CS - Video Surveillance Market Trends 2014 by annexbusinessmedia

Put to the test

Physical and digital penetration tests can help identify an organization’s weaknesses before they are exploited

By Andrew Snook

Testing the internal security of a company is not a new concept.

But with the evolution of artificial intelligence coupled with changing workplaces in a post-COVID world, digital and physical penetration testing has become more important than ever.

When sourcing a security expert for physical security penetration tests, it’s important to ensure the client understands the difference between penetration tests and threat risk assessments.

“ When we do a threat risk assessment, we will look at threats broken down by categories: human-induced threats that could include things like criminality, terrorism, protest activity; infrastructure, which could be power failures, water disruptions, things of that nature; and environmental factors such as snowstorms, floods, natural disasters, earthquakes and hurricanes,” explains Brian Claman, president and managing director, Brian Claman & Associates.

“So, when you do a threat risk assessment, you bring together the various stakeholders, and you, as a consultant, walk them through these different things and ask them, ‘What keeps you up at night? What are the things that you’re worried about?’”

These assessments differ greatly from physical security penetration tests, says Andrew Kirsch, founder and CEO of Torontobased Kirsch Group. “ The pen test is where you have no information or insight in advance — or a very limited amount,” he says. “And you are testing all those things that they say are the right policies, processes, security, infrastructure, and testing how they work without any advanced knowledge of it.”

When companies believe they have robust policies and infrastructure in place, that’s a good time to recommend a penetra -

tion test to ensure everything is working effectively in a realworld simulation involving a threat actor attempting to gain access. And if something breaks down, they are able to identify the vulnerabilities.

“Often, we partner with the cybersecurity side, so there’ll be a logical security pen test, which is kind of the IT and network side, and then we do the physical side. Where there’s overlap on information security, can we get access to these sensitive areas, sensitive information, documents, passes, all of those things that the attacker would be interested in? And what are the controls? Where do we get stopped and run into one or two risks?” Kirsch says.

W h ile companies may not perform threat risk assessments every year, which are more involved processes, they can do a pen test to see how things are going and keep people on their toes the same way companies do phishing exams and other cyber pen tests to keep their organization sharp. Asking clients

“A threat risk assessment, followed by penetration tests, can help wake people up.”

— Brian Claman, Brian Claman & Assoc.

the right questions before starting the tests is a key part of ensuring their effectiveness.

“ What are you really interested in here? What are you trying to test? Can people get in? Okay, great. But what are the sensitive areas that you want to see if people can get into? Are you testing the locations that have the sensitive information?” Kirsch says.

W hile any company that has a protection program could benefit from penetration testing, Claman says the most obvious ones that come to mind are shopping malls, office towers, critical infrastructure, tourism venues, or where there’s critical assets housed.

“As a practitioner for over 40 years in this industry, I would say nine times out of 10, people don’t even consider penetration testing. They think they’re doing the right things, until something happens, then they find out they’re not,” he says. “There are too many false assumptions. A threat risk assessment, followed by penetration tests, can help wake people up.”

A CHANGING WORKPLACE

Before the COVID-19 pandemic, working from home and hybrid working opportunities were not commonplace. But in a postCOVID world, many employers are reaping the cost benefits of having small office footprints, while employees are enjoying a better work-life balance with the opportunity to work from home.

But this environment can create new security risks. Kirsch says that employee situational awareness is most likely degrading from this new workplace model.

“I think that there are opportunities — and attackers probably see opportunities — to leverage the fact that we are so transient now that we don’t have these regular schedules, and that people are not familiar with their co-workers,” he says. “Maybe it’s not unusual to see a strange face or not know who everybody is. And I think, that way, we’re lowering our guard a bit.”

As workplaces adapt and evolve, companies need to review their security protocols to know if they are still effective.

GOING ON THE OFFENSIVE

Companies around the world are constantly bombarded with digital threats and the rise of AI has made these threats even more prevalent.

While many IT teams like to use the term “digital penetration testing,” Clément Cruchet, technical team lead for security testing and offensive security at Bell, prefers the term “offensive security.”

“ The idea is to have a holistic view of all the potential exploitation paths threat actors can take to compromise an organization or gain access to data. So, it’s offensive security including ethical hacking,” he says.

In addition to offering on-site penetration testing, Cruchet and his team t est all kinds of digital threats from the simplest applications to network intrusion This also includes red team engagement for weeks or months, as well as social engineering and malware development. Having a solid physical security

program is also an important aspect of a company’s digital security, he adds.

