SecurityLink India August 2019 Magazine by Security Link India

No. 1 Worldwide in CCTV and Video Surveillance • CCTV • CABLE • POE SWITCH • VIDEO ANALYTICS • INTRUSION ALARM • ACCESS CONTROL • COMMAND CENTER • VIDEO DOOR PHONE • MOINTOR STORAGE DEVICES • INTELLIGENTS TRANSPORTATION Prama Hikvision India Pvt. Ltd. 2nd Floor, Siddhivinayak Arcade, Akurli Cross Road No.1, Near Kandivali East Station (Fatak), Kandivali East, Mumbai 400101, India. Tel: +91-22-28469900 Web: www.hikvisionindia.com

Sales +91-22-2846 9944 sales@pramahikvision.com

Marcom +91-22-2846 9953 marcom@pramahikvision.com

Technical Support +91-22-6822 9999, 3322 6060, 2846 9999 support@pramahikvision.com

RMA Support +91-250-663 6677, +91-22-3322 6070, 2846 9977 rma@pramahikvision.com

IISSM

(ISO 9001:2015 CERTIFIED)

Selflessly dedicated Service Since 1990 to the profession of Security and Loss Prevention

New Paradigms for Loss Prevention in Digital Era

For details please contact : Ms. Afreen Nawab on 9999 211 650

Media Partner स स

सं संववाद ाद से सेववाा

From the Editor’s Desk

(100 pages including 4 for cover) Volume IV • Issue 1 • August 2019

ISO 9001-2015 CERTIFIED

Editor-in-Chief Santosh Pathak

Dear Readers, Greetings from SecurityLink India! It is truly heartening to comprehend that India is fast heading towards a $5 trillion economy, and would soon touch the mark to make it to the league of $3 trillion countries – by this fiscal year itself – as pronounced by Nirmala Sitharaman, the Union Minister for Finance and Corporate Affairs, Government of India, in her recent maiden budget speech while presenting the Union Budget 2019-20 in the Parliament. However, amid the current status of Indian economy hovering around $2 trillion, a genuine question arises – will we be able to hit the bull’s eye? The target is not so unrealistic either – India generally falls short at execution – should the stakeholders affirm that the proposals are rigorously pursued and earnestly implemented, it is quite achievable. Majority of the economic and industry experts have applauded the budget, and labeled it prodevelopment. The Government has brought various proposals that will help boost economy. The Finance Minister, in her speech, highlighted the urgent need of modernisation and upgradation. The increased spending on high tech education and emphasis on digital India will increase the demand for IT and IT security. The focus on improving skills of youth in areas such as artificial intelligence, big data, and robotics etc., ensures stability of jobs for them both in India and abroad. The electronic security industry of the country also foresees a wide scope for rising graph of their business. The allocation of an enormous sum of money towards urban and rural infrastructure expansion such as roads, ports, railways, logistics, and so on indicates a phase of thriving opportunities for the industry. Security and surveillance make the inevitable component of an infrastructure and therefore a sizeable part of such allocation is meant to be diverted towards avant-garde surveillance solutions for smart management of these ventures. The Government has earmarked Rs. 50 lakh crore only for the development of railway infrastructure. Provisions such as fresh or incremental loans of up to INR 1 Cr for GST registered MSMEs @ 2% interest are appreciable. In order to reinforce ‘Make in India,’ the government has increased the basic custom duty on the import of various products including optical fibre cable, CCTV camera etc., and withdrawn exemptions from duty on certain electronic items which are now manufactured in India. However, the proposed exemption of basic custom duty on the import of specified military equipment and their parts (that are not being manufactured in India) will negatively impact the level playing field for domestic industry that wishes to enter into manufacturing them. Individual and socio-religious safety and security is the basis of a growing economy – and the recent government deliveries on triple talaq, POCSO Act, and likes appear to have been made in line to establish the same. We hope and wish the budget proposals are executed with similar fervour so we may be able to get to $5 trillion digit soon. Till we meet next month, stay safe and happy reading! With warm regards,

Santosh Pathak Mob: +91 9968172237

Principal Consultant Pritam Singh Mehta SecurityLink India Registered Office H-187/5, First Floor Jeevan Nagar Market, Kilokari (Near Maharani Bagh) New Delhi - 110014 Phone: +91 11 26342237 Telefax: +91 11 42828080 E-mail: editor@securitylinkindia.com Website: www.securitylinkindia.com Admin Divya Wadhwa Circulation Sanju Singh Design S. S. Rawat Portal Design & Maintenance Monu Kumar Singh Printed, published and owned by Santosh Pathak and published at H-187/5, First Floor, Jeevan Nagar Market, Kilokari, (Near Maharani Bagh), New Delhi-110014. The editor’s name is Santosh Pathak. Printed at Infinity Advertising Services P. Ltd. Plot No. 171-172, Sector-52 Faridabad (Haryana). All Rights reserved. No part of this publication may be reproduced in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise without the prior written consent of the publisher. (The views expressed in this magazine are those of the authors and do not necessarily reflect those of SecurityLink India.)

National Roundup

august 2019

CONTENTS NATIONAL ROUNDUP 27 28 29

Countering Rogue Drones Conference

Hikvision Launches Bravery Awards

IDEMIA – the First Certified Card Manufacturer in India

Videonetics amongst Top VMS Providers

Safe Secure Smart Cities Conference

SATATYA MIBR20FL60CWP Camera

31 32

Big Investments in India for Innovation & Growth by HPE

Hikvision at SAFE South India

SHARP Customer Meet in New Delhi International Police Expo 2019 Grandstream Partners with Savex Technologies Fortinet Highlights of Rise in Cyber Attacks Infocomm India 2019 Matrix COSEC Elevator based Access Control Fortinet Ranked No.1 Network Security Appliances Vendor in India HCSA Program, Chennai

Report

Being Cyber Resilient Organization – A Study

Application/ case studies 50

Hikvision’s Secures Indofil Plant

Indiana Road Uses Extreme Networks

Bosch Secures VTB Arena Park

Delta Scientific Bollard Stops Truck

Bedford Housing Authority Selects Avigilon Security Solution

IndigoVision Upgrades Airport from Analog to IP

Vanderbilt Protects Staff under Duress

NHIF Selects Matrix

NEC Facial Recognition for Admission Control at EU Summit

Allied Vision Supports in Flood & Coastal Protection

Cookpad Deploys CrowdStrike for Enhanced Security

SecurityLink India ■ August 2019

National Roundup

150 SecurityLink India â&#x2013; August 2019

National Roundup

august 2019

CONTENTS Feature Articles Why are Shopping Malls Soft Targets for Terrorists?

Shortening Checkout Lines to Enhance Customer Experience

PoE & Campus Security

Asia-Pac MSSPs to Offer Advanced Analytics

The Evolution of Video Data Protection

Opportunities for Non-Leading Safety Suppliers Amid Economic Slowdown

Home Security Mistakes to Avoid

IT Managers are Inundated with Cyberattacks

Blockchain Provides Biometric Vendors an Edge

International updates Product showcase

68-77 86-95

SecurityLink India â&#x2013; August 2019

National Roundup

SecurityLink India â&#x2013; August 2019

National Roundup

Conference on

Countering Rogue Drones he gold rush of the 19th century brought together people from all economic strata. It brought investors, opportunists, miners, entrepreneurs, law enforcers and law breakers together to a single location. There was a law of the land but implementation of that law was a challenge. The modern drone industry portrays a similar lay of the land. There is a gold mine of potential applications and business opportunities. This has attracted participants from multiple industries to provide business solutions. India has the law of the land in terms of regulations for drone e.g., unarmed aircraft system (UAS) ownership and operations; and the land also has the entrepreneurs and large firms – the law abiders and law breakers – and the entities who wish to misuse technology. The Federation of India Chambers of Commerce and Industry (FICCI) has recently organized a conference on ‘Countering Rogue Drones’ in New

Delhi, which received impressing response from the industry and other stakeholders including the government. The government officials who presented themselves there and shared their parts included Rakesh Asthaana, Director General, Bureau of Civil

 Government to soon identify key counter drone technologies for critical installations  Rakesh Asthaana DG, BCAS, GoI

SecurityLink India ■ August 2019

Aviation Security (BCAS), and Sanjay Jaju, Joint Secretary, Department of Defence Production, Ministry of Defence, Government of India. Mr. Asthaana indicated that the Ministry of Civil Aviation is working on finding solutions to counter rogue drones in the country. He said, “The Ministry of Civil Aviation had constituted a committee under the chairmanship of DG-BCAS for finding out the best available counter drone solutions and standards to safeguard civil aviation against possible drone attacks in India. We have taken the live trials – second pilot has just been over – and we are in the process of finalizing our reports which will be submitted to the Ministry soon.” “We don’t know which drone is rogue and which is good. We should have technology to counter it. Whether you go in for commercial or security purposes, the technology has to be such that can prevent the rogue drones

National Roundup

Dignitaries unveiling FICCI-EY report on Countering Rogue Drones

 Focus on indigenization of drone manufacturing and counter drone solutions  Sanjay Jaju Joint Secretary, DDP, MoD, GoI in our country,” added Mr. Asthaana, “Drones can be used both for the betterment of the society and for killing people as well and destroying assets.” Sanjay Jaju said, “The drone technology has immense potential, and as per NITI Aayog, the sector is likely to reach $50 billion in the next 15 years.”

Calling for indigenization of drone manufacturing and counter drone solutions, Mr. Jaju emphasized that local manufacturing should be done not only to derive economic potential but also to check the internal and external threats faced by the country. “If we can manufacture world class drones within the country, we can obviously manufacture world class counter drone measures. Otherwise what will happen is that the dependence on global market will continue for the anti-drone measures as it is for drones currently,” he noted. Lt Gen Sanjeev Madhok (Retd.), Co-Chair, FICCI Committee on Drones, and Head, Defence Business, Dynamatic Technologies said, “Drones have effectively disrupted business and operating models. They have empowered organizations and enabled them to capture real time, highly accurate data in the most cost-effective manner.” A FICCI-EY report on ‘Countering Rogue Drones’ was also released SecurityLink India ■ August 2019

 Some thought also has to be given to counter drone systems that not just target the drones but actually target or find ways and means of locating the person who is actually operating them  Ankit Mehta Co-Chair, FICCI Committee on Drones, and Co-founder & CEO, IdeaForge during the conference which emphasizes the needs to deploy counter UAV systems. 17

National Roundup

Prama Hikvision Launches ‘Bravery Awards’ At Hikvision Expo in Gujarat Honours 9 Policemen for Exemplary Service and Courage

rama Hikvision, India’s Hikvision Expo in Gujarat. ● ● The first of its kind, Prama Hikvision ‘Bravery leading provider of inWe also unveiled the latest Awards’ were conferred to three policemen and novative video surveillance products applications and a team of six cyber police professionals for their products and solutions, sucinnovative solutions, includexemplary achievements in police service. cessfully launched their ing artificial intelligence, AI ●● The first leg of Hikvision Expo was successfully first edition of ‘Bravery cloud, big data and IoT. We concluded in Surat, Ahmedabad and Rajkot. Awards’ on 24 July 2019 at got overwhelming response the Hikvision Expo, Rajkot, to our latest range of IP camGujarat. The Bravery Awards eras, PIR cameras, access aim to recognize and honour the exemplary, exceptionally control products, video door phones, Ezviz cameras, face meritorious and heroic acts of police professionals in exrecognition terminals and swing gates, smart pole, ECS traordinary circumstances. The awards were conferred by (emergency call switch) etc., at the event.” Manoj Agarwal, Police Commissioner and Ajay Chaudhary, Assistant Police Commissioner, Rajkot; and AK Jadeja, DGP, Gujarat. “We are extremely pleased to launch the first of its kind awards, the ‘Bravery Awards,’ given to recognize and felicitate police professionals who have set an example in demonstrating exceptional courage to protect the lives and property of the citizens of India. Committed to our vision of making citizen’s security a top priority, the awards are a step forward in inspiring the police professionals to go beyond their call of duty and enable a secure environment for the citizens across the country. The ‘Bravery Awards’ truly reiterate our ambition of pursuing excellence in security technology imBravery Awards Ceremony at Hikvision Expo plementation in India and encourage us to further set higher standards in security and surveillance industry through In his keynote address, Manoj Agarwal, Commissioner breakthrough solutions,” Commented Ashish P. Dhakan, of Police, Rajkot, encouraged Hikvision to bring in more MD and CEO, Prama Hikvision India Pvt. Ltd., “Hikvision’s technology that can assist in investigation of incidents and team of experts presented the best-in-class technologies and also to build more analytics. He further said that innovative product innovations through technical sessions during the technology like Face Recognition will help in curbing crime. He thanked Hikvision for taking initiative in recognising police personnel and awarding them with Bravery Awards. The ‘Bravery Awards’ were given to total 9 police personnel for their exemplary service and bravery on the line of duty. The Awards were presented to three Policemen – Sub Inspector D.P. Unadkat, Sub Inspector H.B. Dhandhalya, and PC Sanjaykumar Babubhai Rupapara, and a team of six Hikvision Video Surveillance Equipment 18

SecurityLink India ■ August 2019

National Roundup

cyber police professionals including PSI D. B. Gadhavi, PSI S. S. Nair, PSI K. J. Rana, ASI C. M. Chavda, HC Jaydevbhai Bosiya and PC Chhanubhai Gohil. Hikvision Expo was organized with the core objective of promoting security technology awareness among the security professionals, citizens and channel partners. As a part of the first leg of their pan India initiative, Hikvision Expo was organized in three major cities of Gujarat – Surat (19 July), Ahmedabad (22 July) and Rajkot (24 July) by inviting all the key stakeholders of security ecosystem partners. The expo provided the latest security and surveillance technology updates by experts in special interactive sessions and live demonstrations.

Prama Hikvision felicitated 9 Policemen with Bravery Awards for their exemplary services

IDEMIA is the first Certified Card Manufacturer in India For Contactless RuPay chip cards, with the facility to load multiple payment applications on a single card

DEMIA is the first and, to date, only one to be certified  This certification recognizes IDEMIA’s committo manufacture and personalise RuPay chip contact and contactless cards, on the qSPARC v2 platform. ment to continually invest in the development of qSPARC is a dual interface open loop payment specifitechnologies for enhancing and securing the paycation, with the option of loading multiple payment applicament experience for Indians and establishes once tions on a single card. This certification is issued by NPCI, again our leadership in this space. This qSPARC after testing all payment scenarios and thus ensuring that the certification will increase the usability of bank iscards manufactured by IDEMIA will work seamlessly at all sued cards with an enhanced value proposition for payment acceptance devices. all stakeholders  The cardholders get the convenience of using a single – Sanjeev Shriya card for multiple payment use cases such as metro, bus, Regional President for IDEMIA’s Activities in India toll, loyalty, parking and payments at retail. There is an option of loading up to 20 such payment applications on a single card. The qSPARC is likely to steer the national common mobility card (NCMC) and will be widely used in the smart cities. The first version of this card is deployed in kochi metro, Bangalore bus transport, Ahmedabad smart city, and will soon be delivered to prospective customers in Nagpur, Noida metro and Navi Mumbai bus transport ticketing. As of now, more than 1.5 million cards have been issued. SecurityLink India ■ August 2019

National Roundup

Videonetics Ranked Amongst Asia’s Top 5 VMS Providers (IHS Markit Report 2019)

ideonetics, the world-leading  It is a prestigious honor to be recognized visual computing platform as an industry leader in VMS by IHS Markit. development company has ranked This recognition validates our drive for high amongst top 5 video management performance, innovation, differentiation software providers in Asia market with the market share of 5.4%, acand global scalability. Building upon our cording to a recently released reaward winning and patented AI and deep port by IHS Markit. learning framework, we continue to achieve IHS Markit is one of the widespread adoption of our unified video computing platform world’s leaders in critical infor(UVCP™) in smart and safe cities, aviation, industrial, educamation, analytics, and expertise tion, BFSI, retail, and healthcare sectors  to forge solutions for the major – Dr. Tinku Acharya industries and markets that drive Fellow IEEE, Founder & MD, Videonetics economies worldwide. Rankings are adjudged using a robust rating which provides enterprise-class features without discrimscale and evaluated based on percentage revenue inating the size of the project, and manages the video growth, competitive advantage, size and innovation capaeffectively, optimally and securely. IVMS offers flexible bilities over the year. deployment environments to suit preferences, needs and Videonetics Intelligent Video budget of the customers. Powered with DeeperLook™ – Management Software Videonetics’ AI and DL platforms offering unique forenideonetics intelligent video management software sic investigation and video evidence features, IVMS is an (IVMS) is an open architecture, agnostic, scalable ideal software solution for challenging security needs of and modular video management and analytics software, an organization. IVMS is a part of Videonetics’ patented UVCP™ which brings to We’ve always strived to bring more value to our partgether other applications such as ners, integrators and customers. I would like to dedicate this deep learning based video analytics, achievement to them for their continued intelligent traffic management and support, commitment and excellent contriface recognition to address all of the video computing requirements. bution to Videonetics’ growth  IVMS offers true open architecture to enable easy 3rd party integrations with various sub systems such as access control, fire alarm systems, – Avinash Trivedi SCADA, intrusion detection, ICCC, VP – Business Development, Videonetics C4I and IBMS systems.

SecurityLink India ■ August 2019

National Roundup

With an unmatched nationwide presence, SIS Group’s Facility Management Companies are geared to make Bharat swachh. Our portfolio of brands provide hard FM, soft FM and pest control services to a diverse set of customers across India. Whether you are looking for an outcome based service model or mechanisation-led facility management, Dusters, ServiceMaster Clean and TerminixSIS are there for you.

Soft Facility Management

Hard Facility Management

Janitorial, Housekeeping, Façade Cleaning, Carpet Cleaning and Kitchen Stewarding.

Servicing HVAC, Plumbing, Electrical, Carpentry, Fire and Safety and Building Automation.

Pest Control General Pest Management, Termite Control, Mosquito Control, Rodent Control and Fumigation.

www.sisindia.com SecurityLink India ■ August 2019

A 5000 crore Indian multinational company

National Roundup

Inaugural Edition of Safe Secure Smart Cities Conference (The Lalit, New Delhi – 19 July 2019)

he inaugural edition of the ‘Safe Smart Cities Conference’ concluded on a successful note at The Lalit hotel, New Delhi. Organized by Corptive Research, the event was supported by GACS, Forces Network and AIILSG; EY was the knowledge partner to the event. MitKat Advisory was the associate partner, and SecurityLink India, Construction World and Urban Update were the official media partners. The event gained broader relevance considering the new term of the BJP government. With the smart cities mission launched on 25 June 2015 by Narendra Modi, Prime Minister of India, the country undertook one of the largest and most complex urbanization initiatives on the planet – one hundred cities of India were selected as part of this mission in its first phase.

The Safe Smart City Conclave brought together policymakers including those from Ministry of Housing & Urban Affairs (MoHUA), CEOs of smart city missions, academia, R&D, corporate leaders from consulting, and design and technology, OEMs, system integrators, as well as startups, NGOs and citizen groups – from across the globe – to have a free and frank exchange on ‘how to make our cities safe, secure, resilient and citizen-friendly,’ and what role each of the key stakeholders is expected to play. Most panelists emphasized on the need to get the necessary infrastructure in place and to leverage technology to make cities more efficient, secure, sustainable, and responsive. Various senior government officials attended the event. Among the senior government representations, some of the major departments were MoHUA, New Delhi Municipal Corporation, Ministry of Electronics and Information Technology, Gwalior Smart City Limited, Chandigarh Municipal Corporation, and Building Materials & Technology Promotion Council. The inaugural edition was attended by Avni Gupta, Deputy Director, Smart Cities Mission, MOHUA; Mahip Tejasvi, CEO – Gwalior Smart City; Sanjay Jha, Special Municipal Commissioner – Chandigarh; Shailesh Kumar Agrawal, Executive Director – Building Materials & Technology Promotion Council; Santosh Khadsare, Scientist E, CERT-IN, Ministry of Electronics and IT; Vishwa Ranjan Gupta, Director, New Delhi Municipal Council Smart City Limited; amidst an august industry gathering. Among the major participants from the private sector were EY, ICICI Bank, Havells, Yes Bank, LnT, NEC, PwC, Mahindra Defence Systems, Tata Tele Services, Ajeevi Tech-

SecurityLink India ■ August 2019

National Roundup

nologies, Tech Mahindra, Axis Communications. Tata Tele Services was one of the main sponsors for the event. The conference program at Safe Smart Cities 2019 featured discussions and presentations on a series of relevant and innovative themes including ‘Progress so far in Smart Cities’ and ‘What to do next about developing the Smart Cities.’ Featuring some of the top experts from the government, the program highlighted and brought to the forefront key issues which will play a significant role in shaping the future of Indian urban planning. Safe Smart Cities 2019 hosted eight keynotes along with panel discussions that brought together stakeholders of the industry on a single platform, allowing the exchange of ideas that added value to the smart city ecosystem at large. The panel on ‘Safety & Security of Tech Backbone – Command & Control Center Operations’ had intense discussion from industry stalwarts. The panel focused on bringing efficiency in command & control center operations in a smart city. Emphasizing the need for safety in cities, Samrendra Kumar, MD, MitKat Advisory said, “A smart city by definition must be safe, secure and resilient.” The concluding panel focused on ‘Cybersecurity & Privacy in Smart City.’ The panel saw participation from the audi-

ence to understand how the pervasive technology is going to affect their privacy and what is being done to alleviate those concerns. The panel was moderated by Samrendra Kumar. The event was successfully organized by Corptive Research Private Limited, which earlier hosted the Safe Secure Workplaces Conference in New Delhi in February 2019, and the same will be the next.

SATATYA MIBR20FL60CWP 2MP IR Bullet Camera with 6.0mm Lens

atrix Professional Series IP bullet cameras are built using superior components such as Sony STARVIS sensor and higher MTF lens to offer unmatched image quality especially during low light conditions. Powered by true WDR algorithm, these cameras offer consistent image quality even in highly varying lighting conditions. Built-in intelligent analytics including intrusion detection, trip wire etc., they ensure real-time security. Moreover, H.265 compression and automatic motion based frame rate reduction save bandwidth and storage up to 50%. The series features wider 56° horizontal field of view, adaptive streaming to record more frames during motion, less during no motion. They are ideal for special applications such as parking management and other outdoor applications. SecurityLink India ■ August 2019

National Roundup

HPE Announces $500 Million Investment in India to Drive Innovation and Growth H

ewlett Packard Enterprise plans to invest $500 million in India over the next five years. This strategic investment underscores HPE’s long-term commitment to India and will enable the company to grow its operations, manufacturing and employee base in the country, increase its R&D and services exports, as well as invest in technology initiatives to drive positive change for local Indian communities. “The Modi 2.0 administration’s vision of a $5 trillion economy is impressive and fitting for a country with this level of energy and opportunity,” said Antonio Neri, President and CEO of HPE and a member of the US-India CEO Forum, “India is one of the largest and fastest-growing economies in the world, and our investments will further develop the country as a critical market for HPE’s global business, as well as benefit our customers, partners, employees and the citizens of India.” “It is a matter of great assurance that a global giant like Hewlett Packard Enterprise is making big investments in India both in manufacturing as well as research and development,” said Ravi Shankar Prasad, Union Minister for Law & Justice, Communication and Electronics & Information Technology, “This shows the rising confidence of global investors in India’s rapidly growing electronics manufacturing sector and the success of Digital India.”

Development of India as a key growth market through hiring and manufacturing

o support India’s continued growth as a strategic market for HPE’s global business, HPE plans to increase its workforce in India by 20% over the next three to five years. In particular, HPE will hire new engineering talent with expertise in areas of critical importance to customers such as AI and networking. HPE will also begin construction of a high-tech extension to its Mahadevapura Campus in Bengaluru that will be able to house more than 10,000 employees, as well as stateof-the-art R&D facilities. When complete, the 1.3-millionsquare-foot campus will feature a state-of-the-art workplace, 24

●● HPE will invest $500 million in India over the next 5 years to grow its operations, research and development, manufacturing and employee base in the country. ●● HPE’s investment is supporting the Indian Government’s initiatives in eEducation, eHealth and Digital Villages. ●● HPE will help enterprises in India redefine experiences, drive intelligent operations and extract value from their data.

powered by HPE technologies, designed to enhance the employee, customer, and partner experience and foster a culture of innovation. The campus will support a broad range of functions including R&D, engineering services, finance, and sales. “Through our strategic investments in India we will continue to enhance our ability to help customers use technology to redefine experiences, improve operations and achieve their business goals,” said Som Satsangi, MD, HPE India, “To deliver on that commitment, we are creating a culture for growth and innovation at HPE. Our new campus will help us to retain and attract quality talent to deliver for our customers and for the citizens of India.” HPE also plans to commence manufacturing in India. The company is scheduled to start manufacturing Aruba’s portfolio of mobility and IoT solutions in India before the end of 2019. Data and connectivity are catalysts for growth in India, and Aruba’s strong intellectual property and mobile-first philosophy make it ideally poised to facilitate this growth. The manufacturing capability in India will allow Aruba to rapidly innovate networking solutions that will deliver benefits in support of the Digital India agenda and to customers across the country.

SecurityLink India ■ August 2019

National Roundup

Investments in innovation to drive positive societal change

he HPE investment also includes innovations in support of the Indian government’s initiatives to apply technology to drive positive societal change in critical areas. ●● eEducation: To address the gap of digital literacy among youth in rural areas, HPE has collaborated with NASSCOM Foundation to establish fully equipped digital classrooms under national digital literacy mission (NDLM). These digital classrooms are an innovative, practical and cost-effective solution to deliver skills training to citizens seeking digital literacy education. There are over 50 digital classrooms across the country with four more set to be launched shortly in Maharashtra. Additionally, HPE along with Agastya International Foundation will set-up a Center of Excellence in Kuppam, Andhra Pradesh, focused on skilling students in IoT-based agriculture. The facility features advanced IT solutions that are at the leading edge of the agricultural sector’s innovation toward higher food production from finite land resources. ●● eHealth: Addressing the need for affordable healthcare in emerging cities, the HPE eHealth Center (eHC) initiative helps improve access and effectiveness of primary healthcare in underserved areas. These eHCs are a cloud-enabled healthcare infrastructure solution that also offer health data analytics. Across India, more than 130 eHCs and 150 mobile eHCs are operational, and 15 new centers will be established across six states. The eHCs have already facilitated over 800,000 patient visits. In support of the government’s target of making India TB-free by 2025, HPE announced it has signed the USAID TB pledge to provide free diagnostic services to more than 50,000 people through its eHC network. ●● Digital village: Aligning with the government’s initiative to launch 100,000 digital villages in the next five years, HPE is today announcing a further five villages

Signing pledge to make India TB free

to benefit from a range of services including the HPE digital classroom, HPE’s eHealth Center, free public Wi-Fi provided by HPE Aruba and a range of online citizen services. This builds on the successful pilot launched last year in Manasampally, Telangana.

Helping Indian enterprises drive digital transformation

inally, the HPE investment will help enterprises in India redefine experiences, drive intelligent operations and extract value from their data. For example, Vodafone Idea, the largest mobile operator in India, is working with HPE to transform the network’s service & network operations center which controls its vast network and service offerings to over 334 million subscribers using HPE next generation operations support systems (OSS) and HPE intelligent assurance to turn vast amounts of telecommunications network data into actionable insight. Hewlett Packard Enterprise is a global technology leader focused on developing intelligent solutions that allow customers to capture, analyze, and act upon data seamlessly from edge to cloud. HPE enables customers to accelerate business outcomes by driving new business models, creating new customer and employee experiences, and increasing operational efficiency today and into the future.

SecurityLink India ■ August 2019

National Roundup

Hikvision Showcases Latest Products and Solutions at Security and Fire Expo (SAFE) South India ikvision participated in the 5th edition of the Security and Fire Expo (SAFE) South India (27-29 June, 2019) at the Hitex Exhibition Center, Hyderabad. The expo brought together internationally renowned exhibitors, consultants, industry experts and key government officials on a single platform. SAFE South India was inaugurated by Krishna Yedula, Secretary, Society for Cyberabad Security Council, Yogesh Mudras, Managing Director, UBM India Pvt. Ltd., and other key dignitaries from the government including Ms. Hari Chandana Dasari, Additional and Zonal Commissioner, Greater Hyderabad Municipal Corporation, and Santosh Mehra, IPS, Addl. DGP and Director, TSPA. Speaking on the Hikvision’s participation as a Premier Plus partner in the SAFE South India, Ashish P. Dhakan, MD and CEO, Prama Hikvision India said, “Security Industry in South India is growing exponentially. To leverage our latest security products and solutions in this potential market, we have participated in SAFE South India. This event continues to be the convergence point for the security professionals, system integrators, end-users and security business representatives. It gives impetus to grow the security business.” Hikvision demonstrated the latest security and surveillance technologies, products and solutions at its elaborately designed booth at SAFE South India. The booth showcased its best-in-class products and solutions including command control center, VMS, artificial intelligence technology, video door phone, access control, intrusion system, EZVIZ products, thermal cameras, Turbo HD 5.0 cameras, easy IP 4.0, intelligent traffic system, mobile, transmission, UVSS and

Hikvision booth at SAFE South India 2019

Ms. Hari Chandana Dasari, Additional and Zonal Commissioner, Greater Hyderabad Municipal Corporation and Mr. Santosh Mehra, IPS, Addl. DGP & Director,TSPA, visited the Hikvision booth at SAFE South India

face recognition terminals with swing barrier. Hikvision’s partner Seagate also showcased its latest surveillance storage products. SAFE South India was a unique opportunity to showcase Hikvision’s latest products and solutions in the various categories. Hikvision also demonstrated latest technological advancements in artificial intelligence technology by showcasing some application scenarios. SAFE South India also organized a unique two-day conference themed ‘Power Insights into the World of Security.’ A. L. Narasimhan,Vice President – Strategic Business Alliances, Prama Hikvision India, presented an overview of Hikvision’s corporate profile and future vision at the conference. Hikvision booth got a good response from the security professional community in Hyderabad.

