Jeremy Malies spends day 2 of The Security Event walking the floor. He majors on access control, hears an outstanding endorsement of how the show’s organiser Nineteen Group has marketed the event, and discusses best practice to avoid phishing fraud. The day ends with a case study on how whisky wastage is avoided!
“They got the segmentation idea right but didn’t reckon on the iceberg ripping all along the side of the boat!” An entertaining (for me at least) interview with Rudolf Rohr of barox (Stand 5/P90) touches on everything from the ostensibly modular nature of the compartments on the Titanic to the phenomenon of Brexit warehousing.
Rudi explains that barox position themselves right across what he calls the switching “equation” and want to empower and protect customers who might be using anything from a mini hardened industrial media converter to a switch for DIN-rail mounting or an altogether more complex unit for installation on the host network.
He says: “A switch is no longer just a switch these days; the right product from the right manufacturer in the hands of an astute installer becomes the first line of cyber defence.” Anthropomorphizing the switch, he has it ask: “Does this new device that has made a connection truly belong to us? If not, we can shut it down!”
It’s a logical mode of expression because barox have switches with integrated firewall functionality. Rudi’s figurative language allows him to make complex topics understandable. “Nightclub bouncers focus only on who comes into the premises. They have no interest in who is leaving.” But you may have a camera that has undesirable intentions. The camera may wish to go beyond recording what is coming in from the optics: it may want to communicate with another server or “phone home” if you will. Switches now have the ability to work out if an unexpected protocol simply doesn’t make sense. And if the protocol is suspicious it can be simply shut down.
Photo: Wikipedia.
Rudi believes that avoiding all penetration from malicious breaches is impossible but upping our game in terms of resilience and discrimination is achievable and has become the modern manufacturer’s prime responsibility across all client sectors and particularly CNI. Rudi also gives me heartfelt arguments about how Power over Ethernet (PoE) offers valuable failover when the conventional power source at a major site is lost. Powering equipment from the switch should always be in a designer’s mind.
Making the right decisions based on the best possible information as quickly as possible. It’s on the wish list for any end-user and security vendor. AMAG Technology (Stand 5/J10) are, to steal a phrase from sports journalism, putting in the hard yards to achieve this optimum situation.
The company is bringing more and more disciplines to their hosted platform. These include access control, video management, identity management, visitor management, and command & control. The offerings can be hosted by the end-user on site or by AMAG Technology themselves in the Cloud. The company is exhibiting Symmetry™ which is its latest unified platform.
A new offering is Near Field Communication (NFC) on readers which has been added to the existing reader range exploiting Bluetooth. Identification for legitimate site visitors is now simpler than ever (taking little more than a second) if the staff member, contractor or approved third party is a Google Wallet user.
Add analytics and the broad dimension of PSIM to the list above, and AMAG Technology can indeed position itself credibly as being able to empower users with optimum decision-making across the full range of sites, premises and campuses.
John Davies of TDSi (Stand 5/G60) is refreshing in that his enthusiasm for The Security Event underlines that people still want to get up close and personal with new products at physical trade shows. Rumours of the death of the in-person security show have been exaggerated, and John not only tells me that the exhibition has a tangible effect for the better on his bottom line but he also compliments organiser Nineteen Group.
TDSi develops integrated access control and complementary integrated building management systems including CCTV, intruder, fire alarms, lift control and energy management solutions.
John says: “Nineteen Group are obviously using every aspect of the marketing mix intelligently to promote the show. The success is obvious from sheer footfall not to mention high quality of visitors and serious enquiries. The organisers don’t make their own assumptions about what this trade show should be – they listen to the market.”
Photo: Nineteen Group.
He continues: “More and more customers and prospects are coming to see us here. I’m quantifying it as a 40% year-on-year rise. This is a key show for us; it’s close to the airport and Birmingham is more central than London if visitors then want to see other contacts in the UK. I’ve spoken to interested parties ranging from Libya to Cyprus only this morning. A sales enquiry from the UK was followed by one from Austria.
“We prepare carefully for shows like this with targeted mailshots to the verticals. We know who visits us here and who doesn’t, and for the no-shows we can continue with our marketing and perhaps meet them during an exhibition aimed at verticals.” So success at an event like this is to a significant extent about what you do by way of preparation.
I can’t think of an industry that has more wide-ranging or better trade bodies and associations than the security sector. Emma Allen, marketing manager at the Master Locksmiths Association (Stand 5/N152) outlines the association’s work for me.
Consumers can come to the website to find a variety of approved locksmiths. DBS checks and regular inspections are the norm as you might expect and these measures contribute to peace of mind for customers.
Inappropriate Internet advertising with unfeasibly low prices as well as unnecessary drilling out of locks when less drastic measures should be taken feature in the association’s list of bad practices. How to find a good locksmith runs through much of the literature and Internet presence as does advice on the red flags and warning signs that should make you wary of a potentially rogue locksmith.
Photo: Shotshop.
