Breaking News:
Cyber Monday is here, YouTube CEO defends recommendation system
Please see our news archive for more breaking news about security solutions, homeland security, and security stocks... click here. |
In The Boardroom With...
The announcement of our Digital Identity Platform at RSA, triggered immediate market traction. We now have all the products integrated together which allows a customer to create a digital identity - fully-vetted against a government issued document, which can then be used for reliable biometric authentication, and managed through its life cycle - all from one vendor, ImageWare Systems. We are the only company that offers true ANONYMOUS BIOMETRIC SECURITY. We do this by employing a technique we developed and patented to separate biometric matching from personal information so that in the remote event of any security issue, an intruder would only have access to useless biometric templates without knowing who they belong to. Our dedicated R&D facility continuously drives innovation. With our portfolio of patents (22 issued with 25 pending) for cloud-based anonymous storage, transmission, and matching of multimodal biometrics, only ImageWare can provide the ultimate level of authentication assurance and security. This makes for a huge competitive difference. From global partners, Fujitsu and ForgeRock, to our new deals announced with global telecom and commerce companies, ImageWare is positioned for the growth in biometric authentication. For more information about the following ImageWare Partners, click https://www.iwsinc.com/PARTNERS/ ![]() G4S has a long legacy in the security industry that actually stretches back more than 100 years. During that time, the company has evolved with the industry, growing from a guarding company to the diversified and modern operation that it is today. We are security risk advisors, security software developers, installers and technicians, security officers and personnel who serve clients with deep expertise across most vertical markets. The goal and mission of the ROC is to deliver cost-effective, risk mitigation solutions to our clients. What we've done with the ROC is combine our suite of Corporate Risk Services intelligence/travel risk management offerings, security command and control function with our formerly separate remote video monitoring services into a single location. This streamlines our operations and creates more value for our clients. It also puts us into a leading position in the industry because we have paired elite analysts with the latest AI-driven algorithms and technologies. The result is the early detection and timely response to a wide spectrum of threats the two hallmarks of competent risk management. Today's threat landscape is persistent, complex and I would add that it is constantly evolving. We live in an age where we are flooded with information and clarity means power. Getting our customers what they need to know and when is a critical component of the modern global risk management landscape. That's where our AI platform comes into play by allowing us to separate the noise from the clear indications of risk, to get pertinent information and place it into context quickly so the best possible response can be initiated. The benefits of Remote Guarding are numerous. With Elite, our clients build strong relationships with local law enforcement and receive priority response since dispatch knows that they are responding to an actual crime in progress and that officers will be guided remotely as they enter the scene and ultimately apprehend the suspect. Our clients also realize cost savings and who doesn't appreciate that? Savings through reduction or elimination of Security Guards cost, Loss and Theft Prevention, Elimination of false alarm expenses, and insurance premium reductions. Incident and accident claims from customers or employees can be extremely expensive for any business. Insurance companies will often opt to pay a large settlement simply because there is no hard evidence defending your position. Workers Compensation expenses continue to grow. Elite captures, stores and retrieves video in an organized, very user friendly and easily searchable manner. Employee accidents, customer incidents and other occurrences can be found, retrieved and archived for later use, including critical evidence for use in court or otherwise. Elite Remote Guarding Solutions can increase employee productivity, helping you utilize virtual management tours, remotely access any site and conduct your own inspections. Staff perform better when they are monitored, and recorded video can be used to verify compliance with policies, procedures, dress codes, training, and other business process adherence concerns. It will also help ensure your customers are serviced professionally, courteously and in a timely manner. Digital transformation - the movement of critical computing from the data-center to the cloud - is driving rapid changes in business models and network architectures. It also drives changes in how cybercriminals operate, making it easier for them
to harvest data and launch automated attacks at scale. The mismatch between changes in cybercrime sophistication and the relative stagnation in cybersecurity approaches is apparent as organizations continue to suffer data breaches. According to a
survey presented in AT&T Cybersecurity Insights, 88% of respondents had reported at least one type of security incident or breach in the last year. The root cause? Dispersed networks, an explosion of data, disparate technologies, complex security operations present cybercriminals with gaps or “seams” in organizations’ security postures. Fighting cybercrime requires a coordinated