Demonstration of Hikvision’s Artificial Technology applications

SecurityLink India ■ August 2019

National Roundup

SHARP Hosts Customer Meet in New Delhi Showcases its award-winning, high-speed MFPs and 4K ultra-HD resolution commercial LCD display line

HARP, a wholly-owned Indian subsidiary of SHARP Corporation, Japan, known worldwide for its unique technology products and solutions, hosted Customer Meet in New Delhi at The Grand Vasant Kunj. During the event, SHARP showcased its latest series of multi-functional printers and 4K ultra-HD resolution commercial LCD display line. The main agenda of the Customer Meet was to have a hands-on experience of the product line-up at SHARP experience zone and how SHARP can add value based on the customer needs. More than 200 customers were the part of this exclusive meet. Representing SHARP were, Shinji Minatogawa, Managing Director, and Manu Paliwal, President – Business Solution Group, who addressed the attendees about the diversity of products. The products that were on display included SHARP’s newest range of multi-functional printers comprising of AI voice assist feature, cloud integration, with leading-edge security; MX-M5050, MX-4070V and MX-M7570. All these MFPs are designed to have unmatchable user experience for simply better business. SHARP’s easy-to-use 10.1 inch touch-screen display offers an intuitive graphical interface with easy copy and easy scan screens, as well as quick access to on-board user guides. These models also support popular mobile technologies, including Apple® AirPrint®, Android™ print service and Google Cloud Print™. Besides the new line of MFPs, SHARP also showcased its award-wining 4K ultra-HD resolution commercial LCD

Shinji Minatogawa, Managing Director, SHARP Business Systems (India) Pvt. Ltd. and Manu Paliwal, President, Business Solution Group

display line. The new line of display series include 43” (PNHW431), 55” (PN-HW551), 65” (PN-HW651), 75” (PNHW751) and 86” (PN-HW861) commercial displays. These displays exhibit true-to-life precision of 4K ultra-HD resolutions that enable customers to see refined textures and finer details in photos and videos. These are multi-touch display solutions that can be used for meeting and training, R&D, Experience centers etc. “We are proud to showcase our latest series of MFPs, built on a single-engine design that will empower businesses of every size to choose the performance,” said Shinji Minatogawa, Managing Director, SHARP Business Systems (India) Pvt. Ltd., “We are delighted to showcase the largest line of commercial 4K ultra-HD displays. The extensive range of screen sizes ensure that our customers can now employ uniform technology and imagery in diverse locations and environments to suit individual business needs.” “The new series of SHARP’s MFP’s has been designed to help businesses streamline their office workflow while providing an intuitive user experience, flexible integration and enhanced productivity with the highest level of data security,” said Manu Paliwal, President – Business Solution Group, SHARP Business Systems (India) Pvt. Ltd., “We are creating an experience of our state-of-the-art office and visual solution products to create customer connect.”

SecurityLink India ■ August 2019

National Roundup

International Police Expo 2019 P

olicing is a matter of state and always needs equal attention like defence. Indian government is paying right attention towards the forces’ modernization. On the sidelines of SMART police, MPF scheme (Modernization of Police Forces), budgetary allocation of over ‘25,000 crores etc., Nexgen Exhibitions Pvt. Ltd. organized 5th edition of International Police Expo in New Delhi, during 19-20 July 2019. Latest technologies from Singapore, Israel, Korea, Taiwan, China, UK, USA, Malaysia, Germany, Australia, Poland and other leading arms manufacturing nations showcased at the expo. There were more than 80 companies who displayed

Ravindra Kishore Sinha (C), Rajya Sabha member from BJP inaugurating the Expo

their innovative products and technology for the police and other armed forces of India. The event was graced by the presence of dignitaries like Gen. V K Singh (Retd.), Minister of State for Road Transport and Highways, Government of India; Dr Vijay Kumar Saraswat, Member, Niti Aayog, Government of India; and Ranjit Narayan, IPS (Retd.) Executive Director, Delhi International Airport Ltd etc. Ravindra Kishore Sinha, an Indian billionaire businessman and Rajya Sabha member from BJP inaugurated the Expo. In his address Mr. Sinha said, “It is easier to identify enemies that we share borders with but it is very difficult to identify who are a threat to the internal security. So modernisation of policing is not only essential but if neglected would create a grave danger. I have always advocated increase of budget for internal security of the country, and with Amit Shah taking the control we might get that increase in budget. He comes from an area near the border, and hence he understands the importance of internal security. While other armed forces are reactive, policing is required to be proactive. What is important for this is integration of detection technologies and communication with response equipment controlled by trained personnel.” According to Dr Vijay Kumar Saraswat, Member, Niti Aayog, “It is a good initiative for Police Forces of India.” This year expo brought innovative technologies, firearms, drones and security equipment for police, CAPFs

SecurityLink India ■ August 2019

National Roundup

and CPOs of India. For the very first time, many companies from the background of ballistics and firearms launched themselves officially through this platform like TVS Group, Counter Measure Technologies (A representative of GLock Firearms) etc. The highlights of the event were Bhabha Kavach, a 360 degree protective wear for Indian soldiers and police officers developed by Bhabha Atomic Research Centre (BARC), which is cheaper and lightweight; innovative fire suppression pipe for cars by Deccaleap; flood sacks for disaster management; rugged systems for army and police; advanced lightweight and maneuverable bomb suits by Rotax; advanced

forensic systems by ForensicGuru etc. The event was attended by more than 3000 attendees comprising various senior officers like DGPs, ADGPs, IGPs, DIGPs, IPS officers, army, airforce, coast guards, NSG commandos, SPG commandos, forensic lab scientists, government officials from state police forces, CAPFs, CPOs, SPG, NSG, parliament security, DRDO, army design bureau, COAS etc. The event concluded on the highest notes from where it is going to be bigger and better next year. The next edition is scheduled on 14-15 May 2020 at Pragati Maidan, New Delhi, India. The organizers are expecting more innovative security technologies next year for display.

Grandstream and Savex Technologies Announce Distribution Partnership in India G

randstream has appointed Savex Technologies Pvt. Ltd. as a distributor of its wireless networking and unified communications solutions in India. Customers throughout India can now purchase Grandstream Networks’ award-winning solutions from Savex Technologies, which have been connecting the world since 2002 and include a comprehensive, feature-rich range of SIP handsets and Wi-Fi access points. “This distribution agreement with Savex Technologies signals the start of an exciting time for resellers in India and for Grandstream,” said Ajeet Singh, Country Sales Manager, India for Grandstream, “There’s a huge opportunity for growth and profit for our partners in the mid-market, but that opportunity is all too-often overlooked with vendors focusing on larger enterprise customers or providing solutions that don’t deliver the scalability, resiliency and flexibility the mid-market businesses are looking for. Together with Savex Technologies and their solid reseller support capabilities, geographical reach, years of competency, expertise and market knowledge, we can more effectively reach the channel, enabling resellers to leverage our on-premise and cloud-based Unified Communication solutions and create offerings that meet today’s digital business needs. We look forward to growing the market and technology landscape by serving our valued channel partners in India.” Savex and Grandstream both strive to deliver Wi-Fi networking solutions and feature-rich unified communication solutions that are easy and attainable to businesses of all sizes, and this partnership offers a cost-effective solution that is easy to deploy and includes high-end features to resellers throughout India. “We are pleased to collaborate with Grandstream and showcase its product and services to our reseller base,” said Anil Jagasia, Founder and Chairman of Savex Technologies Pvt Ltd., “The Grandstream portfolio will enhance our capabilities and enable us to deliver its technology to our reseller base, ultimately supporting our mutual customers and helping to ensure success in this fast-growing market.” SecurityLink India ■ August 2019

National Roundup

Highlights a Rise in Cyber Attacks Designed to Target Supervisory Control and Data Acquisition (SCADA) and other Industrial Control Systems (ICS)

he findings of Fortinet 2019 Operational Technology Security Trends Report, analyzing data gathered from millions of Fortinet devices to discern the state of cybersecurity for supervisory control and data acquisition (SCADA) and other industrial control systems (ICS), found many attacks on OT systems that seems to target older devices running unpatched software. It indicated that OT networks are increasingly being targeted by IT-based legacy attacks that are no longer effective against IT networks. The report also highlights a rise in purpose-built OT attacks designed to target SCADA and ICS systems. The majority of these attacks tend to target the weakest parts of OT networks often taking advantage of the complexities caused by a lack of protocol standardization and a sort of implicit trust that seems to permeate many OT environments. This trend is not limited to specific sectors as threat actors targeting OT environments did not discriminate according to industry or geography, as every vertical and region saw a significant rise in attacks. Key findings from the Fortinet 2019 Operational Technology Security Trends Report: ●● Exploits increased in volume and prevalence in 2018 for almost every ICS/ SCADA vendor. In addition to the recycled IT attacks being thrown at unpatched or non-updated OT devices, 85% of unique threats detected targeted machines running OPC Classic, BACnet and Modbus. 30

●● Cybercriminals targeted devices by exploiting the wide variety of OT protocols in place – many of which are specific to functions, industries and geographies. Due to the prevalence of legacy protocols and the slow replacement cycle for OT systems to deploy new architecture cybercriminals have actively attempted to capitalize by targeting the weak links in each protocol. These structural problems are exacerbated by the lack of standard protections and poor security hygiene practiced with many OT systems. ●● Custom OT attacks are also on the rise. Malware targeting ICS and SCADA systems have been developed and deployed for a decade or longer. Attacks specifically designed for OT systems seem to be on the rise, with safety systems increasingly a target. A handful of OT-based attacks over the past decade have managed to make headlines, including Stuxnet, Havex, BlackEnergy and Industroyer. Most recently, Triton/ Trisis targeted safety instrumented system (SIS) controllers which is the first true cyber-physical attack on OT systems. ●● Ransomware continues to attack OT systems: As of late 2018, ransomware attacks on IT systems have declined and many threat actors appear to have ‘moved on’ to other types of attacks like cryptojacking. However, cybercriminals tend to recycle existing malware to attack OT systems. This may suggest that SecurityLink India ■ August 2019

ransomware will be a bigger threat for OT systems than for IT ones in the near term. ●● Attacks on heating, ventilation and air conditioning (HVAC) systems and electrical grids are more likely to occur when these systems are operating at peak usage – most often during the Northern Hemisphere’s summer months. The age of an OT system is also a factor, with adversaries tending to target older technology more frequently than newer. As OT systems become more connected, the trend of increased attacks seems likely to continue. This new exposure requires organizations to adhere to more rigorous security operations and life-cycle management best practices to protect their organizations from major threats to the core of their business. As a result, OT and IT teams need to come together to respond comprehensively to increasing threats. Michael Joseph, Director System Engineering, India & SAARC at Fortinet said, “Malicious actors are able to extract maximum value from each new threat they develop by exploiting unprotected OT systems and vulnerabilities that persist in both older and newer networks and technologies. IT integration and convergence due to digital transformation efforts will continue to pressure this situation further. The best way to counter this new reality is by adopting and implementing a comprehensive strategic approach that simplifies the solution and involves IT and OT experts throughout an entire organisation.”

National Roundup

Technologies that take Businesses from Excellent to Exceptional A

round the world, new and impressive digital applications are constantly being pushed out. From fully-automated offices to 3D simulation environments, remote healthcare to interactive gaming, these applications are changing the way we live, learn, play and work. For India to stake her claim as an economic powerhouse in the digital era, she must fully embrace cutting-edge technology. Right now, there is a need to learn from successful global installations, and engineer applications that will benefit the Indian population. Now more than ever, stakeholders across all industries need to stay ahead of the curve, and keep themselves updated of the latest trends, available products and installations. This makes InfoComm India 2019 an unmissable event for you.

A preview of the topics of Summit: ●● Building Liveable Cities conference in collaboration with All India Institute of Local Self-Government. ●● Disruptive Technologies and the Indian BFSI Sector conference in collaboration with Bombay Stock Exchange. ●● Tech Design conference in collaboration with Institute of Indian Interior Designers – Mumbai Chapter. ●● Education Summit: Accelerating the Skills Revolution in collaboration with ICT Academy. ●● Homeland Security and Defense conference in collaboration with Computer Society of India, Mumbai Chapter. ●● Enterprise IT conference in collaboration with Computer Society of India, Mumbai Chapter. ●● Procurement Session in collaboration with Government e-Marketplace. ●● Sessions benefiting healthcare, government, hotel sectors powered by Express Computer. ●● Closed-door session benefiting the education sector, hosted by AVIXA. ●● Digital Signage Asia Forum by Digital Signage Multimedia Asia.

The exhibition

Also with a roster of first-time exhibitors to meet and 86 new-to-India products to discover, the show will provide opportunities to explore and discuss for transformative ideas and meaningful business partnerships.

The summit

his September, Infocomm India is presenting the latest professional audio-visual and integrated experience solutions of over 200 technology innovators from more than 20 countries. Delta, Epson, Harman, Kramer Electronics, Online Instruments and Panasonic are among the big names that will showcase their solutions. Along with various security ones, the exhibition will also bring products such as smart glasses, laser projectors, cinema LED screens, collaborative conferencing solutions to room automation control and interactive panels.

nother highlight of the evens is the Summit, which promises freeto-attend education sessions across AVIXA seminars, industry forums, AVIXA flash tracks, and Platinum Partners’ presentations. Lending muscles are industry experts, as well as esteemed associations such as All India Institute of Local Self-Government, Bombay Stock Exchange, Computer Society of India – Mumbai Chapter, Digital Signage Multimedia Alliance, Government e-Marketplace, ICT Academy, Express SecurityLink India ■ August 2019

Computer, and Institute of Indian Interior Designers – Mumbai Chapter. InfoCommAsia Pte Ltd is the Singapore-based subsidiary of AVIXA responsible for their trade shows throughout the Asia Pacific and extends its influence through four marquee events – Beijing InfoComm China, Chengdu InfoComm China, InfoComm India and InfoComm Southeast Asia. Each show comprises an exhibition that showcases world-class professional audio-visual (Pro-AV) and integrated experience solutions, and a summit that presents extensive learning opportunities. Bringing together industry players and top-level decision-makers from across all industries, the shows offer a window to the vast potential presented by the Pro-AV and integrated experience solutions markets of each country and region. 31

National Roundup

Matrix COSEC Elevator based Ranked No.1 Network Security Access Control S

ecurity issues corresponding to controlling access are perceived as a prime concern and strenuous challenge in various sectors like corporate office, manufacturing units, BFSI, healthcare and hotels. These arduous challenges require meticulously planned access control strategies. Implementation of such strategies can be employed at exit/ entry doors and at datacenters. Along with the conventional approach, it is being enhanced with advanced features to control access and improve security with elevators. Matrix offers elevator based access control, which allows access and entry in the elevator using biometric or RFID card credential, only to authorized personnel, at allotted time and assigned floors.

Appliances Vendor in India by Leading Industry Analyst Firm Leading analyst firm data shows Fortinet has grown strongly to gain 19.84% market share in India

Key features ●● ●● ●● ●● ●● ●● ●●

Controlled access for 32 floors in one elevator. Multiple credential based identification. Time, user and floor based access control. Seamless third party hardware integration. QR code based identification. Secured end to end communication. Multiple communication interface. Matrix is one of the leading security solutions providers for modern businesses and enterprises. As an innovative, technology driven and customer focused organization, the company is committed to keep pace with the revolutions in the industry. With around 40% of its human resources dedicated to the development of new products, Matrix has launched cutting-edge products like video surveillance systems – video management software, network video recorder, and IP camera, access control and time-attendance systems. These solutions are feature-rich, reliable and conform to the international standards. 32

SecurityLink India ■ August 2019

ccording to the latest International Data Corporation’s (IDC) worldwide quarterly security appliance tracker, Fortinet is the No. 1 vendor in India for the first quarter of 2019, based on vendor revenue. According to IDC, the network security solutions are defined as a combination of hardware, software and networking technologies whose primary function is to protect corporate networks and network-embedded resources from disruption caused by external threats. In this market, IDC includes firewall, unified threat management, intrusion detection and prevention, and virtual private network products.

Fortinet continues growth with proven performance

his No. 1 position demonstrates Fortinet’s ability to provide the most innovative, highest-performing security fabric to secure and simplify IT infrastructure. Fortinet is capable of delivering an integrated security fabric

National Roundup

that can protect against potential threats across the entire attack surface and deliver automated protection and visibility to every network segment, device, and appliance, whether virtual, in the cloud, or on-premises. “Fortinet has a well-established business platform in the region backed by our investments in cyber security skill training, R&D with more than 100 patents registered from India, professional services, customer support, and security solutions that support open standards. We have an ecosystem of partners and service providers who help customers dynamically expand their networks, build dynamic WAN connections, adopt mobility and IoT strategies and enable distributed processing. Our security fabric remains a key differentiator as more enterprise customers consolidate towards a single vendor with a comprehensive solution that spans the entire attack surface from the core network to multi-clouds and the edge, delivering performance and threat intelligence required to ultimately protect against today’s evolving threat landscape,” said Rajesh Maurya, Regional Vice President, India & SAARC at Fortinet. Fortinet secures the largest enterprise, service provider, and government organizations around the world. It empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network – today and into the future. Only the Fortinet security fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments.

Hikvision Certified Security Associate (HCSA) Program Concluded Successfully in Chennai

ikvision has recently conducted the Hikvision Certified Security Associates (HCSA) Program in Chennai. The three day comprehensive program included training sessions on optics basics, turbo HD analog solution, PTZ configuration, network basics, IP camera, NVR, fish eye camera, iVMS 4200 and smart functions and applications. It was conducted by Vinit Narvekar, Senior Technical Support and Training, Prama Hikvision India Pvt. Ltd.

The idea behind HCSA is to give hands-on training and demonstration as a part of the training program. A dedicated online examination and practical test are also conducted after these training sessions. “Hikvision has set the industry standard by offering professional video surveillance certification to validate video expertise under Hikvision Certified Security Associate (HCSA) program in India. This Hikvision certification program is specially designed for security professionals. Besides, Hikvision provides meaningful endorsement to those who succeed in the exam and become Hikvision certified professionals,” said Ashish P. Dhakan, MD & CEO, Prama Hikvision India Pvt. Ltd. The HCSA level certification focuses on training participants in essential configurations, operations and maintenance of Hikvision video surveillance products and its features. It is designed for technical engineers, who have worked in the security industry for some years and have already gained knowledge and experience about security basics. The certification program is open to anyone looking to gain expertise in video surveillance and total security solutions. The trainee should have at least one year of work experience in the security industry and be familiar with security basics. The HCSA program got a good response from the young engineers and installers. The participants came from Chennai and nearby areas and towns for the HCSA Chennai event. The successful batch of participants will receive the HCSA certificates along with the enriching technology updates and training experience. SecurityLink India ■ August 2019

feature

Shopping Malls

Col AK Singh (Retd)

Easy & Lucrative Targets for Terrorists Why?

[CSP, CSM, CCPS, CFMS, DM & BCP, IOSH (MS)] Head – Training and Development, AP Securitas Pvt Ltd

(An Analysis)

n the 21st century, shopping malls have become the symbol of prosperity. They are omnipresent across the globe – especially in metropolitan cities. India, which is one of the fastest growing economies of the world today, is also not lagging and has made a remarkable part of this global phenomenon that is fast spreading its footprints in Tier-II and Tier-III cities of the country. Shopping malls are also transforming the landscape of rural India. The nondescript and sleepy towns have become vibrant and are buzzing with commercial activities with population drawn to the ambience of flowing music, entertainment, glitter of lights, and opulence of the variety in the stores. Today malls which have become synonymous to shopping culture across all sections of urban India present a potent symbol of rising middle class, and have become the ultimate destination for the shoppers with wish lists in their hands.

Terrorist incidents worldwide Year 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 Total

No of incidents 10,900 13,587 14,965 16,903 12,036 8,522 5,076 4,826 4,721 4,805 3,242 2,758 2,017 1,166 1,278 1,333 1,906 1,814 111,855

Dead 26,445 34,871 38,853 44,490 22,273 15,497 8,246 7,827 9,273 9,157 12,824 9,380 6,331 5,743 3,317 4,805 7,729 4,403 271,464

Injured 24,927 40,001 44,043 41,128 37,688 25,445 14,659 15,947 19,138 18,998 22,524 15,550 12,784 12,022 7,384 7,162 22,774 5,869 388,043

Other side of the coin – Easy target for terrorist attacks

Peculiarities of shopping malls

hile visiting shopping malls is normally a must in today’s time, they have also become an easy target for terrorist attacks. The brazen and gruesome attacks by terrorists on shopping malls in the past decades have left a very tragic, devastating and emotionally wrenching scars down the memory lane of the entire human race. An analysis by Rand Corporation in 2006 reported 60 such attacks on shopping malls in 21 countries since 1998. A mere glance at the historical data of such heinous acts of terrorists as available on Google and tabulated below is very scary, and needs serious attention of the security professionals. 34

he shopping malls are very different from the likes of airports which provide specific and specialized customer services and travel experience. Same is the case when we compare shopping malls with shopping complexes which fall grossly short of quality shopping experiences. The shopping malls are prominently crowd centric as footfalls are the core of their business model. They are usually fat in area – spread in lakhs of square feet of retail space, and multi-storeyed – to house a remarkably large number of stores to ensure all famous international brands are available. Food courts and cineplexes, casinos and pubs, kids play zones, pro-

SecurityLink India ■ August 2019

feature

Active shooter Terrorist attack on West Gate shopping Mall in Nairobi on 23/09/2013

motional activity zone etc. are the major attractions of malls. Other facilities include large multilevel parking spaces for vehicles, gen sets for power back-ups, escalators and passenger lifts for easy movements of the shoppers, 24x7 presence of the security and facility management personnel, flashy glitter of colorful LED lights in stores and surroundings, and so on.

mongst the risks and threats listed above, active shooters are the biggest security threat. They are highly trained, hard core, motivated and mission oriented crusader with a singular aim to damage public and their assets. The characteristics of a shopping mall offer them the freedom to gauge the security envelope through repeated reconnaissance and surveillance of the target points and areas, and then strike at right place and time of his choosing within the vulnerabilities identified.

Security challenges in shopping malls

o be commercially viable and attractive, the shopping malls have got inherently to be in open areas – with wide ranging access for retailers and shoppers and therefore with copious car parking capacity and other above given facilities. This increases the potential vulnerability and challenges before the security system. Some of the other major challenges faced by the security in a shopping mall are: a) Multiple stakeholders – The ownership of the shopping malls is usually in the hands of many stakeholders. b) Large crowd – The sheer numbers are sitting ducks that invite terrorist attacks. c) Access to public – Malls thrive on footfalls and thus allow unimpeded access to all. d) Centre of attraction – Attract wide cross section of the population. e) Business models – The marginal cost of additional security measures is termed extremely high. f) Personal privacy vs security – Frisking, search and X-ray scanning of baggage are generally not longed for by the shoppers and hence rarely allowed. g) Unwillingness for enhanced security – Most countries are not willing to turn shopping malls into fortresses for various obvious reasons.

Risks and threats

he spectrum of risks and threats to the security of a shopping mall can thus be summarized in terms of – shop lifting by shoppers, theft and pilferage by the employees of stores, accidents and thefts in car parking, public violence in casinos and pubs, fire incidents for varied apparent reasons, bomb threats and active shooter incidents, inappropriate behavior in passenger lifts and parking amounting to sexual harassment, and many more.

Some useful tips Most advocated technique to ward off the active shooter incident is to Run-Hide-Fight; but we do not recommend an unarmed civilian crowd to fight a determined active shooter. Other useful tips which you can do to avoid getting trapped in the epicenter of the terrorist attack in a shopping mall are to a) Select early hours of the day to avoid the crowd. b) If at all you got yourself in the crowd then avoid being in the middle of it. c) Always look for a nearest exit just in case of an emergency.

Post 9/11 scenario

he aftermath of 9/11 attack on Twin Trade World Towers, New York in the USA, which shook the mindset of a large section of countries, has enabled a dramatic change in the entire security outlook of these infrastructures. The profile of the shopping malls has started deeply embedding security and safety in their processes to leave

SecurityLink India ■ August 2019

feature

to unwind and enjoy the personal moments of privacy, fun and leisure time.

Role of private security agencies

W Twin World Trade Towers, New York in USA

very marginal and reduced scope of security lapses. The HHMD (hand held metal detectors), DFMD (door frame metal detectors), X-ray scanners and CCTV surveillance play the key role in reinforcing todaysâ&#x20AC;&#x2122; security umbrella. The AI (Artificial Intelligence) enabled systems for tracking a suspect through facial recognition technology is the latest addition to the recent fleet of security gadgets. The scope of integrating security and surveillance devices has further augmented the viability of security system. The presence of security personnel in civil clothes to ensure that they remain unobtrusive and un-conspicuous while attempting to identify suspicious elements within the Mall serves a big deterrent. However, one needs to home on the ideology of terrorists to figure out the probability of an imminent terrorist attack.

Why a shopping mall cannot be made an impregnable fortress

one line answer suffices to address this issue that a stringent security arrangement goes totally against the ethos, culture and experience level expected by both shoppers and retailers â&#x20AC;&#x201C; as with such deployments the very purpose of creating malls as a profit center will be defeated and the creation will cease to continue. Security and safety are generally taken as granted and usually placed at the lower hierarchy of planing and implementations. Nobody really wants to be trailed or tracked, or be under the eyes of surveillance or scanner at a place which he has selected

Terrorist attack on Hotel Taj Mahal Palace, Mumbai on 26/11/2008

hile one cannot totally rule out or obliterate the probability and possibility of terrorist attacks, there is still a huge scope for private security agencies to assist law enforcement authorities in reining them and reducing the impact of such incidents. They will help in implementing preventive measures that generally conform to the pattern adopted by stakeholders post 9/11 scenario, illustrated above, and will prominently and additionally figure in the security set up including in analyzing the incident patterns of the past, employing the AI enabled behavioral recognition techniques, strictly enforcing the frisking, search and scanning through HHMD, DFMD, X-ray scanners at all entry points, lockdown drills once in a quarter, mock drills for bomb threat and fire incident once in a quarter, enhanced budgetary support for equipping security to enhance efficacy and minimize the probability, and in many other ways.

Conclusion

errorists love to hit the headlines in the media by aiming the soft targets like shopping malls. The PSAs being the second line of defense have an immense responsibility to keep these facilities safe and secure from such terrorists acts causing tragic loss of lives and property. We, the APS Group, have large number of shopping malls in our list of clientele where we provide security and facility management. We rigorously go through the client SoPs and conduct security audits, identify risks and threats, and home on vulnerabilities before taking over the site. The innovative measures in the form of penetration checks are instituted to plug the loop holes in the security set up. The mock drills for handling emergencies like fire and bomb threat are conducted regularly to rehearse the spontaneous response matrix of security apparatus. Fire safety audits have saved many possible emergency situations. Since lock-down drills are a big drain in the profit center, the frequency is left to the choice of the stakeholders. However, active shooter response training program and security advisory are shared with the client from time to time. Conclusively, we ensure seamless moments of pleasurable shopping, fun, frolic personal moments of privacy and leisure time to all who visit these shopping malls, but in safe and secure manner. We deliver peace and prosperity through our basket of security services in the ecosystem.

SecurityLink India â&#x2013; August 2019

National Roundup

SecurityLink India â&#x2013; August 2019

report

The 2019 Study on the

Cyber Resilient Organization T

he Ponemon Institute and IBM Resilient have released the fourth annual study on the importance of cyber resilience to ensure a strong security posture. For the first time, they feature the importance of automation to cyber resilience. In the context of this research, automation refers to enabling security technologies that augment or replace human intervention in the identification and containment of cyber exploits or breaches. Such technologies depend upon artificial intelligence, machine learning, analytics and orchestration. Other topics covered in this report are the impact of the skills gap on the ability to be more cyber resilient, how complexity can be the enemy of cyber resilience, lessons learned from organizations that have achieved a high level of cyber resilience, and the importance of including the privacy function in cyber resilience strategies.

