Tag Archives: Software

Security challenges in telecoms sector met head-on by access control systems

As Catherine Laug explains, the telecoms industry has grown at such a remarkable rate that it’s now a key part of our everyday lives. At present, the COVID-19 pandemic has created an unprecedented requirement for almost all industries to operate a ‘working from home’ policy and to provide the general public with an increased access to online services, in turn making the telecoms industry even more vital.

A major impact of this fundamental change is the presence of a growing number of telecoms facilities, which are proving to be the cornerstone of service delivery. Equipment is often located in isolated areas, so strict access control systems are needed to keep any vulnerability to an absolute minimum.

Telecoms companies cover vast expanses of land to keep the service up-and-running for their customers. This involves several tens of thousands of plants and facilities, from mobile phone towers through to street cabinets for the wired network. This underlines the value of a standardised access control strategy to simplify access to all sites.

Now, maintenance technicians no longer need to worry about accessing the numerous facilities during their daily inspection rounds. Once configured, single electronic key solutions guarantee access to the right place at the right time, allowing technicians to focus their attention on the task at hand.

Specific access processes

For their part, operators are assured that their field teams, often comprised of sub-contractors, can carry out all maintenance work during specified times in line with their specific access processes.

AccessControlTelecoms1

Most of the facilities requiring protection are outdoor sites particularly exposed to wind, sun, snow and sea spray. That being so, access control systems must be able to withstand corrosion caused by bad weather. End users can now specify a certified and conceptual solution to this challenge with cylinders that meet the requirements of the EN 1670 corrosion resistance standard with a, IP66-67-68-69 rating designed to guarantee maximum protection.

In point of fact, the latest generation electronic keys also use inductive technology for contactless information exchange between the key and cylinder. With this technology, the electronic key can transmit access rights to the cylinder even if the humidity at the site has corroded the surface of the lock. In other words, bad connections no longer prevent information from being transmitted between the key and lock.

At some telecommunications towers, access is restricted to those authorised to work at height. Software is now available that liaises with the operator’s information system, collecting select information from the various user profiles to limit access to authorised individuals. This allows operators to use the software to assign access rights for specific areas based on the technician’s profile and authorisation.

To improve on-site control activities, electronic keys work with specific apps and new technology (ie RFID and beacons, etc) to send technicians verification messages about their access rights or required safety instructions (such as wearing a helmet and abiding by the buddy system, etc).

Similarly, users can interact with the central system and submit on-site attendance reports and flag up anomalies errors, etc. These bespoke features are designed to meet ever-stricter security requirements in companies and, importantly, accommodate the latest Government guidelines.

Sub-contracting and shared access sites

Sub-contractors are an increasingly common fixture in both maintenance activities and emergency call-outs. Several officers may well require daily access to a number of scattered, remote facilities.

The access control system is further complicated by the fact that sites may be shared by different businesses. Water towers, for instance, are often used to support radio masts.

It’s now possible to deliver an effective response to multi-activity sites with just one electronic key being needed for countless locks. Officers no longer need to carry large bunches of keys between sites. Instead, they can access the right place at the right time with maximum security.

AccessControlTelecoms2

Communication infrastructures may be the prime target for large-scale attacks wherein those parties involved are looking to compromise the country’s economic potential. They may also attract various types of vandal, tempted by the challenge of scaling facilities or the apparent vulnerability of street cabinets.

Today’s access control solutions are invaluable when it comes to protecting facilities from harm. Electronic cylinders and padlocks have CEN 1303 certification with the highest level of resistance to drilling and, therefore, vandalism.

What’s more, a lost or stolen electronic key can be disabled on a swift footing to prevent any unwanted intrusions. In certain solutions, the built-in reporting feature in the system software aims to report any attempts to gain access outside specified time ranges or in out-of-bounds areas, thereby detecting any anomalies.

Catherine Laug is Group Head of Marketing at LOCKEN

Leave a comment

Filed under Security Matters

New wave of UK universities adopts SafeZone solution from CriticalArc

UK universities including the University of Greenwich, the University of South Wales, the University of East Anglia, the University of Manchester and the University of Central Lancashire are adopting CriticalArc’s SafeZone service for improved campus security.

With more than 25% of universities now using SafeZone across the UK, it has grown from being an innovative technology deployed by pioneering institutions to become a mainstream ‘must-have’ solution for the higher education sector.

SafeZone addresses key challenges for universities by enabling students and staff alike to quickly and easily reach their campus safety and security teams and by allowing first responders to respond to calls for assistance up to 50% faster.

