Subscribe to RSS - Cybersecurity

Cybersecurity

Eidola, created for integrators to ensure cybersecurity

 - 
Wednesday, March 30, 2016

YARMOUTH, Maine—Have you heard enough about cybersecurity dangers for physical security integrators and manufacturers?

Here’s a new, and perhaps more welcome, angle of the cybersecurity story.

At the Interoperarability Fest on Wednesday night, April 6 at ISC West, you'll be able to see "Eidola." Click here for time and location.

What's Eidola? It's a technical automation and security system lifecycle management platform that’s designed to help integrators and installers secure their installations from the testing and installation stage through the maintenance stage. And it’s also designed to be used to generate RMR for integrators.

Eidola is a new product from IDmachines that “manages the lifecycle of a security solution from a cybersecurity perspective,” Sal D’Agostino, founder and CEO of IDmachines told me. "Eidola checks the make, model, firmware versions and other detailed device information, as well as strength of the device’s connection (authentication) on the network."

D’Agostino is an entrepreneur who has “always been involved in automating things.” He is the former EVP of Core Street and CEO of Computer Recognition Systems, Inc.

D’Agostino said “the complexity of security systems is growing astronomically and there’s a huge skills gap in terms of networking and cybersecurity skills.”  Today’s security systems include “IP-connected devices of all shapes and sizes on the network … you’ve [also] got network gear and stuff on virtual machines,” he said.

D’Agostino has said before that security integrators should “be deploying security solutions not vulnerabilities.” Eidola helps ensure this, he said.

Eidola can be used to test the configuration of a system’s components, and it also provides “a real live sandbox that can emulate an enterprise network,” D’Agostino said.

After that’s done, Eidola can be used to document IP addresses/MAC addresses and ports, so the integrator can deliver “more than just as-built drawings,” D’Agostino said. The integrator can give an end user a document that outlines the “state of the network." The integrator “get a sign-off by the customer on the documented system delivered that can be used again during the operation and maintenance lifecycle.”

This documentation is useful for the end user and integrator and can help identify problems in the future.  

Because Eidola can be used to check on the health of a security system, it can also be used to capture RMR, he said.

Andrew Lanning, co-founder of integration firm IST, said Eidola will be a very important tool for IT-savvy integrators working in enterprise environments, but its greatest value may be for a security company installer who is not an IT expert.

Those installers are adept at using a multi-meter to test voltage levels. D'Agostino describes Eidola as a "multi-meter for the 21st century." Lanning agrees, saying at its most basic level, Eidola is “really a network multi-meter that can let the installer know that a network is sound,” he said.

The roll out of Eidola is underway. It will be “generally available in the next 30 to 60 days” to a select group of integrators. The roll out will include “training, technical training and business model training on how to sell the product,” D’Agostino said.

The integrator will get an Eidola kit and a licence to resell Eidola as a service. “There are a number of different ways in which the product can be monetized by the integrator,” D’Agostino said.  

The Eidola kit has five components: 1. a high-performance, rugged industrial computer with multiple network connections, serial ports and digital I/O that provides the sandbox for the integrator or user's test environment. "This computer can also be left behind in those cases where longer term or harsh environmental testing requirements exist," D'Agostino said. 2. a portable field device (the 21st century multimeter) that also has network, serial and digital I/O. but on a smaller scale. 3. a set of connectors and cabling for easy installation and testing. 4. a travel case 5.training and documentation
 
D'Agostino said that the first two items "have an ad hoc wireless network that can connect to any Wi-Fi supported device, typically a smartphone or tablet, which provides an easy-to-use, push-button interface for performing the diagnostic, configuration and viewing and sharing the reports."

A broader roll out of the product is planned for later this year.
 

Educating integrators about cybersecurity for work on college campuses and elsewhere

IST’s Andrew Lanning: ‘It's incumbent upon us to elevate our game’
 - 
03/17/2016

YARMOUTH, Maine—Andrew Lanning enjoys visiting college campuses and “the ubiquity of their Wi-Fi access.” But the reason he is on campus, usually, is that easy Wi-Fi access means easy prey for hackers and cyber threats.

Cybersecurity, the big theme of ISC West 2016?

 - 
Wednesday, March 16, 2016

When we did an educational session at TechSec 2014 about the possibility of security systems falling victim to an APT (advanced persistent threat), cybersecurity wasn't something we heard about every day at Security Systems News. Here's a link to a story about that educational session.

Times have changed. As we do advance ISC West show reporting this year, cybersecurity is cropping up over and over again.

A standard story we do each year is about the biggest booths at ISC West. Here's a link to the story, which is in our newswire today. Spencer spoke to three of the largest exhibitors for the story. Asked what they'll be talking about in Vegas, two of those exhibitors, Hikvision and Axis, are leading with their cybersecurity efforts. The third, Hanwha Techwin (formerly Samsung Techwin), is focused on its new name first, which makes sense. However, Hanwha's Tom Cook said cybersecurity was an important topic of discussion at the manufacturer's recent dealer meeting and said it's a topic the company will be talking more about.