Cyber resilience and automation go hand in hand

How automation supports and improves cyber resilience

The 2019 Study on the Cyber Resilient Organization

Ponemon hen asked to rate theInstitute, valueAprilof2019 automation and cyber Part 1. Introduction resilience to their security posture on a scale of 1 = The and = IBMhigh Resilient are pleased release the findings of thevalue fourth annual lowPonemon valueInstitute to 10 value, 62topercent rate the of study on the importance of cyber resilience to ensure a strong security posture. For the first time, we featureresilience the importance as of automation to cyber resilience. In the context of this research, cyber very high and an even higher percentage automation refers to enabling security technologies that augment or replace human intervention in the identification and containment of cyber exploits or breaches. Such technologies depend of respondents (76 percent) find automation very valuable. upon artificial intelligence, machine learning, analytics and orchestration. Moreover, according Other topics covered in this report to are: the research, 60 percent of respondsay their organizations’ recognize that invest§ents The impact of the skills gap on the ability to leaders be more cyber resilient § How complexity can be the enemy of cyber resilience ments in automation, machine learning, artificial intelligence § Lessons learned from organizations that have achieved a high level of cyber resilience § The importance of including the privacy function in cyber resilience strategies. and orchestration strengthen their cyber resilience. 1

Cyber resilience and automation go hand in hand. When asked to rate the value of automation and cyber resilience to their security posture on a scale of 1 = low value to 10 = high value, 62 percent rate the value of cyber resilience as very high and an even higher percentage of respondents (76 percent) find automation very valuable. Moreover, according to the research, 60 percent of respondents say their organizations’ leaders recognize that investments in automation, machine learning, artificial intelligence and orchestration strengthen their cyber Figure 1. The value of cyber resilience and automation to your resilience.

organization From 1 = low to 10 = high, 7+ responses presented

Figure 2. The value of cyber resilience and automation to your organization From 1 = low to 10 = high, 7+ responses presented

80%

76%

70%

62%

60% 50% 40% 30% 20% 10% 0%

38 1

The value of automation

The value of cyber resilience

n this section, there is a comparison between the findings of the 23 percent of respondents who self-reported their organizations use automation extensively vs. 77 percent of respondents who use automation moderately, insignificantly, or not at all. Following are the six benefits when automation is used extensively in the organization. 1. High automation organizations are better able to prevent security incidents and disruption to IT and business processes. Measures used to determine improvements in cyber resilience are cyberattacks prevented, and a reduction in the time to identify and contain the incident. 2. High automation organizations rate their cyber resilience much higher than the overall sample, and also rate their ability to prevent, detect, respond and contain a cyberattack as much higher. 3. Automation increases the importance of having skilled cybersecurity professionals such as security analysts, forensic analysts, developers and SecDevOps. Eightysix percent of respondents in high automation organizations are more likely to recognize the importance of having cybersecurity professionals in their cybersecurity

SecurityLink India ■ August 2019

We define cyber resilience as the alignment of prevention, detection and response capabilities to manage, mitigate and move on from cyberattacks. This refers to an enterprise’s capacity to maintain its core purpose

report

incident response plan (CSIRP) and are not as likely to have difficulty in hiring these professionals. 4. High automation organizations are maximizing the benefits of threat intelligence sharing and advanced technologies. In every case, respondents in organizations that are extensive users of automation are more likely to believe threat intelligence and sharing, DevOps and secureSDLC, and analytics and artificial intelligence are most effective in achieving cyber resilience. 5. Automation can reduce complexity in the IT infrastructure. High automation organizations are more likely to say their organizations have the right number of security solutions and technologies. This can be accomplished by aligning in-house expertise to tools so that investments are leveraged properly. Respondents in the overall sample are more likely to have too many security solutions and technologies. 6. High automation organizations recognize the value of the privacy function in achieving cyber resilience. Most respondents in this research recognize that the privacy role is becoming increasingly important, especially due to the EUâ&#x20AC;&#x2122;s GDPR and the California Consumer Privacy Act. Moreover, high automation organizations are more likely than the overall sample to recognize the importance of aligning the privacy and cybersecurity roles in their organizations (71 percent vs. 62 percent).

Lessons learned from high performing organizations

s part of this research, certain organizations represented in this study are identified, which self-reported as having achieved a high level of cyber resilience and are better able to mitigate risks, vulnerabilities and attacks. Of the 3,655 organizations represented in this study, 960 respondents (26 percent of the total sample) self-reported 9+ on a scale of 1 = low resilience to 10 = high resilience. Respondents from these organizations, referred to as high performers, are much more confident in the strength of their security posture compared to those who self-reported they have not achieved a high state of high cyber resilience. They are referred to as average performers. Following are seven benefits from achieving a highly effective cyber resilience security posture. 1. High performers are significantly more confident in their ability to prevent, detect, contain and recover from a cyber attack. Of respondents in high performing organi-

zations, 71 percent of respondents in high performing organizations are very confident in their ability to prevent a cyberattack, whereas slightly more than half (53 percent of respondents) from the other organizations believe they have a high ability to prevent a cyberattack. High performers are far more likely to have a CSIRP that is applied consistently across the entire enterprise, which makes this group far more likely to prevent, detect, contain and respond to a cyberattack. Only 5 percent of high performers do not have a CSIRP. In contrast, 24 percent of organizations in the overall sample do not have a CSIRP. Communication with senior leaders about the state of cyber resilience occurs more frequently in high performing organizations. More than half of respondents (51 percent) vs. 40 percent in the overall sample communicate the effectiveness of cyber resilience to the prevention, detection, containment and response of cyberattacks to the C-suite and board of directors. Senior management in high performing organizations are more likely to understand the correlation between cyber resilience and their reputation in the marketplace, perhaps because of frequent communication with the C-suite. As a result, high performing organizations are more likely to have adequate funding and staffing to achieve cyber resilience. Senior managementâ&#x20AC;&#x2122;s awareness about the relationship between cyber resilience and reputation seems to result in greater support for investment in automation, machine learning, AI and orchestration to achieve a higher level of cyber resilience. In fact, 82 percent of respondents in high performing organizations use automation significantly or moderately. In the overall sample of organizations, 71 percent of respondents say their organizations use automation significantly or moderately. High performers are more likely to value automation in achieving a high level of cyber resilience. When asked to rate the value of automation, 90 percent of respondents in high performing organizations say automation is highly valuable to achieving cyber resilience. However, 75 percent of respondents in the overall sample say they place a high value on automation. High performers are more likely to have streamlined their IT infrastructure and reduced complexity. More than half of respondents (53 percent) vs. only 30 percent of respondents in the overall sample say their organizations have the right number of security solutions and

SecurityLink India â&#x2013; August 2019

report

technologies to be cyber resilient. The average number of separate security solutions and technologies in high performing organizations is 39 vs. 45 in the overall sample.

Key findings

onemon Institute surveyed 3,655 IT and IT security professionals in Australia, Brazil, Canada, Germany, France, India, Japan, the Middle East (UAE/ Saudi Arabia), Southeast Asian countries (ASEAN), the United Kingdom and the United States. This section provides an analysis of the key findings.

likely to prevent frequent occurrences of these incidents, as shown in Figure 3. Specifically, 53 percent of organizations in the overall sample had more than one data breach, while less than half (49 percent) in the high automation organizaAutomation frequency tions hadreduces morethe than one. of data breaches and cybersecurity incidents. Companies that extensively use automation are more likely to prevent frequent occurrences of these incidents, as shown in Figure 3.of Specifically, 53 percent of organizations in the overall Similarly, 73 percent respondents in high automation sample had more than one data breach, while less than half (49 percent) in the high automation organizations had organizations had more thanmore one. than one cybersecurity incident in the past two years, but 79inpercent of respondents overSimilarly, 73 percent of respondents high automation organizations in hadthe more than one cybersecurity incident in the past two years, but 79 percent of respondents in the overall sample all sample had more than one cybersecurity incident. had more than one cybersecurity incident. Figure 3. If yes, how frequently did these incidents occur?

Figure 3. If yes, how frequently did these incidents occur? Data breach 60%

The extensive use of automation and its impact on cyber resilience

50%

his section compares the findings of the 23 percent of respondents who self-reported their organizations use Part 2. Key Findings automation extensively (high automation) vs. the 77 percent Ponemon Institute surveyed 3,655 IT and IT security professionals in the following countries: of respondents who useIndia, automation moderately, insignifiAustralia, Brazil, Canada, Germany, France, Japan, the Middle East (UAE/Saudi Arabia), Southeast Asian countries (ASEAN), the United Kingdom and the United States. In this section of cantly, at all (overall sample). the report, we provideor annot analysis of the key findings. The complete audited findings are Automation reduces the likelihood of a data breach The extensive use of automation and its impact on cyber resilience Collaboration between privacy and cybersecurity to improve cyber resilience cybersecurity incident Steps taken to achieve cyber resilience The characteristics of organizations with a high degree of cyber resilience

50% 38%36%

40% 30%

30% 20% 10% 0%

20%

11% 9% 2% Once

2 to 3 times

4 to 5 times

High automation

27% 21%

28% 26%

Once

2 to 3 times

33% 28% 20% 17%

10% 0%

> 5 times

Overall

High automation

4 to 5 times

> 5 times

Overall

and

According to Figure 2, 57 percent of respondents in vs. For the first time in our research on cyber resilience, we include the impact of automation 50 percent in the high automation sample experienced a on cyber resilience. In this section, we compare the findings of the 23 percent of respondents who self-reported their organizations use automation extensively automation) vs.disrupthe 77 cybersecurity incident that resulted in(high a significant percent of respondents who use automation moderately, insignificantly or not at all (overall sample). tion to their organizations’ IT and business processes. SimiAutomation reduces thethan likelihood breach and cybersecurity incident. According larly, less halfofofa data organizations that use automation exto Figure 2, 57 percent of respondents in organizations that do not use automation extensively tensively percent) had a data abreach vs. incident the 55thatpercent vs. 50 percent in the high(48 automation sample experienced cybersecurity resulted in a significant disruption to their organizations’ IT and business processes. Similarly, less than half who did in the overall sample. of organizations that use automation extensively (48 percent) had a data breach vs. the 55 2.1 The extensive use of automation and not its impact cyber resilience organizations that do use onautomation extensively

percent who did in the overall sample.

Figure 2. Did your organization have a data breach or

Figure 2. Did your organization have a data breach or cybersecurity incident in the past two years?cybersecurity incident in the past two years? Yes responses presented

Yes responses presented

Companies can achieve significant improvements in their cyber resilience with automation Respondents were asked to rate their organizations’ cyber resilience on a scale of 1= low to 10 = high. According to Figure 4, 72 percent of respondents with the extensive use of automation say their organizations have achieved a high level of cyber resilience, while 54 percent in the overall sample report they have high cyber resilience. Organizations with the extensive use of cyber resilience also rate their abilCompanies can achieve significant improvements in their cyber resilience with automation. Respondents wererespond asked to rate theircontain organizations’ cyber resilienceas on a scale of 1 ity to prevent, detect, and a cyberattack = low to 10 = high. According to Figure 4, 72 percent of respondents with the extensive use of automation say their organizations have achieved highrespondents. level of cyber resilience, while 54 much higher than the overall samplea of percent in the overall sample report they have high cyber resilience. Organizations with the extensive use of cyber resilience also rate their ability to prevent, detect, respond and contain a cyberattack as much higher than the overall sample of respondents.

50%

Did your organization have a cybersecurity incident that resulted in a significant disruption to your organization’s IT and business processes?

51% 47%

40%

presented in the Appendix of this report. We have organized the findings according to the following topics: 1. 2. 3. 4.

Cybersecurity incident 60%

Figure 4. Automation improves cyber resilience and the ability

to prevent, detect, contain andresilience respondand tothe a cyberattack Figure 4. Automation improves cyber ability to prevent, detect, contain and respond to aResearch cyberattack Ponemon Institute© Report Page 4

57%

From 1 = low to 10 = high, 7+ responses presented

80% Did your organization have a data breach involving the loss or theft of more than 1,000 records containing sensitive or confidential customer or business information?

48%

10%

High automation

20%

30%

40%

50%

69%

70% 60%

55%

76%

72%

60%

54%

74%

68% 53%

53%

50% 70%

Overall

49%

40% 30% 20% 10%

Automation reduces the frequency of data breaches and cybersecurity incidents Companies that extensively use automation are more Ponemon Institute© Research Report

Cyber resilience

Page 3

SecurityLink India ■ August 2019

Prevent a cyber attack

Detect a cyber attack

High automation

Respond to a cyber attack

Overall

Contain a cyber attack

report

Automation increases awareness of the importance of having skilled cybersecurity professionals As shown in Figure 5, 86 percent of respondents in organizations with the extensive use of automation are more likely to recognize the importance of having cyber security professionals in their CSIRP and are not as likely to have Automation increases awareness of the importance of having skilled cybersecurity difficulty hiring5, these professionals. professionals. As shownin in Figure 86 percent of respondents in organizations with the

extensive use of automation are more likely to recognize the importance of having cybersecurity professionals in their CSIRP and are not as likely to have difficulty in hiring these professionals.

Figure 5. The importance of having skilled cybersecurity

Figure 5. The importance of having skilled cybersecurity professionals and the difficulty in professionals and the difficulty in hiring them hiring them From 1 = low From to 10 = high, 7+ responses 1 = low to 10 =presented high, 7+

responses presented

86%

The importance of having skilled cybersecurity professionals in your cyber security incident response plan (CSIRP)

79%

75%

Automation increases awareness of the importance of having skilled cybersecurity professionals. As shown in Figure 5, 86 percent of respondents in organizations with the extensive use of automation are more likely 0% to recognize of having cybersecurity 10% 20% the 30%importance 40% 50% 60% 70% 80% 90%100% professionals in their CSIRP and are not as likely to have difficulty in hiring these professionals. High automation

Overall

Figure 5. The importance of having skilled cybersecurity professionals and the difficulty in Organizations hiring them with the extensive use of automation are maximizing the benefits of threat sharing advanced Figure 6 presents the differences between organizations From 1 =and low to 10 = high, technologies. 7+ responses presented Organizations with the extensive use of automation are in highly automated organizations and the overall sample of respondents. In every case, respondentsmaximizing in organizations that more likely to believe theextensively benefitsuseofautomation threat are sharing and advanced intelligence and threat sharing, DevOps and secure SDLC, analytics and artificial intelligence are 86% importance ofin having skilled cybersecurity theThe most effective being able to achieve cyber resilience. Threat sharing and the use of technologies professionals in your cyber security incident advanced technologies enable organizations to better understand the cybersecurity risks they response plan (CSIRP) 79% face, and, as a result, the organizations better able to prevent, detect, contain and respond to Figure 6 presentsarethe differences between organizations attacks.

in highly automated organizations and the overall sample

Figure 6. What security technologies are most effective in the ability to achieve cyber of inrespondents. every case, respondents in60% organizations resilience? The difficulty hiring and retainingIn skilled IT More than one response permitted security personnel

that extensively use automation are more likely to75%believe 60% intelligence and57% threat sharing, DevOps and secure SDLC, 60% 53% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90%100% analytics and artificial47% intelligence are the most effective in 45% 50% High automation Overall being able to achieve cyber resilience. Threat sharing and the 40% 33% 32% Organizations with the extensive use of automation are maximizing the benefits of threat use of advanced technologies enable organizations to better 30% sharing and advanced technologies. Figure 6 presents the differences between organizations 20% in highly automated organizations and the overall sample of respondents. In every case, 20% understand the risks they face, and as a result, respondents in organizations thatcybersecurity extensively use automation are more likely to believe intelligence and threat sharing, DevOps and secure SDLC, analytics and artificial intelligence are 10% the organizations are better able to prevent, detect, contain the most effective in being able to achieve cyber resilience. Threat sharing and the use of advanced technologies enable organizations to better understand the cybersecurity risks they 0% and respond toDevOps attacks. Intelligence and the threat and Analytics fordetect, contain Artificial and intelligence face, and, as a result, organizations aresecure better able to prevent, respond to 70%

sharing

attacks.

SDLC

cybersecurity

Figure 6. What security technologies are most effective in the High automation Overall Figure 6. What security technologies are most effective in the ability to achieve cyber ability to achieve cyber resilience? resilience?

More than one response More than one response permitted

70% Institute© Research Report Ponemon 60% 57% 60% 53% 50%

permitted Page 6

47%

45% 40% 40% 35% 35% 32% 35% 30% 28% 30% 25% 20% 15% 10% 5% Automation can reduce complexity in the IT infrastructure. Respondents were asked to 0% indicate ifWe their organizations had of the right number of security technologies or if have the right number We do not have enoughsolutions Weand have too many security there were too manysolutions which can According 7, 40 percent of security andlead to complexity. security solutions and to Figure solutions and technologies respondents in organizations automation are more likely to say their technologies that extensively use technologies

organizations have the right number of security solutions and technologies. Respondents in the overall sample are more likely to have High too many security solutions automation Overall and technologies. Figure 7. What recognize best describes your organization’s use offunction separateinsecurity technologies? Organizations the importance of the privacy achieving cyber resilience. According to Figure 8, most respondents believe that the privacy role is becoming 45% 40% increasingly important, especially due to the EU’s GDPR and theof California Consumer Privacy the privacy 40% Organizations recognize the importance 35% 35% Act. However, respondents in organizations32% that extensively use automation are more likely than 35% 30% 28% function in achieving cyber resilience the overall sample to recognize the importance of aligning the privacy and cybersecurity roles in 30% their organizations (71 percent vs. 62 percent). 25% 20%

According to Figure 8, most respondents believe that

Figure 8. The importance of privacy and aligning privacy and cybersecurity roles to 15% privacy role is becoming increasingly important, espethe achieving cyber resilience within your organization 10% Essential and Very important responses combined 5% 80% 0% We have the66% right number of We do not have enough 65% 70% security solutions and security solutions and technologies technologies 60%

cially due to the EU’s GDPR and the California Consum71% er Privacy Act. However, respondents in organizations thatsecurity We have too many solutions and62% technologies extensively use automation are more likely than the overall High automation of Overall sample to recognize the importance aligning the privacy 50% 40% and cybersecurity in theiroforganizations (71inpercent Organizations recognize roles the importance the privacy function achievingvs. cyber resilience. According to Figure 8, most respondents believe that the privacy role is becoming 30% 62 percent). increasingly important, especially due to the EU’s GDPR and the California Consumer Privacy

20% Act. However, respondents in organizations that extensively use automation are more likely than the overall8. sample recognize theof importance aligning the privacy and cybersecurity roles in Figure The to importance privacyofand aligning privacy and 10% their organizations (71 percent vs. 62 percent).

cybersecurity roles to achieving cyber resilience within your 0%

importance the privacy The importance of aligning the privacy Figure 8. The The importance ofofprivacy androle aligning privacy and cybersecurity roles to and organization cybersecurity roles achieving cyber resilience within your organization

Essential andimportant very important responses combined Essential and Very responses combined High automation Overall 80% 71% 66% 65% 70%

62%

50%

33%

30%

32%

40% Ponemon Institute© Research Report

20%

Page 7

30% 20%

10% 0%

Figure 7. What best describes your organization’s use of

60%

45%

40%

organizations have the right number of security solutions and technologies. Respondents in the overall sample are more likely to have too many security solutions and technologies.

separate security technologies? Figure 7. What best describes your organization’s use of separate security technologies?

60%

The difficulty in hiring and retaining skilled IT security personnel

Automation can reduce complexity in the IT infrastructure Respondents were asked to indicate if their organizations had the right number of security solutions and technologies or if there were too many which can lead to complexity. According to Figure 7, 40 percent of respondents in organizations that extensively use automation are more likely to say their organizations have the right number of security solutions and technologies. Respondents in the overall sample Automation can reduce complexity in the IT infrastructure. Respondents were asked to are more likely to have too many security solutions and techindicate if their organizations had the right number of security solutions and technologies or if there were too many which can lead to complexity. According to Figure 7, 40 percent of nologies. respondents in organizations that extensively use automation are more likely to say their

10%

Intelligence and threat sharing

DevOps and secure SDLC High automation

Ponemon Institute© Research Report

Analytics for cybersecurity

Artificial intelligence

The importance of the privacy role

Overall

High automation

SecurityLink ■ August 2019 PageIndia 6

The importance of aligning the privacy and cybersecurity roles Overall

report

Collaboration between privacy and cybersecurity to improve cyber resilience Alignment between privacy and cybersecurity reduces turf issues and increases efficiency As previously discussed, most respondents (62 percent) recognize the importance of the privacy role and the alignment of privacy and cybersecurity roles in achieving cyber 2.2 Collaboration between privacy and cybersecurity to improve cyber resilience resilience. As shown in Figure 9, of these respondents, 63 Alignment between privacy and cybersecurity reduces turf issues and increases saydiscussed, such alignment reduces silo recognize and turftheissues fol-of efficiency. percent As previously most respondents (62 percent) importance the privacy role and the of privacy andand cybersecurity roles in achieving cyber privaresilience. lowed byalignment less redundancy more efficiency in both As shown in Figure 9, of these respondents, 63 percent say such alignment reduces silo and turf issues followed by less redundancy and more efficiency in both privacy and cybersecurity cy and cybersecurity operations.

operations.

Alignment between privacy and cybersecurity reduces turf issues and increases efficiency. As previously discussed, most respondents (62 percent) recognize the importance of 63% Reduction in silos and turf issues the privacy role and the alignment of privacy and cybersecurity roles in achieving cyber resilience. As shown in Figure 9, of these respondents, 63 percent say such alignment reduces silo and turf issues followed by less andinmore Less redundancy andredundancy more efficiency both efficiency in both privacy and cybersecurity 60% operations. privacy and cybersecurity operations 49%

Reduction in silostrustworthiness and turf issues Increase in perceived

63%

48%

20%

30%

40%

50% 60% 49%

70%

The good news is that most organizations have a chief

Other current 2% Figure 10. How long has your organization’s CPO or privacy leader held their position? privacy officer (73 percent of respondents), as shown in Fig-

0% percent 10% 20%of 30% 40% 50% say 60% they 70% ure 10. However, only 23 respondents Most organizations have leader. The good news is that most organizations have a More athan 10 years have been inprivacy that position for a 9% significant length of time chief privacy officer (73 percent of respondents), as shown in Figure 10. However, only 23 percent of respondents say 7 they have been in that position for a significant length of time (more (more than years).

7 to 10 years

14%

Figure 10. How long10. hasHow your long organization’s current CPO or privacy leader held their Figure 4 to 6 yearshas your organization’s current 20%CPO or position? privacy leader held their position?

11%

Full-time equivalent (FTE) headcount of your privacy function today

What the full-time equivalent (FTE) privacy headcount should be to achieve cyber resilience

10%

Steps taken to achieve cyber resilience Cyber resilience reaches a new high Figure 12 shows the trends in cyber resilience and the ability to prevent, detect, contain and respond to a cyberattack. When asked to rate their cyber resilience on a scale 2.3 taken cyber to achieve cyber resilience ofSteps 1 = low resilience to 10 = high cyber resilience, 54 Cyber resilience reaches a new high. shows the trends in cyberhigh, resilience percent of respondents say Figure cyber12resilience is very a and the ability to prevent, detect, contain and respond to a cyberattack. When asked to rate their cyber resilience on a scale of 1 = low cyber last resilience to 10 study. = high cyber 54 percent significant increase from year’s Theresilience, majority of of

respondents say cyber resilience is very high, a significant increase from last year’s study. The majority of respondents rate their ability to prevent (53 percent), detect (53 percent), contain (49 percent) and respond (53 percent) to a cyberattack as very high.

Figure 12. Cyber resilience and the ability to prevent, detect, 1 = low ability to 10 = high ability, 7+ responses reported

1 = low ability to 10 = high ability, 7+ responses reported

50%

14%

27%

20%

1.00

60%

Currently, we don’t have a CPO or privacy 4 to 6leader years 0%

2.50

contain and respond cyberattack Figure 12. Cyber resilience to andathe ability to prevent, detect, contain and respond to a cyberattack

19%

Less than 1 year 7 to 10 years

1 to 3 years

3.21

3.00

60%

1 to 3 years More than 10 years

3.50

1.50

Most organizations have a privacy leader. The good news is that most organizations have a chief privacy officer (73 percent of respondents), as shown in Figure 10. However, only 23 48% Increase in perceived percent of respondents say theytrustworthiness have been in that position for a significant length of time (more than 7 years). Most organizations have a privacy leader

than 7 years).

3.95

4.00

2.00

Figure 9. If alignment is essential or very important, why? More effective approach to compliance with data More than one response permitted protection regulations (such as GDPR)

10%

Figure 11. Average full-time headcount of the organization’s

Figure 11. Average full-time organization’s privacy function today and privacy function todayheadcount and whatofitthe should be what it should be 4.50

More than one response permitted

More effective approach to compliance with data 0% protection regulations (such as GDPR)

a need to increase staff to help achieve compliance. Only slightly more than half of respondents (54 percent) say their organizations have achieved full compliance with GDPR.

Extrapolated valuesvalues presentedpresented Extrapolated

9. isIf essential alignment is essential or very important, why? Figure 9. If Figure alignment or very important, why? 2.2 Collaboration between privacy and cybersecurity to improve cyber resilience More than one response permitted

Less redundancy and more efficiency in both Other privacy and cybersecurity operations

Privacy functions are slightly understaffed With the many data protection regulations organizations must comply with, a fully staffed privacy function is essential. According to Figure11, the average headcount in the privacy function is about 3, but ideally, it should be a headcount of 4. Because of new regulations such as the EU’s GDPR and the California Privacy Act, there is a need to increase staff to help achieve compliance. Only slightly more than half of rePrivacy functions are slightly understaffed. With the many data protection regulations spondentsmust (54comply percent) have achieved organizations with, asay fully their staffed organizations privacy function is essential. According to Figure 11, the average headcount in the privacy function is about 3, but ideally, it should be a headcount compliance with GDPR. offull 4. Because of new regulations, such as the EU’s GDPR and the California Privacy Act, there is

15%

20% 19%

48%

54%

55% 53%

49%

52% 53%

53%

50% 49%

40% 40% 32% Ponemon Institute© Research Report

54% 53%

Page 9

30%

25%

30%

20% 10%

Less than 1 year

11%

Ponemon Institute© Research Report Currently, we don’t have a CPO or privacy leader

Page 8

42 Ponemon Institute© Research Report

Cyber resilience

27% 5%

10%

15%

20%

25%

30%

SecurityLink India ■ August 2019 Page 8

Prevent a cyber attack

Quickly detect a cyber attack

Contain a cyber attack

* Response not available in 2016

FY2016

FY2017

FY2018

Respond to a cyber attack *

improved or improved over the past 12 months and specific metrics are used to understand the

The prevention of cyberattacks is mostly used to measure improvements in cyber reasons for improvement. resilience. Forty-four percent of respondents say their organizations’ cyber resilience significantly improved or improved over the past 12 months and specific metrics are used to understand the reasons Accordingfortoimprovement. Figure 14, 55 percent of respondents say improvements are tracked by the number

report

of cyberattacks prevented. This is followed by time to identify the incident and time to contain the

respondents rate their ability to prevent (53 percent), detect (53 percent), contain (49 percent) and respond (53 percent) to a cyberattack as very high. To improve cyber resilience, organizations focus on people, process and technologies Forty-four percent of respondents say their organizations’ cyber resilience has significantly improved or has improved in the past 12 months. These respondents cite a variety of steps taken to becoming more cyber resilient. The most important (62 percent of respondents) say they added skilled personnel, and 57 percent of respondents say their To improve cyber resilience, organizations focus on people, process and technologies. Forty-four percent of respondentstechnologies say their organizations’ cyber greater resilience has significantly organizations’ enabled visibility into improved or has improved in the past 12 months. These respondents cite a variety of steps taken andThe data assets. Fifty-six percent of respondents to becomingapplications more cyber resilient. most important (62 percent of respondents) say they added skilled personnel, and 57 percent of respondents say their organizations’ technologies say their organizations’ governance practices improved. enabled greater visibility into applications and data assets. Fifty-six percent of respondents say their organizations’ governance practices improved.

Figure 13. Steps taken significantly cyber resilience Figure 13.toSteps taken improve to significantly improve

cyber resilience 61% 62%

Hiring skilled personnel

57% 57%

Visibility into applications and data assets

60% 56%

Improved information governance practices Implementation of new technology, including cyber automation tools such as artificial intelligence and machine learning

47% 50% 39% 40%

Elimination of silo and turf issues

39% 36%

Engaging a managed security services provider

29% 28%

Training for end-users

23% 24%

C-level buy-in and support for the cybersecurity function

0% FY2017

10%

20%

30%

improvements?

More than one response response permitted More one response More thanthan one permitted

permitted

Cyber attacks prevented

55%

Cyber attacksthe prevented Time to identify incident

55% 51%

Time to contain the incident

48%

Time to identify the incident

Increased productivity of employees

to contain the incident DataTime center availability (uptime)

48%

27%

Increased revenues Increased productivity of employees

22%

Enhanced reputation and trustworthiness

22%

Data centerIncreased availabilityshare (uptime) value

16%

Decreased operating cost Increased revenues

31%

27%

15% 22%

Increased market share

12%

Enhanced reputation and trustworthiness Other Increased share value

51%

31%

1% 0%

10%

22%

16% 20%

30%

40%

50%

40%

50%

60%

70%

FY2018

The prevention of cyberattacks is mostly used to measure improvements in cyber resilience Forty four percent of respondents say their organizations’ cyber resilience significantly improved, or improved over the past 12 months and specific metrics are used to understand the reasons for improvement. According to Figure 14, 55 percent of respondents say improvements are tracked by the number of cyberattacks prePonemon Institute© Research Page 11 vented. ThisReport is followed by time to identify the incident and time to contain the incident (51 percent and 48 percent of respondents, respectively).

