Cyber security
News
Rubrik, Inc., the Zero Trust Data Security™ company, announces a new partnership and technology integration with Mandiant, part of Google Cloud. The collaboration brings together pioneers in data security, incident response, and threat intelligence, aiming to expedite customers’ threat detection and path to cyber recovery. “This partnership will gations leveraging Rubrik’s backup solutions to identify threats in their backups powered by Mandiant’s industry-pioneering threat detection and intelligence,” said Steve Elovitz, Director, Mandiant Consulting. “Together, we can help organisations before, during, and after cyber attacks to ensure businesses can respond quickly and get back up and running as soon as possible.” Mandiant’s M-Trends 2024 report The global median dwell time from centre to detection is improving, according to M-Trends 2024 report While the global median dwell time from compromise to detection is improving, according to Mandiant’s M-Trends 2024 report, threat actors operate undetected in victims’ environments for a median of 10 days — giving them more than enough time to conduct a destructive attack. Organisations often will recover to the most recent backup prior to encryption, but what if that backup has been infected with a backdoor? Through this partnership, indicators of compromise learned on the frontlines of some of the most impactful breaches can be applied proactively to enable cyber resilience. “Organisations have been responding to ransomware attacks with months-long recovery processes, which can result in irreparable damage to the business,” said Steve Stone, Head of Rubrik Zero Labs. “With Mandiant, we are able to demonstrably lessen the impact window of ransomware attacks while simultaneously increasing the capabilities available to customers in need — from threat intelligence to rapid access to incident response teams. Together, we connect the dots in a time of crisis to deliver true cyber resilience.” Three key pillars of this partnership Rubrik’s threat-hunting and threat-monitoring abilities are used to identify a safe recovery point Breaking intrusions, active campaigns, and evolving threats detected by Mandiant Threat Intelligence are now integrated into Rubrik’s Threat Monitoring capability providing threat intelligence to Rubrik Enterprise Edition customers. This helps organisations to identify and combat threats including ransomware, malware, and malicious intrusions before they can execute destructive activity using Mandiant Threat Intelligence at scale. Rubrik’s Threat Hunting and Threat Monitoring capabilities are used to identify a safe recovery point by automatically applying Mandiant Threat Intelligence’s thousands of knowledge points from the breaches that matter against every Rubrik backup. Multi-cloud environments When victim organisations are recovering their systems from backups, concerns often linger that the backup itself contains backdoors left for reinfection. Organisations can proactively eliminate this problem with Rubrik Clean Room Recovery, which allows customers to recover and store data in a clean Google Cloud environment or multi-cloud environments, supporting customer choice with secure technology and solutions. Incident response capabilities Rubrik’s Ransomware Response Team provides expertise around data recovery For their joint customers, Rubrik and Mandiant can bring together their respective Ransomware Response and Incident Response teams to provide victims with additional investigative and recovery support. Rubrik’s Ransomware Response Team provides expertise around data recovery and how to integrate and utilise backups, while the Mandiant Incident Response team bolsters organisations’ incident response capabilities and responds to active breaches. Through this partnership, joint customers will be able to ensure that in the event of an attack, the Mandiant and Rubrik teams are working together to help the business get back up and running as fast as possible in their most critical times. These three efforts can help any organisation to receive the benefits of consistency, integration, best-in-class technology and expertise working together, and ability to control their risk against the threats that matter.
Rapid7, Inc., a pioneer in extended risk and threat detection, announced the release of its Ransomware Radar Report in conjunction with the company’s presence at Black Hat USA. The all-new research report provides a fresh perspective on the global ransomware threat by analysing, comparing, and contrasting attacker activity and techniques over an 18-month period ending June 30, 2024. According to the report, ransomware groups continue to refine their craft, building and scaling business models that resemble legitimate corporate enterprises. They market their services to prospective buyers, offer company insiders commissions in exchange for access, and run formal bug bounty programs. Ransomware Radar Report Rapid7 researchers found 3 major clusters of ransomware families with alike source code In addition, Rapid7 researchers found three major clusters of ransomware families with similar source code, indicating that ransomware groups are focusing their development efforts on quality over quantity. “The Ransomware Radar Report uses data to tell the story of how ransomware and the threat actors that wield it are evolving,” said Christiaan Beek, senior director, threat analytics at Rapid7. “For example, the related source code, combined with a continuing decline in the number of unique ransomware families, suggests a move toward more specialised and highly effective ransomware variants, rather than a broad array of less sophisticated malware.” Key findings Additional key findings from the Ransomware Radar Report include: 21 new groups have surfaced: Within the first six months of 2024, Rapid7 observed 21 new ransomware groups entering the scene. Some of these groups are brand new while others are previously known groups rebranding under a new name. One of the most notable of these new groups, RansomHub, has quickly established itself as a prominent extortion group by making 181 posts to its leak site between February 10 and June 30, 2024. Leak site posts are up 23%: Each leak site post represents an extortion attempt. The number of ransomware groups actively posting to leak sites is increasing, from an average of 24 groups posting per month in the first half (H1) of 2023 to 40 per month in H1 2024. Furthermore, 68 ransomware groups made a total of 2,611 leak site posts between January and June, representing a 23% increase in the number of posts made in H1 2023. Smaller organisations have become a more frequent target: In examining the revenue distribution of companies listed within access broker postings, Rapid7 noted that companies with annual revenues around $5 million are falling victim to ransomware twice as often as those in the $30-50 million range and five times more frequently than those with a $100 million revenue. This finding could suggest that such companies are large enough to hold valuable data but not as well protected as their larger counterparts. Ransomware Prevention technology “The report’s insights into the ransomware landscape are crucial for informing Defenders’ cybersecurity strategies,” said Beek. “From our own detection engineering point of view, the clusters and additional report information, such as the usage and type of encryption algorithms, help us uplevel hunting techniques and prevention, detection, and response technologies." "Rapid7 continually investigates new techniques used by threat actors and ransomware operators, tests them against our patented Ransomware Prevention technology, and creates new preventions to ensure customers are protected against the latest threats.”