“You can have a firewall. You can have everything on network perimeter security well configured, but if your front door or your building is just open to anyone, then anyone can go on site and place a malicious device,” Cruchet says.

And while companies may have high security for entering an area such as a server room, their overall defences are sometimes not as tight as they might think they are. This is where physical testing can be of vital importance for digital security programs.

“You think a lot about the physical security in a data centre or unauthorized people trying to enter the server room. But sometimes there is just an exposed Ethernet port on the wall just before the server room, for example,” Cruchet says. “Sometimes an intruder can cause a lot of damage without entering the most secure server room.”

With the availability of AI, threats have changed significantly over the past few years, forcing security and IT teams to adapt quickly. Cruchet says the scope has really expanded for attackers to gain access to, or leak, sensitive data. He adds that the human factor has changed significantly over the past 10 years, and needs to be part of security testing protocols.

“ We see this in a lot of security incidents, whether it is email phishing, whether it is multi-factor authentication, or USB units that get sent to an employee. So, the human factor is very important,” he says.

Companies need to ensure their security solutions, which represent a multi-million-dollar investment, are working properly, and that there are no blind spots or gaps. This is where penetration testing can pay dividends.

“Security, most of the time, is a cost. So, we need to find a way to find the balance between investing some money within that to protect the business and to protect our assets,” Cruchet says. “You need to do a pen test every year or every six months. It depends on the compliance and on what you’re trying to protect.”

A MULTI-PRONGED APPROACH

For organizations to optimize their security, Claman says the key is to have every person and approach working in unison.

“ We can’t look at penetration testing or threat risk assessments in a silo — it has to be holistic in nature. It has to be one of multiple components necessary to achieve the desired level of protection,” he says.

Penetration tests are vital because they test and validate assumptions, Claman adds.

“If you’ve ever watched a fine chef, and they’re making the sauce, they’re always testing it. They’re always tasting it throughout the process, because they think they’ve got it right. But that’s the penetration test. It’s the same thing with security. We don’t do it enough. We don’t do threat risk assessments, and then we don’t do the penetration tests. And we layer security on an organization without an overarching strategy. All these things have to interface,” Claman says. | CS

Part of managing a facility or event of any kind is providing a safe experience for the patrons. Managers must educate themselves and prepare their organizations to confront potential threats ranging from terrorism and mass shootings to natural disasters and cybercrime. Security and Risk Assessment for Facility and Event Managers provides security frameworks that apply to all types of facilities and events, and will help current and future facility and event managers plan for and respond to threats.

Cyber risk management is one of the most urgent issues facing enterprises today. Building a Cyber Risk Management Program presents a detailed framework for designing, developing, and implementing a cyber risk management program that addresses your company’s specific needs. Ideal for corporate directors, senior executives, security risk practitioners, and auditors at many levels, this guide offers both the strategic insight and tactical guidance you’re looking for.

COMMIS SION AIRES CYBERSECURITY

CANADA'S PREMIER SECURITY SERVICES PROVIDER

Discover how our experienced Commissionaires du Québec team can become your armour in the face of cyber threats. Our cybersecurity services and arsenal of solutions include monitoring, defence, investigation and training tools based on the most recent advances in cybersecurity.

Specialized in defensive security (blue team), our team can monitor your network, servers, websites, endpoints, clouds, industrial control systems as well as your smart devices and Internet of Things (IoT).

Our experts possess various certifications recognized in the cybersecurity sector (CySA+, GSEC, CEH) and have worked in various vertical markets over the course of their careers. Our IT and data security solutions are world class and adapted to this ever-changing sector.

VULNERABILITY ASSESSMENT

Discover the potential holes in your website or your IT park before malicious digital pirates do. Our vulnerability detection application prioritizes potential risk, defending you beforehand.

// Vulnerability scan on a customized frequency basis with Taegis VDR

// Automated discovery of new devices with a network offering visibility on your access doors

// Creation of remediation plans;

// Prioritization of discovered vulnerabilities in relation to their context and severity

// Solution powered by machine learning, artificial intelligence and data science

// Deployment of treatment services on-site, on the cloud or by virtualization

SURVEILLANCE AND INTRUSION DETECTION

With access to our Security Operations Center (SOC), our cybersecurity analysts study the deepest corners of your network to prevent and block digital threats. You are thus protected from losing control of your sensitive information and from cyber attacks via our IT monitoring service

// Team of analysts specialized in responding to cyber incidents

// Prevention and detection services based on signatures;

// Detection tool and detailed oral response to network security events, IoT or cloud on a unique dashboard

// Escalation process and incident verification (sorting, surveillance, reports)

// Anonymous threat sharing system

//

CYBERSECURITY AND THREAT ANALYSIS

Protect your employees and resources thanks to our team of cyber investigators. Our data and social network as well as dark web analysis including our automated threat alerts become your digital armour in cyber monitoring.