We've continued to talk about cybersecurity at TechSec in 2015 and 2016.  This year we had Rodney Thayer at TechSec and at Cloud+ talking about cyber, both sessions were highly rated by attendees. Thayer is an excellent presenter—super knowledgeable and amusing too. He's leading an educational session at ISC West called "Cybersecurity: Three steps to counter external attacks on physical security systems" on Thursday, April 7,  from 3:30 - 4:15 in Casanova 603. My guess is that it will be a worthwhile session to attend.

Security Systems News has been on this story for more than two years, and we'll continue to keep you informed. If you hear of any particularly impressive or interesting cybersecurity efforts or stories, please let me know. I can be reached at [email protected]

Big ISC West exhibitors feature cybersecurity and name changes

Three big booth exhibitors talk with SSN about their presence at this year’s show
 - 
03/16/2016

LAS VEGAS—Some of the biggest exhibitors are approaching the show with new topics top of mind, for some it’s cybersecurity, for others it’s branding after a name change.

Business executives expect IT breaches

 - 
02/23/2016

LONDON—As we hear more and more about cybersecurity concerns among physical security integrators and manufacturers, business owners around the world are concerned about cybersecurity, according to an NTT Com Security report.

Genetec to release cyber hardening guide

Racz: Genetec sees need to ‘raise the bar’ for integrators on cybersecurity
 - 
02/08/2016

MONTREAL—In its latest cybersecurity initiative, Genetec, a provider of unified IP security solutions based here, is releasing a cybersecurity hardening guide for its integrator partners at the end of February.

From Microsoft to Google at Cloud+

 - 
Wednesday, December 9, 2015

At the very last session of the Cloud+ conference, Brivo's Jonathan Healey noted that the Cloud+ conference began with a speaker from Microsoft and ended with a speaker from Google. "Five years ago [the idea that you'd have that line-up at a physical security conference] would be preposterous, he said.

He's right, our industry has come a long way in five years. That was a recurring theme at the Cloud+ conference, but we've also got a long way to go.

Speaker after speaker talked about the opportunities—for integrator and end user alike—in cloud-based systems. There are two stories in our newswire today about the conference: one about the keynote speaker, Monica Hopelian of MIcrosoft and one about investment and "the new security dealer," a session presented by John Mack and moderated by yours truly.  Amy's blog this week gives an overview of the sessions.

Look for more stories over the next week.

One of the topics John Mack talked about was M&A activity and investor interest in cloud-based technology. I can tell you there was investor interest at the conference this week. Many attendees were asking me if I could get them audio from the sessions and Powerpoint slides. Two attendees pulled me aside halfway through day two and  said it would be really great if I could get them the slides "within the hour." I told them they would need to wait until I was done emceeing the event.

Clearly some valuable information at Cloud+

One of the most popular sessions at Cloud+ was about cybersecurity in the cloud, presented by Rodney Thayer. Before you get too excited about your "Cloud Bling," you (both the folks who are making the stuff and the folks who are integrating the stuff) better ensure you're following cyber-safe practices, he advised. Is the Internet of Things, really just  the "Internet of Trouble?" he asked. Well, it could be. He reiterated what keynote speaker Monica Hopelian and another speaker Diebold's Jeremy Brecher said: that the physical security group should not be the weakest link in the chain. Thayer talked through some scary potential scenarios, before offering a series of practical guidelines and resources for integrators and manufacturers.

Interested in this topic? (yes you should be) Thayer will be at TechSec 2016. Here's a link to the educational program.  talking about cybersecurity on an educational session led by Kratos' Chris Peckham. Also speaking on that educational session will be Joe Coe of Hikvision. Hikvision, one of the fastest growing security companies in the world, has also suffered a couple of major cyber breaches. Don't miss it!

The cyber elephant in the room

 - 
Wednesday, November 11, 2015

SAN ANTONIO—I've spent several days recently with two major camera companies, Hikvision and Axis Communications. The last week in October I was on a Hikvision trip to China where I met with executives from the company, toured the headquarters and one of their factories, and also went to China's version of ISC West. This week I'm in San Antonio at the Axis partner event.

There are more than 400 integrators and technology partners here this year. Yesterday's agenda included information on the company's technology road map, a panel discussion on school security, an IT director for Westgate Resorts, and a forensics expert talking about camera evidence and how integrators' careful design and installation of video surveillance can help in law enforcement, rescue efforts, and criminal prosecution. There were also break-out sessions and there's a full agenda for today as well.

I'll have more stories on both the Hikvision trip and the Axis event, but I took note that both companies made a point to talk about cybersecurity, both internal efforts to ensure that their products are safe and external efforts to educate their integrator partners on best practices.