Commvault, a provider of cyber resilience and data protection solutions for the hybrid cloud announced an expansion of its cyber and data security ecosystem through strategic integrations with an array of security partners: Acante, Dasera, Google Cloud, Splunk, and Wiz. Cyber resilience These integrations play a key role in helping joint customers advance cyber resilience in a variety of ways across on-premises, hybrid, and cloud environments from identifying potential threats or anomalies, to understanding where sensitive data exists, to accelerating clean recoveries. These bi-directional integrations also empower customers to use their preferred security, data protection, and cyber recovery solutions. Recovery ability Only 13% of organisations are equipped to effectively defend against and rapidly recover from cyberattacks Security operations teams can leverage these integrations to help better understand risks and threats, defend against them, and recover with confidence. The need for these types of integrations has never been more critical or timely. According to a recent study commissioned by Commvault and conducted by GigaOm, only 13% of organisations are equipped to effectively defend against and rapidly recover from cyberattacks, with 54% of these organisations expressing full confidence in their recovery abilities. For more on these findings, read the 2024 Cyber Recovery Readiness Report. Cyber security, DSPM, and AI “Commvault is committed to partnering with industry leaders in cyber security, data security posture management (DSPM), and artificial intelligence (AI) with one goal in mind to help customers advance their security posture,” said Rajiv Kottomtharayil, Chief Product Officer, Commvault. “It takes a village to fight today’s cyber threats, and through these integrations, we help enable our customers to build a bridge towards true organisational resilience.” Advance data discovery Integrations with these partners continue to advance data discovery and classification, cyber resilience, and cyber security. Acante: Acante's data access governance solution for modern data and AI clouds empowers data teams to radically simplify and dramatically accelerate precise, secure, and compliant access to their fast-growing critical data. Dasera: Offers DSPM solutions that help companies identify where sensitive structured and unstructured data is, automate data security and governance, and rapidly find, flag, and fix data security risks. Google Threat Intelligence: Provides unmatched threat visibility and actionable context powered by AI to help organisations proactively set defenses, hunt efficiently, and investigate and respond to new and novel threats. With a Google Threat Intelligence licensed API key, customers can realise a seamless experience to investigate Commvault-detected threats without jumping between tabs. Splunk: Enhances threat detection and response capabilities via Splunk's advanced data analytics platform, providing real-time operational intelligence for comprehensive security insights. Wiz: Delivers a consolidated cloud security platform that excels in providing clarity, visibility, and context, enabling users to secure their cloud environments. Quotes from integration partners Acante: “We are thrilled to partner with an industry leader like Commvault to help customers bolster their data resiliency by combining Commvault’s cutting-edge data protection technology with Acante’s data access governance solution,” said Ranga Rangachari, Acante CEO and co-founder. “This integration dramatically enhances our customers' data security posture.” Dasera: “Our DSPM solutions complement Commvault’s offerings and help to provide continuous monitoring and rapid remediation of data security risks,” said Ani Chaudhuri, Dasera CEO and Co-founder. “Together, we are committed to helping organisations achieve robust data security and compliance.” Wiz: “The collaboration between Wiz and Commvault delivers cloud security context that enables highly secure backup recoveries with embedded vulnerability patching,” said Oron Noah, VP of Product Extensibility & Partnership at Wiz. “We're paving the way for a new era of cloud resilience, where data protection and security go hand in hand.” Availability These new integrations are available immediately through Commvault and its partners.
Censys, the pioneering Internet Intelligence Platform for Threat Hunting and Attack Surface Management, announced the Censys Community Forum, a moderated, online platform for security professionals to discuss topics focused on threat hunting, attack surface management, general security expertise and more. Designed with security professionals in mind, the space provides over 70,000 members with free resources and data-driven security solutions through a centralised, accessible platform. Security practitioners operate in an environment where threats evolve rapidly, and new vulnerabilities are constantly discovered. Censys’ centralised repository of current and effective security measures ensures that practitioners can stay ahead of emerging threats and protect their organisations' assets effectively. Censys’ commitment The platform provides the ability for the community to engage, share details, and learn the Censys’ solution "The Censys differentiator has always been our data, derived from cutting-edge global internet scanning infrastructure,” said Matt Korovesis, Technical Community and Education Manager at Censys. “Our mission is to serve the security community BEYOND just actionable intelligence. We are proud to offer an official, moderated community space for individuals to interact with each other, driving innovation and shared expertise.” This launch reinforces Censys’ commitment to being the one place to understand everything on the internet, fostering a learning and development mindset across all levels. The platform provides the ability for the community to engage, share knowledge, learn, and get the most out of Censys’ solution to enable them in their critical daily activities. Fostering connections and innovation “At Censys, we believe in the power of community, and this forum is designed to bring us all closer together, fostering connections and innovation with like-minded individuals,” said Sarah Ashburn, Chief Revenue Officer at Censys. “We are excited to launch another resource that makes security insights & actionable intelligence more accessible and relevant to users’ needs - ultimately working together to strengthen skill sets and improve collaboration within the cybersecurity industry.” Censys’ resource repository The launch builds upon the strong community momentum with the thousands of Censys users across its industry-pioneering search tool, Censys Search Solo and Censys Search Teams. For more information about Censys’ resource repository, visit Censys at Black Hat at Booth #2800. The Censys team will also be previewing live demos of its beta version of Search 3.0, Censys’ next-generation search capability to continue powering threat hunting and research teams with unparalleled data and insights.
Expert commentary
For K12 education pioneers, embarking on a journey to upgrade security controls can present a myriad of questions about finding the best-fit solutions and overcoming funding hurdles. A majority of public-school districts today are faced with outdated infrastructure and security controls, requiring necessary upgrades. By addressing these concerns head on, schools will ensure a safer environment for both students and staff, mitigating risks posed by unforeseen physical and digital threats. Common K12 security pain points There’s no one-size-fits-all solution in school district security. School districts may have big plans to implement upgraded security systems but to set out on the right foot, pioneers must have a clear vision of their long-term strategy. When embarking on their security journey, education pioneers often wonder where to start and what exact steps are they need to be taking to identify and address weaknesses. Local K12 and government pioneers are promoting and mandating security assessments to uncover safety gaps on campuses and mitigate these risks with advanced technology solutions. Not only do assessments provide detailed, customisable roadmaps for district pioneers, but they also recommend technologies and funding opportunities to help close threat gaps. K12 school districts are mainly vulnerable to cyber-attacks due to the sensitive nature of student records In today’s climate, schools face a growing number of physical and digital security threats. From a cybersecurity standpoint, K12 school districts are particularly vulnerable to cyber-attacks due to the sensitive nature of student records. However, only one-third of these districts have adequate staffing to address threats effectively. In addition, according to a recent survey from Johnson Controls and Forrester Consulting, security decision-makers are having trouble receiving actionable insights. Nearly two-thirds of respondents said that they struggle to receive information from all necessary systems regarding their security threats. To gain more clarity into what school districts need in terms of security tools and threat mitigation, implementing system-wide monitoring and optimisation can be invaluable. This approach enhances equipment and operational efficiency, while providing necessary resources and expertise for critical patch updates across all systems, strengthening their overall security posture. Achieving a well-rounded security program In the past few years, AI technology has emerged as a trending solution and is generating considerable attention. While the allure of implementing cutting-edge technologies is undeniable, it’s important to recognise that a robust security program hinges on solid access control. Access control technology provides administrators with the means to oversee and regulate entry into facilities, serving as the foundation for basic physical security. The technology helps administrators and staff control access to multiple areas from web-enabled devices, even during lockdowns which is crucial in emergency situations. School district pioneers should utilise available digital risk assessment tools to uncover threat areas Once basic security controls are in place, school districts must address their next set of security pain points and identify which solutions meet their specific needs. This involves identifying and prioritising the highest need and most cost-effective investments that will have the greatest impact on enhancing security measures. To accurately determine which security solutions are needed for a specific environment, school district pioneers should utilise available digital risk assessment tools to uncover threat areas and determine levels of priority. By focusing on these priority areas, districts can allocate their resources and efforts where they are needed most, ensuring maximum effectiveness in mitigating risks and vulnerabilities. Securing funding before approaching deadlines A major challenge for school districts surrounding campus security is identifying and securing the necessary funding to implement solutions aligned with their goals. Leveraging available funding sources is critical, especially considering certain programs are approaching their deadline, like the Elementary and Secondary School Emergency Relief (ESSER) fund. Announced during the pandemic, ESSER is a funding program that has allocated nearly $190 billion in aid to U.S. public school districts to fund projects benefitting the well-being of occupants. Notable ESSER funding deadlines to keep in mind as the clock winds down include September 30, 2024 Notable ESSER funding deadlines to keep in mind as the clock winds down include September 30, 2024, when schools must attribute all of their funds to assigned contracts. Following this date, pioneers will need to complete all ESSER spending by January 2025 unless approved for an extension into March 2025. As ESSER wanes, school districts are acutely aware of the fiscal cliff in budgets through 2025. However, many states are ramping up grant funding to close the deficit gap. Administrators should become familiar with these grant opportunities at a local and state level. Get started on security plans The time for school district pioneers to act is now. While the safety and well-being of students and staff are always top priorities, it’s crucial to acknowledge that a lack of insight into necessary security upgrades and available funding options will leave districts behind the curve. Seizing the final months of ESSER funding presents an ideal window to address security pain points and build a safer future for K12 facilities. Looking beyond ESSER, pioneers must proactively seek out and leverage other funding avenues to help ensure the continuity of their security efforts and maintain a proactive stance in safeguarding healthy and safe educational environments.