and collaborative approach orchestrating best-of-breed people, process and technology. AT&T started down this path years ago by building a best-of-breed Cybersecurity Consulting practice and Managed Security Services business serving customers of all sizes, across industries, and around the world. Combined with its network visibility
across the threat landscape, AT&T has been well-positioned to take a unique role in cybersecurity. With the acquisition of AlienVault, AT&T Cybersecurity will continue to deliver on our joint vision to address these “seams” and uniquely bring together people, process, and technology through a “software defined” unified security
management platform. A platform that integrates, automates and orchestrates a wide spectrum of best-of-breed point security products. By abstracting much of the management of individual security products, we are automating deployment and ongoing operations, and operating them as a single unified solution - much in the same way AlienVault had done with the critical capabilities required
for threat detection and response. This platform will use the technical capabilities and reach of AT&T’s Edge-to-Edge intelligence in order to deliver solutions as on-demand digital services optimized to help protect customers through
their own digital transformation journey. We will accomplish this through collaboration with AT&T’s industry-leading Chief Security Organization, our impressive list of industry partners and through the integration and automation of AT&T Alien Labs threat intelligence. The
combination of Open Threat Exchange now curated by Alien Labs and AT&T’s incredible breadth and depth of threat intelligence will create one of the world’s leading threat intelligence platforms!
The ImageWare Digital Identity Platform combines the most robust identity proofing capabilities with the broadest and most complete set of multi-factor and biometric authentication methods. We have always had a robust platform and a robust set of products for two-factor and multi-factor identity authentication as well as full identification capabilities. But now, with complete integration of all these products, all factors of identity proofing and authentication are combined into a cohesive product set. This allows our customers to create and manage digital and biometric identities using fully vetted government issued documents, reliable biometric authentication, and a fully managed digital identity life cycle.
About three years ago, G4S in the Americas started focusing on how we can bring the most value to our customers by ensuring we look at their needs from a perspective of holistically managing their security risks, not merely "selling a product." From that initial focus, we have built out our G4 operational management approaches across the business units, as well as our G4S Integrated Practices. That approach ensures we truly understand our customer's organization - the resources they need to protect, the risks those resources are exposed to, and the level of risk the organization is willing to tolerate - before we attempt to suggest any security services or products. It's an approach that makes both security sense and business sense, because we recognize that our security partners in every organization we work with need to work within the structure of their business. We use our approach to support our customer's overall business needs, by using security tactics to enable the ongoing capacity of the business to complete its primary mission.
Experience continually reinforces the reality that the human element is the weakest link in cybersecurity. This means the most important proactive strategy of all is to train everybody in a corporation - and I mean everybody - in good cybersecurity practices, along with their contractors and vendors. All employees should not only understand what is expected of them regarding company security policy and good online behavior, but also be trained to spot nefarious or suspicious activity and to conduct periodic tests to ensure best practices are followed.
Implementing a successful ID card program can be overwhelming and there is usually a lot more involved than just buying a card printer. Customers choose Idesco because they can come to us with any ID project and we can spec it in record time and provide them with all the products and services that they need. From ID card printers, printer supplies and badge accessories to any type of technology cards, we got it all. We also have a team of technicians who provide unparalleled support for everything that we sell. Our expertise allows us to assist each customer with their unique needs and we are here to help at all times. For example, we work with many schools, colleges and universities that rely on us to provide them with the best card printers and technology cards to issue student IDs, staff IDs and visitor badges on demand in the most effective and secure way. We also work with healthcare facilities that need to have their ID card system running at all times and rely on us to answer any questions or fix any issues that they may have in a timely manner. Government agencies need the most secure and durable ID card solutions and trust us to deliver them and keep them up-to-date on the latest technology. We always want to bring true value to our clients and that's what we focus on.