60%

Funding for cyber resilience activities is predicted to remain stagnant. More resources are Decreased operating cost 15% needed to fund cyber resilience activities. Only 33 percent of respondents say funding for IT securityFunding is sufficient to achieve a high level of cyber resilience. is predicted to for cyber resilience activities

Increased market share

12%

remain stagnant Respondents were asked what their organizations’ 2019 budget will be for cyber security and Other 1% cyber resilience. As shown in Table 1, the average budget for cyber resilience will hardly increase More resources are needed to fund cyber resilience acfrom $3.4 to $3.6 million. 0%respondents 10% 20% say30% 40% for50% tivities. Only 33 percent of funding IT 60% Table 1. Budget for cybersecurity and cyber resilience activities security isaverage sufficient to achieve a high level of cyber Extrapolated (millions) 2019stagnant. 2017 Funding for cyber resilience activities is predicted to remain Moreresilresources2016 are Cybersecurity budget $11.6 $11.3 $11.4 needed to fund cyber resilience activities. Only 33 percent of respondents say funding for IT ience. Percentage allocated to cyber resilience activities 31% 30% 30% security is sufficient to achieve level what ofresilience cybertheir resilience. TotalRespondents average budget allocated to cyber $3.6 $3.42019 $3.4 werea high asked organizations’ budget will be for cyber security and cyber resilience. As Respondents were asked what their organizations’ 2019 budget will be for cyber security and shown in Table 1, the average budget for cyber resilience will cyber resilience. As shown in Table 1, the average budget for cyber resilience will hardly increase hardly from $3.4 toincrease $3.6 million.from $3.4 to $3.6 million.

Ponemon Institute© Research Report

15% 17%

Board-level reporting on the organization’s cyber resilience

Figure 14. Figure 14. How How does doesyour yourorganization organizationmeasure measureyour yourimprovements? improvements?

Table 1. Budget for cybersecurity and cyber resilience activities Extrapolated average (millions) 2019 2017 Cybersecurity budget $11.6 $11.3 Percentage allocated to cyber resilience activities 31% 30% Total average budget allocated to cyber resilience $3.6 $3.4

30% 29%

Training and certification for Cybersecurity staff

According to Figure 14, 55 percent of respondents say improvements are tracked by the number of cyberattacks prevented. is followed by time respectively). to identify the incident and time to contain the incident (51 percent and 48 This percent of respondents, incident percent 48 percent of respondents, respectively). Figure(5114. Howand does your organization measure your

2016 $11.4 30% $3.4 Page 12

Identity management and authentication technologies are key to achieving a high level of cyber resilience In addition to people and processes, the right technologies are essential for achieving cyber resilience. As shown in Figure 15, IAM continues to be considered the most effective technology for cyber resilience (69 percent of respondents). The effectiveness of security information and event management (SIEM) has increased significantly from 41 percent to 56 percent of respondents. Incident response platforms are considered the third most effective technology. For the first time, cryptographic technologies and intelligence and threat sharing were Ponemon Institute© Research Report Page 12 included. Fifty five percent and 53 percent of respondents respectively say these technologies are effective, respectively.

SecurityLink India ■ August 2019

achieving cyber resilience. As shown in Figure 15, IAM continues to be considered the most effective technology for cyber resilience (69 percent of respondents). The effectiveness of security information and event management (SIEM) has increased significantly from 41 percent to 56 percent of respondents. Incident response platforms are considered the third most effective technology. For the first time, we included cryptographic technologies and intelligence and threat sharing. Fifty-five percent and 53 percent of respondents respectively say these technologies are effective, respectively.

report

Figure The eight security most effective security technologies Figure 15. The eight15. most effective technologies Twenty-two technologies weretechnologies listed in the survey instrument Twenty-two were listed

in the survey instrument

71% 70% 69%

Identity management & authentication 41% 41%

Security information & event management

56% 58% 53% 56%

Incident response platform Cryptographic technologies *

55% 53%

Anti-malware solution (AVAM)

59% 53%

Intelligence and threat sharing *

53% 52% 52% 50%

Network traffic surveillance Intrusion detection & prevention

44% 0%

58% 55%

10% 20% 30% 40% 50% 60% 70% 80% * Response not available in FY2016 & FY2017

FY2016

FY2017

with government and industry peers about data breaches and incident response.

Figure 16. Does your organization participate in anforinitiative Figure 16. Does your organization participate in an initiative or program sharing program for sharing information with government informationorwith government and/or industry peers about cyber threats and and/or Ponemon Institute© Research Report Page 13 vulnerabilities? industry peers about cyber threats and vulnerabilities? 60%

53%

56% 47%

50%

Figure your organization share about information aboutexperience Figure 17.17. WhyWhy doesdoes your organization share information its data breach its incident data breach experience and incident response plans? and response plans? Three choices allowedallowed Three choices

33% 32%

Fosters collaboration among peers, industry groups and government

FY2018

Sharing threat intelligence improves cyber resilience As shown in Figure 16, 56 percent of respondents say their organizations participate in an initiative or program for sharing information with government and industry peers Sharing threat intelligence improves cyber resilience. As shown in Figure 16, 56 percent of respondentsabout say their organizations participate in an initiative or program for sharing information data breaches and incident response.

57%

industry groups and the government; this is an increase from 32 percent of respondents in 2017. For the first time, when asked if threat intelligence sharing improves cyber resilience and the ability to detect, contain and respond to security incidents, a significant percentage of respondents (58 percent) Insay thisthese year’s research, there have been significant changes why organizations are are important reasons to share threatinintelligence. participating in threat intelligence. As shown in Figure 17, more respondents (58 percent) say Two benefits declined among significantly. These areandthreat their organizations benefithave from collaboration peers, industry groups the government; this is an increase from 32 percent of respondents in 2017. For the first time, asked if threat intelligence sharing improves the effectiveness of theweinciintelligence sharing improves cyber resilience and the ability to detect, contain and respond to dent response plan andpercentage reducesof the cost of(58detecting security incidents. A significant respondents percent) sayand thesepreare important reasons to share intelligence.A possible reason for the decline is venting datathreat breaches. that organizations believe improvements in incident response Two benefits have declined significantly. These are threat intelligence sharing improves the plans andofthe abilityresponse to reduce thereduces cost the of cost detecting and effectiveness the incident plan and of detecting andprepreventing data breaches. reason for the that organizations ventingA possible data breaches aredecline best isachieved usingbelieve theirimprovements in-house in incident response plans and the ability to reduce the cost of detecting and preventing data breaches are expertise. best achieved using their in-house expertise.

Improves the ability to detect, contain and respond *

58%

Improves the cyber resilience of my organization *

58% 53% 57% 55%

Enhances the timeliness of incident response Improves the effectiveness of our incident response plan

52%

44%

75% 72%

52% 58% 46%

Reduces the cost of detecting and preventing data breaches 43%

58%

0% 10% 20% 30% 40% 50% 60% 70% 80%

40%

* Response not available in 2016 & 2017

30%

FY2016

FY2017

FY2018

20% 10% 0%

Yes

No FY2016

FY2017

FY2018

In this year’s research, there have been significant changes in why organizations are participating in threat intelligence As shown in Figure 17, more respondents (58 percent) say their organizations benefit from collaboration among peers, 44

If they don’t share, it is mostly due to not understanding the benefits Forty-four percent of respondents say their organizations do not share threat intelligence. According to Figure 18, 73 percent of these respondents, an increase from 40 percent of respondents, believe there is no perceived benefit to their organization. Lack of resources, cost and risk of the exposure of sensitive and confidential information (60 percent, 53 percent and 52 percent of respondents, respectively) are other reasons for not participating in a threat-sharing program.

Ponemon Institute© Research Report

SecurityLink India ■ August 2019

Page 15

respondents say their organizations do not share threat intelligence. According to Figure 18, 73 percent of these respondents, an increase from 40 percent of respondents, believe there is no perceived benefit to their organization. Lack of resources, cost and risk of the exposure of sensitive and confidential information (60 percent, 53 percent and 52 percent of respondents, respectively) are other reasons not participating in a threat-sharing program. in a Figure 18. Why for doesn’t your organization participate

report

threat-sharing program?

Figure 18. Why doesn’t your organization participate in a threat-sharing program? Four responses permitted Four responses

permitted

No perceived benefit to my organization

42% 40%

Lack of resources

42% 43% 33% 33%

Cost

52%

21% 19%

Anti-competitive concerns

43%

10% 11%

Potential liability of sharing

43%

16% 16%

Lack of incentives

39%

11% 9%

Do not know about options to share intelligence

34%

4% 4% 3%

Other

60% 53%

22% 24%

Risk of the exposure of sensitive and confidential information

73%

0% 10% 20% 30% 40% 50% 60% 70% 80% FY2016

FY2017

FY2018

The characteristics of organizations with a high degree of cyber resilience

s part of this research, it is identified organizations represented in this study that self-reported having achieved a high level of cyber resilience and are better able to mitigate risks, vulnerabilities and attacks. These organizations are refered as high performers. Of the 3,655 organizations represented in this study, 960 respondents (26 percent of the total sample) self-reported 9+ on a scale of 1 = low resilience to 10 = high resilience. Respondents from these organizations are much more confident in the strength of their security posture compared to those 2.4 The characteristics of organizations with a high degree of cyber resilience who self-reported they have not achieved a state of high As part of this research, we identified organizations represented in this study that self-reported having achieved a high level of cyber resilience and are better to mitigate risks, cyber resilience. They are referred toable as average performers.

vulnerabilities and attacks. We refer to these organizations as high performers. In this section, we analyze how these organizations are able to achieve a higher cyber resilience security posture. Of the 3,655 organizations represented in this 960 respondents (26 percent of the total Ponemon Institute© Research Report Page High performers arestudy, significantly more confident in 16 sample) self-reported 9+ on a scale of 1 = low resilience to 10 = high resilience. Respondents from these their organizations are to much more confident in thecontain strength ofand their security posture ability prevent, detect, recover from a compared to those who self-reported they have not achieved a state of high cyber resilience. cyberattack They are referred to as average performers.

in Figure 19, 71inpercent of to respondents incontain high High performersAs areshown significantly more confident their ability prevent, detect, and recover from a cyberattack. As shown in Figure 19, 71 percent of respondents in high in theirwhereas ability53 performing performing organizations areorganizations highly confident inare theirhighly ability to confident prevent a cyberattack, percent of respondents from the other organizations believe they have a high ability to prevent a cyberattack. Other differences in the ability to detect, contain and respond are presented in this figure. Figure 19. Organizations confident in preventing, detecting, responding to a detecting, cyberattack Figure 19. containing Organizationsand confident in preventing, containing and responding to a cyberattack 1 = low ability to 10 = high ability, 7+ responses reported

1 = low ability to 10 = high ability, 7+ responses reported

80%

71%

69%

70% 60%

53%

49%

50%

High performers have fewer data breaches and business disruptions Respondents in high performing organizations are reporting fewer data breaches and cybersecurity incidents than other organizations. As shown in Figure 20, 57 percent of respondents in the overall sample say their organization had a cybersecurity incident that resulted in a significant disruption to their organization’s IT and business processes versus 45 percent of respondents in the high performer samples. Similarly, 55 percent of respondents in the overall sample say their High performers have fewer data breaches and business disruptions. Respondents in high performing organizations reporting fewer data breachesthe and loss cybersecurity incidents organizations had are a data breach involving or theft of than other organizations. As shown in Figure 20, 57 percent of respondents in the overall sample say their organization had a cybersecurity incident that resulted in a significant disruption to their more than 1,000 records containing sensitive or confidential organization’s IT and business processes versus 45 percent of respondents in the high performer samples. Similarly, 55 percent of respondents in the overall sample say their organizations had a customer or business information versus 41 percent of redata breach involving the loss or theft of more than 1,000 records containing sensitive or spondents in high performing organizations. confidential customer or business information versus 41 percent of respondents in high performing organizations.

High performers have fewer data breaches and business disruptions. Respondents in high Figure organization have a data breach or incident? Figure 20.20. DidDid youryour organization have a data orand cybersecurity performing organizations are reporting fewer data breach breaches cybersecurity incidents than Yes responses presented cybersecurity incident? other organizations. As shown in Figure 20, 57 percent of respondents in the overall sample say their organization had a cybersecurity incident that resulted in a significant disruption to their Yes responses organization’s IT andpresented business processes versus 45 percent of respondents in the high performer samples. Similarly, 55 percent of respondents in the overall sample say their organizations had a 45% or data breach involving the loss of more than 1,000 records containing sensitive Did your organization haveoratheft cybersecurity confidential incident thatcustomer resulted inora business significantinformation disruption toversus 41 percent of respondents in high performing organizations. your organization’s IT and business processes? 57% Figure 20. Did your organization have a data breach or cybersecurity incident? Yes responses presented

Did your organization have a data breach involving the loss or theft of more than 1,000 records containing sensitive or confidential Did your organization have a cybersecurity customer businessdisruption information? incident that resulted in a or significant to

55% 57%

Hi Performer

Did your organization have a data breach involving the loss or theft of more than 1,000

10%

20%

30%

40%

Overall

50%

60%

70%

41%

As shown in Figure 21, high performers also report fewer disruptions to business processes or IT records containing sensitive or confidential 55% operations (30customer percent 45 percent respondents). business information? As shown inorvs.Figure 21,ofhigh performers also report fewFigure 21. As a result data breaches and cybercrime incidents, how frequently er disruptions to ofbusiness processes or IT20% operations (30 per- do 0% 10% disruptions to business processes or IT services occur? 30% 40% 50% 60% 70%

Very frequently and Frequently responses combined Hi Performer Overall 50% 45% As shown in Figure 21, high performers also report fewer to business processes or IT Figure 21. As a result of data breaches anddisruptions cybercrime 45% operations (30 percent vs. 45 percent of respondents).

cent vs. 45 percent of respondents).

incidents, how frequently do disruptions to business

40% Figure 21. As aor result of data breaches and cybercrime incidents, how frequently do processes IT services occur? 35% disruptions to business processes or IT services occur? 30% Very frequently and Frequently responses combined Very frequently and Frequently responses combined 30% 45%

25% 20%

40%

15%

35%

10%

40%

30%

25%

30%

20%

0% 20%

10%

15%

45%

53%

41%

your organization’s IT and business processes?

50%

68%

63%

to prevent a cyberattack, whereas 53 percent of respondents from the other organizations believe they have a high ability to prevent a cyberattack.

High performer

Overall

10%

Prevent a cyber attack

Detect a cyber attack Contain a cyber attack High performer

Overall

Respond to a cyber attack

5% Ponemon Institute© Research Report 0% High performer

SecurityLink India ■ August 2019

Ponemon Institute© Research Report

Page 18 Overall

Page 18

report High performers believe in sharing intelligence regarding data breaches and cyber exploits. As shown in Figure 24, 69 percent of respondents in high performing organizations say their organizations share information regarding data breaches they experienced with government and industry peers.

High performers have enterprise-wide CSIRPs As shown in Figure 22, high performing organizations are far more likely to have a CSIRP that is applied consistently across the entire enterprise (55 percent of respondents vs. 23have percent of respondents), which makes thisperforming group far High performers enterprise-wide CSIRPs. As shown in Figure 22, high organizations are far more likely to have a CSIRP that is applied consistently across the a entire more likely to prevent, detect, contain and respond to cyenterprise (55 percent of respondents vs. 23 percent of respondents), which makes this group far berattack. more likely to prevent, detect, contain and respond to a cyberattack. Figure 22. Figure What best describes your describes organization’s cybersecurity incident response plan 22. What best your organization’s (CSIRP)? cybersecurity incident response plan (CSIRP)? 55%

We have a CSIRP that is applied consistently across the entire enterprise

23%

31%high performing High performers enterprise-wide We have have a CSIRP, but is not appliedCSIRPs. As shown in Figure 22, organizationsconsistently are far more likely have a CSIRP that is applied consistently across the entire across thetoenterprise 27% enterprise (55 percent of respondents vs. 23 percent of respondents), which makes this group far more likely to prevent, detect, contain and respond to a cyberattack. 9%

Our CSIRP is informal oryour “ad hoc” Figure 22. What best describes organization’s cybersecurity incident response plan 25% (CSIRP)? 5%

We have a CSIRP thatWe is applied consistently don’t have a CSIRP across the entire enterprise We have a CSIRP, but is not applied consistently across the enterprise

55%

24% 23% 0%

10%

High performer

Our CSIRP is informal or “ad hoc”

20% Overall

30%31% 40%

50%

60%

27%

25% in the overall sample Moreover, 92 percent of respondents in high performers vs. 79 percent believe in the importance of having skilled cybersecurity professionals in their CSIRP, as shown Moreover, 92 percent of5%respondents in high performers in Figure 23. We don’t have a CSIRP 24% vs. 79 percent in the overall sample believe in the importance of having skilled cybersecurity professionals in their CSIRP, 1 = low importance to 10 = high importance, 7+ responses reported High performer Overall as shown in Figure 23. 100%

Figure 23. It is very important to have skilled cybersecurity CSIRP60% 0% 10% 20% professionals 30% 40% in a50% 92%

Moreover, 92 percent of respondents in high performers vs. 79 percent in the overall sample 90% in the importance of having skilled cybersecurity professionals in their CSIRP, as shown believe Figure 23. It is very important to have skilled cybersecurity 79% in Figure 23.

80%

professionals in a CSIRP

Figure 23. It is very important to have skilled cybersecurity professionals in a CSIRP

1 = low importance to 10 = high importance, 7+ responses reported

70%importance to 10 = high importance, 7+ responses reported 1 = low 100% 60%

92%

90%

50%

70%

56% 60% 24. Does your organization Figure share information about data breaches with government or50% industry peers? 44% 40%

80%

30%

70% 20%

31%

69% 56%

10% 60% 0%

50%

Yes

40%

No High performer

Overall

44%

31%

30% management in high performers understands the correlation between cyber Senior resilience and reputation. As shown in Figure 25, high performing organizations benefit from a in high performers 20% Senior supportive senior management leadership. Specifically, 66 percent of respondentsunderstands say leaders recognize that cyber resilience affects revenues, and 56 percent of respondents say cyber resilience impacts the correlation between cyber resilience and reputation 10% and reputation. brand

in Figure 25, high results performing 0% As shown Awareness of the importance of cyber resilience in leaders organizations understanding that automation, machine learning, AI and orchestration strengthens cyber resilience. AsNo a result, respondents in Yes benefit from a supportive senior leadership. Specifically, 66 high performing organizations are more likely to have adequate funding and staffing with which to achieve cyber resilience. percent of respondents sayHigh leaders performerrecognize Overall that cyber re-

Figure 25. Senior management’s about the positive impact of cyber silience affects revenues,awareness and 56 percent of respondents sayresilience on the enterprise Senior management in high performers understands the correlation between cyber Strongly agree and Agree responses combined

cyber resilience impacts brand and25,reputation. resilience and reputation. As shown in Figure high performing organizations benefit from a supportive senior leadership. Specifically, 66 percent of respondents say leaders recognize that Awareness of the importance of cyber resilience results 66% Leaders recognize that cyber resilience affects cyber resilience affects revenues, and 56 percent of respondents say cyber resilience impacts revenues in leaders understanding that automation, machine learning, 61% brand and reputation.

Leaders that automation, machine AI and recognize orchestration strengthen cyber resilience. As a re65% learning, artificial intelligence and orchestration 60% strengthens ourhigh cyber resilience Awareness of the importance of cyber resilience results in leaders understanding that automation, sult, respondents in performing organizations are more machine learning, AI and orchestration strengthens cyber resilience. As a result, respondents in 62% Leadersto recognize that enterprise risks affect likely adequate funding with and which high performinghave organizations are more likely toand have staffing adequate funding staffingtowith cyber resilience 56%which to achieve cybercyber resilience. achieve resilience. 56%

Leaders recognize that cyber resilience affects brand and reputation

49% Figure 25.25. Senior management’s awareness about the positive of cyber resilience Figure Senior management’s awareness about impact the positive onimpact the enterprise of cyber resilience on the0% enterprise 10% 20% 30% 40% 50% 60% 70%

Strongly agree and Agree responses combined Strongly agree and Agree responses combined High performer Overall

66% Page 20 61%

Leaders recognize that cyber resilience affects revenues

Ponemon Institute© Research Report

Leaders recognize that automation, machine learning, artificial intelligence and orchestration strengthens our cyber resilience

79%

80%

High performers believe in sharing intelligence regarding data breaches and cyber Figure 24. Does your organization share information about with government Figure 24.AsDoes your organization share information about dataperforming breaches organizations exploits. shown in Figure 24, 69 percent of respondents in high say data breaches or industry peers? with government or industry peers? their organizations share information regarding data breaches they experienced with government 80% and industry peers. 69%

40%

70%

30% 60%

65% 60% 62%

Leaders recognize that enterprise risks affect cyber resilience

20% 50% 40% 10% 30%

20%

High performer

Overall

56% 56%

Leaders recognize that cyber resilience affects brand and reputation

10%

49% 0%

High performer

Overall

High performers believe in sharing intelligence regarding data breaches and cyber exploits As shown in Figure 24, 69 percent of respondentsPage in 19 Ponemon Institute© Research Report high Research performing Ponemon Institute© Report organizations say their organizations share Page 19 information regarding data breaches they experienced with government and industry peers. 46

10% 20% 30% 40% 50% 60% 70%

High performer

Overall

High performers believe complexity in the IT infrastructure reduces visibility, and as a result, cyber resilience As shown in Figure 26, 60 percent of high performers vs. 48 percent of the overall sample believe too many separate security solutions and technologies increase operational

Ponemon Institute© Research Report

SecurityLink India ■ August 2019

Page 20

report

High performers believe complexity in the IT infrastructure reduces visibility and, as a performers areof result, cybercomplexity resilience. As and shownreduce in Figurevisibility. 26, 60 percentThese of high high performers vs. 48 percent the overall sample believe too many separate security solutions and technologies increase also able to have more funding and staff. operational complexity and reduce visibility. These high performers are also able to have more funding and staff. Figure 26. Differences in the ability to achieve a high level of Figure 26. Differences in the ability to achieve a high level of cyber resilience cyber resilience Strongly agree and Agree responses combined

Strongly agree and agree responses combined

Too many separate security solutions and technologies are deployed which increases operational complexity and reduces visibility

60% 48%

high value on automation, according to Figure 28.

43% and, as a High performers believeis complexity in the IT infrastructure reduces visibility Funding for cybersecurity sufficient to achieve result, cyber resilience. Asofshown in Figure 26, 60 percent of high performers vs. 48 percent of a high level cyber resilience 33% the overall sample believe too many separate security solutions and technologies increase operational complexity and reduce visibility. These high performers are also able to have more funding and staff. 41% Staffing for cybersecurity is sufficient to achieve a high level of cyber resilience Figure 26. Differences in the ability to achieve a high level of cyber 30% resilience Strongly agree and Agree responses combined

0% 10% 20% 30% 40% 50% 60% 70% Too many separate security solutions and 60% High performer Overall technologies are deployed which increases 48% operational complexity and reduces visibility

High performers are more likely to reduce complexity in their IT infrastructures. According to Figure 27, more than half of respondents in high performing organizations (53 percent) vs. only High performers are more likely to reduce complexity 30Funding percentforofcybersecurity respondentsis insufficient the overall sample say their organizations have 43% the right number of to achieve a high level of cyber resilience security solutions and technologies to achieve cyber resiliency. Specifically, in their IT infrastructures 33% high performers have an average of 39 solutions vs. an average of 45 solutions in the overall sample. The right number According to Figure 27, more than half of respondents of security solutions can be based upon the ability to meet the goals of the security program with inin-house high performing organizations (53 percent) vs. only 30 theStaffing necessary expertise to toleverage for cybersecurity is sufficient achieve investments in technologies. 41% a high of levelrespondents of cyber resilience in the overall sample percent say their or30%

Figure 27. What one statement best describes the number of separate security ganizations have the right number of security solutions technologies deployed by your organization

0% 10% 20% 30% 40% 50% 60% 70% and technologies to achieve cyber resiliency. Specifically, High performer Overall of 39 solutions vs. an high performers have an average 53% We have the right number of security solutions average of likely 45 in the in overall sample. TheAccording right andperformers technologies to achieve cybersolutions resilience High are more to reduce complexity their IT infrastructures. 30% to Figure 27,number more thanof halfsecurity of respondents in high performing organizations (53 percent) vs. only solutions can be based upon the ability 30 percent of respondents in the overall sample say their organizations have the right number of to meet the goalsto of the cyber security program with necessecurity solutions and technologies achieve resiliency. Specifically, high the performers have 24% do not have enough security solutions and anWeaverage of 39 solutions vs. an average of 45 solutions in the overall sample. The right number sary toin-house to leverage investments in techtechnologies achieve cyberexpertise resilience of security solutions can be based upon the ability to meet the goals of the35% security program with nologies. the necessary in-house expertise to leverage investments in technologies.

FigureWe 27.have What statement best describes thebest number of23% separate security tooone many security and Figure 27. Whatsolutions one statement describes the number of technologies deployed by your organization technologies to achieve cyber resilience separate security technologies deployed by your 35%organization 10% 20% We have the right number of security solutions0% and technologies to achieve cyber resilience High performer Overall

30%

40%

50% 53% 60%

30% 24%

We do not have enough security solutions and technologies to achieve cyber resilience

35%

Ponemon Institute© Research Report

Page 21 23%

We have too many security solutions and technologies to achieve cyber resilience

35% 0%

10%

High performer

20%

30%

40%

50%

High performers are more likely to value automation in achieving a high level of cyber resilience When asked to rate the value of automation on a scale of 1 = low value to 10 = high value, 90 percent of respondents say automation is highly valuable to achieving cyber resilience (7+ responses on the 10 point scale), while 75 percent High performers are more likely to value automation in achieving a high level of cyber of the overall sample theyofplace a high resilience. When asked to ratesay the value automation on a value scale of on 1 = automalow value to 10 = high value, 90 percent of respondents say automation is highly valuable to achieving cyber resilience tion, according to Figure 28. (7+ responses on the 10-point scale), while 75 percent of the overall sample say they place a

60%

Figure 28. Please rate the value of automation on achieving a high 28. level of cyber Figure Please rate theresilience value of automation on achieving a high level of cyber resilience FromFrom 1 = low1value to 10 = hightovalue On Ona scale a scale = low value 10 = high value High performers are more likely to value automation in achieving a high level of cyber 47% 50% resilience. When asked to rate the value of automation on a scale of 1 = low value to 10 = high 43% to43% High arerespondents more likelysay to value automation achieving a high level of cyber value, 90 percent of automation is highlyinvaluable achieving cyber resilience 45% performers resilience. When asked to ratescale), the value of 75 automation a scale 1 = lowsay value to place 10 = high (7+ responses on the 10-point while percent ofonthe overallofsample they a 40% value,value 90 percent of respondents saytoautomation high on automation, according Figure 28.is highly valuable to achieving cyber resilience 32% a 35% (7+ responses on the 10-point scale), while 75 percent of the overall sample say they place high 30%value on automation, according to Figure 28. Figure 28. Please rate the value of automation on achieving a high level of cyber resilience 25% On a scale From 1 = low value to 10 = high value Figure 28. Please rate the value of automation on17% achieving a high level of cyber resilience 20% 47% 50% On a scale From 1 = low value to 10 = high value 15% 43% 43% 9% 45% 47% 50% 10% 40% 45% 5% 35% 40% 0% 30% 35%

1 or 2

25% 30%

43% 43%

3 or 4

32% 5 or 6

32% 9 or 10

High performer

Ponemon 0% Institute© Research Report Yes, significant use Yes, moderate use

Overall

High performer

Page 21

7 or 8

Overall 17% Because the value of automation, they are more likely 20% 15% high performers are more likely to perceive17% 9% 29, 82 percent of high performer organizations to use Because automation extensively. As shown inare Figure high performers more likely to perceive the 15% 10% are using automation significantly or6% moderately. 9%Seventy-one percent of respondents in the 2% 10% value of automation, they are more likely to use automation 6% overall sample have this level of usage. 5% 1% 0% 2% 5% 1% 0% extensively. 0% As shown in Figure 29, 82 percent of high perFigure 29. What Include both 1 or best 2 describes 3 oryour 4 organization’s 5 or 6 use of automation? 7 or 8 9 or 10 0% artificial intelligence and machine learning as5part of automation. former organizations significantly or9 or 10 1 or 2 3are or 4 using automation or 6 7 or 8 High performer Overall moderately. Seventy-one percent of respondents in the over60% High performer Overall all sample have this level of usage. Because high performers are more48% likely to perceive the value of automation, they are more likely 48% 50% Because high performers are more likely to of automation, they are more likely to use automation extensively. As shown in perceive Figure 29,the82value percent of high performer organizations to use automation extensively. As or shown in FigureSeventy-one 29, 82 percent of high performer organizations are using automation significantly moderately. percent of respondents in the 40% are using automation significantly or moderately. Seventy-one percent of respondents in the overall sample have this leveldescribes of usage. 34% Figure 29. What best overall sample have this level of usage. your organization’s use of automation? Include both artificial intelligence and machine 30% 29. What best describes your Figure organization’s use of automation? Include both 23% learning as part of automation Figure 29. What best describes your organization’s of automation? Include both artificial intelligence and machine learning as part ofuse automation. 18% artificial intelligence and machine learning as part of automation. 20% 60% 11% 60% 10% 8% 10% 48% 48% 50% 48% 48% 50% 0% 40% Yes, significant use Yes, moderate use Yes, insignificant No use 40% 34% 34% High performer Overall 30% 30% 23% 23% 18% 18% 20% 20% 11% 10% 11% 10% 8% 8% 10% 10% 25% 20%

SecurityLink India ■ August 2019 Ponemon Institute© Research Report

Yes, insignificant

No use

Overall

Page 22

report

Communication with senior leaders about the state of cyber resilience occurs more frequently in high performers According to Figure 30 more than half of respondents (51percent) 40 about percent in the overall sample communiCommunication with seniorvs. leaders the state of cyber resilience occurs more effectiveness cyber the prevention, frequently incate highthe performers. According of to Figure 30 resilience more than halfto of respondents (51 percent) vs. detection, 40 percent in the overall sample communicate the effectiveness of cyber resilience containment and response of cyberattacks to the to the prevention, detection, containment and response of cyberattacks to the C-suite and board of C-suite and board of directors. directors. Communication with senior leaders about the state of cyber resilience occurs more frequently in high performers. According to Figure 30 more than half of respondents (51

percent)30. vs.Does 40 percent in Does the overall sample communicate the effectiveness cyber resilience to Figure your organization report the state of cyber Figure your30. organization report the state of cyber resilience toofC-level executives the prevention, detection, to containment and response of cyberattacks to the C-suite and board of resilience C-level executives and/or the board of directors? and/or the board of directors? directors.