These days, business is more collaborative, adaptable and connected than ever before. In addition to offering new identities and access privileges, new applications and data also increase the attack surface available to cyber criminals, hacktivists, state actors and disgruntled insiders. These new identities need to be handled carefully. CISOs must develop an identity management strategy that is consistent across on-premises, hybrid and cloud systems. Good security is built on solid identity governance and administration (IGA) principles. From ransomware to supply chain intrusions, high-profile cybersecurity events frequently take advantage of weak identity and access management procedures. The Identity Defined Security Alliance found that 84% of organisations experienced an identity-related breach during its one-year study period. Robust IGA system Consequently, organisations need to find best-of-breed solutions for each section of the fabric Some of the most well-known cyber-attacks have not been made possible by a nation-state exploiting a remote zero-day vulnerability; rather, they have been made possible by something as basic as a hacked orphaned account. This resulted in lateral movement from an insecure platform to a high-value system, illegitimate privilege escalation or unsanctioned access to a computer system. To safeguard against such attacks, organisations must be aware of who has access to their systems and apps, and guarantee that access is revoked when it is no longer required. Here, a robust IGA system is helpful. It is not the whole picture, though; IGA is part of a larger identity fabric. A report by KuppingerCole noted that “Identity Fabrics are not necessarily based on a technology, tool or cloud service, but a paradigm for architecting IAM within enterprises.” The report pointed out that the paradigm is created using several tools and services. That’s because, contrary to marketing claims, no one vendor has a platform that provides all the needed elements. Consequently, organisations need to find best-of-breed solutions for each section of the fabric. Threats to the new corporate landscape Due to their exclusion from the corporate firewall and the security culture that comes with working on-site, remote employees and third parties are desirable targets for hackers. The transition to online office suites is another vulnerability that hackers are taking advantage of–for instance, through bogus authentication login dialogues. Additionally, hackers are using technologies like machine learning and artificial intelligence to circumvent current security tactics. A cyberattack powered by AI will imitate human behaviour and develop over time. Even publicly available information might be used by this "weaponised AI" to learn how to get past a target’s defences. CISO and the business users Attackers will finally find an entryway, but firms can protect the new perimeter–their identities It's no longer possible to secure the traditional perimeter. Attackers will eventually find an entryway, but businesses can protect the new perimeter–their identities. To defeat these threats, organisations must look again at identity and access management tools and how they are weighed against the impact on the organisation. Should you mandate multi-factor authentication (MFA) more often and earlier? Should only company-owned devices have access to networks, or should access be restricted to specific business hours or regions? Should access to sensitive information and critical systems be given just temporarily or should it be offered on a task-by-task basis? Both the CISO and the business users they assist should be asking these questions. Staying ahead of threats with identity Access control limits decrease dangers but can come with a cost. If you give your users too much access, your organisation becomes susceptible; if you give them too little, productivity suffers. But there are ways to strike a balance with security, compliance and productivity. More CISOs are turning to Zero Trust–which is based on the principle of maintaining strict access controls and not trusting anyone by default–to protect their systems from new attack types. However, Zero Trust is reliant upon having a thorough and baked-in strategy that underpins it. Other actions that companies can take include implementing automation for identity management, such as automating workflows for approval. This would significantly lessen the administrative burden and friction that security solutions like multifactor authentication (MFA) or time-restricted access to critical systems have on business users. This might include restricting access to particular devices, capping access hours during the day or enforcing MFA based on user behaviour. Identity fabric: Putting it all together Make sure your identity architecture is scalable, secure, and provides a seamless user experience These are just two elements of the identity fabric approach. Most organisations today have implemented pieces of an identity fabric, which is basically an organisation’s identity and access management (IAM) infrastructure and typically includes a mix of modular IAM solutions for multi-cloud and/or hybrid environments. Now, organisations need to define, enhance and develop this infrastructure. They must also institute guiding principles for how it should operate, meet current and future business requirements as well as identity-related cybersecurity challenges. In doing so, businesses can move past identity platforms and adopt an identity fabric perspective. The key is to make identity governance the starting point of your identity fabric strategy, ensuring seamless interoperability within your identity ecosystem. Make sure your identity architecture is scalable, secure, and provides a seamless user experience. Aligning security with business Due to the increase in knowledge workers using the cloud and working remotely, attackers are focusing on this group. These employees are easier to compromise, give access to valuable data and offer more attack targets. Knowledge workers also lack an administrator’s level of security expertise. Therefore, as part of their security fabric strategy, enterprises require a scalable IGA system. It is easier to comply with security and access regulations and takes less time for IT teams to do normal administrative activities when they invest in IGA, a crucial tenet of identity security. CISOs and boards, though, are currently looking at more than identity management. IGA is at the centre of the debate about security and governance. Taking an identity fabric-based approach, with a foundation built on modern, cloud-based IGA, will safeguard identities, increase productivity, and make staff adherence to organisational procedures easier.