It improves the safety, security and well-being of students and staff, both on campus and off, and raises security team preparedness for a full range of events they may face, including major incidents. SafeZone enhances student satisfaction as well as student well-being and is now helping universities to succeed globally as they work to attract and retain students with safer and more welcoming learning environments.

University Building

Through its advanced Command and Control software, SafeZone OmniGuard enhances team efficiency, with real-time situational awareness making it easier for command teams to see and co-ordinate resources to address incident ‘hotspots’. Safezone also supports heat mapping to enable patrol pattern optimisation and improves workplace Health and Safety, serving as a powerful lone worker solution.

Expanding the team

Announcing the latest wave of adoptions, CriticalArc confirms that it’s also expanding its team with the appointment of two new customer success managers. They will work closely with system users to spread Best Practice, provide support and help deliver maximum benefits from SafeZone.

Sean Edge takes on this important role for CriticalArc in the UK, while Karl Palma will be working with customers in Australia.

Darren Chalmers-Stevens, managing director for the EMEA and APAC regions at CriticalArc, stated: “With the number of SafeZone users now expanding rapidly, we’re investing not only in developing the technology and its capabilities, but also in delivering and sustaining high-level customer support for our growing network of users.”

In tandem with its success in the higher education sector, SafeZone is also being adopted increasingly in other key areas including implementations in the critical infrastructure, transport, utilities, Government and healthcare sectors, with rapidly developing markets in the US, Australia and, indeed, globally.

Leave a comment

Filed under Risk Xtra

Facit Data Systems launches new website to showcase video analytics portfolio

Since its inauguration five years ago, Facit Data Systems has grown to become one of the market’s foremost providers of video analytics and compliance software. Now, the company has launched an all-new website designed to showcase its solutions for end users.

A host of operators are maximising organisations’ CCTV investments by generating business intelligence to improve sales, staffing efficiency, customer experience, safety and compliance.

FacitDataSystemsWebsite
Facit Data Systems’ People Counter, Queue Manager and Heat Map solutions operate cost-effectively over installed CCTV cameras and are system agnostic. Identity Cloak auto redaction software launched in 2018 to help Facit Data Systems’ customers comply with strict General Data Protection Regulation guidelines for video data.

The new Facit Data Systems website reflects the business’ work with the UK’s largest brands in retail, banking, healthcare and public space, as well as its partnerships with some of the world’s most trusted specialists.

*Visit the new Facit Data Systems website

Leave a comment

Filed under Risk Xtra

HawkSight SRM unveils latest version of “game-changing” security risk management software

HawkSight SRM has launched HawkSight Software V2, the latest variant of the company’s ISO 31000-compliant, award-winning security risk management platform. HawkSight Software V2 is powered by Esri and its enhanced API and mapping interface is helping security teams rapidly review, assimilate and respond to the latest information and incident data impacting their portfolio.

Putting strategic, operational and tactical security risk assessment, mitigation and management at its clients’ fingertips is the company’s goal. The software is scaleable to suit even the biggest of global conglomerates and can include offices, project sites, fixed and mobile assets as well as business travellers in its project portfolio.

New for V2 are selectable mapping layers including street map, topographical and satellite overlays. Enriched incident analysis tools are also included with cluster, heat mapping and incident charting.

The latest version of the software reflects the growing demand for an enterprise security risk management approach which dovetails into enterprise-wide risk reporting and also supports organisation-wide collaboration.

HawkSightSRMSoftwareV2

API configurations are already agreed with a number of leading incident data and tracking feeds including Protection Group International and Vismo. All data and incident feeds are delivered to a single mapping overlay, in turn putting security professionals in the driving seat of analysis for critical assets.

Locations and Points of Interest can be mapped and incident analysis carried out based on timeframe, incident type and incident source. The end result is instant visualisation of critical information (including live tracking if required).

HawkSight SRM’s powerful reporting tools allow the creation of bespoke reports and risk modelling which together adds up to a system which can deliver business-critical information at every level of an organisation.

Paul Mercer, managing director of HawkSight SRM, commented: “We’ve listened to our clients and HawkSight Software V2 is set to deliver the enterprise-wide collaborative tools they tell us they need. Critically, it allows them to quantify risk and financial exposure to the business and apply mitigation measures which reflect risk appetite and ensure best deployment of budgets. HawkSight Software V2 is also delivering the kind of information overview that security risk professionals and business leaders need to make informed and timely decisions. Further improvements to customisation and the embedded e-learning tools mean that developing and adopting Best Practice can be achieved from one subscription.”