// Navigation of the dark web and deep web for corporate information or sensitive personal data from open sources (OSINT)

// Detection of data leaks or dumps unique to your organization

// Forensic services and cybersecurity analysis (malicious software) in a controlled and isolated environment (lab)

// Certified private investigators by the Bureau de la sécurité privée (Bureau of Private Security) for infiltration and investigation

// Privileged contact among provincial and federal police forces

CONSULTATION SERVICES, TRAINING AND CONFERENCES

Would you like customized training, are looking for conference speakers or have specific needs that require the utmost discretion? Our cybersecurity solution specialists will know how to create a proposal customized for you.

// Customized training relating to IT security, governance, cyber resilience, and data security (Bill 64 and Bill C-11)

// Workplace conferences concerning the best practices including issues more specific to cybersecurity

// Guidance during cybersecurity audits to obtain certifications (ISO 27001/27002, PCI DSS, NIST)

LEARN MORE

contact@cccmtl.ca

Canadian-designed MSU Pro Solar + now equipped with AI-Powered Camera Analytics

The Pro Solar + is an MSU – a Mobile Surveillance Unit that is changing the security landscape in Canada. It’s a free-standing security trailer built to perform in even the toughest Canadian conditions: extreme weather, rugged terrain, limited solar energy, and isolated locations. These MSU’s are self-powered 24/7 sentinels that can be towed, trucked or flown to any location to provide instant surveillance and security. These are clean energy hybrid units that can operate for months or years with solar energy and a simple fuel cell.

The Pro Solar + provides 360-degree surveillance, but also serves as your first line of defence. When it detects any activity outside the norm – e.g.: loitering, trespassing, firearms – it sends an immediate alert to our communication centre, but also lets the suspect know that they have been seen, authorities have been alerted and the incident is being recorded. As the warnings blast out of the Pro Solar + loudspeaker, a variety of spotlights and strobe lights illuminates the area focusing on the suspect and helping motivate a quick exit. This technology can deter an individual or group from attempting to advance any further.

AI-Powered Camera Analytics: the brains inside the Pro Solar + In the security industry, our #1 goal is to keep everyone safe. As described in the previous example, a security breech is spotted, confronted and, most likely, driven away – as 360-degree cameras record the entire event and an alert is registered with our security centre –yet no human was ever in danger. The amazing security capabilities of the Pro Solar + have been multiplied many times over by our introduction of AI

(Artificial Intelligence) to the project.

AI ensures the Pro Solar Plus provides 24/7 imagery and analysis of its 360-degree view. It’s programmed to detect an anomaly in that view and then quickly decide what type of a security threat it may represent. At the same time, the command centre has been alerted and is viewing the 360-degree live video feed from the Pro Solar +.

Meanwhile, the AI on the MSU is busy analyzing all of the feeds from all of the cameras. It knows if the threat is a single person or a group. If a group, AI knows how many people and if they are armed. If they came in a vehicle, the AI already knows the make, model, colour and licence plate.

In real time, all this data is now on the screens at our command centre. A security expert can allow the Pro Solar + to carry out its own AI-powered response to the threat. Or the expert can take control of the unit – anywhere in Canada – and take over the handling of the suspects.

This is the security system we’ve helped build for Canada. It will help improve your security, while reducing your costs.

• The Pro Solar + operates 24/7.

• Its AI-powered cameras record a 360-degree view of before, during and after any security incident, which is also on a simultaneous feed to our communications centre.

• It provides an on-site solution to repel intruders – without injury to anyone.

• One Pro Solar + Mobile Surveillance Unit can significantly enhance a site’s security solutions.

But the benefits go deeper than that. Around the clock, the AI-Powered Camera Analytics watch the 360-degree

view from the Pro Solar + and only sound an alert when a security risk is sighted. That means you’re not paying security personnel to monitor the video feeds. And command centre personnel don’t have to check or follow up on threat sightings. A limited team has only to respond to alerts – generated by the AI-Powered Camera Analytics on the Pro Solar +.

In the event that the Pro Solar + responds to an emergency or criminal activity, local emergency services and police forces are more likely to prioritize a situation that has already activated an alert, backed up with a confirmation and video footage from our command centre.

