enable retail banks to deliver on top quality service. The future for retail banking could arguably also be cited as bleak and in a state of industry disruption" Says Mike Hills, Traka UK Market Development Manager and Author of the white paper: “Against a backdrop of negative press concerning the state of UK high streets, the future for retail banking could arguably also be cited as bleak and in a state of industry disruption, as customers move towards a more mobile-connected lifestyle.” Staff and customer security “However, our research in putting together this white paper tells a different story. That actually, the sector has a real chance to embrace the changes occurring and entice their customers, meeting demands for personal service. We found that brands riding the storm are taking small yet significant steps to tailor their services and make operational differences that are proving key to their success.” The white paper focusses on Traka’s experience with Nationwide Building Society to demonstrate how supporting operational efficiency can benefit banking staff and ensure they can focus on serving their customers, without compromising on security. Retail Banking security Mike concluded, “We have brought this white paper together using the latest research and intrinsic market reports, together with case evidence on the future of the retail banking industry and the issues faced by the sector to ensure long term success.” “Within this, we wish to stimulate debate and encourage views and contributions from as many different voices as possible. We look forward to your opinion, experience or comment on this matter of growing importance so together, we can look to support and shape the future of retail banking.”
Crossword Cybersecurity plc, has announced that Stevenage Borough Council, Peterborough City Council and East Hertfordshire District Council (‘the Councils’), will use Rizikon Assurance to manage compliance with the GDPR (General Data Protection Regulation) with their suppliers and for wider information governance. GDPR compliance GDPR makes many requirements of organizations, including taking adequate steps to ensure data is both encrypted and anonymized, so that in the event of a breach, the data cannot be exploited. Infringements under GDPR can lead to fines of €20 million, or 4% of annual global turnover for an organization. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack With a combined residential population of over 430,000, the Councils have a duty to ensure that the personal information of all residents is adequately protected against the risk of data breach, either by the Councils themselves or the third-party suppliers and agencies with which they work. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack. GDPR risk exposure Using Rizikon Assurance, the Councils will improve the process and accuracy of securing third party assurance. This will support compliance with GDPR, and establish a way to manage on-going assurance checks when needed at regular intervals. Additionally, the Councils will be in a position to identify GDPR risk exposure across their supplier portfolio, so that remedial action can be taken to improve the protection of citizen data. Jake Holloway, Director responsible for Rizikon Assurance, commented, “The role of every public service organization is to serve its citizens, often holding personal information about them on many sensitive topics such as health, benefits and education. With that comes the responsibility of ensuring that information is protected, especially when it needs to be shared with partner organizations.” Rizikon Assurance Jake adds, “Rizikon Assurance will help any organization dramatically improve the speed and reliability of its third-party assurance processes, covering areas such as GDPR, health & safety, the Modern Slavery Act and any other requirements that they may have. It moves third party assurance from a siloed and reactive activity, to a connected, proactive continuous process that delivers a complete view of third-party risk.”
AT Brown (Coaches) Ltd is a premier coach company based in Telford, England that has been operated by the same family for over 100 years. After moving to larger premises in the town’s Hortonwood Industrial Estate in 2005, AT Brown began suffering from constant diesel theft. Installing a Gallagher monitored pulse fence stopped the thieves overnight. Despite having installed CCTV cameras and employing mobile patrols, AT Brown owner Ewen MacLeod says the diesel theft problem continued for the first eight years on the new site. “Thieves were coming through the security fence and syphoning fuel out of the coaches. The investment in CCTV cameras and mobile patrols wasn’t paying off.” Perimeter security solution Gallagher Security partnered with SPG Security Systems UK Ltd to provide a perimeter security solution that would let AT Brown get back to running their business. A Gallagher monitored pulse fence was installed around the whole site, including the large double leaf access gates. The monitored pulse fence was easily retrofitted to AT Brown’s existing security fence, making it a cost-effective option that could be quickly installed without any disruption to the business. SPG and Gallagher very quickly got to know what our requirement was and installed it around us" “SPG and Gallagher very quickly got to know what our requirement was and installed it around us,” says Ewen. “There was no impact whatsoever on us running the business.” Gallagher Security strategic business development manager Kevin Godfrey says the monitored pulse fence provided deterrence and detection for the whole site. Building alarm system “It’s a really simple, effective solution that has negated the need for guard patrols and a CCTV system.” The fence can be armed or disarmed with the building alarm or a keypad, and any break-ins are notified on a phone, through the building alarm system. Since the monitored pulse fence was installed in 2013, there have been no further incidents at AT Brown. The fence provides a powerful visual and practical deterrent to would-be thieves, preventing further break-ins and resulting in happy staff, and children getting to school on time in the mornings. “Everyone feels more secure, which is a very important factor,” says Ewen. “Now we can just carry on running our business the way we want to.”