Mercer concluded: “We’re excited to be talking to businesses across a host of sectors as diverse as hospitality, professional services, healthcare, oil and gas, manufacturing and logistics about how we can revolutionise their approach to security risk management.”

Leave a comment

Filed under Risk Xtra

Global Security Exchange accepting applications for 2018 Innovative Product Awards

ASIS International is now inviting exhibiting companies to enter the 2018 Innovative Product Awards: a competition designed to recognise “the most groundbreaking offerings” on the Global Security Exchange (GSX) expo floor. Winners will be announced and recognised at the 2018 GSX, which takes place from 23-27 September at the Las Vegas Convention Centre and is expected to attract more than 20,000 security professionals from over 100 countries.

“While there are many awards programmes out there, the Innovative Product Awards stand apart because the judges are security practitioners,” said Howard Belfor CPP, co-chair of the awards programme and a member of the ASIS Board of Directors. “They are the individuals who use these products every day. They bring tremendous expertise to the judging process. For attendees, this means that award winners offer peer-distinguished products that address industry trends and are well worth exploring on the GSX expo floor.”

ASISGSX2018

Formerly the ASIS Accolade Competition, the revamped Innovative Product Awards will spotlight the leading products (encompassing hardware, software, testing materials, practices and thought leadership) designed to tackle current and emerging global security risks and threats. A team of judges representing security practitioners, thought leaders and industry experts will select up to ten winners based on their level of innovation, unique attributes and specific benefits offered to the security industry. In addition, one product will be named ‘The Judges’ Choice’.

The Innovative Product Awards provide an opportunity for companies to demonstrate new products and services at the show and across the security marketplace.

The deadline for submissions is Friday 3 August. Winners will be honoured at the GSX and given time to showcase how their product addresses market needs on the new X Stage. This is a learning theatre located on the GSX expo floor where esteemed industry experts will present future-forward sessions on topics such as Artificial Intelligence, robotics and drones.

*For complete entry details visit the Innovative Product Awards web page at https://www.gsx.org/highlights-events/awards/ or e-mail exhibits@asisonline.org

Leave a comment

Filed under Risk Xtra, Uncategorized

Biometric credentials added to Inner Range’s access control solutions

Inner Range’s access control customers can now benefit from biometric credentials thanks to a new partnership initiated with biometric technology company Zwipe. The new service, which uses clients’ existing card readers, is one of several intelligent integrations that Inner Range will be demonstrating at a free Integration Showcase on April 24 at its European headquarters near Reading.

Other integrators at the event include Morse Watchmans, which combines key locker control and asset management systems with Inner Range’s security solutions, as well as Stentofon (which offers intelligent intercom solutions via Inner Range software).

Tim Northwood, general manager of Inner Range Europe, said: “Integration is at the heart of what we do. Our products allow clients to control access to all manner of places, spaces, systems and products at the local, national and even global levels. Our new partnership with Zwipe is the latest in a long and ever-increasing line of integrations designed to help our customers better control their buildings and systems and streamline their processes. We very much hope that our Integration Showcase will highlight the options and sophistication available with our products and afford potential new clients the opportunity to see them in action.”

InnerRangeZwipePartnership

The new partnership with Zwipe means that Inner Range’s clients can add fingerprint data to credentials and, crucially, continue to use their existing card readers. They don’t need to buy costly new readers. The system can employ Inner Range’s encrypted Sifer readers and only stores the biometric data on the card rather than in a central database.

Morse Watchmans will be demonstrating how its key control system can integrate with Inner Range products to strengthen security, ensure personnel safety and restrict movement if necessary, as well as improve reporting compliance and reducing damage and resulting lost productivity.

Stentofon will showcase how its intercom solutions integrate with Inner Range products to enable clients ‘to hear, be heard and understood, every time’ by providing interactive graphical representations, status and controls across multiple sites.

 

Leave a comment

Filed under Risk UK News

ISM introduces Enterprise version of proven integrated security management system

Intergrated Security Manufacturing (ISM), a leader in the design, development and manufacture of ISMS technology, has just launched an Enterprise version of the company’s proven Genesys integrated security management system (ISMS).

Already deployed within the Critical National Infrastructure sector, the new ISMS offers end users “unparalleled scale, redundancy and ease of use”.

As an enhancement of the existing Genesys2, the Enterprise version has been developed with the largest organisations in mind. Genesys is fully-scalable to manage and control multiple sites from a single Control Room (or even a single workstation) across a country, or even across continents. It features the most advanced levels of encryption to ensure network security, and is accredited to the highest standards of Government national infrastructure security.