These are only some of the most basic ways you can benefit from the Pro Solar + and its AI-Powered Camera Analytics. The MSU and the AI Analytics are available in a variety of configurations to suit your exact needs. The AI-Powered Camera Analytics can be programmed specifically for your application with a variety of functions.

 Versatile dynamic privacy masking

 Loitering detection and defence

 Smart motion detection

 Object detection and classification

 People counting and 3D people counting

 High-security, scalable per meter perimeter protection

 Long-range radar-like detection for all weather and lighting conditions.

Choose the features you’d like to include in your AI-Powered Camera Analytics. Or contact our experts for recommendations to match your requirements and budget. To learn more about GardaWorld Security Systems, visit garda.com/protection

Smart Surveillance with Artificial Intelligence

The past few years have seen companies throughout the security and surveillance industry expand their use of Artificial Intelligence (AI), doing more than improving camera imaging performance.

The continued evolution of new cameras combining AI with on-board audio and video analytics is resulting in highly accurate object detection and classification. In addition to fewer false alarms, customers can also receive actionable data that can drive intelligent monitoring to enhance operational efficiency and generate data-driven business insights.

Combining AI into video surveillance cameras and systems also enhances bandwidth reduction algorithms as we see a heightened need for more accurate AI-based detection of people, objects, and vehicles. Previous technologies focused on pixel changes created by any type of motion: rain, snow, or video noise, which could cause video bandwidth to increase. Now, these pixel changes are ignored to focus only on what users need to see.

The goal is to make alerts more meaningful by removing false positives from everyday nuisances, such as lighting changes, shadows, small animals, etc. Furthermore, the goal is to take data out of legacy silos so that different systems can make more effective use of it.

A common example is visual verification of access control alarm systems. Using AI, a rule could be written to ignore an alert if a person is not seen at a certain doorway. Or an operator verifying the alert can quickly look for people in the forensic search instead of having to manually review hours of footage. They can then search for specific attributes (clothing color, etc.) to see if there have been repeated attempts.

Additional types of devices and a fusion of AI will bring more intelligence to surveillance cameras and systems. For example, cameras or audio sensors are being AI enabled to make them more accurately detect certain scenarios based on the monitored audio alone, while ignoring false positives.

With security and surveillance devices now increasingly being tasked to do more than just “monitor and protect,” comprehensive, AI-pow-

ered intelligent technologies are becoming total business solutions. With the combination of AI and intelligent analytics, security professionals are better equipped to design and build safer and more efficient surveillance environments.

M any companies, Hanwha included, first started introducing AI into their products on a selective and specific basis. Now, AI is a key feature across the majority of product lines. Many new and existing products now incorporate AI technology to boost their performance to unprecedented levels and enable new vision solutions that address customers’ complex challenges by adding new layers of business intelligence.

New types of business intelligence software

can harness the data gathered by the embedded edge AI analytics in IP cameras to monitor market trends and events in real time. These software applications can process metadata and present contextualized data through customizable widgets and charts in a visualized dashboard. This gives customers context about their facility and operations, deriving insights that can turn unrealized data into actionable insights.

This trend is about more than devices. It’s all part of the continuing convergence of hardware devices and software solutions -- combining 24/7 protection with the latest advancements in Artificial Intelligence, analytics, and cloud-based management to create data-driven and analytics-based platforms.

Advanced Vision Solutions

Fueled by Innovation

You’re working differently…So are we

Increased security threats, fewer resources, tighter budgets…Hanwha Vision is the right security and surveillance partner to help you meet these challenges, protect your operations and keep your business moving forward.

Hanwha Vision’s innovative mix of hardware devices and software solutions combine 24/7 protection, Artificial Intelligence, analytics, and cloud-based management. These intelligent solutions are the perfect match for customers’ constantly changing security and surveillance requirements...today, and tomorrow.

FEATURED PRODUCT Market Trend

Allegion Launches Schlage XE360™ Series Wireless Locks

Allegion has launched the Schlage® XE360™ Series Wireless Locks, a new portfolio of electronic locks designed to meet the needs of multifamily and light-commercial markets, such as style and technology, at a competitive price.

The XE360 Series is the next generation of innovative electronic locks from Schlage, outfitted with the options and features most looked for by multifamily and light-commercial properties and made to fit the needs of a wide range of openings.

The XE360 Series, with its popular finishes and contemporary lever styles, is designed to match various design styles. It operates in an offline or No-Tour setting, removing the necessity for property or building managers to physically visit the lock as credentials update the access rights.