60%

Figure 30. Does your organization report the state of cyber resilience to C-level executives 51%of directors? and/or the board

50% 60% 50% 40%

51%

40%

39%

40%

30%

30% 19%

30%

20%

19%

20%

21%

39%

30%

21%

10% 10%

0% 0%

Yes, Yes, formal formal report report

Yes, Yes, informal informal or or “ad “ad hoc” hoc” report report High High performer performer

No No

Overall Overall

Conclusion and Recommendations

Conclusion and recommendations

Since first conducting this research in 2015, the cyber resilience of companies has steadily improved. To understand reasons for improvement and what of recommendations can be made Since first conducting this the research in 2015, the cyber resilience companies has steadily ince first thisanalysis research in organizations 2015, the cyber to continueTo theunderstand improvement, weconducting conducted a special of recommendations those that improved. the reasons for improvement and what can beare made extensively using automation throughout the enterprise and organizations that self-reported they resilience of companies has steadily improved. To unto continue the improvement, we conducted a special analysis of those organizations that are have achieved a high level of cyber resilience.

extensively using automation and organizations that self-reported they derstand the throughout reasons the forenterprise improvement and what recommenhavefollowing achieved are a high level of cyber resilience. The recommendations for achieving a high level of cyber resilience.

dations can be made to continue the improvement, a special

●● The key metrics to use in assessing improvements in cyber resilience are the ability to prevent cyberattacks, reduce the time to identify and contain the incident. These measurements should be reported to the C-suite on a regular basis to demonstrate the importance of being cyber resilient and to increase funding of activities to achieve a stronger security posture. ●● Deploy a CSIRP extensively throughout the enterprise to increase the likelihood of preventing an attack as well as reducing the time to detect, contain and respond to an attack. ●● Align the privacy and cybersecurity functions to reduce silo and turf issues and increase the efficiency of complying with the numerous data protection regulations and respond to data breaches and other security incidents. ●● The privacy function should be considered a valuable and integral part of cyber resilient strategies. Organizations in this research are struggling to achieve full compliance with the EU’s GDPR. Privacy and cybersecurity should work closely to achieve full compliance and ensure ongoing compliance with all relevant data protection regulations. ●● Participation in threat intelligence sharing improves cyber resilience. The most important reasons to share threat intelligence include fostering of collaboration among peers, industry groups and the government; improving the ability to detect, contain and respond to an attack; and enhancing the timeliness of incident response.

§TheWhen asked their organizations’ security two top analysis was conducted ofresilience thosea high organizations that aretheextenfollowing arewhy recommendations forcyber achieving levelposture of cyberimproved, resilience. reasons are hiring skilled IT security professionals and investing in technologies and processes to improve visibility into applications and data assets. As shown inand this research, sively using automation throughout the enterprise organ§ automation When askedincreases why theirthe organizations’ resilience security posture importance cyber of having the necessary in-houseimproved, expertise.the two top

that IT self-reported they and have achieved a high and level of reasonsizations are hiring skilled security professionals investing in technologies

Invest incyber automation tovisibility reduce into complexity and streamline the IT infrastructure. Having too processes to improve applications and data assets. As shown in this research, resilience. many unnecessary security solutions and technologies can reduce cyberexpertise. resilience. automation increases the importance of having the necessary in-house

The key metrics to use in assessing improvements in cyber resilience are the ability to

The following are theand recommendations for achieving § Invest automation toreduce reducethe complexity streamline the the IT infrastructure. Having too a preventincyberattacks, time to identify and contain incident. These measurements should be reported to the C-suite on a regular basis to demonstrate the many unnecessary security solutions and technologies can reduce cyber resilience. high level of cyber resilience.

importance of being cyber resilient and to increase funding of activities to achieve a stronger ● When asked why their organizations’ cyber resilience sesecurity ● posture.

§ The key metrics to use in assessing improvements in cyber resilience are the ability to curity reduce posture improved, thecontain two top reasons areof preventing hiring prevent acyberattacks, the time to the identify and the incident. These Deploy CSIRP extensively throughout enterprise to increase the likelihood measurements should beITreported to the C-suitecontain on a regular basisinvesting totodemonstrate an attack as well as reducing the time to professionals detect, and and respond an attack. skilled security in the techimportance of being cyber resilient and to increase funding of activities to achieve a stronger nologies and processes to improve visibility into applisecurity posture.

cations and data assets. As shown in this research, auto-

§ Deploy a CSIRP extensively throughout enterprise to increase the likelihood of preventing mation increases thetheimportance of having the necessary an attack as well as reducing the time to detect, contain and respond to an attack. Ponemon Institute©in-house Research Report expertise.

Page 23

●● Invest in automation to reduce complexity and streamline the IT infrastructure. Having too many unnecessary security solutions and technologies can reduce cyber resilience. Ponemon Institute© Research Report

Page 23

Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Their mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. They uphold strict data confidentiality, privacy and ethical research standards, and do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, they have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions.

SecurityLink India ■ August 2019

National Roundup

SecurityLink India â&#x2013; August 2019

Application/ case study

Hikvisionâ&#x20AC;&#x2122;s IP Surveillance Solution Secures Indofil Plant I

ndofil Industries Limited, a part of the K. K. Modi group, has a very strong domestic base and a well-recognized international presence. Both businesses viz., agricultural chemicals and specialty and performance chemicals, are poised for much faster growth through partnerships and joint ventures for manufacturing, marketing and research, and development activities with prospective companies across the world. Indofil plant is situated in the industrial cluster at Dahej, Gujarat. The Dahej industrial facility is spread in a vast area with special requirements for industrial safety and security measures. Indofil has four manufacturing facilities producing multi products with the state-of-the-art PLC (Programmable Logic Control)

and DCS (Distributed Control System) based systems, and multiple toll manufacturing units across various parts of India. The manufacturing processes are automated with advanced systems and environmentally compliant machines, ensuring faster throughput and safe working conditions. Indofil expanded its manufacturing facilities in Gujarat state by adding Mancozeb mixtures and new fungicide molecules by commissioning 2 manufacturing plants at Dahej, SEZ (Special Economic Zone, ranked among the top 10 SEZs in the world by Financial Times, London) and 1 manufacturing unit at Dahej, GIDC location. The increased production capacity has helped Indofil in reducing the process cost.

SecurityLink India â&#x2013; August 2019

Security requirements

ndofil management wanted a surveillance solution, which is proactive rather than reactive. The management brief was that surveillance solution must cover critical plant area, process area, periphery and internal roads. It is necessary that the solution must be strategic and must have RoI (return on investment) in terms of maintaining safety standards and preventing accidents for the safety of most important human, machinery and assets.

Solution

ikvision along with system integration partner Technology Quotient (Anjani Communications) provided a robust IP video surveil-

application/ case study

Securing the Indofil Plant

lance solution to Indofil’s Dahej plant by doing elaborate planning and sleek execution. They executed endto-end surveillance project right from the site survey, defining objective, designing and implementation. Since this is a hazardous chemical zone, Hikvision along with its SI partner selected enterprise level flame proof H.265+ based IP cameras, RAID based NVRs, VMS software, commercial displays at two separate plants within a premise, and video wall and enterprise LAN infrastructure at command and control center. “Indofil management wanted surveillance to start right from the commissioning of the plant. Since the plant was just being commissioned, we had a challenge of local resources and to visualise the pain area – both before the plant actually starts production, and also to scale up to the aspirations and objectives after the plant is up and running,” said Kalpesh Sharma, Director, Technology Quotient (Anjani Communications), “With defined objective of surveil-

lance to be proactive rather reactive, we froze specifications based on site survey and models for surveillance camera, NVR, recording duration required and displays.” “Once the quantity of cameras, displays and video wall requirements were finalised, we designed and devised robust LAN infrastructure, keeping in mind optimal load sharing and load balancing for future seamless scaling without reinventing the wheel during future expansion. We not only met the objective but also exceeded the expectation of Indofil Ltd. as a corporate client, thanks to Amardeep Kolekar, Chief Manager, Engineering, Indofil Ltd. for his timely support,” added Kalpesh, “In the command control centre, we specifically designed a video wall for CCTV surveillance feed. We also trained and prepared a dedicated team to monitor whole Indofil plant at Hikvision’s state-of-the art training center.” “For Indofil project, we worked on a special customized solution with our SI partner, Technology Quotient SecurityLink India ■ August 2019

(Anjani Communications) to fulfill the requirements specified by the end-user. We are happy to add value through our latest products and solutions in the chemical industry,” said Siddhesh Kadam, Vertical Head, Pharma, Prama Hikvision India Pvt. Ltd. “Overall Technology Quotient (Anjani Communications) has provided a good economical solution for our CCTV and video wall requirements. The service was excellent and we got the proper support in time. Our employees also have undergone a training to avoid any delay in case of breakdown,” said Amardeep Kolekar, Chief Manager, Engineering, Indofil Ltd., “Apart from other vendors, technologically we got a better solution through Technology Quotient (Anjani Communications). They provided a proper approach along with a good economical solution for us. The performance of the Hikvision’s video surveillance system is very good. We would prefer them for our future requirements.” 51

Application/ case study

Video Security and Access Control at VTB Arena Park

Bosch helps Moscow create a new urban living experience video security and access control t is one of Moscow’s most ambitious building projects – the VTB Arena Park was built on the site of the old Dynamo Stadium and revitalizes the entire surrounding area with a multi-purpose concept. At an estimated cost of US$ 1.5 billion, the modern VTB Arena Park combines sports, entertainment, commercial and residential facilities. A first challenge arises from the sheer size of the project. The

300,000 square-meter park area also offers retail facilities, a five-star hotel and 1,600-car parking garage. Considering the wide range of very different purposes served by these various buildings, it was clear from the project’s inception that a multitude of vendors and providers would be needed to cover all security needs. From the security manager’s perspective, the main challenge was to ensure that these dis-

football stadium, known as Dynamo Central Stadium and home to FC Dynamo Moscow football club, hosts league matches with a capacity of over 26,000 spectators. The park’s indoor arena holds more than 12,000 guests during ice hockey matches, basketball games and rock concerts, while the

parate systems would function together and allowed for central management of a wide array of functions such as access control for tens of thousands of football fans entering the stadium on match days, monitoring the vast perimeter with its park zones, and protecting residential areas against intrusion.

SecurityLink India ■ August 2019

VTB Arena Park was looking for a partner able to tackle that key challenge – integration of all parts into one platform – and chose Bosch as its provider of end-to-end video security and access control. Aside from the project’s complex technical ramifications, there was a particular system design challenge. Residents of the Arena Park should feel at home enjoying the highest quality of living, while the area also needs to accommodate for the influx of thousands of visitors within short periods. As the Bosch experts learned, the multi-purpose character of VTB Park leads to an equally wide range of different security needs among its users. Catering to the video security needs, Bosch installed a total of more than 2,000 video cameras, fixed as well as moving cameras, both indoors and outdoors, to safeguard the vast perimeter of the Arena Park premises and secure the homes and offices. One of the camera types installed for perimeter protection is the autodome IP starlight 7000 HD. This high-definition camera offers excellent low-light performance thanks to starlight technology and also features built-in intelligent video analytics. The video analytics function automatically detects deviations from standard moving patterns, like a person entering a restricted area, and triggers an alarm that is sent to the control rooms where security staff can then zoom into a scene for closer investigation. As required by VTB Arena,

application/ case study

all 2,000 cameras and connected video storage on Bosch recording units are managed centrally via the Bosch video management system (BVMS). Another particular challenge consisted of aligning the three different access control systems of the stadium running at the same time. The ticketing system is the first layer of access control managing the turnstiles that permit entry of thousands of visitors during events with paper tickets. This access control system needed to integrate with the employee access control system that relies on proximity cards (the access engine provided by Bosch), as well as a third, offline access control system used at specific stadium facilities. As the Bosch experts in Moscow found out, such an integration was without historic precedent. Because no standard solution existed, the team devised a highly customized set-up managed centrally on the Building Integration System (BIS) from Bosch. “We were fully aware that the multifunctional character of the VTB Arena Park would lead to complexity that could hardly be topped. We needed integration power, a partner who knew how to bind all loose ends into one solution that had never existed before. Creating this one integrated security system catering to all the various purposes has made Bosch our main security partner,” said Alexander Kravchenkov, Deputy Head of Security Systems Maintenance Group IT Department at VTB Arena.

New Bedford Housing Authority

Selects Avigilon for New Video Security Solution AI-powered security solution helps public housing development reduce crime

he New Bedford Housing Authority (NBHA) in Massachusetts, USA has selected Avigilon video security solutions to help improve safety and reduce crime within its community. With close to 1,750 federal public housing units and 748 state aided units, the NBHA services over 6,000 individuals by providing safe, well-maintained and affordable housing units. New Bedford has faced challenges related to crime, which prompted the NBHA to seek out a security system that delivers actionable results to increase public safety throughout its community. The NBHA has deployed a complete Avigilon solution to monitor 13 of its properties throughout the city. The system includes more than 125 Avigilon cameras and Avigilon Appearance Search™ technology, which is powered by AI to help enable security officers to quickly sort through hours of video with ease to locate a specific person or vehicle of interest across an entire site or multiple sites that are connected to the same Avigilon Control Center™ client software. “Our goal is to provide a safe environment for our residents and deploying an Avigilon system has allowed us to monitor critical areas more efficiently and respond more quickly,” said Steven Beauregard, Executive Director of NBHA, “So far, the results are tangible as we’ve made great strides in improving the safety and security of our communities.” “The NBHA is taking significant action to proactively address crime and other security concerns to help protect what matters most – its residents,” said Ryan Nolan, Senior Vice President, Commercial Operations of Avigilon, “By using our AI-powered video security solutions they are able to increase the effectiveness of their security system and provide a new level of public safety. SecurityLink India ■ August 2019

Application/ case study

SPC: Protecting Staff Under Duress S

taff protection is a critical priority for all businesses. But some sectors need to provide their staff with more protection than others. For instance, financial institutions like banks, post offices, and credit unions can be under threat from break-ins and robberies while other areas such as 24-hour fuel stations or factories have staff on premises working throughout the night. Therefore, if a robbery was to occur during these unorthodox working times, it is vital that the alarm can be raised, and help can be provided immediately. Traditionally the method for signaling a threat was a member of staff would trigger a silent alarm that would be reported to police, or staff would enter a unique duress code. These code option and the silent panic/ hold up are available on the SPC system. That said, an often-reported issue with duress codes is that adding a one-to-four-digit number can be challenging to perform when under pressure.

Vanderbilt’s SPC

owever, Vanderbilt’s SPC intrusion system has several features that help protect staff. One such feature is the ‘All okay’ function. Simply put, this is a step that staff can perform to signal everything is ‘okay’ when the SPC system is unset. The nice thing about this is that SPC allows this ‘All

okay’ signal to be almost anything. Additionally, you can add multiple elements that will trigger the signal. The SPC system can be configured to have this functionality for specific areas and the time and action can be defined for what will happen if the signal is not given. Any input or zone can be used.

SPC: How it works

or example, at a bank, if the manager arrives early, he uses his card to gain access to the branch office and PIN to disarm the alarm. His code disarms the office and secure area but the ATMs, vaults, and safe deposit boxes remain armed. A central monitoring station (CMS), is alerted to the early entry. They need to know whether the entry is routine or under duress. The monitoring station views the manager in live video as he executes a predetermined security procedure and until he hits an ‘All Okay’ button. If there is a problem, a silent duress alarm is automatically sent. The monitoring station listens in and if necessary calls the police. The core element here is that it is easy for staff to remember not to perform an action and also more natural.

SecurityLink India ■ August 2019

application/ case study

Installation of Matrix Satatya Samas at Nhif T

he National Health Insurance Fund (NHIF) is a social health insurance scheme established by CAP 395 with the main objective of ensuring accessibility of health care services to all Tanzanians. The Fund has managed to expand its coverage to include councillors, private companies, religious and education institutions, private individuals, children under 18 (TOTO Afya) as well as mutual groups, whereby all members can equally access health services in all accredited health facilities. The Fund is also administering the Bunge Health Insurance Scheme, on behalf of the National Assembly.

Business scenario and challenges

HIF is a prestigious public institution that serves people all over Dar es Salaam and Tanzania. It has multiple sites spread over these regions. Their current surveillance platform had a few limitations of integrating third party cameras and was not facilitating centralised monitoring for multiple locations. This posed a problem in managing and monitoring all sites from a single location. For this, they needed a surveillance platform that could easily integrate with multi-brand cameras as well as facilitate multi-location monitoring. Moreover, they needed a system with monitoring capacity of over 500 cameras with the facility of remote management for real-time security.

MANAGING MULTIPLE LOCATIONS AND IMPROVING SECURITY WITH MATRIX VIDEO MANAGEMENT SYSTEM AT NHIF

remotely by using Matrix mobile application – SATATYA VISION. These features made monitoring much more reliable and easier for them.

Project highlights ●● VMS simultaneous user licence - 3 Qty. ●● Mobile App (SATATYA VISION). ●● Intelligent video analytics.

Solution diagram SOLUTION DIAGRAM

LAN MATRIX SATATYA SAMAS

SERVER

Video Management System

NHIF - HQ

Solution offered

o the above challenges, Matrix offered SATATYA SAMAS video management system. It is a video surveillance management solution specifically designed to meet the diverse and complex needs of large enterprises having multiple sites connected to a central location, or a large single site. The system was able to integrate with 56 AXIS cameras available at its Headquarters and other 16 cameras available at its district branch offices. All the cameras were managed at single central server located at the NHIF HQ office. Matrix VMS provided real-time security with intelligent video analytics such as motion detection, intrusion detection, trip wire etc. Additionally, vms enabled monitoring and managing video surveillance from mobile phones and tablets

ILALA

TEMEKE

District Ofce 1

District Ofce 3

WAN

KINONDONI District Ofce 2

Benefits ●● ●● ●● ●●

Retention of existing security infrastructure. Reduces storage consumption with cost saving features. Centralized monitoring and management. Real-time security.

SecurityLink India ■ August 2019

Application/ case study

Drone with Allied Vision Camera Supports in Flood and Coastal Protection The Technische Universität Braunschweig is developing an automated reconnaissance system to support disaster response personnel. Primary component is the drone Hugin, with a Manta G-917 on board

eavy rain and storms resulting in flooding, have increased significantly in recent years. When large quantities of rain fall in very short periods of time, masses of water overrun sewage capacities in many areas and allow water bodies to rise over their banks, often with destructive force and disastrous effects. Emergency responders on scene, then face the task of coordinating aid and protection measures as efficiently as possible. However, affected areas are often inaccessible, and situations are unwieldy. Real-time data and images from the air, combined when possible with further sensor data on the ground’s condition, for example, would provide emergency responders with valuable information and allow them to intervene where it would be most prudent. Engineers Martin Becker, Simon Batzdorfer and Markus Bobbe of the Institute of Flight Guidance at the Technische Universität Braunschweig (TUBS) and Jan Schattenberg, Hannes Harms and Julian Schmiemann from the Institute for Mobile Machines and Commercial Vehicles, also at TUBS have taken up this topic and developed an automated explora-

Drone ‘Hugin’ with a Manta G-917 on board

tion system. The DLR Space Administration was promoting the engineers’ project with approximately one million euros funding from the Federal Ministry of Economics and Energy, to work on an exploration system in cooperation with AirRobot GmbH & Co. KG from Arnsberg, Germany. Generating aerial recordings in catastrophe-stricken areas such as flood zones, using automated unmanned aircraft plays a meaningful role in the exploration system. Combined with groundbased systems, information regarding the situation in affected areas can be collected to support emergency responders at the affected location. All data collected from aerial and ground units can then be represented within a single map and made available to emergency response personnel.

High-resolution aerial images for rapid aid Automated reconnaissance system with unmanned aircraft and ground-based system

Manta camera from Allied Vision on board the drone Hugin delivers images from the air. The project team chose the drone’s name deliberately; in Norse mythology,

SecurityLink India ■ August 2019

application/ case study

Hugin was one of Odin’s ravens that were sent out to fly over the earth and report on everything they saw. Allied Vision’s GigE Vision Manta G-917 camera serves as the drone’s eye. The camera is equipped with a 1” Sony ICX814 CCD sensor with EXview HAD II technology and a resolution of 9.2 megapixels. The sensor distinguishes itself with outstanding image quality and high resolution, which allows inspection of ground objects in fine grained detail. Further crucial criteria for the choice of camera were the availability of an ethernet connection, as well as the global shutter sensor technology. The Manta camera combines high resolution with low weight, factors that mattered to the system’s developers. Hugin should carry as little additional weight as possible, to minimize the interference on the operation time. Depending on the external conditions, Hugin can remain in the air for up to 30 minutes without recharging. Secure communication via its command link, is guaranteed within a range of a kilometer. Equipped with a control system based on positional data, the drone is able to safely navigate a predefined route, even in challenging environmental conditions and with peak win loads, at up to 12m/s. During the flight, individual images are recorded from altitudes of usually 100 meters, depending on the application. All obtained images are then processed to generate a continuous overview of the entire application area. Due to the automatic exposure adjustment functionality of the camera, even changing light conditions are manageable. Since comprehensive image preprocessing (i.e., image optimization, light correction, white balance, color correction, binning, decimation) takes place within the camera, information-rich two-dimensional images are transmitted to the base station, located on the ground. In addition, a self-developed local communication network is used, which enables targeted information exchange, based upon different communication technologies. During catastrophic events, emergency responders can evaluate the situation better and more quickly with the aid of these images. Since they can see where protective measures must be taken or increased, they can initiate the necessary steps. In case of emergency, system operation must be fast and intuitive. The system determines the flight path based on just a few parameters, so that the emergency services have as little effort as possible to control the drone. The response team leader can easily choose the area to fly over at the system’s ground station. Flight planning then is automatically performed, incorporating all mandatory parameters e.g.,

opening angle of the lens, to ensure a minimal defined overlap for photo-grammetric processing of the obtained images. The drone follows the flight path automatically, and the (live) evaluation of the images is subsequently triggered automatically, too. Within the ground station, the user can specify the actually piloted drone and to select data streams, which are then provided in real time including aerial imaginary or other sensor data.

Successful tests in practice

he Stadtentwässerung Braunschweig GmbH was confronted with serious flooding in the summer of 2017 and urgently needed information on current water levels near the Okerriver’s course through the city. They requested help from the TU Braunschweig via an existing contact at the Braunschweig fire department. One particularly endangered area (from the Eisenbütteler Wehr to the Volkswagen Halle) was surveilled and documented in a variety of aerial images. The Stadtentwässerung thus gained knowledge not just about how the flooding had spread, but could also retrace whether protective measures undertaken during the prior flooding in 1994 were now successfully taking hold. Based on the images, important decisions could be made, and questions answered such as – must warnings be issued, are closures required, at which locations are sandbags necessary, and via which routes are these regions even accessible? In the future, the Braunschweig Stadtentwässerung would also like to take advantage of the Braunschweig TU system for long-term observation of flood protection measures and to review prognosis models. In another application case, the Braunschweig TU research team successfully tested Hugin in the field of coastal protection. On the East Frisian island of Langeoog in the southern North Sea, a flyover produced revealing aerial images of dunes and dykes. One item that drew particular attention was a beach nourishment taking place at the time. During one flushing procedure, numerous aerial images were made of the location that clearly demonstrated to local coastal protection authorities just how close the tide came to the dunes in the still unfinished area of the beach nourishment, and in the same moment, how far the surge was removed from the dunes when the beach level had been raised by additional sand. The TU Braunschweig engineers are already considering other applications and further constraints. Thus, the drone can be equipped with a thermal imaging camera, for example, to be able to find injured persons in the dark.

SecurityLink India ■ August 2019

Application/ case study

Indiana Toll Road Reduces Traffic Incidents by 30 Percent Using Extreme Networks C

ars and commutes are growing increasingly connected with wired and wireless networks serving as the linchpin to reliable and secure transportation infrastructure. To improve driver safety on its connected highway, the ITR Concession Company (ITRCC) deployed Extreme Networks, Inc. software-driven network solutions. The intelligent transportation systems (ITS) powered by Extreme’s Smart OmniEdge™ technology provide real-time updates on traffic patterns, enabling safer, more coordinated use of the roadway. As a result, the highway system has reduced traffic incidents by 30 percent. At the same time, ITRCC is laying the foundation to deploy advanced transportation technology such as digital speed limit signs that adjust based on weather conditions, wrong-way driver detection and smart truck parking systems. Indiana Toll Road spans 157 miles, and is serviced by 22 toll plazas, five maintenance barns and two administration buildings. The network is a crucial component of the infrastructure – it supports thousands of devices including more than 500 IP-connected phones, 300 IP-connected cameras, and 150 automated video signs that are critical to maintaining operations, guiding motorists and keeping roadways safe. Working with Qubit Networks to deploy Extreme technology, ITRCC can now better identify and resolve bottlenecks, ensure greater operational efficiency, and simplify network management, giving back valuable time to its IT team so they can focus on future-looking projects.

Key benefits

reliable, high-performance network: With Extreme Elements™ from its Smart OmniEdge Solution, includ-

ing ExtremeMobility™ and ExtremeSwitching™ technology, ITRCC benefits from greater uptime and a scalable network that offers continuous connectivity to power a diverse array of critical connected devices, inhouse applications and software management systems. Heightened security and granular visibility: Collecting tolls requires access to sensitive customer account information, making data security a priority. Elements like ExtremeControl™ NAC software integrates with Extreme Management Center™ to provide IT with centralized granular visibility and end-to-end control of connected devices across the network. This gives the team the means to monitor all devices and applications that operate across the network with ease in order to protect valuable customer data and reduce security vulnerabilities. Simplified, automated network management: The Extreme Management Center™ Element enables ITRCC to automate and manage its network with a single pane of glass, gain insights into the performance of applications and the network, and ensure smooth operations and fast problem resolution. Streamlined management means the IT team can focus on higher-level strategy and take on more innovative programs.

Executive perspectives

uan Ignacio Gomez, Chief Information Officer, The Indiana Toll Road Concession Company said, “Our core mission is ensuring a safe travel experience for our community. We don’t want to have to worry about networking and device management – and with Extreme, we don’t have to. Since deploying Extreme Networks, we’ve experienced immediate

SecurityLink India ■ August 2019

application/ case study

benefits in streamlined operations, enhanced bandwidth and greater security. As a result, our team finally has the time to innovate and tackle forward-looking opportunities that weren’t possible before, such as connected vehicles and advanced automation.” Abby Strong, Vice President of Product Marketing, Extreme Networks said, “Because they’re so baked into our daily lives, it’s easy to take transportation systems – from highways to public transit to bridges – for granted. But teams around the world, like the ITR Concession Company, are re-imagining transportation and leveraging automation to make driving safer and smarter. The future of transportation is autonomous and it starts with the network. Using a combination of Extreme Elements, ITRCC has created a custom network that adapts to its unique needs, helping transform both passenger and staff experience for the better.” Ryan Seaburg, Chief Executive Officer, Qubit Networks

said, “Our mission at Qubit is providing exceptional service and making sure our customers have best-in-breed technology. We’re on a constant pursuit for innovative solutions, which is why we choose to work with Extreme Networks. Leveraging Extreme’s intelligent, adaptive and secure solutions, we’re able to work closely with ITRCC to ensure that IT isn’t seen as an inhibitor to progress. Rather, infrastructure can drive progress.”