The average business owner or investor has some kind of security precaution in place, especially in the after-hours when there are fewer deterrents to inhibit criminal activity. Security guards, video surveillance systems, motion sensor lights, or even just fake cameras placed around the property are some of the common options people choose. Future of overnight security Smart business owners are starting to realise, however, that some of these traditional security measures are becoming antiquated and no longer cutting. The now and future of overnight security is in remote guarding. Pioneered by companies like Los Angeles-based Elite Interactive Solutions, which was founded back in 2007, remote guarding is revolutionising the overnight security business. Minimising criminal activity Remote guarding is fast becoming the most popular choice among commercial end-user property owners Remote guarding utilises a combination of cutting-edge technology, “digital guards,” highly trained security agents, and local law enforcement if and when necessary to minimise the potential of criminal activity. For those adequately enlightened to its overwhelmingly impressive crime prevention capabilities, remote guarding is fast becoming the most popular choice among commercial end-user property owners to secure and protect their investments. What Is remote guarding? Remote guarding is a revolutionary concept and increasing trend in security systems that utilises a combination of methods to effectively analyse potential threats to property. Cameras and/or other monitoring devices running highly advanced algorithmic software are installed in strategic areas or vulnerable places onsite and remotely located security agents are immediately notified of any activity within a designated perimeter of the property. A blend of AI, cybersecurity, and video analytics When properly deployed by an expert provider, the technology stack includes a proprietary blend of video analytics, artificial intelligence, cybersecurity, and more. Done right, “noise” is effectively filtered out, allowing agents to act on legitimate alerts and achieve zero false alarms communicated to first responders. Today, there are a lot of terms and descriptions tossed around about remote guarding, remote video, virtual guarding, etc., but those attributes must be present to represent the true definition of the offering and its many virtues. Realtime situational awareness Many systems have a two-way speaker that allows the security agent to give a verbal warning When specially trained security agents are alerted to trespassers, possible intruders, or other suspicious activity, they analyse the situation in real-time and determine the necessary level of action. Many systems have a two-way speaker that allows the security agent to give a verbal warning, known as a voice-down, to the individual(s) that they are being watched. Most perpetrators, often believing the response is emanating directly from security personnel on the property itself rather than from a remote command centre, flee immediately. However, if the threat persists, the security agent enlists local law enforcement to get on the scene. Customised remote guarding When properly deployed, remote guarding systems are also customised to specific properties. A team of consultants visits the client’s property to evaluate its vulnerabilities and where to best place cameras and/or other monitoring devices for system efficacy. Traditional security shortfalls According to Keith Bushey, a retired commander for the Los Angeles Police Department, there is much frustration between law enforcement officers and potential victims of crime due to the historically unreliable performance of traditional burglar alarm systems and central monitoring stations. He states about 90% of security-related calls are false alarms, a problem that has been well-documented through the years. Onsite challenges When a legitimate emergency does occur, the perpetrators have often already done their damage When a legitimate emergency does occur, the perpetrators have often already done their damage and/or escaped by the time law enforcement arrives. Onsite security guards are not the remedy either as they bring their own set of issues and challenges. Unexpected costs Traditional security systems can also have unexpected costs. The cost is not only in the security guards’ paycheck or the cost of the equipment itself. The cost comes when an actual incident occurs. In worst-case scenarios, the security guard(s) are injured, the business suffers inventory loss, and/or damage is sustained to the property. The medical and other costs for the security guard(s), the loss of inventory, property damage, deployment of law enforcement resources, and possible fallout of legal expenses all add up. Even in the best-case scenario, false alarm expenses incur if law enforcement is dispatched. These, among many others, are some of the primary issues that remote guarding resoundingly answers as a superior alternative. A bounty of benefits Remote guarding systems have been proven to cut costs and be more effective than traditional security systems. Even though the monthly monitoring costs of remote guarding are significantly higher than traditional intrusion detection system monitoring, the much higher effectiveness in crime reduction, elimination of false alarms, and augmenting or replacement of manned guards result in a substantially higher return on investment (ROI) to the end user. Easy tracking of threats The security cameras already have their image captured on record, making them easier to track down For example, case studies have demonstrated reduced security costs for clients by 60%, on average. These reductions have come from the costs of security staff, inventory, or property loss, plus saving money on insurance premiums and deductibles. The nature of remote guarding reduces the risk and costs of false alarms, with professional security agents able to determine an actual threat before law enforcement is called. In a rare instance when a perpetrator escapes before law enforcement arrives or can detain the individual(s), the security cameras already have their image captured on record, making them easier to track down and identify. Reduction of false alarms The significant reduction in false alarms is greatly appreciated by law enforcement, as it allows them to focus on real emergencies or crises. Better relationships are also developed between clients and law enforcement, as remote guarding systems are highly reliable in providing accurate and real-time information to officers as they approach the scene. In short, it assists law enforcement in doing their job more effectively, as well as more safely thanks to having eyewitness information before engaging in an active crime scene. Partnership When you combine the decreased cost with the increased efficiency and success rate, it is easy to see why many commercial end-user property owners across the country are making the shift to remote guarding. It’s also an outstanding opportunity for professional security dealers and integrators to partner with a remote guarding services provider to bring a superior solution to their end customers and pick up a recurring monthly revenue stream in the process.
Security beat
The shift from standalone systems to fully integrated solutions is one of the biggest shifts the security industry has experienced in recent years. There is a higher demand for integrated solutions that go beyond just security at the device and software level, and manufacturers have been continuously developing improved application programming interfaces (APIs), and hybrid and cloud-connected solutions. Artificial intelligence (AI) Also, artificial intelligence (AI) plays an important role in modern intrusion systems by helping enable automated threat detection, real-time response, and predictive analysis. AI algorithms can analyse vast amounts of data to identify patterns and anomalies that may indicate security breaches. Security solutions are being developed with a focus on AI and machine learning to provide more proactive and resilient defences against increasingly sophisticated cyber threats. Benefits of AI AI-driven security solutions can continuously learn and adapt to new threats, providing more robust protection “The practical benefits of AI in security systems include enhanced accuracy in detecting threats, reduced response times through automation, and the capability to anticipate and prevent potential vulnerabilities before they are exploited,” says Sergio Castillejos, President, of Commercial Security at Honeywell. Additionally, AI-driven security solutions can continuously learn and adapt to new threats, providing businesses with more robust and dynamic protection. Unified Intelligent Command user interface Honeywell meets the challenge of better-integrated systems with a unified Intelligent Command user interface (UI). Castillejos says Honeywell continually innovates with the latest analytics and encryption to keep up with evolving threats. Honeywell’s products integrate with many offerings for partners to construct a robust and modern system relevant to their security needs. Advanced cloud-based security Advanced cloud-based security technologies have been developed that offer real-time monitoring, automated threat detection Advanced cloud-based security technologies have been developed that offer real-time monitoring, automated threat detection, and remote management, essential for hybrid work environments, says Castillejos. “These solutions enhance scalability, improve data analytics capabilities, and provide seamless updates reducing significant maintenance costs that help companies to respond swiftly to emerging threats and enable robust, adaptive security measures.” Physical and digital security The best security systems are a combination of physical, digital, and national security, says Castillejos. While Honeywell focuses on providing the best in physical and digital security within their solutions, protecting sensitive and/or personal information must also be within the responsibility of the organisational policy. Cybersecurity for connected devices Some of the challenges in the next five years will likely include integrating advanced technologies Security systems can safeguard this information by being highly configurable while also notifying users of unwanted activity. Sometimes, just restricting access to sensitive areas can be enough. However, in the world of data analysis and machine learning, security systems can audit and report on users who have accessed data to ensure that the protections are in place. Some of the challenges in the next five years will likely include integrating advanced technologies such as AI and the Internet of Things (IoT) while securing cybersecurity for connected devices, notes Castillejos. Balancing act “Additionally, there will be a growing need for skilled professionals to manage and maintain these complex, connected systems,” he says. “Balancing cost-effectiveness with the demand for resilient security solutions will also pose a significant challenge, especially for smaller businesses.” Legacy systems that are susceptible to vulnerabilities like cloning or unauthorised access present the largest challenge to overcome. “However, as technology evolves, it becomes more challenging for a customer to manage a unified security system rather than a collection of unique solutions that all operate independently,” says Castillejos. Disruptive technology But investing in the newest analytics, AI and IoT will not improve a company’s physical security systems if they do nothing with the data. “They are not a replacement for the devices that keep people and property safe,” says Castillejos. “They can enhance a user’s experience and speed up the time to respond when they are planned correctly.” The best security systems will look at disruptive technology as another tool in the overall system. However, the focus should remain on the user experience. If the latest technology is not properly integrated or configured, it will turn into more noise that most operators will ignore. {##Poll1720586145 - Which is the most useful benefit of artificial intelligence (AI) in security systems?##}