Backed by Schlage’s legacy of trust and innovation, the XE360 Series provides a flexible and cost-effective solution to improve the multifamily living and light-commercial tenant experience.

FREEDOM OF CHOICE

The Schlage XE360 Series, integrated with Allegion and third-party access control software providers as well as proptech systems, features an open architecture design. This

allows property owners and operators to select from various management systems, offering flexibility. Additionally, it ensures a convenient and secure experience for residents.

DESIGN-FORWARD AESTHETIC

The Schlage XE360 features an innovative design that ensures seamless aesthetic. Its thoughtfully engineered, uniquely concealed key override maintains the sleek appearance of the lock on the door, offering residents a modern and secure experience.

LEADING CREDENTIAL TECHNOLOGIES

The Schlage XE360 Series supports mobile credential technologies, such as MIFARE®, Bluetooth®, and NFC mobile. These technologies come equipped with advanced encryption measures to safeguard data and ensure secure communications.

FUTURE-READY CONNECTIVITY

The new and innovative FleX Module™ board allows the XE360 Series locks to be easily upgraded in the field to allow migration from an offline to networked solution and adapt to emerging trends in security and connectivity as the building’s needs or technology change.

The XE360 Series builds upon Schlage’s electronic access

control ecosystem. Property owners can now outfit all openings

• Ready for the future with the innovative FleX Module™ that allows for communication type, memory and encryption upgrades

• Open architecture – interoperable and simple for software alliances to integrate

• Uniquely concealed key override standard on all locks

• Suites with other Schlage families to provide attractive options to meet the requirements of nearly any opening

STYLES AND FINISHES

– including main entrances, resident entrances, paths of egress, common areas, offices, storage rooms, and workspaces – with a one-system solution.

control ecosystem. Property owners can now outfit all openings – including main entrances, resident entrances, paths of egress, common areas, offices, storage rooms, and workspaces – with a one-system solution.

FEATURES & BENEFITS

• Next level design inside and out

• Available with LED indicator, interior push button with LED indicator

• Advanced encryption keeps data and communications safe

• Wireless configuration using connected smartphones or tablets

• No-Tour or offline system capability

To learn more, contact a branch near you https://www.idn-inc.ca/ locations or visit our website at https://www.idn-inc.ca/

At IDN-Canada, We Make Security Simple.

Smart Hybrid Light Cameras

Intelligent Light, Full-Colour at Night

The video quality of existing security cameras is often limited by poor lighting, minimal colour details in dark places, and light pollution. However, brighter days are ahead with our Smart Hybrid Light Cameras (SHL): an innovative solution that provides flexible lighting choices for any dark environment.

How can Smart Hybrid Light improve the security for your restaurant, retail or commercial business?

• Classified object detection using Motion Detection 2.0

• In smart mode, visible supplemental lighting gets triggered by persons or vehicles

• Light the way for family and guests when they come near the house

• Deter trespassing in real time with key details captured more effectively

• Brilliant and vivid imaging in dim environments without supplemental lighting

Suggested Applications

Residential, Restaurant, Retail & Commercial Business

Truly Smart Technology

Dynamic situations demand dynamic technologies. While traditional cameras have a locked exposure and go out of focus in darkness, SHL’s Smart Mode adapts to any situation. For example, the IR Light is always covertly recording high quality, colour images and the white light is triggered only when motion is detected within the monitoring area, seamlessly transitioning to IR mode during periods of inactivity. This not only conserves energy but also ensures that the camera remains discreet and unobtrusive.

There are three supplemental lighting modes available: infrared, white light, and smart.

IR Mode

The camera uses its IR lighting in darkness, offering black and white imaging.

White Light Mode

The camera uses a visible light to ensure continual colour imaging overnight.

Smart Mode

The camera maintains infrared illumination and only employs the visible light when triggered by the detection of a person or vehicle. By switching between lighting modes, users can get all the details at those key moments.

The benefits of Smart Hybrid Light Cameras extend far beyond improved visibility

By offering both IR and white light options, users can enjoy colourful images with rich details, deterring trespassers while warmly welcoming visitors and family. Furthermore, the SHL’s easy configuration, with Smart Mode as the default setting, ensures a hassle-free experience for users of all levels.

Smart Hybrid Light Cameras also boast a host of additional features to enhance their surveillance capabilities. With Motion Detection 2.0, users can easily classify and differentiate between persons and vehicles, streamlining the search for relevant footage.

With its innovative features and unparalleled versatility, Smart Hybrid Light is poised to revolutionize nighttime surveillance, providing users with peace of mind and unparalleled security in any environment.