Ping Identity, the provider of Identity Defined Security, announced that Bentley Systems, a software development company, has selected the Ping Intelligent IdentityTM platform to advance the priority it has placed on driving exceptional user experiences. Bentley Systems selected Ping Identity to help strengthen Bentley’s ability to bring applications to market faster and build a flexible data model to support various current and future compliance requirements. Ping stood out as the market leader of choice because of its strict adherence to standards, which is critical in supporting Bentley Systems’ aim towards providing an increasingly open and extensible technology offering. Deploying Ping Identity solutions Bentley Systems will leverage PingFederate for secure authentication and standards-based single sign-on for usersAs part of its ‘going digital’ initiative, Bentley Systems will deploy PingFederate, PingAccess, PingDataGovernance and PingDirectory in order to offer more flexibility in the solutions that support its global business. Bentley Systems will leverage PingFederate for secure authentication and standards-based single sign-on (SSO) for Bentley users. The addition of PingAccess will enable centralized authorization as well as architectural flexibility to meet the access needs of Bentley's users around the world. With PingDataGovernance, the organization will enforce fine-grained access controls for identity data and APIs, while PingDirectory will store and secure identity data at scale. Flexible solutions to support business and users “From our first interaction with Ping Identity, it’s been clear to us that the organization is dedicated to our successful deployment and is a true technology partner,” said Lori Hufford, vice president of Digital Foundations, at Bentley Systems. “As a global company, having flexibility in the solutions that support our business and user base is essential. Ping offers that flexibility, while also providing standards leadership to help advance our user experience and digital priorities.”
Mul-T-Lock supplies a high-end jeweler in London with CLIQ® locks in order to help the business manage access to cabinets holding valuable items. Stocking bespoke pieces and precious stones, the jeweler was looking for a high-level security solution that allowed sales personnel access to individual glass cabinets, without the worry that if one of the keys got lost or misplaced that they would have to replace the entire suite. Offering maximum security Over 50 CLIQ® cam locks from Mul-T-Lock were installed at the jewellers on each of the cabinetsOver 50 CLIQ® cam locks from Mul-T-Lock were installed at the jewelers on each of the cabinets, offering maximum security with the added benefit of audit trail capabilities. These capabilities include the ability to schedule individual access permissions for each key, as well as to provide time-limited access. In the case of this particular jewelers, each member of staff was given access to a selection of cabinets at varying times, with individual permissions set by the administrator (those who manage the security system). For example, access could be set for only business hours, meaning that the cabinet could not be accessed at evenings or weekends. Similarly, each time a user opens a lock, it will be recorded in the system, meaning that the administrator can keep an eye on operations electronically. Careful consultation Specialist Mul-T-Lock integrator, Elelock Systems Ltd specified and installed the CLIQ® locks at the jewelers, after weeks of careful consultation with the business owner to better understand the store’s requirements. One of the biggest concerns for this particular jeweler was the threat of compromised security" Chrys Chrysostomou, Managing Director of Elelock said: “One of the biggest concerns for this particular jeweler was the threat of compromised security if cabinet keys were lost. Mul-T-Lock’s CLIQ® technology means you can revoke access in minutes, whereas with a traditional system you would have needed to replace the whole lock – costing time and money.” Hands-On training “With no cabling the system was easy to configure and install, making it suitable for a variety of applications. The store manager also received hands-on training from ourselves and Mul-T-Lock, alongside the jeweler’s head of IT and security representative.” Suresh Peri, Commercial & Technical Manager at Mul-T-Lock added: “Our CLIQ® system is ideal for retail applications where there are a number of members of staff who need access at varying times, or that require individual permissions for access to high security storage rooms, cabinets or drawers. “Being able to revoke access permissions when a member of staff leaves also allows retailers to uphold their security and reduce ongoing maintenance costs.”
Round table discussion
Artificial intelligence is on the verge of changing the face of multiple industries – from healthcare to entertainment to finance, from data security to manufacturing to the cars we drive (or that will drive themselves!) In the physical security market, AI has garnered a lot of attention as a buzzword and as a harbinger of things to come. We asked this week's Expert Panel Roundtable: What security markets are most likely to embrace artificial intelligence (AI)?
There will be more artificial intelligence, more machine learning, video systems with more capabilities, and all of it will add greater value to our solutions. Those are among the expectations of our Expert Panel Roundtable as they collectively look ahead to the remainder of 2019. One unexpected prediction is that AI will not prove to be a game changer – at least not yet. We asked this week’s Expert Panel Roundtable: What will be the biggest surprise for security in the second half of 2019?
Cybersecurity has become the ultimate buzzword in the physical security market. And it also represents one of the industry’s most intractable challenges. Several years ago, the problem with cybersecurity was lack of awareness among physical security practitioners. It’s now safe to say that awareness has increased. Everyone today talks about cybersecurity, but has it helped the larger problem? We asked this week’s Expert Panel Roundtable: Is greater awareness helping to increase the cybersecurity of physical security systems?