ISC West 2024 mirrored a vibrant industry on the precipice of accelerated change. Factors such as the cloud, artificial intelligence (AI), edge computing, and biometrics are shaping the future of the security marketplace, and they were front-and-centre at the industry’s biggest U.S. show in Las Vegas. Foot traffic was steady and impressive, including more than 29,000 security industry professionals viewing 750 exhibitors. A torrent of eager attendees crowded the lobby on the first day and could not wait for the doors to open. When they were admitted, the wealth of technological innovation and business opportunity did not disappoint. Focus on cloud systems Cloud systems were high-profile at ISC West. Camera manufacturer Axis, for example, introduced their Axis Cloud Connect at a press conference. Meanwhile, Genetec officially launched their Security Centre SaaS platform, which aims at eliminating points of friction to enable integrators to easily embrace cloud systems from quoting and ordering to provisioning and installing. Camera manufacturer Axis, for example, introduced their Axis Cloud Connect at a press conference Cloud provider Eagle Eye Networks promoted their new “Eagle Eye 911 Camera Sharing” technology under which both non-Eagle Eye Cloud VMS customers (via Eagle Eye 911 Public Safety Camera Sharing) and Eagle Eye customers can opt to share their video feeds for use by 911 operators in case of emergency. If users opt-in, 911 operators can have access to live video as an emergency unfolds. Eagle Eye Networks provides the feature by integrating with RapidSOS call centre software. Camera locations are based on geolocation coordinates, and customers can choose if they want to participate and which cameras they want to share. Biometrics in the mainstream Biometrics were well represented at ISC West, including Alcatraz AI, which introduced an outdoor version of their biometric face recognition product. The Rock X works well despite harsh lighting. Alcatraz’s products do not have to be integrated, they communicate just like a card reader using OSDP or Wiegand protocol. “At the show, customers are excited about moving to a frictionless environment and getting rid of existing credentialing,” said Tina D’Agostin, CEO and co-founder of Alcatraz. “We are making access control frictionless, secure and private. The experience can be as passive as possible – people can just walk in.” Multiple types of authentication, and the ability to detect tailgating and stream video SAFR from Real Networks also featured biometric face recognition, emphasising feature sets, convenience, and price/performance. They offer multiple types of authentication, and the ability to detect tailgating and stream video. A new device is a small mullion mount that is “approaching the price of a card reader, factoring in the need to purchase cards,” said Brad Donaldson, Vice President and General Manager. SAFR focuses on convenience: You don’t have to take out your phone to pass through a door. Enrolment is easy by incorporating existing databases, and costs are lower than competitors, said Donaldson. The system analyses multiple points on the face, turns it into data and then encrypts it, providing a “unique signature for each person.” Credentials in Apple Wallet and Google Wallet AMAG Technology announced the compatibility of credentials with the Apple Wallet and Google Wallet. The company is also embracing a new strategic direction under President David Sullivan. They launched a new website in January, are developing dynamic resources and a partner page, and they now integrate with 120 tech partners. AMAG Technology Financial Services now enables their channel partners to offer leasing and financing options to customers. The big new booth at ISC West reflected an effort to “market different and look different,” according to the company. The big new booth at ISC West reflected an effort to “market different and look different" The new Symmetry Control Room, a command-and-control system, is a relaunch of an earlier AMAG product with enhanced features. Suitable for large enterprise customers, the software enables a big video wall to display all the various systems and incorporates all the data into a single “pane of glass.” Operators can “draw a lasso” around cameras they want to display on the video wall and can follow action across multiple camera feeds. Navigating megatrends A breakfast meeting for integrators, sponsored by Assa Abloy Opening Solutions, was built around the theme “Navigating Megatrends for Sustainable Growth." The megatrends are artificial intelligence, sustainability and cybersecurity. Related to cybersecurity, there are 350 common vulnerabilities and exposures (CVE) published per week, reflecting the continuing threat to cybersecurity. Physical security has a “data lake” of information from various physical security systems that can be an attractive target for cybersecurity breaches. Data sets can be exploited and/or poisoned. The security industry needs to apply “defence in depth” to the challenges of protecting data. “The threat landscape is always changing, and security technology is an iterative process,” said Antoinette King, i-PRO’s head of cyber convergence, one of the panellists. Natural language systems Natural language systems are a newer approach making an early appearance at ISC West Natural language systems are a newer approach making an early appearance at ISC West. Brivo, for example, has an early prototype of its “natural language search capabilities” that can answer questions such as “Who is in the office?” or “Where is Bob and what has he done?” Brivo also promoted its all-in-one door station device that combines a card reader and a camera (for facial authentication) and serves as a video intercom, thus eliminating the need for multiple devices at the door. Brivo is also emphasising tailgate prevention, facial authentication, and people counting using AI at the edge. Also promoting natural language systems was Verkada, which unveiled a beta version of its AI Search feature that embraces national language capabilities. With AI Search, users will soon be able to use natural language to search for people or items. For example, a search could be “person climbing over a fence” or “person making phone call” or “person wearing football jersey.” Verkada wants to be thoughtful with the rollout and make sure effective guardrails are implemented to prevent abuse and bias. The release should happen in the coming months. Multi-family applications Allegion is promoting the XE360 hardware lock platform in various formats, including cylindrical lock, mortise lock, deadbolt and exit trim. At the show, Allegion noted an enthusiasm for multi-family applications. “We have been surprised by the people who want to add electronics and to retrofit existing multi-family facilities to compete with newer facilities,” said Henry “Butch” Holland, Allegion’s Regional Director, Channel Sales East Region. Allegion works with 60 different physical access control software providers, including familiar players such as LenelS2 and Genetec Allegion also offers an “indicator” display on its locks, showing at a glance whether a door is locked or unlocked. The “indicator” might also display “occupied” or “vacant.” Allegion works with 60 different physical access control software providers, including familiar players such as LenelS2 and Genetec. Integrator M&A trends Everon looks for acquisitions in areas where they do not currently have support for national accounts A conversation with Everon at ISC West provided insights into the accelerating trend of mergers and acquisitions among the integrator community. Everon, formerly ADT Commercial, has done six acquisitions of local integrators since they changed their name last year. In targeting companies to acquire, they look for a good company with a good reputation, and they consider how the new company’s competencies complement their own. Some M&A strategy is geographic, as Everon looks for acquisitions in areas where they do not currently have support for national accounts. They also consider density, seeking to add new acquisitions in larger markets where they don’t currently have a big market share. “A lot of investment is coming into security because it is seen by investors as recession-proof,” said Michael Kennedy, VP, Mergers and Acquisitions, for Everon. Kennedy met with 95 businesses last year for possible acquisition, and the company only finalised a handful – reflecting that Everon is selective and careful that corporate cultures are aligned. “With an acquisition, the goal is to keep every customer and every employee,” said Kennedy. Voice of the customer ISC West provides an opportunity for manufacturers to listen to the “voice of the customer;” in person, no less. “We have every kind of problem come to the booth,” commented Heather Torrey, Honeywell’s General Manager, Commercial Security, Americas. “People are passionate, interested and very specific with their questions and comments,” she said. “We are driving a complete system, but we are flexible, helping our customers to meet their needs and not try to fit every foot into the same shoe. Sometimes meeting customer needs involves working with competitors," Torrey commented. “It truly comes back to listening to the customer, not just ‘this is what we have to offer,’” she adds. ISC West provides an opportunity for manufacturers to listen to the “voice of the customer;” in person, no less. Edge applications are everywhere at ISC West, and one company is promoting a new approach to expand functionality at the edge. Camera company i-PRO advocates the use of the “Docker” platform for app development, an option they offer on their cameras. Docker “containers” package deep-learning algorithms to make it easier to embed software into edge devices. Anyone can run Docker apps on i-PRO cameras that use the powerful Ambarella chip. A Docker “swarm” can combine multiple edge devices to work together and share resources. For example, the approach can increase computing power at the edge to increase the capabilities of instant analytics. It’s faster and provides better redundancies. A “distributed computing platform” ensures less latency than communicating analytics to a central server. Unification of capabilities Johnson Controls (JCI) also promotes the trend of combining multiple systems into a single pane of glass. Their “Open Blue” platform, with a security version unveiled at the show, integrates various security systems into one, combining data and monitoring device health. Basically, the system manages all resources holistically. JCI also notes a trend toward “unification of capabilities,” e.g., combining access control and video. “The scope of security is evolving from a focus on protection to a broader focus on operations,” commented Julie M. Brandt, JCI’s President, Building Solutions North America.