DSC600 Bollard Stops Truck From Entering Tallahassee’s Old Capitol Grounds Nissan Pathfinder Ends Up Stuck on Top of Bollard

ecently a truck crashed into a Delta Scientific DSC600 bollard protecting the Old Capitol ground in Tallahassee. The vehicle went no further than the bollard itself, stuck on top so well that it took two other trucks to remove it. The driver survived. “DSC600 bollards protect the Capitol grounds and their aesthetics with K-12 defense that meets or exceeds U.S. Department of State and Department of Defense certifications,” affirmed Greg Hamm, Delta Scientific Vice President of Marketing and Sales, “With the DSC600 crash rated bollard modules, facilities surrounded by streets, abutting sidewalks and set back on lawns such as many state capitals, other government structures, stadiums, theaters and commercial buildings, can now be effectively protected.” With a foundation only 14 inches (35.5 cm) deep versus the four feet (1.2 m) typically required, Delta’s DSC600 shallow foundation high security bollards can be installed within sidewalks, on top of concrete deck truss bridges or in planters. They can also conform to varying inclines and turns of a locale. The new 2-bollard modules, which can be arrayed in whatever length is required, will stop and destroy a 15,000 pound (66.7kN) truck traveling 50 miles per hour (80kph). SecurityLink India ■ August 2019

Application/ case study

Upgrading a Major Airport from an Analog System to a Scalable IP Security Surveillance Solution

aced with a number of security challenges and planned future expansion, a major airport decided to implement a scalable security surveillance solution.

ith the existing proprietary solution at the airport locked down to one manufacturer and littered with issues resulting in high maintenance and expansion costs, a new solution was required that would allow the airport to

required. The low-resolution analog cameras made it difficult to identify people during incidents, and coupled with the lack of video coverage it gave operators poor situational awareness. Reviewing past events with the existing VMS was difficult as playback wasn’t synchronized, and without bookmarks, it was time-consuming to find important events. The combination of multiple terminal buildings and the centralized analog architecture resulted in bottlenecks and latency issues as all process-

scale it’s surveillance solution in line with future expansion plans. Not only was the existing surveillance solution analog and proprietary, it wasn’t intuitive and was difficult for operators to use. There were several ‘satellite’ security installations scattered in various terminal buildings that weren’t viewable in the centralized control room which meant extra operators were

ing must pass through the centralized server. There was also no redundancy so if there was any failure in the system the control room would no longer have the capability to view live or recorded video. Additionally as the system was locked down to one manufacturer and the whole system had to be hardwired to the centralized server, there were very expensive expansion costs.

Security issues and analog hangovers

SecurityLink India ■ August 2019

Addressing security and scalability concerns

he required solution had multiple requirements to ensure that the existing issues were resolved and that the solution could scale with the planned expansion. With expansion planned to facilitate growing passenger numbers, an open IP based solution was specified to replace the existing analog solution to improve situational awareness, provide scalability and integrate with a number of other systems operating in the airport. The architecture needed to limit bottlenecks, reduce latency issues, provide redundancy advantages and be scalable to allow for multiple new terminal buildings to be connected with ease. New HD cameras were specified to improve image quality and coverage with a video wall required in order to view and manage the increase in video streams in the centralized control room. New large capacity NVRs were also specified to cope with the increase in camera streams and an extra NVR for redundancy and failover.

Distributed Architecture helped exceed requirements

solution with Distributed Architecture was chosen as it solved multiple issues with the existing solution and facilitated future expansion without the need for a centralized server. Distributed Architecture allows data to be kept close to where it is produced or needed. When camer-

application/ case study

as, surveillance workstations, NVRs, alarm servers, integration gateways all participate in a Distributed Architecture, data bottlenecks are minimized as all processing doesn’t need to pass through a centralized server. Distributed Architecture provides a truly unlimited and scalable solution that can easily accommodate the largest airports in the world. Distributed Architecture minimized the existing bottlenecks, reduced latency, and provided higher availability and faster access to data. It also allowed all ‘satellite’ security installations to be viewed in the centralized control room enhancing situational awareness. New HD cameras were installed and due to the scalability of Distributed Architecture, future cameras can easily be connected when needed. Furthermore, the scalability of Distributed Architecture enabled the airport to build new terminal buildings and connect with ease to the security solution when ready.

NEC Provides Facial Recognition System for Admission Control at EU Summit Contributing to the safety and security of the summit

EC Corporation and its Romanian Branch office, part of NEC Eastern Europe, provided a facial recognition system for admission control at the EU Summit held in Sibiu, Romania on May 9, 2019. Romania held the Presidency of the Council of the European Union (EU) for the first time from January to June 2019, and during this period the country was dedicated to strengthening security measures at important domestic events. Leading up to the informal European Union summit, NEC was selected by the Romanian Protection and Guard Service to provide NeoFace, NEC’s facial recognition engine with the world’s No.1 certification accuracy, after intensive testing of various security solutions available on the market. The Protection and Guard Service is a government agency responsible for providing protection for Romanian dignitaries and international representatives during their stay in Romania.

Lowering total cost of ownership (TCO)

istributed Architecture enables planned future expansion as it can support thousands of cameras, workstations and NVRs dramatically reducing the total cost of ownership (TCO). The scalability of Distributed Architecture allows the airport to continue with planned expansion and add a single camera/ NVR or a whole new terminal when needed.

During the summit, NEC’s facial recognition system was used to check a pre-registered list of facial images of senior officials against live streams from cameras installed at four gates at the venue. All participants in the program provided informed consent for the use of their images. This was part of a two-step authentication that consisted of facial recognition and the use of QR codes printed on guest invitations, resulting in high speed access to the meeting location, without long lines or burdensome security. This was the first time that biometric certification was used as a security measure at an EU Summit, and participating high-level officials were authorized with high accuracy and speed, thereby contributing to a safe, secure and smooth conference. SecurityLink India ■ August 2019

Application/ case study

Cookpad Deploys CrowdStrike to Achieve Enhanced Security CrowdStrike brings the power of the cloud-native Falcon platform to popular Japanese recipe service provider which have 55 million monthly users ookpad Inc. has adopted the CrowdStrike Falcon® platform for comprehensive endpoint protection and to increase overall security posture. Cookpad, the Japan based tech company, offers a global community platform for consumers to share recipe ideas and cooking tips. They found themselves struggling with frequent detection errors from their existing antivirus product. The Cookpad security team sought to find an endpoint protection platform to improve their security posture and ultimately deployed three modules of the CrowdStrike Falcon platform – CrowdStrike Falcon Prevent™ for next-generation antivirus (NGAV), Falcon Insight™ for endpoint protection and response, and CrowdStrike Falcon OverWatch™ to proactively hunt for threats in their environment. The CrowdStrike Falcon platform, powered by AI, continues to set the standard in endpoint protection by unifying next-generation antivirus, IT hygiene, endpoint detection and response (EDR), cyber threat intelligence, and proactive threat hunting for customers around the globe. Through the seamless deployment of CrowdStrike Falcon, Cookpad experienced the following benefits: ●● Substantial reduction in detection errors or false positives, enabling more robust security: The single-agent, cloud-native infrastructure of CrowdStrike Falcon enables a substantial reduction in detection errors without impacting operations for the organization. ●● Detailed event assessments for faster remediation: CrowdStrike Falcon can quickly investigate and identify malicious behavior on endpoints. This allows for rapid triage of system environments and quickly backtracks process sequences and timelines enabling quicker remediation. ●● A comprehensive viewpoint into the IT environment through pro-

active hunting on networks: Integration of Falcon OverWatch provides an additional layer of oversight and analysis on malicious behaviors. OverWatch proactively hunts, investigates and alerts threat activity within Cookpad’s environment, improving overall security posture. “The CrowdStrike Falcon platform enables visibility into our environment – real-time and historic,” said Masayoshi Mizutani, Security Team Leader of Cookpad, “After implementing CrowdStrike Falcon, we saw huge benefits that enabled us to understand the movement of security events and offered detailed assessments. From a productivity perspective, some of our members work remotely so we’re thinking that traditional perimeter-based defenses won’t be enough. We approve the remote work with trust because CrowdStrike Falcon platform provides not only threat prevention but also remote inspection capability.” “CrowdStrike Falcon has reinvented how organizations stop breaches by delivering a single-agent, cloud-native solution that provides businesses with more effective threat prevention, detection and response to known and unknown threats,” said Tetsuya Kawai, Managing Director of CrowdStrike Japan, “Forward-thinking companies, such as Cookpad, understand the power and scalability of the cloud. With CrowdStrike, they have already experienced the benefits of a faster, smarter, and more agile solution that has allowed them to reduce detection errors, and proactively investigate and rapidly respond to threats, thereby fortifying their security posture.” This latest adoption underscores the advantage of CrowdStrike’s cloud-native technology architecture that enables rapid development and roll out of impactful new modules and capabilities. CrowdStrike has set the new standard in endpoint protection through harnessing the power of the cloud.

SecurityLink India ■ August 2019

feature

Shorten Your Checkout Lines to Enhance Customer Experience Submitted by Prama Hikvision India

oday’s shoppers have less time than ever to get their grocery shopping done, and they expect a fast and easy purchasing experience. Waiting to pay is a huge problem for retailers and shoppers alike. Customers who find themselves in a seemingly endless line may grow intensely frustrated – upto the point that they abandon the store. Long checkout lines are therefore damaging customer relationships. In fact, a recent study from Forrester Research and Digimarc stated that long lines are one of the main reasons for shopping abandonment. To avoid wasting time, more than half of shoppers would like to spend less money in a store, or even walk away entirely.

Shorten the lines with queue detection technology

o how to keep waiting times to a minimum and react quickly to growing checkout lines – intelligent queue detection technology is the answer. To tackle this problem, many forward thinking retailers are now using queue detection technology to keep track of lines in real time during the checkout process. Queue detection technology uses cameras to count the number of people in a line to a predetermined threshold of customers. Once the number reaches the threshold, and more customers are continuing to wait, the system alerts store management to open new checkouts.

New customers, increased revenues and smarter staffing

iven the importance that customers place on a fast checkout process, reducing wait times is a key investment opportunity. Retailers that boost checkout efficiency can not only please their existing customers, but also entice new customers who may have avoided shopping there previously. Customers may also spend more money if checkout is faster. In a study by Oracle, 94% of respondents stated that they buy food and beverages at sporting events – and 58% of

these respondents said they would spend even more money if they didn’t have to wait in lines. What’s more – over time, queue detection technology can enable managers to improve the operational efficiency of a store. Armed with new insight into the typical throughput of customers at different times, managers can scale staffing levels up and down accordingly.

Hikvision: the market leader in queue detection

ikvision’s market-leading queue detection technology is purpose-built to offer cutting-edge flow analysis to retail outlets including supermarkets, exhibition halls, chain stores, and any such situation where waiting to pay is required. Embedded into their high definition cameras, and powered by deep learning algorithms, this easy-to-use technology is highly accurate at counting people, and can even recognize different individuals and their specific dwell time. Store management can set thresholds for the maximum number of people in an area – be it the checkout or elsewhere – as well as for the longest stay duration of a single person. Once a threshold is exceeded, the system will immediately alert managers so they can take appropriate action.

SecurityLink India ■ August 2019

feature

Power-over-Ethernet & Campus Security Contributed by Pgm Security Group Intl

ower-over-Ethernet (PoE/ PoE++) is a technology that enables devices to receive electrical power over a standard ethernet cable. Ethernet technology has evolved over the last few decades and is pervasive in almost every office, and small and large businesses. It is used to network servers, storages etc., that provides end-users a critical service as far as their business operations are concerned. In parallel, over the last decade or so, many companies are manufacturing devices that use the Internet Protocol as a means of communication. This allows for many disparate devices to communicate with each other using the IP protocol and all of them today use the ethernet cable. This makes sense because the price point of ethernet technology has dramatically dropped over a period of time, which is seen across all technology spectrums such as network switches, NAS storage, fire alarms, access control systems, BIO ID systems, surveillance cameras, video management software, and innumerable other technologies that have come to benefit from the ubiquitous IP protocol and Ethernet L2 routing protocols. One can now imagine all the possibilities of building a single unified secure system with very different devices – all networked together but unified by a single software platform. However, there is a caveat in all of this. Most of the devices are located in different parts of the infrastructure and they all need electrical power to run and function reliably. As all of them use ethernet cable to communicate – including electrical power within the connecting ethernet cable – it eliminates the need for a power supply at each terminating device, and that results in cost savings. Every manufacturer has to ascertain that the devices are PoE compliant which results in half the number of cables being used to network plus has the added advantage of a 100 meter run between the device and the nearest network switch. In summary, PoE/ PoE++ is a simplifying and unifying technology which allows system integrators to build custom solutions as per the customer’s requirements without having to worry about different power supplies with different power ratings for each device. 64

There are several PoE products available in the market which can be easily searched. Once the requirements of the customer are known, one can make a choice of vendor and budgetary limitations to put together an appropriate solution. Following paragraphs illustrate various considerable points as an example for using campus security:

Basic campus security requirements and the driving forces behind them 24/ 7 school/ college curriculums necessitate authorities to revisit campus security requirements such as: ●● Increase in on-campus crime rates due to various factors, ●● Different and unique requirements for different departments within the same campus, ●● Managing policies across multiple infrastructures is increasingly complex, ●● Troubleshooting is extremely tedious and time consuming if a unifying system integration plan is not put into place at the very beginning of the project, and ●● Ongoing daily maintenance and upkeep of devices and network infrastructure.

Other essential campus considerations ²² Centralized cloud based management that becomes important when one has to manage several campuses at the same time. ²² Security which becomes critical when all campuses are tied together through the cloud as a single security breach can wormhole itself to all campuses. ²² PoE devices which act as a unifying technology at the base level of the security architecture. ²² Multi gigabit backbones for future easy expansion as the campus and infrastructure size increases. ²² MAC level communication encryption between all switches and compute/ storage devices in the network infrastructure.

SecurityLink India ■ August 2019

feature

A network diagram illustration of the various components that constitute a campus security solution

The above diagram shows many components that go into building a security solution. This is more from a hardware perspective and shows a typical layout. A key point to note is the firewall and the WAN connection with outside of the campus. This WAN could connect to other campuses, or to the cloud that connects to other campuses or to both. Special attention needs to be paid to this particular component of the system. Several security techniques are available out in the market to make this point of the network achieve the highest possible security breach block.

Challenges and approaches to a viable campus security solution  Making a detailed plan as per infrastructure/ campus

requirements.  Making the plan fit into the budgetary limitations. This

will be the biggest challenge as some compromises will have to be made.  Selection of network, access control and other peripheral device vendors, and finally the software that unifies all these diverse components. A network vendor provides a Network OS responsible for the security and management of various network components. A video management system (VMS) provides the other backbone software around which all other PoE driven devices are connected to. This becomes very critical as the VMS can be looked upon as the other OS which acts as a unifying piece of software. Together the ‘network OS’ and the ‘VMS OS’ constitute the bulk of the software with a communication channel between them. Another view of the network but more from a layout and human perspective SecurityLink India ■ August 2019

feature

An example of the VMS which acts as the other OS in addition to the network OS

 The VMS software must be enterprise class with built in

video analytics plus it must have the ability to connect to all the peripheral access devices through an application programming interface (API) and software development kits (SDKs).  The VMS software must have the ability to support several types of IP cameras as well as provide an easy and quick path to integration for all other peripheral access devices. The illustration above is to depict the critical role the VMS plays in a security system. It is the key backbone software that talks to all other peripheral access systems software. In the above example we have shown automatic license plate recognition along with under vehicle surveillance system at the key entry points into a campus. The VMS in the above case also integrates an existing visitor management system but now enhances it with video and facial recognition. The campus shown is connected through the cloud to other campuses. The cloud component allows remote management and control, and has access to machine learning and

artificial intelligence, and machine learning components of Azure/ WATSON. Any cloud service could be used in implementing a custom solution to the growing needs of campuses as the technology is available today.

Summary

n nut shell, while implementing campus security, PoE technology plays a key role in connecting all devices because of its ability to carry electrical power over great distances. PoE repeaters can be used to extend beyond 100 meters. PoE is a game changer as far as reducing the overall installation and cabling costs are concerned. The given diagrams for illustration are used to highlight the 4 key components and their relationship with each other – they are network hardware and software, compute/ storage hardware and software, the VMS software and the other OS that play a key role in integrating all the peripheral access devices, and finally the importance of cloud connectivity for overall ease in control and management of the various sites/ campuses.

The PGM Security INTL GROUP provides consulting services through all phases of the project. They have built a proprietary ‘Design Engine’ as well as a proprietary ‘Simulation Engine’ through years of experience dealing with customers and their security requirements. PGM Security always keeps the customer ‘first.’ We are reachable at pgm45868@gmail.com 66

SecurityLink India ■ August 2019

feature

Asia-Pac MSSPs Need to Offer Advanced Analytics To Drive Growth Opportunities in the Region

nterprises today are embarking on digital transformation projects at an ever increasing pace. As businesses leverage digital technologies such as cloud, data analytics and IoT among others, the need for cyber security becomes increasingly crucial to protect proprietary IP and private customer data. However, enterprises lack the in-house expertise to adequately manage cyber security while dealing in an increasingly advanced threat landscape, all while given less resources by management. This lack of talent and the constant push to meet regulatory compliance is driving the adoption of Managed Security Services (MSS) solutions. Traditional security monitoring is no longer sufficient because of limited log collection and rule-based analysis. As requirements mature, the limited log collection and rule-based analysis of traditional security monitoring is creating an urgent need for next-generation security solutions. In response, Managed Security Services Providers (MSSPs) have been introducing solutions that enable advanced detection, faster incident mitigation, global threat intelligence, and deep threat analytics. This shift in enterprise focus from device management to threat management is expected to drive the MSS market from US$1.97 billion in 2017 towards US$4.34 billion in 2022, at a Compound Annual Growth Rate (CAGR) of 17.1 percent. “MSSPs are investing in technologies such as anti-Distributed-Denial-of-Service (DDoS), advanced malware analysis, and advanced endpoint protection to deliver cloudbased security services,” said Kenny Yeo, Industry Principal and Head of the Asia Pacific Cyber Security Practice, “They are positioning themselves to deal with the shift in demand from point to integrated solutions, as the latter can provide

comprehensive security and protect against multiple vulnerabilities.” Frost & Sullivan’s recent analysis, Asia-Pacific Managed Security Services Market, Forecast to 2022, covers the segments of hosted security services (HSS) and customer premises equipment based management monitoring services (MMS). It identifies the key services that had the highest adoption rates in the markets of Greater China Region (GCR), Japan, South Korea, India, ANZ, and across Southeast Asia. “Japan, Australia, and South Korea led the Asia Pacific market in 2017. The CPE-based MMS segment contributed 61.8 percent of the revenue, and recorded a year-on-year (YoY) growth rate of 6.6 percent. The remaining was generated by the HSS segment, which recorded a YoY growth of 9.3 percent,” noted Yeo. Successful vendors are expected to make the most of the additional growth opportunities by adopting a series of measures such as: ●● Designing solutions that offer better security protection and risk management, with improved threat detection, response and management. ●● Presenting a more holistic cybersecurity posture through MSSP advisory. ●● Focusing on SMEs and enterprises with less-critical infrastructure and business services, as they are more likely to adopt HSS. ●● Fostering an operating environment that will support the unique hybrid requirements of large mature customers. ●● Expanding their portfolio to include advanced security services such as incident response, managed endpoint detection and response, management advanced threat detection, and user and entity behavior analytics (UEBA).

SecurityLink India ■ August 2019

International Updates

Wildlife Trafficking Organized Crime Hit Hard by Joint INTERPOL-WCO Global Enforcement Operation

joint worldwide customs and police operation has resulted in the seizure of large quantities of protected flora and fauna across every continent. Recently, INTERPOL and the World Customs Organization (WCO) coordinated Operation Thunderball, with police and customs administrations leading joint enforcement operations against wildlife and timber crime across 109 countries. The intelligence led operation identified trafficking routes and crime hotspots ahead of time, enabling border, police and environmental officers to seize protected wildlife products ranging from live big cats and primates to timber, marine wildlife and derived merchandise such as clothing, beauty products, food items, traditional medicines and handicrafts. A team of customs and police officers together coordinated global enforcement activities from an Operations Coordination Centre at INTERPOL’s Global Complex for Innovation in Singapore.

Worldwide environmental impact

nitial results have led to the identification of almost 600 suspects, triggering arrests worldwide. Further arrests and prosecutions are anticipated as ongoing global investigations progress. Global seizures reported to date include: ●● 23 live primates, ●● 30 big cats and large quantities of animal parts, 68

●● 440 pieces of elephant tusks and an additional 545 Kg of ivory, ●● More than 4,300 birds, ●● Just under 1,500 live reptiles and nearly 10,000 live turtles and tortoises, ●● Almost 7,700 wildlife parts from all species, including more than 30 kg game meat, ●● 2,550 cubic meters of timber (equivalent to 74 truckloads), ●● More than 2,600 plants, ●● Almost 10,000 marine wildlife items, such as coral, seahorses, dolphins and sharks. The operation saw half a tonne of pangolin parts bound for Asia seized in Nigeria, and the arrest of three suspects in Uruguay attempting to smuggle more than 400 protected wildlife species. The operation highlighted the continuing trend for online wildlife trade, with 21 arrests in Spain and the seizure in Italy of 1,850 birds resulting from two online investigations. “Wildlife crime not only strips our environment of its resources, it also has an impact through the associated violence, money laundering and fraud,” said INTERPOL Secretary General Jürgen Stock, “Operations like Thunderball are concrete actions targeting the transnational crime networks profiting from these illicit activities. We will continue our efforts with our partners to ensure that there are consequences for criminals who steal from our environment.” SecurityLink India ■ August 2019

Police-customs cooperation: A sustainable approach against organised wildlife crime

“

As clearly illustrated by the results of Operation Thunderball, close cooperation at international and national levels to combat wildlife crime must never be under-estimated,” said WCO Secretary General Kunio Mikuriya. INTERPOL and the WCO have a long history of cooperation, regularly supporting each other’s operations in the field. Operation Thunderball marks a new direction in their partnership, bringing them together as joint operational partners on the frontline to ensure wildlife trafficking is addressed comprehensively, from detection to arrest, investigation and prosecution. “Such initiatives will be replicated to raise awareness within the global law enforcement community on the gravity of global wildlife crime and to better coordinate cross-agency efforts, including the engagement of civil society groups to detect and deter wildlife criminal networks,” added Dr Mikuriya. Slight declines in the seizures of certain species are a sign that continued enforcement efforts are bearing fruit, and that compliance levels are improving. “For the sake of our future generations and the world we live in, it is vital that we stop criminals from putting livelihoods, security, economies and the sustainability of our planet at risk

International Updates

by illegally exploiting wild flora and fauna,” said Ivonne Higuero, CITES Secretary General. CITES is the convention on international trade in endangered species of wild fauna and flora, which ensures that international trade in specimens of wild animals and plants does not threaten their survival. “Operation Thunderball sends a clear message – we will continue to work closely with our International Consortium on Combating Wildlife Crime (ICCWC) partners in support of efforts to implement CITES and address wildlife crime, deploying our

collective strength and expertise to ensure that no stone is left unturned and wildlife criminals face the full force of the law,” added Ms Higuero. Throughout Operation Thunderball, customs and police officers, supported by environmental authorities, wildlife and forestry agencies, border agencies and CITES management authorities, worked together to identify and intercept shipments containing flora and other species protected and regulated under the CITES convention. Coordinated jointly by INTERPOL’s environmental security programme and the WCO environment

programme, Operation Thunderball is the third in the ‘Thunder’ series, following Thunderbird in 2017 and Thunderstorm in 2018. Operation Thunderball is financially supported by the European Commission’s Directorate-General for International Development and Cooperation as a deliverable of the ICCWC, the US Department of State’s Bureau of International Narcotics and Law Enforcement Affairs, the United States Agency for International Development and the UK Government, Department for Environment, Food & Rural Affairs.

Sdg 16 is the Key to the 2030 Agenda A

s the High Level Political Forum on Sustainable Development recently began at the United Nations in New York, the global anti-corruption coalition Transparency International called on the UN to annually review Sustainable Development Goal (SDG) 16 – Peace, Justice and Strong Institutions. SDG 16 is one of six goals being reviewed in depth at the United Nations this week. SDG 16 includes commitments to fight corruption, increase transparency, tackle illicit financial flows and improve access to information. As such, the goal is critical to the entire 2030 Agenda, because corruption undermines progress on all other SDGs. “Whether the focus is ending hunger and poverty, ensuring access to health, education, and clean water for all, or protecting marine environments and combatting climate change, fighting corruption is an essential pre-requisite for advancing the 2030 Agenda,” said Delia Ferreira Rubio, Chair of Transparency International, “When aid is siphoned off by the corrupt, when politicians come under undue influence from vested interests, or when citizens are unable to hold their governments to account over the delivery of essential services, the entire sustainable development programme is set backwards.” The United Nations estimates that corruption, bribery, tax evasion and related illicit financial flows deprive developing countries of around US$1.26 trillion per year. This has recently been reinforced by IMF research showing that corruption reduces global tax revenues by US$1 trillion annually. “Reducing corruption is an important component of the sustainable development agenda, and one that all state parties have an obligation to address,” said Patricia Moreira, Managing Director of Transparency International, “The scale of the challenge and its impact on sustainable development should compel the UN to review SDG 16 every year and set concrete, advanced indicators to measure its progress.” SecurityLink India ■ August 2019

International Updates

2019 Thales Access Management Index Finds almost half of businesses believe cloud apps make them target for cyber-attacks

ccording to new research from Thales, almost half (49%) of businesses believe cloud apps make them a target for cyber-attacks. Surveying 1,050 IT decision makers globally, Thales’ 2019 Access Management Index revealed that cloud applications (49%) are listed in the top three reasons an organization might be attacked, just behind unprotected infrastructure such as IoT devices (54%) and web portals (50%). With cloud applications now a crucial part of day-to-day business operations, the majority (97%) of IT leaders believe that cloud access management is necessary to continue their cloud adoption. However, despite four in 10 (38%) organizations appointing a CISO due to concerns over data breaches in the past 12 months, and 79% of IT decision makers stating that CISOs are responsible for selecting the solutions their company has in place, just one in 10 (14%) are given the final decision on cloud access management. In fact, companies are more likely to put their faith in a traditional IT role, CIOs (48%) when dealing with this, suggesting a disconnection between the decision-making and implementation surrounding cloud security. “Thales protects our customers’ business by enabling them to securely access and use cloud applications. The 2019 Thales Access Management Index findings clearly

Four in 10 (38%) organizations appoint a CISO due to concerns over the number of breaches occurring in the last 12 months 75% of organizations rely on access management to secure their external users’ log-ins to online corporate resources

show concerns surrounding cyber-attacks when deploying cloud applications. Trusted access to the cloud is key to our customers’ digital transformation, but without adequate investment in a dedicated CISO office, organizations will lack the leadership required to implement the correct security strategy or solutions to keep them secure in the cloud,” said Tina Stewart, Vice President Market Strategy for Cloud Protection and Licensing Activity at Thales.

Breaches bringing changes

ositively, the growing awareness of consumer data breaches has led to organizations taking action – almost all (94%) have changed their security policies around access management in the last 12 months. What’s more, the biggest areas of changes have focused around staff training on security and access management (52%), increasing spend on access management (45%), and access management becoming a board priority (44%).

Obstacles blocking access management

n spite of the updates to security policies, the majority of IT leaders (95%) believe ineffective cloud

SecurityLink India ■ August 2019

International Updates

access management is still a concern for their organization. In fact, their biggest concerns are its impact on security (48%), IT staffs’ time (44%) and on operational overheads and IT costs (43%). Worse, when it comes to implementing access management solutions, they cited costs (40%), human error (39%) and difficulty integrating them (36%) as the biggest obstacles. When it comes to cloud solutions, three-quarters (75%) of organizations already rely on access management to secure their external users’ log-ins to online corporate resources. In particular, two-factor authentication is the most likely (58%) tool to be seen as effective at protecting cloud and web-based apps, followed by

smart single sign-on (49%) and biometric authentication (47%). Stewart concluded, “While organizations are getting to grips with access management solutions, IT and business decision makers must ensure they understand the risks to their cloud solutions in order to implement the relevant ones. These solutions must be perimeter-free, compatible with a zero-trust model, and flexible and adaptive in order to make the most of the latest technologies such as smart SSO. Without effective access management tools in place organizations face a higher risk of breaches, a lack of visibility and incur extra costs from poorly optimized cloud.”

Johnson Controls Announces

VideoEdge Integration with EntraPass go Mobile App J

ohnson Controls is introducing the integration of the Tyco Kantech EntraPass go Mobile App with the Tyco American Dynamics VideoEdge software, enabling remote management of access control, video and intrusion tasks for seamless, on-the-go security system operation from a mobile device. The American Dynamics VideoEdge integration with the EntraPass go Mobile App provides a single easy use interface for managing, responding and controlling aspects of the video management system infrastructure through the use of the EntraPass go Mobile App. Video management capabilities include the ability to view live video with PTZ control, video playback with manual search, and the ability to view video linked to access and/ or intrusion events. With the EntraPass go Mobile App, users can manage and create cards, lock and unlock doors, view live video, arm and disarm intrusion partitions and request reports. This free app enables users to interact with EntraPass security management system software from anywhere, without being tied to the EntraPass workstation. The VideoEdge platform improves the efficiency of security personnel and daily business operations by creating powerful video management solutions allowing users to leverage high-performance video streaming, analytics and video intelligence. EntraPass go Mobile App is available on Android and Apple devices. SecurityLink India ■ August 2019

International Updates

IPS Intelligent Video Analytics First to Join the Hikvision Embedded Open Platform (HEOP) Program

PS Intelligent Video Analytics is the first company to join the Hikvision Embedded Open Platform (HEOP) program. Through HEOP, IPS will upload its cutting-edge analytics modules to Hikvision 5 series network cameras. The global HEOP program enables third-party providers to develop their own applications and install them directly on Hikvision cameras. This brings a greater variety of intelligent functionality directly to customers, while development partners can benefit from Hikvision’s global reach.