Stephen Smith, managing director of ISM, believes that the extension of the Genesys range gives customers greater choice. “There have been a number of articles in the security press talking about PSIM companies starting to develop systems that go beyond the current solutions and moving to a federated architecture. With Genesys, we’re already there. Genesys Enterprise resolves those issues associated with the increasing geographical scope of clients, corporations, Governments and institutions, while also adhering to a multi-tiered hierarchy or ‘federated’ system here total control is centralised, but allows individual sites to maintain local control.”

ISMGenesysEnterprise

Smith added: “This new addition is ideally suited to those large organisations with multiple sites across multiple regions who might also want to ‘flex’ to accommodate further sites and geographies as their needs evolve. As this comes from the Genesys stable, existing users only have to upgrade from their existing version to Enterprise without the expense of a complete technology refresh.”

Multiple systems, multiple manufacturers

Crucially, the new development allows the integration of multiple systems from multiple manufacturers – all from one holistic integrated security system. Every electronic security or fire safety device from CCTV and intruder alarms through to electronic locking and Public Address can be monitored and controlled from a single platform, regardless of who made them.

Most importantly, this solution includes the existing Migrating 3+ technology, a patented automatic fail-over technology that adds higher levels of automatic configurable redundancy and power. Control is effectively distributed across multiple workstations.

“We take power to your PC and multiple it by the number of PCs on your network,” added Smith. “What this means is that, if one PC fails, control is migrated to another PC on a seamless basis with no interruption or downtime. Our system isn’t restricted in its performance by the size or capability of a server, and nor does it require the expense of moving to server farms or using clustering software. It means we deliver the most extreme redundancy characteristics for the threats you’ve thought of, not to mention those that you haven’t.”

Continuing this theme, Smith observed: “The Enterprise development within the existing Genesys isn’t a development waiting for a trial site, but rather it has already been installed within a high-security Critical National Infrastructure project. It is tested and proven at the highest level and under the most demanding of conditions and has been very successful.”

‘True’ ISMS

Genesys is a ‘true’ ISMS built around intuitive software that combines a range of industry-leading features and benefits including an enhanced graphical user experience, 3D modelling and a comprehensive event management database. Events and alarms are presented to the operator clearly as and when they happen.

“Operators can be quickly trained to gain maximum advantage,” highlighted Smith. “The system also enables end users to make better use of their staff and resources since they don’t have to have all of their Control Rooms working on a 24-hour basis. Genesys is a truly unique solution offering advanced system architecture, unparalleled ease of use for the operators and the very low lifecycle costs.”

The ISMS software operates as a standalone platform over LAN or WAN networks for remote and local sites with workstations that can be transferred to any operating Security Control Room on the network. This offers the end user flexibility when closing down sites or buildings for off-peak or out of normal working hours or in the unlikely event of any system failures.

Leave a comment

Filed under Risk UK News

Traka UK launches V Touch solution for limited space key management

Traka UK has launched a new intelligent key cabinet specifically designed to offer controlled access management for critical keys at locations where space is limited and only a few credentials need to be managed.

The company has unveiled its new V Touch as a secure unit with a seven-inch touch display to accommodate up to five sets of keys.

Powered by Traka’s exclusive electronics system, the V Touch presents full audit control capability such that administrators know exactly what keys have been taken, and by whom, together with the ability to instantly access usage reports.

TrakaVTouch

Traka’s V Touch is recommended as part of a networked solution using Traka’s specialist Traka Web software to enable central control of critical keys.

Steve Bumphrey, UK sales director at Traka, stated: “We’ve created the V Touch as an intelligent key management system to help ensure keys and credentials can be securely managed, even where space is at an absolute premium. This could include on board ships or for remote locations requiring maintenance. We hope the launch of the V Touch, which comes equipped with all the traditional management benefits you would expect from a Traka Touch system, demonstrates our commitment to listening and continually evolving our product range to meet both new and existing customer requirements.”

With further features including a solid locking door, built-in power supply and full battery back-up in the event of a power failure, Traka’s V Touch is available with card reader or biometric access options to enable customer preference and accommodation of individual site requirements.

Traka provides intelligent key and equipment management control to better protect essential assets resulting in improved efficiency, reduced downtime, less damage, fewer losses, lower operating costs and significantly less administration, allied with transparency and greater accountability and responsibility.

Leave a comment

Filed under Uncategorized

Cyber criminals “exploiting human weaknesses” to make their gains

Cyber attackers are relying more than ever on exploiting people instead of software flaws to install malware, steal credentials or confidential information and transfer funds. A study by Proofpoint found that more than 90% of malicious e-mail messages featuring nefarious URLs led users to credential phishing pages, while almost all (99%) email-based financial fraud attacks relied on human clicks rather than automated exploits to install malware.