Fueled by mounting concerns about the cybersecurity vulnerability of U.S. ports, President Joe Biden has signed an Executive Order aimed at shoring up defences against cyberattacks. Cybersecurity initiative The cybersecurity initiative marks a significant shift in policy, empowering key agencies and outlining concrete actions to bolster defences. By empowering agencies, establishing clear standards, and fostering collaboration, the initiative aims to strengthen U.S. ports against the evolving threat of cyberattacks, safeguarding the nation's maritime economy and national security. Expanded authority for DHS The proactive approach aims to prevent incidents before they occur The Executive Order grants expanded authority to the Department of Homeland Security (DHS) and the Coast Guard to address maritime cyber threats. DHS gains the power to directly tackle these challenges, while the Coast Guard receives specific tools. The Coast Guard can compel vessels and waterfront facilities to address cyber vulnerabilities that endanger safety. The proactive approach aims to prevent incidents before they occur. Real-time information sharing Reporting any cyber threats or incidents targeting ports and harbors becomes mandatory. This real-time information sharing allows for swifter response and mitigation efforts. The Coast Guard also gains the authority to restrict the movement of vessels suspected of posing cyber threats. Inspections can be conducted on vessels and facilities deemed risky. Mandatory cybersecurity standards The standardisation aims to eliminate weak links in the chain and prevent attackers from exploiting Beyond these broad powers, the Executive Order establishes foundational elements for improved cybersecurity. Mandatory cybersecurity standards will be implemented for U.S. ports' networks and systems, ensuring a baseline level of protection across the board. This standardisation aims to eliminate weak links in the chain and prevent attackers from exploiting individual vulnerabilities. Importance of collaboration and transparency Furthermore, the initiative emphasises the importance of collaboration and information sharing. Mandatory reporting of cyber incidents fosters transparency and allows government agencies and private sector partners to work together in mitigating threats. Additionally, the Executive Order encourages increased information sharing among all stakeholders, facilitating a unified response to potential attacks. Maritime Security Directive The Executive Order encourages investment in research and development for innovative cybersecurity solutions To address specific concerns, the Coast Guard will issue a Maritime Security Directive targeting operators of Chinese-manufactured ship-to-shore cranes. This directive outlines risk management strategies to address identified vulnerabilities in these critical pieces of port infrastructure. The long-term success of this initiative hinges on effective implementation. The Executive Order encourages investment in research and development for innovative cybersecurity solutions, recognising the need for continuous improvement and adaptation to evolving threats. Recognising the urgency of cyber threats The initiative has been met with widespread support from port authorities, industry stakeholders, and cybersecurity experts who recognise the urgency of addressing cyber threats. However, some concerns exist regarding the potential burden of complying with new regulations for smaller port operators. Effective communication, resource allocation, and collaboration among all stakeholders will be crucial to ensure the successful implementation of this comprehensive plan. Enhancing cybersecurity The more impactful and noteworthy piece is the associated NPRM from the U.S. Coast Guard (USCG) “This Executive Order is a positive move that will give the U.S. Coast Guard (USCG) additional authority to enhance cybersecurity within the marine transportation system and respond to cyber incidents,” comments Josh Kolleda, practice director, transport at NCC Group, a cybersecurity consulting firm. The more impactful and noteworthy piece is the associated Notice of Proposed Rulemaking (NPRM) from the U.S. Coast Guard (USCG) on “Cybersecurity in the Marine Transportation System,” adds Kolleda. Portions of the notice of proposed rulemaking (NPRM) look similar to the Transportation Security Administration (TSA) Security Directive for the rail industry and the Emergency Amendment for the aviation industry. Coordinating with TSA on lessons learned The USCG should be coordinating with TSA on lessons learned and incorporating them into additional guidance to stakeholders and processes to review plans and overall compliance, says Kolleda. “At first glance, the NPRM provides a great roadmap to increase cybersecurity posture across the various stakeholders, but it underestimates the cost to private companies in meeting the requirements, particularly in areas such as penetration testing,” says Kolleda. Cyber espionage and threats The focus is on PRC because nearly 80% of cranes operated at U.S. ports are manufactured there “It is unclear if or how the federal government will provide support for compliance efforts. As this seems to be an unfunded mandate, many private companies will opt for the bare minimum in compliance.” “Cyber espionage and threats have been reported by the Director of National Intelligence from multiple nation-states including China, Russia, and Iran,” adds Paul Kingsbury, principal security consultant & North America Maritime Lead at NCC Group. The focus here is on the People’s Republic of China (PRC) because nearly 80% of cranes operated at U.S. ports are manufactured there, he says. Destructive malware “The state-sponsored cyber actors’ goal is to disrupt critical functions by deploying destructive malware resulting in disruption to the U.S. supply chain,” says Kingsbury. “These threat actors do not only originate in China or other nation-states but also include advanced persistent threats (APTs) operated by criminal syndicates seeking financial gain from such disruptions." "The threat actors don’t care where the crane was manufactured but rather seek targets with limited protections and defences. The minimum cyber security requirements outlined within the NPRM should be adopted by all crane operators and all cranes, regardless of where they are manufactured.” PRC-manufactured cranes Kingsbury adds, “The pioneering risk outlined in the briefing is that these cranes (PRC manufactured) are controlled, serviced, and programmed from remote locations in China." "While this is a valid concern and should be assessed, there are certainly instances where PRC-manufactured cranes do not have control systems manufactured in PRC. For example, there are situations in maritime transportation system facilities where older cranes have been retrofitted with control systems of European Union or Japanese origin.” Monitoring wireless threats “The Biden Administration’s recent Executive Order is a critical step forward in protecting U.S. ports from cyberattacks and securing America’s supply chains,” says Dr. Brett Walkenhorst, CTO at Bastille, a wireless threat intelligence technology company. “To ensure proper defence against malicious actors accessing port-side networks, attention must also be paid to common wireless vulnerabilities." "Attacks leveraging Wi-Fi, Bluetooth, and IoT protocols may be used to access authorised infrastructure including IT and OT systems. Monitoring such wireless threats is an important element in a comprehensive approach to upgrading the defences of our nation’s critical infrastructure.”