One should think about security under the following framework: Continuous authentication: 100% of fraud occurs inside authenticated sessions. This means that the login function is not really relevant anymore because fraudsters have found ways to bypass it, whether it is password, token or even a physical biometrics. - Dynamic authentication: Most methods of authentication are static. Behavior by definition changes over time so one needs to deploy techniques that cannot be copied, stolen or otherwise used in a replay attack. - Go beyond the endpoint. Applications and active sessions are incredibly vulnerable as fraudsters use social engineering scams and even phishing scams (where the legitimate person defrauds themselves under the influence of a fraudster). - Recognize that humans are the weakest link and design systems accordingly. Thirty percent of participants will still open malicious emails within 30 minutes of phishing training. It only takes one person (the weakest link) to bring down an entire enterprise.
For the past few years, AMAG Technology has been transforming into a total unified solution provider that provides open solutions. Our history shows we've been known as primarily an access control company with a proprietary system, and our older panels support that statement. But that is no longer correct. About three years ago, we released Symmetry CONNECT. Symmetry CONNECT is a policy-based identity management platform that helps organizations of all sizes to manage the identities of their employees, visitors and contractors and requests, recertification, audits and compliance. This was a turning point product for us, and one that set us on a new course. Today, other access control companies refuse to provide their API to Symmetry CONNECT to interoperate. However, PLAI will allow CONNECT to inter-operate to those companies who want to be open. This affordable, open platform operates in the cloud and helps companies with onboarding, offboarding, access Our next release was Symmetry GUEST, our web-based visitor management system, which automates how organizations manage visitors. This open platform provides an audit trail to track all visitors, meet compliance and improve a visitor's overall experience. The GUEST API is available to any company that would like their solution to inter-operate. Our brand new Symmetry M4000 panel uses an onboard Linux operating system with an open API. Linux is an open-source software operating system. Any company is able to integrate their access control software solution to the M4000. Our Symmetry CompleteView Video Management System has always been open. It operates with countless camera manufacturers and access control systems, including AMAG's Symmetry Access Control system.
I can't stress enough the importance of securing your data in the Cloud. In DoD and the Federal Government, cloud solutions must comply with minimum cybersecurity standards that are described in NIST Guidelines. The advantage and disadvantage of this guidance is its flexibility. The guidance lists goals, however demonstrably achieving those goals is up to the individual system owner. This gets even more complicated with the type of data stored. For instance, health institutions have HIPAA; there is a multitude of rules for protecting personally identifiable information(PII)and, of course, different levels of data classification. If leveraged properly Commercial Cloud solutions can flexibly and cost-effectively enhance the security posture of the organization by taking advantage of technologies that would be excessively prohibitive to deploy for any but the largest groups, taking advantage of Commercial Cloud provides additional means to protect data, enhance your access control, accountability, identification and authentication, system and communications and more. The problem with the flexibility is that there are many ways to solve for security controls and matching the solution to the organization's mission is CloudShyft's primary focus.
Xiid.IM Identity Access Management is based on Xiid's unique and patent-pending SealedChannel, which greatly minimizes the attack surface in comparison to any other identity management solution available today. Unlike all competitors, our technology cannot be broken into, simply because there is no way for attackers outside your network to reach the authentication agent, nor any way to even try to directly attack your Active Directory / LDAP servers. In SealedChannel's reverse approach, the authentication agent is the active component that connects outbound, creates a twice-encrypted and twice-signed channel, and retains full authority over which authentication requests are pulled in and handled. We also developed an identity masking feature which allows you to log into your web app with an anonymous name utilizing your real identity against your on-premise directory without compromising that directory. If a SaaS or cloud service provider really wants to protect the clients identitiy, they will use our One-time-ID solution (OTID). OTID sends only a one-time-code which replaces both the User ID and the Password thus giving the ultimate identity protection.