Intrusion detection

ntrusion detection delivers real-time alerts in the event of an intruder entering a secured outdoor area.

Loitering detection

his module delivers real-time alerts if individuals are loitering in monitored areas.

Indoor detection

he indoor detection module alerts users in real-time in the event of intruders entering secured indoor areas.

More cost-effective, more flexible

mbedding these modules into the cameras means there is no need for additional servers, which saves money for Hikvision customers and increases flexibility in solutions architecture design. One module can be operated per installed camera, and the data can be viewed easily on a web browser.

Building on state-of-the-art technology

Five innovative camera based analytics modules

PS Intelligent Video Analytics has decades of analytics expertise, and has developed a wealth of advanced analytics functionality. Through HEOP, IPS is embedding five analytics modules into Hikvision 5-series network cameras. They are motion detection, sabotage detection, intrusion detection, loitering detection and indoor detection.

Motion detection

his intelligent video analytics module offers real-time alerts when objects are seen to move within predefined areas.

Sabotage detection

abotage detection alerts users in real-time when attempts are made to tamper with the camera e.g., if the camera is covered, redirected, sprayed or blinded. 72

he Hikvision 5-series network cameras are already impressive, combining DarkFighter low-light surveillance with high definition recognition for the first time. Improved codec technology also boosts transmission efficiency. The cameras are ideal for any where that needs 24-hour colorful images from streets and shopping malls to office buildings. Jens Berthelsen, Global Partner Alliance Manager at Hikvision said, “We’re excited that IPS has become our very first partner for the HEOP program. We’re looking forward to seeing how their functionality can help our customers extract new value from our Hikvision 5-series network cameras, while helping them to build even more streamlined, cost-effective security solutions.” Alain H. Benoit, Head of Marketing and Sales at IPS said, “The HEOP platform design makes it incredibly easy to integrate our video analytics into the Hikvision cameras. This integration provides customers with an advanced solution when it comes to real-time detection of suspicious objects or events.”

SecurityLink India ■ August 2019

International Updates

Wins Most Intelligent Building IBcon Digie Award For Bee’ah’s Iconic New Headquarters

ohnson Controls has recently announced its Digie Award win for ‘Most Intelligent Building – Corporate Headquarters’ for its ground-breaking work on Bee’ah’s new headquarters in the UAE. This award recognizes extraordinary examples of buildings, projects and communities that best demonstrate smart, connected, high performance intelligent building concepts throughout the world. Using Johnson Controls Digital Vault and extended capabilities built on Microsoft Azure, Johnson Controls partnered with Microsoft and the Middle East’s leading digital transformation catalyst, Evoteq, to implement intelligent edge systems, devices and software designed to optimize energy efficiency, make the best use of available space and help the building’s occupants be more productive. “With the help of Johnson Controls, Microsoft and Evoteq, Bee’ah is thrilled to be recognized for becoming the first building in the region, and one of the first in the world, to have full integration with AI to support new seamless experiences for optimization of efficiencies, performance and functionality,” said HE Salim Al Owais, Chairman of Bee’ah, “This award represents the Middle East’s commitment toward creating a sustainable future for smart buildings within the region’s urban fabric. In alignment with our vision of merging the core pillars of sustainability and technology to

build a future-ready economy, our headquarters has become a benchmark for sustainable, intelligent buildings everywhere by being fully powered by renewable resources and optimized to achieve zero net energy consumption and reach LEED platinum certification.” At Bee’ah’s headquarters, Digital Vault is revolutionizing the construction industry by translating the physical world inside a building into a digital representation with rich data that can be visualized, analyzed and acted upon to deliver proactive maintenance, optimize building systems, and deliver intelligent support for the people inside. From digital workspaces to smart back-office integration, and from smart lobby-visitor management to smart security, employees and visitors at Bee’ah’s new headquarters will experience a diverse range of cutting-edge AI features through multiple touch-points across various functions including HR, customer care, procurement, administration, and meSecurityLink India ■ August 2019

chanical electrical and plumbing. “It is an honor to be recognized for our part in making Bee’ah’s new headquarters one of the most intelligent buildings in the world,” said Sudhi Sinha, Vice President and General Manager of Digital Solutions at Johnson Controls, “This accolade demonstrates the shift around the world that prioritizes a holistic transformation approach over a siloed technology mindset, allowing companies around the world – like Bee’ah – to reap the reward of true digital transformation.” “We’re proud to be leading the charge of creating innovative solutions that merge the physical and digital worlds to transform traditional building systems,” said Dr. Marcus Schumacher, Vice President and General Manager GCC at Johnson Controls, “We are dedicated to helping more businesses and organizations achieve new levels of efficiency and sustainability around the world using our past knowledge and deep expertise.” For the past 21 years, the Digie Awards have recognized companies, real estate projects, technologies and people that have gone above and beyond to positively impact the real estate industry using technology, automation and innovation. This year’s award winners were announced at the Realcomm/ IBcon 2019 conference at the Music City Center in Nashville, TN. 73

International Updates

Dahua Technology’s AI Person Re-Identification Refreshed Three Data Sets Records A

fter obtaining the first place in the open dataset ranking in 2018 and the large-scale person search competition of PRCV2018, Dahua AI Person Re-identification technology recently made another breakthrough – in the three international authoritative open data sets Market1501, DukeMTMC-reid and CUHK03, the key indicator mAP reached 91.98%, 83.96%, and 85.72% respectively, refreshing the best performance record and continuing the leading position in algorithm. This year, Dahua AI

Dahua Person Re-identification Technology in Open Dataset Indicators

technology has acquired the top rankings in many international competitions fields such as semantic segmentation and instance segmentation etc. Person re-identification technology, referred to as Person-ReID, uses computer vision technology to retrieve the same target person under different cameras. This technology has great practical value for carrying out artificial intelligence businesses because of the difficulty to recognize the same target due to the different image shooting angles, resolution, 74

target postures, obstacle occlusion, and uneven illumination under different cameras. Based on years of technical accumulation in vehicle and person recognition, Dahua Technology has achieved breakthroughs in the following three areas to facilitate the AI application. First of all, Dahua Technology’s innovative application of image data enhancement methods, including random blur and random interception strategies, enabled the effective simulation of complex situations such as body occlusion, blur and incompleteness in various environments. The random interception strategy is conductive to mine the potential feature extraction of the block components network and to improve the network feature matching performance.

Dahua video structured server search by image application results

SecurityLink India ■ August 2019

International Updates

Secondly, for the problem of feature granularity difference in multi-branch component network, a progressive part model (PPM) is adopted. There is cascaded semantic relation among the branches besides the shared basic convolution network. Finally, while designing PPM network, the overlapping sampling operation is used to facilitate the extraction of more striking feature information from each component branch, and the improved loss function is used to learn the feature embedding space based on spherical constraints. In addition, a branch based on the attention scoring mechanism is added to the PPM feature layer to enable the network to adaptively combine the multi-granularity features of the human body from each branch. The person re-identification technology has been successfully applied in Dahua video structured cameras and video structured analysis servers, and has maintained a leading place in the search by image performance of ultra-largescale pedestrians, non-motor vehicles and motor vehicles, targeting smart cities, buildings, supermarkets and other places to reduce user costs, improve work efficiency and video development application value.

Gallagher Gives Security Customers Free Auditing Tool G

allagher has recently released a cyber security auditing tool – and they’re giving it away to their customers for free. Gallagher’s Security Health Check (SHC) tool is designed to help Gallagher customers identify and understand potential vulnerabilities within their security system. Gallagher’s customers can use the SHC utility to run an automated check via their Gallagher Command Centre system at any time, reducing the time and expense of performing regular manual audits. SHC identifies system vulnerabilities, assesses the severity of the threat, and provides specific recommendations to mitigate the risk and ensure correct system configuration. It also provides a mechanism to compare against earlier audit results to ensure organisations can track improvement over time and better plan system upgrades. Gallagher dedicates significant resource to the research and development of cyber-secure solutions, and has a commitment to helping customers gain full visibility and a deep understanding of how their security system works. “We designed security health check to give sites ownership of the state of their system,” said Steve Bell, Chief Technology Officer at Gallagher, “Security risks and system vulnerabilities aren’t static, it’s important to us to promote and support a culture of ongoing improvement within our industry.” SHC proactively addresses the ever evolving threat of cyber-attack, while supporting sites to protect the data held within their access control system. “Security systems can be vulnerable to cyber attacks for a variety of reasons, and the consequences can be significant,” said Bell, “A cyber breach via security systems can potentially allow access to personal data, restricted areas and intellectual property; it could also lead to unauthorized control over HVAC, lighting and building systems in order to disrupt operations.” Gallagher believes that in today’s world of evolving threats, it’s no longer enough to supply the tools and walk away. As the leading security system manufacturer to offer a system audit tool of this kind, Gallagher hopes to inspire the security industry to become more transparent with its customers and empower them to better understand their vulnerabilities. SecurityLink India ■ August 2019

International Updates

Avigilon’s Product Line up for GSX 2019 Using AI to bring focus to security

vigilon Corporation, a Motorola Solutions company, is showcasing some of its latest and most innovative products and technologies at GSX 2019 during September 10 to 12, 2019 in Chicago, Illinois. Avigilon will showcase the next generation of video analytics, artificial intelligence, access control and cloud solutions, as well as some of the integrations with Motorola Solutions. Avigilon will be demonstrating how these latest technologies are redefining how customers consume data in order to help them gain actionable information. Through the power of cutting-edge video analytics and AI, these new products and technologies can help customers verify potentially critical events and act faster. Avigilon will preview its latest solutions including: ●● The most advanced edition of Avigilon’s Control Center (ACC™) video management software featuring Focus of Attention – a new concept for live video monitoring, powered by AI. ●● The H5A camera line – built with Avigilon’s next-generation of advanced video analytics with the ability to detect more objects with even greater accuracy. ●● The latest updates to Avigilon Appearance Search™ technology, a sophisticated deep learning artificial intelligence (AI) search engine that sorts through hours of footage with ease. New exciting features will be released closer to the show. ●● The latest version of Avigilon Blue™, a subscription-managed cloud video security platform that enables flexible site monitoring and utilizes analytics that provide important information about a site. ●● Avigilon unusual motion detection (UMD) technology, an advanced AI technology designed to continuously learn what typical activity in the scene looks like and focus the operator’s attention on atypical events that may need further investigation. ●● The new high resolution H4 Thermal camera which combines patented Avigilon technology with heat-sensing capabilities to improve perimeter security in areas with poor visibility, difficult lighting conditions and absolute darkness. ●● The integration of Avigilon Control Center (ACC) video management software into Motorola Solutions’ CommandCentral Aware and Ally. 76

SecurityLink India ■ August 2019

Dahua Technology Joins the Open Security & Safety Alliance Global industry leaders collaborate to promote the creation of a common standardized platform for security and safety solutions

ahua Technology, a world-leading video-centric smart IoT solution and service provider, recently announced its membership in the Open Security & Safety Alliance (OSSA) – a non-profit, non-stock corporation that brings together like-minded organizations who are willing to contribute to a framework, providing standards and specifications for a common standardized platform for security and safety solutions. Dahua Technology joins OSSA at the Contributor level to accelerate the development of the open ecosystem. “OSSA is a great platform approach to build an Android-based IoT ecosystem alongside key players in our industry including equipment suppliers, software developers, chipset suppliers and others,” said Gao Jiaqi, Overseas Marketing Director at Dahua Technology, “We are glad to become a part of this Alliance, and Dahua Technology is committed to cooperate with the key players in the industry. Dahua Technology with its solid knowledge in both hardware and algorithm aims to bring true values for end users.”

The Open Security & Safety Alliance: Driving a common approach

SSA was formed in reaction to today’s market characterized by the continued evolution of the Internet of Things and the aggregation of data. Se-

International Updates

curity and safety solutions are fragmented due to the lack of a collaborative approach to common challenges including cyber security and common operating systems. This is holding back innovation and seamless integration. In order to add real value for customers, the market needs a new direction and a framework that will enable relevant market players to focus on innovation and development of new applications that deliver value add for users and customers. Benefits of joining OSSA include access to the Alliance framework and the possibility to connect, discuss, influence and collaborate with other Alliance members to help shape a new direction for the industry. Participants share best practices and contribute to a common framework ‘for the industry by the industry.’ Together, OSSA members are providing standards and specifications for common components including an operating system, IoT infrastructure, collective approach for data security and privacy, and a drive for improved levels of performance across products, solutions and services. “Shifting the security systems market to where we’re all working from a common platform and operating system will transform our security and safety market with regards to reducing friction, fueling innovation and raising the bar regarding data security and performance,” said Johan Jubbega, President, Open Security & Safety Alliance, “The work we are doing together through OSSA is solving many of the pain points we’ve felt for a long time throughout our industry, and having leaders like Dahua Technology join us to lend their support and video surveillance expertise will further drive improvements and innovation to benefit stakeholders and users alike.”

Genetec Partners with BlackBerry Cylance to include AI-based Antivirus in its

Appliance Portfolio

Company to integrate CylancePROTECT into Streamvault appliances

enetec Inc. is partnering with Cylance, a business unit of BlackBerry, Limited to bring AI-based antivirus protection to its appliances customers. Through this partnership, Genetec will offer additional cyber security protection to its Streamvault™ family of infrastructure solutions by including CylancePROTECT® out-of-the-box at no additional cost to its customers. Genetec Streamvault all-in-one and rackmount appliances, storage and workstations are expected to be shipped pre-installed and optimized with CylancePROTECT in September 2019. “Genetec is committed to creating secure solutions from the ground up and have practices in place to help identify and mitigate risk for our customers. Cyber security is at the core of our development process and we see that cyberthreats are evolving faster than ever. With CylancePROTECT, Genetec is delivering the latest in prevention-first, predictive security technology to Streamvault customers and providing them with up-to-date protection, without compromising appliances guaranteed performance,” said Francis Lachance, Director, Video and Appliances at Genetec. CylancePROTECT protects endpoints and organizations from compromise by combining the power of artificial intelligence to block malware infections with additional security controls that safeguard against script-based, file-less memory, and external device-based attacks. Unlike traditional endpoint security products that rely on signatures and behavior analysis to detect threats in the environment, CylancePROTECT uses machine learning, not signatures, to identify and block known and unknown malware from running on endpoints. The software delivers prevention against common and unknown (zero-day) threats without an internet connection. It continuously protects an endpoint without disrupting the end-user and provides minimal impact on system resources. “For years, traditional antivirus prevention products relied on signatures as their primary threat protection method. Assuming all attacks on a business had been seen before, using signatures made sense. However, today, malware mutates daily, even hourly, making signature-based prevention tools obsolete. In mission-critical industries such as the physical security industry, organizations need to think beyond traditional antivirus. We are pleased to partner with Genetec as we share the same passion for protecting our customers against cyber-attacks,” said Steve Rossi, Global Director of OEM sales at Cylance. Because it uses very little computing power, CylancePROTECT will not affect the smooth running of Genetec appliances, allowing customers to benefit from proactive threat detection without monopolizing crucial resources. In addition, with no Internet connection or signature updates required, CylancePROTECT will protect remote endpoints connected to the Genetec system. SecurityLink India ■ August 2019

feature

The Evolution of Video Data Protection

Reliability, Performance & Security By Brandon Reich – Vice President of IoT and Security for Pivot3

ver the past year, we’ve been focusing on a lot of big buzzwords. Deep learning, artificial intelligence and cybersecurity are hot topics, and these trends undoubtedly define the current landscape. In today’s evolving business environment, none is more complex and challenging than cybersecurity. The growing number of cyber threats around the world has ensured that data security is a top concern for all types and sizes of organizations. It is more vital than ever to protect video and corporate data to ensure critical data is secure and safeguarded from unauthorized use. In addition to protecting IT assets, video data requires stringent logical and physical protection to ensure compliance and reduce unauthorized breaches.

When seeking to ensure the protection of critical data, the first step of any effort should be the deployment of an infrastructure solution that can provide the highest levels of performance, resiliency and availability so that video data is stored without loss, protected from any failures, and always available when and where it is needed most. But ensuring data is protected from all sources is critical. A threat could enter from anywhere in an organization’s ecosystem and regardless of the nature of the attack, the cyber criminal’s goal is to exploit vulnerabilities quickly and profit from them. Therefore, the industry needs to ensure that it provides products and services that deliver resilient protection methods, align with current IT processes, and reduce the oppor-

SecurityLink India ■ August 2019

feature

tunity for exploitation. Below, we take a look at the ways in which companies are taking proactive measures to ensure robust levels of cybersecurity from point of manufacture to deployment.

A changing tide

ith so much data to be protected, security leaders need to evaluate not only how to store video data but how to secure it along with its entire video surveillance ecosystem. In the past, this meant making sure that physical security processes were aligned so that an individual could not physically tamper with a camera; however, now the focus has turned to IT processes ensuring that no one can access the camera and its data via the network. This trend is quite a change from years past when cybersecurity wasn’t part of any physical security conversation. However, the adoption of IP connected devices made the cyberattack a genuine possibility. Additionally, cyber threats continue to increase and evolve in sophistication. The industry must stay proactive in its approach to mitigating these risks. Video surveillance is the first real IoT application, and in fact, connected cameras are ubiquitous. Since we have already seen the impact of unsecured IoT devices (the Mirai Botnet attack), there is greater risk of additional vulnerabilities. Unforeseen risks could lead to more damaging attacks such as accessing or tampering with private video, controlling door locks and access control systems, disabling alarm systems, and more. The reality is that we continue to move toward a world of more interconnected devices and this will bring to light new cyber vulnerabilities. As security professionals, we are entrusted by our customers to provide secure products and guidelines to safeguard these products from potential hacking. By working together as an industry to provide a system that is rigid against cyber-attacks, we improve overall cyber protection, and this level of collaboration gains further importance going forward.

A collaborative approach

t Pivot3, we’ve looked carefully at how we can reduce network vulnerabilities. We’ve expanded our relationship with HyTrust, a leading data security vendor, to deliver secure and compliant video surveillance infrastructure solutions that ensure high levels of data protection. Through highly secure encryption and comprehensive role-based access control, HyTrust workload security solutions ensure the highest levels of data protection. Combined with Pivot3 HCI for video surveillance, we can deliver a video surveillance solution that meets the data security and compliance requirements of mission-critical environments. Let’s look at how these two functionalities can be used to protect video surveillance data: Encryption is typically a resource-intensive process that requires more powerful servers to maintain video performance, resulting in the need for customers to purchase additional costly hardware. By leveraging HyTrust’s software-based encryption, video system performance is maintained with nominal CPU overhead, eliminating additional hardware investments. Beyond encryption, HyTrust also provides a comprehensive feature set that secures all aspects of a video surveillance infrastructure. Role-based access control provided by HyTrust Cloud Control allows only authorized individuals to have control over system management, while forensic logging and auditing help achieve regulatory compliance. This is only an example of how we as a company are working to meet the cybersecurity needs of our customers. There are other solutions and processes to consider, and each security leader needs to evaluate what parameters work best for their environment. Regardless of application, a secure, compliant video surveillance infrastructure enables organizations to maintain strict levels of cyber and physical security to ensure brand protection and data security, and that is our overall goal.

Pivot3 was founded by several industry veterans of Compaq, VMware, and Adaptec with a vision to simplify datacenter by collapsing storage, compute and network resources onto a powerful, easy-to-deploy solution that would reduce cost, and operational risks, and ease overall system management. Since shipping the first hyperconverged infrastructure platform in early 2008, Pivot3 has built best-in-class solutions that have solidified their place as the technology and performance leader for hyperconverged infrastructure. As the only hyperconverged provider with an advanced intelligence engine, they enable customers to consolidate multiple, mixed workloads across on-prem, edge and cloud environments, and guarantee performance to the applications that power their business. SecurityLink India ■ August 2019

feature

Where are the Opportunities for Non-Leading Safety Suppliers Amid the Global Economic Slowdown? By Jessica Nian – Research Analyst, Manufacturing Technology, IHS Markit

he Industrial Internet of Things (IIoT) is expected to become more widespread during the next five to 10 years. This trend is driving manufacturers to develop strategies to ensure their future competitiveness. Smart industrial connections that link machines to products with radio frequency identification (RFID) allow all users to increase productivity and profitability using dynamic monitoring. This leads to more proactive safety strategies. Leading automation suppliers often have long-term relationships with their customers. These customers tend to be experienced in automation systems and are highly educated about safety concepts. As a result, these companies demand more advanced safety services from their automation suppliers. For leading automation suppliers, safety services present the biggest growth opportunities. The innate advantage held by these leading manufacturers is not easy for non-leading safety focused suppliers to acquire. Their clients tend to be more price-sensitive and have lower demand for high-end safety services.

Economic challenges bring fear – and opportunity

n late 2018, an economic slowdown was seen in almost all major economies. The automotive industry in China showed a decline in sales in the last quarter of 2018, highlighting the potential economic risk in Asia Pacific. Brexit, the Italian economic crisis and other political and economic uncertainties are leading to decreased gross domestic product (GDP) growth and reduced manufacturing capital invest80

ments. As a result of the global economic slowdown, many OEMs and end-users have become more cautious and are postponing investment decisions. The global risks may not affect the safety market immediately, but the fear is contagious and creates uncertainty. However, where there is a challenge, there is also an opportunity. The global economic slowdown represents a turning point wherein many non-leading suppliers can target more high-end products and solutions to build better brand images. Clients soon will require basic safety products to meet the regulatory demands. Meanwhile, most clients are postponing investments on advanced safety projects to eliminate the risk of further negative sales performance. However, in the long term, the highest growth and highest revenue opportunities will come from the advanced integrated safety solutions in accordance with the developments of the IIoT. This is the good time for non-leading safety suppliers to cultivate new clients and promote a positive brand image by introducing high-end safety solutions. Creating a progressive brand image could help those suppliers enter the high-end market to capture long-term opportunities.

Safety market opens up

n the other hand, with the acceleration of IIoT and connectivity, the market is embracing open standards. The OPC Unified Architecture (UA) is a machine-to-machine communication protocol that’s gaining popularity. The protocol can enable users of independent platforms to run their solutions on any operating system, allowing more

SecurityLink India ■ August 2019

feature

advanced systems to be compatible with earlier systems, as well as enabling easier configuration and maintenance. Open industrial communication provides the foundation for non-leading suppliers to compete with larger manufacturers. As the amount of data generated at the machine-level increases, the network architecture should grow and change. The capacity and performance of standard Ethernet and industrial Ethernet may not keep pace with evolving needs. Released in 2018, the OPC UA time-sensitive networking (TSN) provides a vendor-neutral communications infrastructure for industrial automation based on open standards.

OPC UA maps to IEC TSN to enable real-time, or nearreal-time, communication between different machines, controllers, clouds and other information technology solutions. In less regulated countries with more open market cultures, OEMs and end-users are willing to accept new concepts and qualified products that have competitive prices. According to the latest IHS Markit Machinery Production Market Tracker, the total revenue of Chinese machinery production in 2018 was $525 billion. With such a huge market base, China is one of the most promising markets and highest growth opportunities for suppliers, especially in the safety market. The market is still developing and normalizing its safety standards.

Chinese IIoT and big data policies generate new opportunities

s a national strategy, big data will be supported by key policies during China’s 13th five-year plan period. Driven by the demands of the logistics and material handling industry, the big-data industry will witness an annual growth rate of over 100 percent, as intelligent logistics based on IIoT become commonplace, according to an estimate from

the Chinese government. All foreign suppliers are being encouraged by the Chinese government to cooperate with local enterprises to realize the success of IIoT. For those non-leading safety suppliers, this is a good time to enter the Chinese market because it will be easier to establish relationships with local clients. China is still demanding more advanced automation and safety solutions to shift to high-end manufacturing. Currently, China mostly requires basic safety products – with the sales of these products outperforming advanced safety components. Over 60 percent of China’s users, which usually are small and medium enterprises (SMEs), require basic-function safety products. Safety relays, E-stop and interlock switches are popular among these Chinese clients. However, national strategies illustrate the huge long-term opportunities in advanced products. The strategies now undertaken by safety manufacturing companies will shape the market share structure during the next five to 10 years. When

trying to capture the opportunities in China, non-leading suppliers must make a trade-off between stable revenues in short-term and high-growth during the long-term. Basic safety components include E-stops, safety interlock switches, safety relays, safety mats and safety drives. Advanced safety components include light curtains, laser scanners, safety I/Os and safety programmable logic controllers (PLCs). In conclusion, the demand for IIoT, big data and open industrial connectivity is creating the highest growth opportunities for non-leading suppliers. Within developing countries, non-leading suppliers can acquire more market share by educating potential customers on the importance of safety solutions and by providing lower priced safety products.

SecurityLink India ■ August 2019

feature

7 Home Security Mistakes You Need to Avoid By Mohammad Meraj Hoda

Vice President of Business Development Middle East & Africa at Ring

ecurity is one aspect of our homes that we should never overlook. Instead, home security is something that we need to constantly evaluate and improve upon. There’s always an opportunity to improve the security of our homes; we just need to know where to look. Here are some common mistakes that homeowners commit when it comes to home security, as well as some tips to make sure your home is always secure and your family is always safe.

Hiding a spare key outside

his should go without saying, but you should never leave a spare key outside your home. Experienced home intruders will know all the common hiding places,

so just avoid it altogether. If you absolutely need a backup plan to enter your home, consider giving a spare key to a trusted neighbour or purchasing smart door locks, which will allow you to remotely open your door, even if you can’t find your keys.

2 Leaving doors and windows unlocked

his may seem like a no-brainer, but there are many instances where you may forget to close and lock your doors or windows. For example, during a hot summer, you may decide to leave a few windows cracked while you’re out of the house. Or if you’re in a hurry, you might leave the house without locking the door. Leaving your doors and windows unlocked is an open invitation to home intruders, so always double-check them before leaving the house. If you decide to get smart locks, you can also use your smartphone to make sure your doors are locked while you’re away.

3 Not securing your garage door

n addition to doors and windows, your garage is one of the most vulnerable areas of your home. Many garage doors are electronically controlled by universal remotes, which can be easily opened by other modified ones. To protect your property, never leave your garage-door opener in plain sight, and always secure your garage with a heavy-duty padlock or an automated garage-door lock, which will automatically lock your garage as soon as it closes. 82

SecurityLink India ■ August 2019

feature

Having poor outdoor lighting

home invader wants to get in and out of your house as quickly and covertly as possible. Because of this, a home with a dark front or back garden will be their preferred target. Make sure there are no blind spots on the outside of your home. Get a light for your front porch that stays on all night, and place motion-activated floodlights around your property.

Providing hiding spots for home intruders

hick shrubbery and tall plants are great ways to provide some extra privacy for you and your home. Unfortunately, they also provide great hiding spots for home intruders lurking in your garden. If your entire front garden is visible from the street, a home invader will most likely think twice before trying to break-in. If it’s possible, be sure to keep the plants in your garden trimmed and use accent lights and floodlights to expose dark areas.

Posting your plans on social media

ou should never be too trustworthy of your ‘friends’ on social media. Globally, there are countless horror

stories of people announcing their plans online and getting robbed by people in their social networks, so you always err on the side of caution. Wait until you return from your trip or event before talking about it on social media, and if you absolutely need to share your plans, do it with a private group of people you can trust.

Having no security visible outside

avvy home invaders will know of all the latest security devices, and they’ll avoid homes if they know that they have effective security solutions in place. Sometimes, even just a security sign can deter a thief from breaking in, so get your devices set up, and make sure home intruders know that your home is protected. Some homeowners try to save money by mounting fake security cameras around the house, but experienced home intruders know all about the fake and ineffective devices you can buy. Home security is something you should never short-change, but there are ways to save money on effective home security solutions. With smart, Wi-Fi connected security devices, you’ll always have home security at your fingertips, and you can respond to and prevent suspicious activity as it happens.

Ring’s mission is to reduce crime in neighborhoods by creating a Ring of Security around homes and communities with its suite of home security products. The Ring product line along with the Ring Neighborhoods network, enable Ring to offer affordable, proactive whole-home and neighborhood security. In fact, one Los Angeles neighborhood saw a 55 percent decrease in home break-ins after Ring Video Doorbells were installed on just ten percent of homes. SecurityLink India ■ August 2019

feature

IT Managers are Inundated with Cyberattacks from All Directions and Struggling to Keep Up S

ophos has recently announced the findings of its global survey, ‘the Impossible Puzzle of Cybersecurity,’ which reveals IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up to date technology. The survey polled 3,100 IT decision makers from mid-sized businesses in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India and South Africa.

Cybercriminals use multiple attack methods and payloads for maximum impact

he Sophos survey shows how attack techniques are varied and often multi-staged, increasing the difficulty to defend networks. One in five IT managers surveyed didn’t know how they were breached, and the diversity of attack methods means no one defensive strategy is a silver bullet. “Cybercriminals are evolving their attack methods and often use multiple payloads to maximize profits. Software exploits were the initial point of entry in 23 percent of incidents, but they were also used in some fashion in 35 percent of all attacks, demonstrating how exploits are used at multiple stages of the attack chain,” said Chester Wisniewski, Principal Research Scientist, Sophos, “Organizations that are only patching externally facing high-risk servers are left vulnerable internally and cybercriminals are taking advantage of this and other security lapses.” The wide range, multiple stages and scale of today’s attacks are proving effective. For example, 53 percent of those who fell victim to a cyberattack were hit by a phishing email, and 30 percent by ransomware. Forty-one percent said they suffered a data breach.