Case studies
Sports hold profound significance in the lives of athletes, nations, and citizens alike, fostering a sense of unity and national pride. Sporting events captivate hearts and minds, showcasing the devotion towards athletic spirit. The journey of an athlete from local competitions to global stages embodies dedication and resilience, inspiring millions worldwide. Olympics event At the pinnacle of this athletic journey lies the Olympics, a cherished event that transcends borders and cultures, uniting nations in a shared pursuit of excellence and sportsmanship. For years, anticipation has been building as Paris, affectionately known as the City of Lights and renowned as the iconic capital of France, prepares to host the Olympics 2024, promising unforgettable moments of triumph and unity. Facial Recognition Technology FRT symbolises a commitment to safeguarding the spirit of The Olympics, preserving the joy and pride Amidst the excitement, there lies a solemn responsibility: to protect the interests of everyone involved. In response, the use of Facial Recognition Technology (FRT) offers an enhanced approach to improving security measures for identification, access control, and threat detection. It symbolises a commitment to safeguarding the spirit of The Olympics, preserving the joy and pride that this monumental event brings to millions worldwide. The quest for enhanced security at the Olympics Ensuring Olympic security involves addressing a spectrum of challenges, including the complexities of managing fan behaviour, cyber-attacks, and the unpredictability of civil unrest. According to the National Center for Sports Safety and Security, 73.2% of attendees consider safety and security measures when deciding whether to attend an event, and 77% prefer security measures to be visible at an event. Common cybersecurity threats Phishing attacks, credential stuffing, and password spraying are some of the common cybersecurity threats With growing technological advancement and globalisation of the world these days, the Olympic Games face increasing risks of cyber attacks. Phishing attacks, credential stuffing, and password spraying are some of the common cybersecurity threats. Reports from the National Cyber Security Centre, United Kingdom, have established that more than 70% of sports organisations fell victim to cyber incidents in 2020, and this was mostly caused by hackers seeking financial gain. Eradicating Security Concerns with FRT In particular, surveillance becomes an important component of security and incident detection during the Olympics, where millions of spectators gather from all over the world. For this reason, strict perimeter measures, secure screening procedures, and vigilant security are required. Indeed, integrating FRT as an additional feature in Video Management Systems (VMS) can improve the outcomes significantly. Physical Security Enhancement: Video Analytics Systems are one of the most effective means of evaluating threat levels at the event Video Analytics Systems are one of the most effective means of evaluating threat levels at the event, using face recognition to match the faces of the people attending the event with a universal offenders database. It allows security staff to quickly identify malicious actors and detain them. This reduces the likelihood of wrong-doers making attempts at large-scale events, thus, protecting participants and spectators, and ensuring their safety. Monitoring Crowd Behaviour: Effective management of crowd behaviour is crucial for maintaining a safe and harmonious environment. Video Analytics Systems make it easier to look for and monitor disruptive crowd behaviours in real-time, like vandalism, alcoholism, violence, etc. Instigators of such activities are immediately identified and flagged, allowing security officials to address the problem before it escalates. It also helps in tracking and preventing agitation since the system incites recognising people in the crowd from lists of unreliable persons, even if masks hide their faces. This capability enables security to respond quickly to emerging threats, ensuring that protests remain peaceful. Enhanced Cybersecurity Measures: If the FRT system is centralised, any attempted intrusion by an intruder will be immediately visible FRT minimises the capability of cyber intruders attempting to penetrate the competition control information systems, media streams, and security systems and meddle with their work. If the FRT system is centralised, any attempted intrusion by an intruder will be immediately visible to security personnel. This will prevent unauthorised access and reduce not only the number of cybercrimes but also financial and reputational risks. By integrating FRS with AI, biometric and conventional security systems have made security surveillance more effective and efficient in providing real-time data analytics. With the development of generative AI, a new type of attack using spoofing and deep fakes is gaining momentum. Recognition technologies with liveness features can stand out among other defence systems. Peace of mind for athletes and staff FRT has the potential to profoundly impact the Olympic experience, offering athletes and staff a transformative blend of efficiency, security, and operational ease. For athletes, it means seamless access to venues, minimising distractions and administrative hurdles, allowing them to dedicate more time and focus to their training and competition. They can move through the Olympic complex with confidence, knowing their safety is assured. Identifying and addressing potential threats The technology not only enhances a sense of safety and belongingness but also ensures that global athletic excellence Beyond efficiency, this technology empowers security personnel to manage large crowds with precision, swiftly identifying and addressing potential threats. The technology not only enhances a sense of safety and belongingness but also ensures that global athletic excellence is memorable and deeply meaningful for everyone involved. Harmonising security and privacy with integrity Data privacy is paramount, and the balance between safety and the subject’s right to privacy must be kept to the highest standard. Transparency about data collection, storage, and usage fosters trust and upholds individual dignity. By championing both security and privacy, advanced technology security solutions like FRT can play an important role in ensuring that every participant and spectator feels safe, respected, and inspired. The application of security measures trusted worldwide helps maintain the integrity of global events, and the Olympic games act as an anchor for setting a perfect example of unified growth and glory. 360-degree protection "The Olympic Games stand as a monumental event for millions worldwide, posing substantial challenges to security services," said Tamara Morozova, Global CEO, of RecFaces. "Integrating facial recognition software promises 360-degree protection, drastically reducing incident response times to mere seconds, and empowering security personnel with invaluable analytical insights."
Genetec Inc., a pioneering technology provider of unified security, public safety, operations, and business intelligence solutions, announced that Heathrow Airport’s multi-year investment in Genetec solutions is enabling them to continuously innovate and transform operations. The joint effort provides Heathrow with a unified view across large-scale airport operations to secure people and assets, bringing efficiency and enhancing the passenger experience while ensuring data privacy and cybersecurity compliance. Deployed Genetec Security Centre Heathrow deployed Genetec Security Centre to bring all of its IP security systems onto one unified forum London Heathrow is Europe’s busiest airport, handling approximately 80 million passengers and 14 million tons of goods annually. Over 76,000 employees work around the clock to ensure the airport’s smooth operations across its 1,227-hectare site, including maintaining passenger flow, securing the premises, and managing over 1,300 daily take-offs and landings for 89 different airlines. Heathrow initially deployed Genetec Security Centre to bring all of its IP security systems onto one unified platform. What began as a 2,000-camera deployment in 2016 has since more than quadrupled in size, incorporating everything from video and access control to LIDAR, analytics, automatic licence plate recognition (ALPR), and more. Genetec solutions Genetec solutions are used to go far beyond security. For example, Genetec solutions are used to monitor over 150 km (93 miles) of baggage belts and facilitate the daily entry and exit of over 150,000 vehicles. “We’re essentially running a small city operation that happens to be called Heathrow,” explains Danny Long, IT Product Owner for physical security products at Heathrow. “Alongside the traditional airport security functions, we’re responsible for the monitoring of roads, retail space, three train stations, a bus terminal, offices, a church, fuel stores, a high voltage electrical network, and all the other associated infrastructure that maintains passenger flow.” Software and firmware updates Genetec Security Centre supports 90 other stakeholder groups working across 110 control rooms Genetec Security Centre now supports 90 different stakeholder groups working across 110 distinct control rooms, all of whom have different needs and access rights. Customised dashboards enable individual teams and third parties, such as police, government agencies, airlines, and retailers, to focus on their specific tasks. For example, some operational staff are given the tools to monitor passenger flow and are automatically notified when security lines grow too long. Meanwhile, colleagues in IT don’t see camera feeds. Instead, they have access to system health dashboards that notify them of devices that have fallen offline or require software/firmware updates. New requirements “The joy of working with London Heathrow is that the team is constantly striving to put our system through its paces and identify new areas where it can add value,” states Simon Barnes, Director of Business Development, Genetec, Inc. “While our software is configured to their requirements at the time, once in the field, new requirements emerge, and we have to adjust to their reality." “My job is to translate business requirements into workable solutions and Genetec provides me with the valuable tools to achieve that,” concludes Long. “Our experience with Genetec has been very positive. We’re only looking to expand in terms of the size and usage of the system.”