The very nature of the document imaging business these days, is almost always hybrid environments. Simply because there is a physical document scanner, which is on-premise, connected to a chosen cloud service. And since scanning documents often involves confidential company data or even regulated data, P3iD chose to partner with a company that offered the highest levels of security for hybrid environments, and Xiid fit this requirement perfectly. The first integrated solution we have developed with Xiid is P3iD DoxaScan using the Xiid Identity Management (Xiid.IM) technology which our customers absolutely love. P3iD feels this is merely the starting point in working with Xiid to take many of our proven traditional imaging technologies and deliver them as secure cloud services with the realization of perfect forward secrecy networks. We are engaged in many areas where Xiid's current, as well as future technologies, can be of high interest including encryption, blockchain, secure API and, of course, secure-channel communication protocols. It's imperative to have a go-to partner such as Xiid that is so knowledgeable in so many areas regarding cybersecurity.
Our transponders are powering the IoT. We're dominating the NFC and mobility space, access and transport, events and leisure, library applications, gaming and vending, loyalty and payments, strong authentication, and health and pharma. Specializing in custom design, our tag portfolio covers anything and everything our customers can dream up. That includes HF and UHF inlays, standard and Tag on Metal labels, tickets for transportation, ski lifts, events, and more, tokens for transit and asset tracking, and library labels for books, CDs, DVDs, and tablets. We build miniaturized labels for cosmetics and pharmaceuticals, giant NFC transponders, NFC stickers for mobile devices, and our uTrust Sense Temperature Tracker tracks the temperature of practically anything.
We are close to completing the transition from being a product-led business to a solutions-led business. The breadth and sophistication of the product set we have is becoming difficult for the traditional integrator to communicate to their user base. Increasingly, the product manufacturer needs to be involved in selling the solution to ensure the requirements are met and the value proposition is fully explained. We are finding complementary markets for our products where integration opportunities are helping companies with different aspects of their businesses. For example, intrusion integration, fire integration, BMS, space management and heat and light are all part of security. Our Symmetry products can integrate with these solutions and help users meet compliance, mitigate risk and save money. Our long-term strategy remains the same: to be a long-term valued partner and provide continuous value to our customers.
There is no silver bullet. A committed attacker will always find a way. Your best defense is a balance of both protection and detection. When bad things do inevitably happen, your detection capabilities will enable you to find the threat quickly and mitigate the damage. Our focus in Cisco Security is to automate as much of this process are possible for organizations so that once a new threat is identified, it is automatically blocked across not only the enterprise, but also the entire Cisco user-base. In doing so, we multiply the collective wisdom of our customers, partners, and our deep bench of talented threat researchers.
SecuritySolutionsWatch.com: Thank you for joining us today, Steve. One will read at Identiv.com, that “ Identiv’s mission is to secure access to the connected physical world: from perimeter to desktop access, and from the world of physical things to the Internet of Everything.“ Seems to us that significant traction has been achieved with one (1) billion transponders deployed, 5,000 customers, $500 million of equipment in the field, 400 hundred partners. Impressive metrics, indeed! Care to elaborate? Steve Humphreys: Absolutely… and thanks so much for inviting me to tell Identiv’s story. I think we’re all familiar with the convenience of the digital world — the world where Netflix knows what you want to watch next and Amazon knows what you're going to buy next. Identiv’s vision is to bring the benefits of the digital world to the physical world. We have a variety of products and go-to-market strategies that are putting us in a leading position to deliver those benefits. We see a major market opportunity as the physical world goes online, and we want to be the leading platform to get there. That's a big statement to make for a small company, but as you pointed out with those metrics, we’re in a great position to do just that.