This is good news. It's about time the physical security industry starts talking about the cyber elephant in the room.

When I was at Hikvision, the president of the company, Yangzhong Hu and Hikvision international marketing director, Keen Yao fielded questions about cyber breaches the company has suffered. They also talked about their efforts to correct problems and instill cybersecurity best practices internally.  Hu said the company has partnered with international cybersecurity companies and professional hackers to proactivley test products, protocols and processes associated with cybersecurity.

Hikvision has a Security Center section on its website, which includes information about any current problems with its products, a location to report security issues, advice and best practices for end users and integrators on cybersecurity. Hikvision has also spoken about cybersecurity at ISC West, PSA-TEC and it will speak at ISC East next week as well. The goal, according to Hikvision North Amercian marketing director Alex Asnovich, is to share cybersecurity knowledge and best practices with the entire industry.

Yesterday at the Axis event, Sal D'Agostino, CEO of IDmachines, who has been working with Axis on cybersecurity, and John Bartolac, who heads up cyber strategy for Axis in North America,  led a break-out session about cybersecurity and the threat landscape. They introduced Axis's new "hardening guide", a 25-page document of cybersecurity best practices and protocols. Bartolac said Axis has been working on the cybersecurity issue for six years (most notably with its government customers). It is now expanding its efforts to educate its integrators and other partners about cybersecurity.

I've heard lots of cybersecurity statistics, and they're always chilling, but D'Agostino showed a live map of cyberattacks yesterday. Check it out here.

D'Agostino said the guide includes many "easily actionable items" for systems integrators.

“We’re supposed to be installing a security solution, not introducing a vulnerability,” D’Agostino said. “We want to help our [end users] meet their corporate goals. … It’s not acceptable anymore to say, ‘I didn’t know [about potential cyberthreats],’” he added.

The threat continues to evolve, he said. Not only do integrators have to worry about safeguarding the video that comes out of the camera, they need to be concerned about cameras being “taken over and used as a weapon.”

D'Agostino pointed out that using cybersecurity best practices and helping end users understand protocol is a great way for systems integrators to  "have a conversation with the IT side of the shop."

“As cameras are used not just as a security device, but as a business-enablement tool, you’re going to find yourself in a situation where you’ll be talking to the chief marketing officer or the IT department itself,” D’Agostino said.

Integrators who have cybersecurity knowhow can help IT department understand the value of their video data to the corporation, he said.

Bartolac said that Axis has a roadmap of cybersecurity tools that it will be offering to integrators. The hardening guide is just the beginning, he said. Axis also has plans to share cybersecurity best practices with the industry at large.

At TechSec, we've been talking about cybersecurity for a few years. Here's a link to a story about a TechSec educational session led by Diebold's Jeremy Brecher that we did in 2014 about cyber attacks and the potential problems for physical security devices. We'll be talking about cybersecurity in the cloud at our Cloud+ conference Dec. 7-8. Rodney Thayer, who's an expert in designing network security systems and hacking, is doing a not-to-be-missed educational session at Cloud+. Check out the educational program here.

PSA Security is also taking the lead on educating the industry about cybersecurity. PSA has a wealth of information on its web site. Click here.

Where integrators can go for cybersecurity advice, expertise

 - 
Wednesday, September 9, 2015

Researching cybersecurity is eye-opening, PSA Security Network CEO Bill Bozeman told me during a recent call about PSA's cybersecurity program, which is moving into its second year.

Bozeman said that "when and if" a cybersecurity breach occurs in a physical security system, integrators will be "in the line of fire" in terms of liabillty.

With the objective of "educating our partners about cybersecurity so they can mitigate the risk," PSA has formed partnerships with cybersecurity service providers and manufacturers who have "proven expertise" in cyber security.

Among the partners is a law firm that specializes soley in cybersecurity law for physical security companies. In my opinion, that alone should make integrators think twice about ignoring cybersecurity education.

Bozeman emphasized that PSA is not in the business of certifying or testing any products or services. Rather, Bozeman has been working with a group of cybersecurity experts and some integrators to "vet" partners for integrators.

PSA is launching a webinar series to introduce cybersecurity partners to integrators and "set up potential parnterships." The series launches this month and will go through April.

PSA has also come up with a checklist of "Six things integrators can do now" to protect their businesses. Here's the list. More details are available here.

1. Conduct a cybersecurity assessment

2. Educate your team

3. Purchase cybersecurity insurance

4. Update your contracts

5. Choose cyber-hardened products

6. Educate your customers

 

ASIS: A show for integrators, too

End user networking, discussions on cybersecurity among offerings
 - 
08/12/2015

ANAHEIM, Calif.—Integrators need to attend ASIS to network with security practitioners and understand emerging issues such as cybersecurity, said Howard Belfor, president of Belfor & Associates and council VP of ASIS.

Pages