The Human Factor Report found that business e-mail compromise (BEC) attack message volumes rose from 1% in 2015 to 42% by the end of 2016 relative to e-mails bearing banking Trojans. BEC attacks, which have cost organisations more than $5 billion worldwide, use malware-free messages to trick recipients into sending confidential information or funds to cyber criminals.

BEC is now the fastest-growing category of email-based attacks.

Clicking

“Accelerating a shift that began in 2015, cyber criminals are aggressively using attacks that depend on clicks by humans rather than vulnerable software exploits, tricking victims into carrying out the attack themselves,” said Kevin Epstein, vice-president of Proofpoint’s Threat Operations Centre.

“It’s critical for organisations to deploy advanced protection that stops attackers before they have a chance to reach potential victims. The earlier in the attack chain you can detect malicious content, the easier it is to block, contain and resolve.”

Nearly 90% of clicks on malicious URLs occur within the first 24 hours of delivery, with 25% of those clicks occurring in just ten minutes and nearly 50% within an hour. The median time-to-click (the time between arrival and click) is shortest during business hours from 8.00 am to 3.00 pm EDT in the US and Canada, a pattern that generally holds for the UK and Europe as well.

Watch your inbox closely on Thursdays. Malicious e-mail attachment message volume spikes more than 38% on Thursdays over the average weekday volume. Ransomware attackers in particular favour sending malicious messages from Tuesday through until Thursday. On the other hand, Wednesday is the peak day for banking Trojans. Point-of-Sale campaigns are sent almost exclusively on Thursday and Friday, while keyloggers and backdoors favour Mondays.

Attackers understand e-mail habits and send most e-mail messages in the four-to-five hours after the start of the business day, peaking around lunchtime. Users in the US, Canada and Australia tend to do most of their clicking during this time period, while French clicking peaks around 1.00 pm.

Swiss and German users don’t wait for lunch to click. Their clicks peak in the first hours of the working day.

UK workers pace their clicking evenly over the course of the day, with a clear drop in activity after 2.00 pm.

Leave a comment

Filed under Risk UK News

“It’s time to bury hardware-based security solutions” argues VoipSec’s CEO

Paul German, CEO at VoipSec, believes now is the time for organisations to “bury” dedicated hardware-based security solutions.

“Recent years have seen a fundamental transformation in IT strategy, with networks being more agile and swiftly deployed and applications now deliverable quickly, in any location and scaled to meet an organisation’s requirements,” said German. “From virtualised hardware to network function virtualisation and software defined networking, the hardware and network infrastructure has become decoupled from the application and the application itself is increasingly located anywhere across the cloud.”

According to German, this decoupled approach itself demands a different approach to security. It can no longer be defined by network controls because those networks are virtual, disparate and remote. “When organisations access applications via an Internet address,” commented German, “the physical location is increasingly unknown. Security, therefore, needs to be elastic and flexible.”

German explained that the hardware-based, dedicated Session Border Controller (SBC) doesn’t fit into this model. As an approach to securing the VoIP network, German feels it’s “fundamentally flawed” on many levels.

PaulGerman

Paul German

“It constrains an organisation’s virtualisation strategy. How can a company quickly spin up new cloud-based voice applications, for example? As organisations look to gain the cost, agility and scalability offered by hardware and network virtualisation, the hardware SBC is clearly a problem.”

German added: “Perhaps the most concerning issue is that this approach is flawed from a pure security perspective. Hardware SBCs are considered both one off investments and one off deployments. As every security Best Practice model will attest, with a constantly changing threat landscape any failure to undertake routine updates will leave the organisation vulnerable.”

To be effective, as far as German’s concerned, security solutions must reflect the emerging risk and the current deployment trend.

“A software only model that’s continually updated to mitigate the evolving threat landscape is essential. Software-based SBCs, either on premise or in the cloud, also explore community-led intelligence about threats and risk experiences to rapidly disseminate new threat information and Best Practice. This combination of routine product updates with shared intelligence ensures an attack on a single organisation can be quickly transformed into a patch or update that protects every business from the new risk.”

Despite the widespread adoption of VoIP, the majority of SBC vendors are simply failing to respond and still advise an implement once model. “They fail to update customers on the evolving threat landscape and they cannot support the agile, decoupled infrastructures now required. It begs the question: ‘Just what is the value of the hardware-based SBC?'”

Leave a comment

Filed under Risk UK News