Our co-creation approach is strategic and ensures we develop the right partnerships and expertise that will enable us to deliver transformational outcomes. We select our partners carefully using this methodology. Organizations are adopting various types of authentication to achieve the right mix of security, privacy and a differentiated user experience. Our partnership with ImageWare allows us to expand our Identity and Access Management offerings to provide our customers with more multi-factor authentication technologies. Jim Miller, Chairman and CEO of ImageWare Systems, said, "Biometrics are not only the most secure form of authentication, but are also the easiest to use - as each user is his or her own password. By taking advantage of our powerful biometrics solutions delivered via Fujitsu's cloud-based security as a service, many more businesses can easily enhance their security. This agreement further extends our marketing and sales activities with Fujitsu to new regions en route to a truly global offering. Fujitsu's global capability extends the reach of ImageWare's patented, multimodal biometric technology as a core element of Fujitsu's cyber security portfolio across the globe."
The Munich Airport system is a paradigm among airport security systems. It was designed around a single centralized and virtual data archiving system, accessible to anyone with permission anywhere on the airport network, and uses behavioral analytics to trigger alarm, camera management (zoom into the picture, follow a suspect, increase image resolution etc.) thereby reducing the number and scope of ‘People-Watching-Cameras’ and providing a massive saving for the airport operators. The system installed was placed by a Dell EMC partner in a public competitive RFP, so value as well as functional excellence was a determinant of the solution choice. We are given permission to reference this system and use it for show-&-tell visits and in our sales meetings with new and existing Customers. The airport has since expanded the system beyond the original scope and size of the original purchased hardware, emphasizing their commitment to our solution and their happiness with it.
Existing cybersecurity architectures are failing due to two macro trend cloud computing and mobility. The endpoint is inadequately secured and the adversary often has a footprint within one’s perimeter defenses. We must pursue a strategy of intrusion suppression wherein we can decrease dwell time and this detect, deceive, divert and hunt and adversary unbeknownst to the adversary. To achieve this an organization must: employ application whitelisting, employ an endpoint protection platform, establish a Hunt Team and roll out deception grids. Employ Deceptiongrids.
The access control and intrusion market is still a fragmented landscape, so yes, I think consolidation will continue to make its impact on the industry. Mobile credentialing seems to be a hot topic for the industry, along with the continued focus on cloud-based technologies. The demand for these solutions comes from customers wanting new levels of security and convenience while protecting critical data. With regards to mobile credentials, however, there's still a lot that needs to be done to develop this technology further, and as a result, many companies are choosing to implement hybrid solutions that offer mobile as an option. Another trend we will continue to see is a greater focus on integrated solutions; more video tied into access control, for example. We'll also see the increased use and installation of wireless locks to more doors as a means to reduce cost.
Be it a government official’s laptop, a family smartphone or a business tablet, technology today is far too vulnerable to criminal attacks. Our personal privacy, businesses’ proprietary information and even data pertinent to our national security are at stake. The key is for everyone to remember to safely recycle all old and unwanted items at the end of their lifecycles with a trusted recycling company. This final step in the life of an electronic device is now more important than ever.
There are three key challenges our clients face today. First, cyber threats are ever-changing and becoming more sophisticated by the day. Cyber terrorism and targeted cybercriminal activities are directly impacting both the public and private sectors. They are persistent and yet, based on our research into exploit trends in 2014, attackers continue to leverage well known techniques to compromise systems and networks. Many vulnerabilities exploited in 2014 took advantage of code written many years ago and adversaries continue to leverage classic avenues for attack against client-side and server-side applications. Anti-virus signatures only catch approximately 45 percent of cyber attacks—a truly abysmal rate. In our review of the 2014 threat landscape, we find that enterprises most successful in securing their environment employ complementary protection technologies. These technologies work best when paired with a mindset that assumes a breach will occur instead of only working to prevent intrusions and compromise from the perimeter. So our clients’ security posture must be agile and responsive to better defend against threats —internal and external—in addition to vulnerabilities, in order to mitigate their risk... | ||
|