Cybersecurity threats targeting organisations' industrial control systems (ICS) are not always direct. Instead, the most vulnerable entries to an ICS can start with external partners, like suppliers and vendors. Honeywell's customer, a global pharmaceutical company, realised that potential vulnerabilities like these might be in its partner ecosystem. Therefore, the pharmaceutical company wanted to get ahead of a potential breach so they trusted Honeywell to do a thorough assessment of its suppliers’ operational technology (OT) cybersecurity gaps. Why did the customer choose Honeywell? First, Honeywell's OT cybersecurity experts took the time to understand the customer’s processes at more than 100 sites around the globe. Second, Honeywell experts used their knowledge and experience along with the customer process insight to conduct assessments that met their unique needs. Many of the competitors are simply IT vendors dabbling in the world of OT. Honeywell, however, has the knowledge and the experience to better meet the demands of OT. The pharmaceutical company chose Honeywell over the competitors based on the quality and wealth of OT knowledge the experts provided. Spreading security The Cybersecurity Vulnerability Assessment is part of a global two to three-phase project that covers over 100 sites This was not to be a small or limited undertaking. This Cybersecurity Vulnerability Assessment is part of a global two to three-phase project that covers more than 100 sites. The first assessment was completed for the company’s site in India with other sites being covered in later phases. Vulnerability assessment Honeywell’s OT cybersecurity experts conducted the vulnerability assessment to help capture the customer’s control system vulnerabilities and potential weak spots. The assessment performed was a holistic technical review of the ICS infrastructure. It focused on analysing their cybersecurity processes, procedures, and safeguards to better protect their industrial control systems(ICS) from internal and external threats. Because Honeywell focuses on OT as opposed to IT only, Honeywell experts are skilled in considering the entirety of an ecosystem. This means including people, processes, and any technical issues that can impact the ICS cybersecurity posture. Digging in to reduce risks The Honeywell team was able to holistically assess the customer’s ICS environment, documenting observations The Honeywell team has deep expertise across IEC 62443 standards and other industry-specific guidelines, as well as invaluable experience with control systems. Because of this expertise, the Honeywell team was able to holistically assess the customer’s ICS environment, documenting observations and recommendations to help reduce cybersecurity risks. Physical site review Honeywell team first conducted a physical site review to assess to uncover issues such as control room doors left unlocked, passwords in the line of sight, and other security compliance violations. The team also reviewed the customer’s network equipment from third parties such as switches, routers, and firewalls; reviewed the infrastructure configurations; and checked installation processes. Site-specific recommendations The report detailed best practices and site-specific recommendations to help the customer help mitigate and prioritise All the vulnerabilities, severity levels, and remediation details were included in the Cybersecurity Vulnerability Assessment report. The report also detailed best practices and site-specific recommendations to help the customer help mitigate and prioritise any identified threats or vulnerabilities and notes regarding how and where each step can serve as a foundation for the best practice architecture. Challenges and successes Honeywell experts remained diligent in exceeding the customer’s expectations despite the shutdown in India due to the pandemic and the unexpected need to assess and remediate assets. Honeywell also had one secret weapon: one of the OT cybersecurity experts had real-life experience in the pharmaceutical industry. This made it possible for the team to better tailor the assessment (and recommendations) to this particular customer.
A major European oil and gas company that acquires, explores, produces and supplies chemical and petroleum products had a cybersecurity challenge. Company leadership wanted a better way to quantify and respond to the industry’s increasing levels of cybersecurity risk. Pioneers were looking for a new way to better understand and improve their company’s OT cybersecurity. As part of this effort, pioneers wanted to compare the company’s current levels of protection against a series of hypothetical attacks to identify gaps. With operations in several locations and a supply chain network of over 1,000 gas stations, auditing and improving the company’s cybersecurity would be no small task. Set of analysis and recommendations The Honeywell csHAZOP solution is designed to deliver a comprehensive set of analysis To help overcome these challenges, the company called in Honeywell and, specifically, its csHAZOP services team to perform a detailed design evaluation based on OT cybersecurity risk. The Honeywell csHAZOP solution is designed to deliver a comprehensive set of analysis and recommendations–it goes beyond the standard cybersecurity vulnerability assessment or IEC 62443 compliance audit by adding deeper analysis that is designed to: Investigate a significant amount of what can go wrong, including approximately 500+ attack scenarios – evaluating these for multiple threat actors and different consequences, Address – via risk assessments – both the likely risk reduction through the regular IT type of countermeasures (AV, firewall, hardening, etc.) and the consequence severity reduction through the implementation of safeguards (e.g., hardwiring critical control signals), Estimate residual risk for each hazard, allowing identification and quantification, making mitigation actionable, Focus on process automation cybersecurity risk (csHAZOP stage 1) or production process cybersecurity risk (by adding csHAZOP stage 2 vs. cybersecurity production risk) to add a higher level of cybersecurity analysis from an OT perspective unique in the industry. Send in the csHAZOP experts Honeywell cyber experts also uncovered some high-risk design deficiencies The Honeywell OT cybersecurity experts worked with the Honeywell proprietary csHAZOP method to uncover several concrete recommendations for immediate remediation and technical design recommendations in the company’s ICS, to be considered in upcoming ICS migrations. Honeywell cyber experts also uncovered some high-risk design deficiencies. The Honeywell csHAZOP framework was used to identify levels of residual risk to determine which security hazard was more critical to address versus others. Honeywell provided targeted guidance on several aspects of the study, using experience from real-world cyber attacks in the industry. Honeywell’s csHAZOP service is one of the few cybersecurity assessments available on the market that is designed to apply counterfactual risk analysis. Honeywell’s csHAZOP report This evaluation now links OT cybersecurity to loss prevention and process safety Given a system’s protective measures, this method helps a company evaluate which cyber attacks (based on countermeasures, security protections and type of threat actor) may succeed. This evaluation directly links OT cybersecurity to loss prevention and process safety. Honeywell’s csHAZOP report for this oil and gas refinery was considered successful by the customer because of its well-defined procedure, the tools Honeywell has specifically designed for OT systems and the team’s experience and efforts in OT cybersecurity. Results of the csHAZOP assessment “The results of the csHAZOP assessment from Honeywell went beyond our expectations. We have received a detailed and analytical cybersecurity hazard and operability report concerning both identified risks and realistic recommendations for remediation." "Additionally, the report is a valuable tool for future upgrades of our systems as well as new projects and the development of an incident response plan. We intend to repeat this assessment periodically, as it is a valuable tool in our continuous efforts to improve security for our systems from the ever-evolving cybersecurity threats,” Major refinery in Europe.
Round table discussion
Transportation enables the movement of goods and people, facilitates trade and commerce, and is crucial for businesses to operate and expand. Security technology plays a major role both in protecting today's various transportation systems and increasingly to make them more efficient. We asked this week's Expert Panel Roundtable: What’s new in technology serving the transportation market?
Factors such as stable demand and large contracts make the government market particularly enticing for security companies and professionals. However, entering and thriving in the government market presents a number of challenges. We asked this week's Expert Panel Roundtable: What are the unique aspects of the government market, and how should the industry adapt?
Suddenly, artificial intelligence (AI) is everywhere. The smart technology brings a range of benefits to our lives, from streamlining everyday tasks to making scientific breakthroughs. The advantages of AI and machine learning (ML) also include automating repetitive tasks, analysing vast amounts of data, and minimising human error. But how do these benefits apply to the physical security industry, and is there a downside? We asked this week’s Expert Panel Roundtable: What are the benefits, and drawbacks, of using artificial intelligence (AI) in physical security?
Products
White papers
Honeywell GARD USB threat report 2024
DownloadTotal cost of ownership for video surveillance
Download5 surprising findings from OT vulnerability assessments
DownloadGuide for HAAS: New choice of SMB security system
DownloadIntegrating IT & physical security teams
DownloadHow to create a successful physical security roadmap
Download5 easy steps to an upgraded video surveillance system
DownloadUnderstanding the IT needs of video surveillance
DownloadEssential data security strategies for healthcare
DownloadWhy SAAS Security Platform is more popular in American SMEs
DownloadCamera cyber lockdown
DownloadVideo technology strategies for hospitals are moving beyond security
DownloadBeyond compliance: Cyber risk management after IMO
Download3 ways AI can improve safety and reduce compliance costs
DownloadThe wireless access control report 2023
Download