Now in my thirtieth year of reporting on this industry, I have (I hope) not lost a willingness to ask the simplest of questions even if this exposes ignorance in an area I should understand. I have always taken it as a given that the security sector requires hard drives that are different to the ones we all have in our desktop machines. But why?
Phil Wilson of Western Digital (Stand 5/M80) doesn’t mind answering my question and doesn’t see it as stupid! At first, he explains concepts such as head to disk clearance before moving on to the absolute clincher. Video analytics requires high resolution camera streams (thus large capacity) if the algorithms are to work. There is a more subtle point. As an algorithm interrogates footage to look for atypical movement or behaviour, the recording drive receives almost an assault as small bits of footage are looked at again and again with the head jumping around. Multiple reads are part and parcel of any intelligent scene analysis. The need for a specialist drive becomes obvious.
The old adage of: “Buy cheap, pay twice” hardly covers it here. Reliability is obviously a function of workload. Desktop-grade drives cannot cope with the demands of an NVR application. Western Digital therefore seek to educate customers about likely workloads in terabytes for a range of usage types together with consideration of temperature. The US standards body ASHRAE recommends that enterprise servers and storage equipment should operate in temperatures between 15°C and 32°C but cooling failures in data centres are common.
Western Digital are now making it easy for us with a colour coding system for their drives and consideration of annualized work amounts. Intensive use of analytics would probably require the WD Purple™ drive which helps to reduce pixelation and video interruptions.
Photo: Pixabay.
Signage in Hall 5 for the cyber security training company Phishing Tackle is compelling, at least for me. It reads: “Real-world simulated phishing”. I’ve never fallen foul of phishing but have friends with higher levels of education and more street wisdom than me who have been deceived. And this has happened in corporate environments at management level where their careers have been compromised. So, I don’t need much encouragement to sit down with CEO James Houghton.
“We get involved, sadly, in ‘Stable door and horse having bolted’ scenarios” he says. “But, encouragingly, there are also astute end-users in the ‘We know that an ounce of prevention is worth a pound of cure’ category.” The company simulates phishing attacks and, under the direction of the client’s HR, IT and board level executives, will send these through an organization.
Sadly, people often start clicking instinctively on links in emails which are clearly suspect and enter their credentials into log-in portals where there are enough warning signs to sway them towards caution. Staff will often click on attachments when there can be no good reason for the proffered information not to be included in the body of the message.
Phishing Tackle customers range from five to 55,000 users. They cover prestigious corporates to maritime authorities and healthcare organizations.
So, does James have any off-the shelf advice? “If you’re not expecting it then be vigilant, be suspicious of anything that is steering you towards instant action (a supposedly urgent instruction from your usually cautious and deliberate finance director perhaps) and whenever possible make a phone call to the colleague or third party in order to check that the message really came from them. Two-factor authentication is crucial. Targeted “spear-phishing” (it is labour-intensive for the scammers but adds credibility) will pull in a detail from your social media posts to make a request seem credible.
Even with all that common sense advice being in the public domain, there is a compelling need for the training offered by this company.
Photo: Shotshop.
Nedap (Stand 5/G90) are demonstrating their high-security enterprise-grade access control which is designed for critical national infrastructure (CNI) and similar environments where an intruder, disaffected former employee, protestor, business espionage actor or hostile reconnaissance agent might cause major disruption and damage.
The company’s strapline of “An access control system that only hinders the people you want to hinder” is one of the best examples of wordplay I see in all my time at The Security Event. User-friendly interfaces, interaction with other parties such as alarm monitoring stations and general convenience of deployment are all at a premium here.
Users of Nedap’s AEOS offering can if they wish now dispense with their own server and opt for Cloud-based software while still using their existing hardware so maximising convenience, minimizing on-site disruption and conserving the planet’s finite stock of raw materials. There are no rigid templates in this organization’s approach, and allocating door rights to an individual is not the primary way of thinking. Rather, Nedap sees end-user staff in teams.
And the simplest most impressive idea I’ve seen driving a product while I’ve been looking at nearly every booth across the show? At premises with multiple lifts, braXos (Stand 5/N60) don’t see why visitors (or guests if the site is a hotel) should get into lifts and visit just about every floor in the building before getting out at where they want to go. Mark Willingham says the very first core idea for this came from Otis but braXos have run with it in their product LiftOff.
The company excels at elevator access technology and its LiftOff elevator App (available in both the Apple App Store and Google Play Store) gives end-users many seamless dispatching capabilities. It has been embedded into the loyalty Apps of major hotel clients. (braXos can integrate with any third party already sufficiently sophisticated to have its own App.) The system serves as a room key with intelligence getting guests into a lift that will take them to the desired floor promptly.
Photo: Pixabay.
It was whisky galore as a case study for visual inspection company inspectahire (Stand 5/F135). Conservation of assets, raw materials, finished product and even half-finished product is a theme that has run throughout the exhibition. But everybody would have been behind inspectahire as they worked at a whisky distillery using CCTV surveys of feed and drainage pipework. Leakages may have been more ethanol (highly flammable and warranting close attention) than finished whisky but it’s a project that the security industry would have empathized with. And a good note to end on.