Weak links in security increasingly lead to supply chain compromises

ased on the responses, it’s not surprising that 75 percent of IT managers consider software exploits, unpatched vulnerabilities and/ or zero-day threats as a top security risk. Fifty percent consider phishing a top security risk. Alarm84

ingly, only 16 percent of IT managers consider supply chain a top security risk, exposing an additional weak spot that cybercriminals will likely add to their repertoire of attack vectors. “Cybercriminals are always looking for a way into an organization, and supply chain attacks are ranking higher now on their list of methods. IT managers should prioritize supply chain as a security risk, but don’t because they consider these attacks perpetrated by nation states on high profile targets. While it is true that nation states may have created the blueprints for these attacks, once these techniques are publicized, other cybercriminals often adopt them for their ingenuity and high success rate,” said Wisniewski, “Supply chain attacks are also an effective way for cybercriminals to carry out automated, active attacks, where they select a victim from a larger pool of prospects and then actively hack into that specific organization using hand-to-keyboard techniques and lateral movements to evade detection and reach their destination.”

Lack of security expertise, budget and up to date technology

ccording to the Sophos survey, IT managers reported that 26 percent of their team’s time is spent managing security, on average. Yet, 86 percent agree security expertise could be improved and 80 percent want a stronger team in place to detect, investigate and respond to security incidents. Recruiting talent is also an issue, with 79 percent saying that recruiting people with the cybersecurity skills they need is a challenge. Regarding budget, 66 percent said their organization’s cybersecurity budget (including people and technology) is below what it needs to be. Having current technology in place is another problem, with 75 percent agreeing that staying up to date with cybersecurity technology is a challenge for their organization. This lack of security expertise, budget and up to date technology indicates IT managers are struggling to respond to cyberattacks instead of proactively planning and

SecurityLink India ■ August 2019

feature

Blockchain Technology Provides handling what’s coming next. “Staying on top of where threats are coming from takes dedicated expertise, but IT managers often have a hard time finding the right talent, or don’t have a proper security system in place that allows them to respond quickly and efficiently to attacks,” said Wisniewski, “If organizations can adopt a security system with products that work together to share intelligence and automatically react to threats, then IT security teams can avoid the trap of perpetually catching up after yesterday’s attack and better defend against what’s going to happen tomorrow. Having a security ‘system’ in place helps alleviate the security skills gap IT managers are facing. It’s much more time and cost effective for businesses to grow their security maturity with simple to use tools that coordinate with each other across an entire estate.”

Synchronized security solves the impossible puzzle of cybersecurity

ith cyberthreats coming from supply chain attacks, phishing emails, software exploits, vulnerabilities, insecure wireless networks, and much more, businesses need a security solution that helps them eliminate gaps and better identify previously unseen threats. Sophos Synchronized Security, a single integrated system, provides this much needed visibility to threats by integrating Sophos endpoint, network, mobile, Wi-Fi, and encryption products to share information in real-time and automatically respond to incidents.

Biometric Technology Vendors an Edge in the Government Sector

Biometrics to find high-growth opportunities in border control

ising consumer demand for convenience without compromising security is driving companies to adopt biometric technologies, propelling the $4.60 billion market toward $11.10 billion by 2023, at a compound annual growth rate of 19.3%. The proliferation of devices at the network’s edge and the rise of the Internet of Things (IoT) are creating a need for enhanced cybersecurity. In response, biometric companies are establishing new partnerships with blockchain technology companies to deliver identity management solutions. Meanwhile, the Biometric-as-a-Service business model is expected to gain considerable traction in both government and commercial applications. “Behavioral biometrics is poised to enjoy high uptake, especially in multi-factor authentication. Artificial intelligence (AI) and machine learning will be increasingly used to complement biometrics and enhance security,” said Ram Ravi, Industry Analyst at Frost & Sullivan, “Besides, with smart connected devices shifting customer preferences towards alternate commerce channels, biometric market players are establishing a blockchain strategy to augment their offering.” Frost & Sullivan’s recent analysis, North American Biometrics Market, Forecast to 2023, covers the modalities of fingerprint, face, iris, vein, voice, and others. It presents the key growth drivers and restraints, the impact of micro and macro trends on the market, key competitors and their offerings, as well as the strategies that they need to adopt. The study examines the application sectors of government (border control, law enforcement, e-ID) and commercial (physical access control, logical access control, surveillance). “Biometrics has been gaining prominence in border control since 2017, with facial recognition showing potential to become a ubiquitous modality,” noted Ravi, “Airports are witnessing increasing biometric deployments across the United States due to the government’s focus on border control. Biometrics usage in law enforcement is also anticipated to rise gradually.” Vendors can tap further growth opportunities by: ●● Offering greater visibility, machine-to-machine connectivity, and real-time interaction between people and assets to make the most of the rise of connected healthcare. ●● Collaborating and partnering with select blockchain vendors. ●● Including an AI engine. ●● Providing cloud-based services. ●● Building in-house capabilities to offer as value additions. ●● Fostering partnerships with AI vendors to cater to the changing customer environment. SecurityLink India ■ August 2019

product showcase

New Technology Partner Program Portal

ikvision has launched the new technology partner program portal (TPP Portal) which is designed to enhance collaboration with technology partners and system integrators, enabling development of new and innovative solutions for customers across all markets, and further drive market growth.

portal to find the ideal partners for each project. The portal will feature a public listing of all technology partners and their locations, coupled with rich information about their solutions, making it the ideal platform for striking up new business relationships.

Easy engagement with Hikvision integration support

he TPP portal empowers technology partners to engage with the Hikvision integration department in a private and password-protected environment. Key modules within the portal include integration support, marketing events, integration project tracking and solution information management.

Technical and commercial library

he TPP portal is a comprehensive repository of technical documentation for system integration. This includes SDK documentation, software tools and agreements. This area of the portal is only visible to technology partners, and selected sections are visible to individual partners only.

Hikvision Embedded Open Program (HEOP) management Technology partners can use the marketing capabilities of the portal to grow their businesses, taking full advantage of Hikvision’s global reach. Equally, systems integrators can also use the portal to learn more about Hikvision technology, to build new relationships with Hikvision’s technology partners. Jens Berthelsen, Global Partner Alliance Manager at Hikvision said, “Hikvision has a long-term strategy of working closely with technology partners and systems integrators to build the best possible offerings for customers. The technology partner program portal will be a driving force in enabling this. The portal will help our technology partners capitalize on their investment in working with Hikvision, and to scale up their businesses in a very cost-effective way. We are very proud of launching our new portal and invite our technology partners to join.”

Key features and benefits An ever-growing partner platform

he portal will become a comprehensive partner database, and system integrators will be able to use the TPP

echnology partners that want to embed their technology into Hikvision cameras can manage the process here, including distribution-friendly license management.

Motion Sensor with Machine Learning for High-Accuracy, Battery-Friendly Activity Tracking

TMicroelectronics has integrated machine-learning technology into its advanced inertial sensors to improve activity-tracking performance and battery life in mobiles and wearables. The LSM6DSOX iNEMO™ sensor contains a machine learning core to classify motion data based on known pat-

SecurityLink India ■ August 2019

product showcase

●● Machine learning technology classifies movement data to improve activity tracking. ●● Embedded intelligence and additional enhancements greatly reduce power for longer battery runtime in smartphones, wearables, and game controllers. terns. Relieving this first stage of activity tracking from the main processor saves energy and accelerates motion-based apps such as fitness logging, wellness monitoring, personal navigation, and fall detection. “Machine learning is already used for fast and efficient pattern recognition in social media, financial modelling, or autonomous driving,” said Andrea Onetti, Analog, MEMS and Sensors Group Vice President, STMicroelectronics, “The LSM6DSOX motion sensor integrates machine-learning capabilities to enhance activity tracking in smartphones and wearables.” Devices equipped with ST’s LSM6DSOX can deliver a convenient and responsive ‘always-on’ user experience without trading battery runtime. The sensor also has more internal memory than conventional sensors, and a state-of-the-art high-speed I3C digital interface, allowing longer periods between interactions with the main controller and shorter connection times for extra energy savings. The sensor is easy to integrate with popular mobile platforms such as Android and iOS, simplifying use in smart devices for consumer, medical, and industrial markets.

IB9387-LPR First License Plate Recognition Camera

aking video analytics to the next level, VIVOTEK, the global leading IP surveillance solution provider, has introduced a brand new license plate recognition camera, the IB9387-LPR. Featuring built-in license plate recognition software and edge-computing capability without additional

server, the IB9387-LPR can identify license plates from over 70 countries around the world. These, with other features make it a powerful license plate recognition (LPR) system and a cost-effective all-in-one device applied for condominiums, parking access control and stop & go toll systems. VIVOTEK’s IB9387-LPR also offers efficient access control management through black & white lists and multi-site camera centralized maintenance. With a black & white list embedded inside the IB9387-LPR, the control barrier will open the gate when a white list vehicle is detected. On the other hand, a black list vehicle will trigger an alarm and

a notification will be sent to security staff. With VIVOTEK’s IB9387-LPR, security staffs of parking lots with multiple entry points no longer need to upgrade system one after another. They can simply upload these lists to a single centralized LPR camera and all the other LPR cameras will download the master list, thus significantly reducing both installation time and maintenance efforts. Thanks to its various application programming interfaces (APIs), third-party systems such as parking management, toll collection and weighbridge systems are able to receive live LPR images with specific country, state, date, time and confidence level from IB9387-LPR. Finally, the sophisticated camera is safeguarded by Trend Micro IoT security, providing proactive protection in cybersecurity. Combining recognition and management technology, VIVOTEK’s IB9387-LPR offers an intelligent, scalable and highly secure standalone LPR system.

SecurityLink India ■ August 2019

product showcase

Synergis IX A New Line of Hybrid Access Control and Intrusion Hardware For the Australian and New Zealand Markets

enetec Inc. recently announced Synergis™ IX, a new line of hardware that combines access control and intrusion monitoring. The Synergis IX devices are designed to work with the Genetec™ Security Center platform to unify access control and intrusion functions with video surveillance, communications and more. Synergis IX is available immediately in Australia and New Zealand (ANZ) from Genetec partner Hills Limited. By adopting a line of hardware combining access control and intrusion devices in a single platform, customers can significantly reduce installation time and total cost of ownership, while achieving operational efficiencies and gaining greater insight into their security environment. “For both regulatory and practical reasons, our customers in Australia and New Zealand require hybrid solutions that offer both access control and intrusion in one device. Synergis IX provides this all-in-one access control and intrusion monitoring solution but opens the door to greater efficiency through Security Center, which unifies video surveillance, communications and other

security systems under the same platform,” said Thibaut Louvet, Director of Access Control Product Group at Genetec Inc. Featuring a broad range of hybrid controllers, modules, readers and keypads, Synergis IX enables users to control and monitor a scalable number of intrusion areas, doors, cardholders, and other field devices regardless of geographical location. With digital certificate support, claims-based authentication and end-to-end encrypted communications, security throughout every layer of the architecture is ensured. “The security market in Australia and New Zealand continues to grow at an exponential rate, with a tremendous appetite for solutions that enable customers to manage all of their security systems on a single interface. We are excited to work with our partners Hills Limited to bring Synergis IX to the ANZ market,” said Daniel Lee, Managing Director for Genetec APAC.

ULISSE EVO THERMAL Preventive Perimeter Protection 24/7

LISSE EVO THERMAL is a PTZ thermal camera developed to provide a preventative video surveillance system in critical infrastructures, transport, traffic, railways and fire detection applications. This thermal camera offers temperature detection based on the 4 central pixels of the image and the option to raise an

SecurityLink India ■ August 2019

product showcase

alarm based on temperature rules. As well as this, the advanced versions, available upon request, can measure the temperature of a specific object at any point in the image just defining an RoI. ULISSE EVO THERMAL maintains maximum operating efficiency with temperatures from -40°C (149°F), while the IK10, IP66/ IP67/ IP68, NEMA Type 4x and type 6p guarantee maximum protection against dust and bad weather, strong impact and vandalism. ULISSE EVO THERMAL offers unrivalled corrosion resistance, thanks to the special aluminum surface treatments and the techno-polymer used for its construction. The modern, linear design of ULISSE EVO THERMAL combines maximum strength and operational reliability with greatly reduced weight. This means easy and quick assembly and therefore lower installation costs and zero maintenance. ULISSE EVO THERMAL can be installed in different ways, even in the inverted position typical of the speed domes, using the large variety of brackets and adaptors available to satisfy every installation need. The brackets are also available with quick connectors for Ethernet/ PoE, for power and I/O, which allow fast and easy installation and maintenance.

New idis Micro Dome Ideal for High End Settings The compact design of theDC-C4212RX allows for faster and more convenient installation and is the perfect choice for retail and discrete security applications

he new DC-C4212RX 2MP micro dome camera is the latest addition to the DirectIP® line up from IDIS, which is South Korea’s leading in-country manufacturer of surveillance technology.

The compact design of the DC-C4212RX makes it the best choice for understated, less noticeable installations. The neat aesthetics are ideal for applications where there is a need for unobtrusive surveillance but where comprehensive, high-performance video capture is paramount. Measuring only 86mmx58mm and weighing just 105grams, the DC-C4212RX delivers advanced benefits within its lower profile and is the right choice for high-end locations such as jewellery shops and boutiques, as well as up-market restaurants and luxury hotels. The DC-C4212RX offers all the key benefits that installers expect from IDIS DirectIP dome cameras, including the company’s signature plugand-play installation and configuration. The elimination of a pigtail cable allows faster and easier deployment. The 3-axis mechanical lens enables rotation and easy angle adjustment, making it an important design feature for precise image capture, particularly when the camera needs to be discretely wall-mounted. The camera can also operate in a wide range of lighting conditions, delivering high performance live monitoring and playback. Other key features include true wide dynamic range (WDR), IR LED illumination up to 15m with day and night ICR, dual codec H.264/ H.265 performance, and easy, plug-and-play integration with IDIS VA in the box. This cost-effective video analytics appliance delivers value-add business intelligence gained from heat mapping, people counting, queue management and comprehensive reporting. “Our new micro dome is a great camera for installers to work with and it delivers outstanding surveillance capability for customers,” said James Min, Managing Director of IDIS Europe, “It further strengthens our end-to-end offering for retail applications including high street fashion, boutiques, dining, pubs and coffee shops – markets in which we have gained significant market share globally.”

SecurityLink India ■ August 2019

product showcase

Onvu360 Pro Mobile App Updates Enhance Functionality and Effectiveness

ncam placed significant effort and dedication into allowing its surveillance solutions to seamlessly translate for mobile capabilities. They announced the newest version of the ONVU360 Pro Mobile App that is available for both iOS and Android devices. The mobile application enables users to fully experience live and recorded surveillance through 180- and 360-degrees in full HD in the palm of a hand. Compatible with every Oncam camera, the unique, multi-touch 3D client-side dewarping app includes several new features such as: ●● Support for the panoramic cameras within the Evolution 180 range. ●● Significant improvements to SD card recordings, with the ability to access and play back recordings from the card when present. ●● Customized in-app messaging to deliver key information to customers. ●● The ability to group multiple cameras into a customizable camera group name. ●● The ability to save a camera view while viewing. The latest version of the ONVU360 Pro app also includes a redesigned intuitive and clean interface that is easy to navigate and control. This makes the multi-touch dewarp-

ing, which allows users to tap, drag, pinch or rotate the camera view, a quick and easy process. Streamlining this feature and the use of mobile applications in general is key when it comes to efficiency for security personnel. Mobile connectivity allows users to achieve full situational awareness and insight into a specific location or organization from any location and at any time. And in the event of an incident, time is of the essence, meaning it cannot be wasted searching through an application in an effort to view or extract the necessary data. Updates like those made to ONVU360 Pro enable users to immediately see all action taking place at a scene and determine the appropriate and informed response. By translating the intelligence and innovation of Oncam’s award-winning 180- and 360-degree wide angle technology to a mobile device, users can benefit from the expertise in surveillance solutions they’ve come to expect no matter where they are, facilitating enhanced security, awareness and efficiency.

New Line of Distributed Cloud Services & Cloud-Based Analytics Software New Services Provide Cloud-Like Simplicity with the Control and Security of an On-Premise Infrastructure

uantum Corp. recently announced Distributed Cloud Services, a new line of operational services and storage-as-a-service offerings. Quantum distributed cloud services are designed to enable customers to redirect valuable IT and engineering resources to focus on meeting business goals, improving the overall user experience and maximizing the return on investment for storage, while maintaining the control and security of an on-premise infrastructure. These services are powered by Quantum’s new cloud-based analytics (CBA) software, which serves as a central hub where Quantum products are designed to connect to send log files and other telemetry data about their 90

SecurityLink India ■ August 2019

product showcase

environment, making them part of the Quantum distributed cloud. Quantum’s global services team is then positioned to proactively manage the customer’s environment, either as an operational service or as a pay-per-use Storage-asa-Service offering. “I regularly meet customers with a wide range of interests – from making movies, to studying the environment, or providing a secure venue for a sporting event – but they have one thing in common – they want to focus on their business rather than the data storage that supports it,” said Jamie Lerner, Chairman and CEO, Quantum, “We’re seeing more customers who want the simplicity of cloud computing, but the performance and economics of on-premise storage. With Quantum’s cloud based analytics, all of our systems securely join a distributed cloud that can be managed by the customer or Quantum resources anywhere globally.”

The need for Distributed Services and Cloud Services

everaging and capturing value from digital data has become central to the success of many businesses today, which are increasingly challenged to create more, study more, and develop more with fewer IT and engineering resources. These businesses are looking to others to manage their data storage infrastructure so they can focus on their core mission.

Cloud like simplicity with on-premise control: Quantum operational services

uantum operational services, a new line of proactive managed services, are designed to provide cloud-like simplicity with the benefits of on-premise control. Using Quantum operational services, Quantum works with its customers to manage day-to-day storage operations, with the goal of providing better uptime via proactive monitoring and analysis. These services can create a better user experience for internal and external customers. Key benefits: ●● Eliminate the burden storage management places on IT and engineering resources.

●● Reduce downtime and improve the user experience. ●● Maintain the control and security of an on-premise infrastructure. ●● Maximize storage ROI.

Quantum Storage-as-a-Service offerings

or customers who want all the benefits of Quantum operational services, delivered with a pay-per-use subscription service, Quantum is also introducing a new line of Storage-as-a-Service offerings. Leading Quantum products can now be purchased via a predictable, pay-per-use pricing model with no data access fees. Key benefits: ●● Reduce upfront acquisition costs. ●● Reduce operational and administrative resources and costs by only paying for storage used. ●● Eliminate unplanned capital spend and forklift upgrades. ●● Improve control and security with an on-premise infrastructure. ●● Avoid data access fees or unpredictable charges. ●● Reduce downtime and achieve better performance.

Quantum cloud-based analytics software

t the core of Quantum’s new services is CBA software. Quantum designed CBA software to enable customers, partners and Quantum’s support team to proactively manage and monitor their environments across the globe from a central hub. Many of Quantum’s largest media customers, enterprises, and some of the world’s largest service

SecurityLink India ■ August 2019

product showcase

providers are using this software to actively manage their Quantum products and technology today. Customers who opt to send data to Quantum’s CBA software can choose to monitor their environments themselves, or Quantum can proactively monitor and manage their environments for them via the distributed cloud services.

New Linux Intelligent Controller Line New LP Intelligent Controller Series Offers Advanced Security, Enhanced Performance and Extensive Third-Party Integration Support for a Wide Range of Complimentary Applications

uilding upon the proven success of its open architecture series controllers, Mercury Security, a global leader in OEM access control hardware and part of HID Global, has recently launched its next-generation LP intelligent controller platform built on the Linux operating system. The new controllers offer advanced security and performance, plus extensive support for third-party appli-

cations and integrations – delivered on an identical form factor that enables seamless upgrades for existing Mercury based deployments. “As the industry leader in open platform hardware that addresses the diverse set of access control requirements, Mercury is defined by our ability to offer relevant solutions that meet the future needs of our partners and their customers,” said Matthew Barnette, President of Mercury Security, “Our new LP controllers mark a major step in forwarding our long term vision of providing open architecture based access control systems, especially in today’s new era of technologies and applications that are being used in smarter and more connected environments.” Mercury’s flexible LP controller family brings a game-changing level of extensibility and value to security and IT departments constantly seeking to stay ahead of the vast changes in technology. Its multi-device and third-party application integration capabilities allow organizations to easily integrate wireless locks, destination dispatch elevator controllers, intelligent power supplies and strong authentication for FIPS-201 government applications. In addition, the LP controller platform dramatically improves overall system security through stronger encryption, IT standards support, and OSDP support to protect reader connectivity and extended applications with Secure Channel. Plus, the controllers’ embedded crypto memory chip provides an extra layer of protection for encrypted data-at-rest applications – allowing customers to significantly increase their security. Combining these features with an improved processor, the powerful new LP controller line also delivers unrivaled capacity and speed. Mercury’s new controller line includes the LP4502, LP1501, LP1502 and LP2500 to offer the greatest flexibility for OEMs, channel partners and end customers to choose the controller configuration that best fits their needs. Partners and end customers can benefit from LP controllers in new access control systems or they can be used for seamless plug-andplay upgrades from Mercury’s existing EP series controllers.

SecurityLink India ■ August 2019

product showcase

LifeShield Enhancing DIY Smart Home Security Offering with New HD Video Doorbell Camera

●● People detection technology: It distinguishes between people and other objects, preventing unneeded notifications and recordings. ●● Crystal clear video from its 1080p HD resolution, 170º wide lens and night vision. ●● Notifications and video previews of the live event can be viewed on the LifeShield mobile app or security touchpad. In addition, the new LifeShield HD video doorbell provides custom detection in specific zones.

ifeShield is adding the LifeShield HD video doorbell to its lineup of easy-to-install and professionally monitored smart home security products. The new Wi-Fi-connected HD video doorbell complements the brand’s flexible ‘build your own set’ package, making it easy to tailor a security system to your smart home needs. “A brazen 34 percent of burglars enter through the front door, and online shopping has made the front porch thieves’ new favorite place to shop. The LifeShield HD video doorbell was designed specifically for owners seeking increased visibility around their front doors,” said John Owens, President of DIY at ADT, “The addition of the LifeShield HD video doorbell to our existing lineup makes LifeShield one of the most complete DIY home security systems on the market today.”

Key features

he LifeShield HD video doorbell pairs directly with the LifeShield home security system, giving owners the freedom to record, store and watch live and on-demand video. Features include: ●● Two-way audio support: The LifeShield mobile app and security touch-pad can give visitors the impression someone is home, even if they are not.

Powerful, Out-of-the-Box Security Command Center

dvanced Command Center helps security companies optimize resources, improve operational capabilities and manage risks. The Command Center achieves this with its ability to intuitively capture, process, and display essential information from the field required by supervisors to perform their duties on an easy to navigate screen, irrespective of their location. Trackforce™ has recently launched its new Command Center, which removes the need for security companies to have on-site supervisors at each customer site. The Command Center achieves this with its ability to intuitively capture, process, and display essential information from the field required by supervisors to perform their duties on an easy to navigate screen, irrespective of their location. The Trackforce Command Center equips security supervisors stationed at a central location with the capability to remotely monitor and manage individual or multiple officers and various security situations. It also delivers a unified threat analysis across multiple sites. Security supervisors now have quicker access to existing security resources needed to manage a situation and improve response times. The Command Center also ensures that there is greater oversight and control over client sites. As a component of the broader SaaS, Trackforce security workforce management platform, the Command Center is

SecurityLink India ■ August 2019

product showcase

ity, customer data, and officers on client sites. Supervisors have the ability to monitor and manage individual officers and teams of officers, individual sites, or a group of sites in a city, a state, across the country, or globally if needed. Over the past two decades, Trackforce has risen to become a recognized global market leader by improving security officer operations and productivity while reducing cost and risk via innovative mobile and desktop applications. The company implements solutions for clients such as Allied Universal, Whelan Security, SecurAmerica, Inter-Con Security Systems, SOS Security, G4S, and many others. suited to security businesses with clients in various vertical market sectors. It is scalable and will support the security company through all its growth stages without negatively impacting already tight profit margins. The Command Center is provided with a full set of features to all security companies irrespective of size, and all users become fully operational with in a few days of the Trackforce platform’s implementation and customization. “The Command Center changes the security environment from being reactive to pre-emptive, so, security teams don’t have to wait for something to happen and can make proactive decisions,” says Guirchaume Abitol, CEO and Founder of Trackforce, “It does away with disparate solutions that supervisors previously used to monitor and enhance their decision-making capabilities. This results in improved operational readiness and business efficiencies for security companies. Service standards are maintained, SLAs are met, and security companies are able to optimize the capabilities of their security supervisors. This is a win-win for security companies at management level, supervisors at operational level, and clients at the customer service level.” With a responsive view of security officers and developing situations at every level, the Command Center empowers supervisors to go from a broad, regional display to site-level data. Management can also opt to zoom in and monitor individual personnel activity at any time and contact, assist, and communicate with even the most remote officers using pushto-talk and mass notification communication capabilities. Supervisors realize enhanced situational awareness through real-time monitoring of security officers. With enhanced command and control capabilities, an officer or developing situation can be tracked in no more than two clicks, on a single screen, with fewer actions than previously required. The system has built-in security and privileged user capabilities controlling who has access to specific functional94

QTS 4.4.1 Beta 3 Version Introducing VJBOD Cloud for Integrated Cloud Object Storage, CacheMount for Low-latency Cloud Data Access, and More

NAP® Systems, Inc. has recently released QTS 4.4.1 beta 3, the latest version of the acclaimed QNAP NAS operating system. QNAP NAS users will receive the QTS 4.4.1 beta 3 update with immediate effect. QNAP sincerely invites users to join the beta program and provide feedback, so QNAP can further improve QTS to provide an even more comprehensive and secure user experience. The highly-anticipated VJBOD Cloud, a block-based cloud storage gateway service, is now available from QTS 4.4.1 beta 3. VJBOD Cloud allows mapping cloud storage space to a QNAP NAS as block-based cloud volumes, providing a secure and scalable method to store local application data, user data, or perform secure backups. The support of local caching realizes low-latency accessibility to alleviate access speed concerns. VJBOD Cloud supports ten cloud object storage services (including Amazon S3®, Google Cloud™, and Azure®). The mounting cloud storage and local caching functions in VJBOD Cloud enable near-LAN access speed to cloud data. Besides VJBOD Cloud, QNAP NAS also supports CacheMount, a file-based cloud storage gateway service that

SecurityLink India ■ August 2019

product showcase

enables local caching for connected cloud storage, providing a comprehensive hybrid-cloud experience to optimally fulfill user needs for versatile use cases. CacheMount replaces the remote mount feature in file station and connect to cloud drive. Users need to install CacheMount in the App Center to use remote mount services. Other key new features and enhancements of the QTS 4.4.1 beta 3 include, but not limited to, the following: ●● Multimedia console consolidates all QTS multimedia applications into one utility, allowing simple and centralized multimedia app management. Multimedia console supports Qsirch for advanced photo indexing and allows configuring a CacheMount shared folder as a background transcoding folder. ●● File station integrates Microsoft® Office Online allowing users to preview and edit Word, Excel, and PowerPoint files stored on the NAS online. File station now also supports CloudConvert for converting Apple® iWork file formats to Microsoft Office file formats. ●● Users can create and centrally manage VJBOD Cloud volumes in the storage and snapshots, and use resource monitor to monitor VJBOD cloud volumes.

exacqVision VMS v19.06 exacqVision v19.06 Offers Automatic Video Transfer Saving time for Administrators, and Introduces C-CURE 9000 Integration

ohnson Controls has introduces exacqVision VMS v19.06, with updates that include automatic transfer of video after a server failover, a new access control integration, support for ONVIF network loss recording, improved mo-

tion zone configuration and enhanced network security for mobile app users. The latest version of exacqVision offers enterprise manager customers a more robust failover solution. In a failover scenario, transferring recordings from a spare NVR to the primary is critical, ensuring video can be searched and managed from a single storage location. exacqVision v19.06 automates the transfer of recordings back to the primary server in the event of a server failover, saving time for administrators by transferring video, audio and other data to the primary server automatically once it is reconnected. Additionally, v19.06 presents a much-anticipated integration with the Tyco Software House C-CURE 9000 access control and event management system. By leveraging bi-directional communication between exacqVision and the C-CURE server, users can now control door actions, search video using event metadata, and trigger other actions, all from the exacqVision Client.

Support for the network loss recording feature is now available with selected and tested ONVIF Profile G conformant cameras. After a network connection has been re-established, video recorded to a camera’s SD card is automatically pulled into the exacqVision server. Configuration of up to three motion zones, each with its own motion mask and sensitivity settings offers select Illustra camera users an enhanced motion configuration experience. In previous software versions only one motion zone for Illustra cameras could be defined. Exacq Mobile users now have a new option for accessing video on the NVR without complicated incoming firewall rules or exposing the network to incoming connection attempts from unknown sources. A new Exacq cloud-hosted relay service is available to connect mobile app users to video without any inbound connectivity to the NVR, ensuring sites can stay cybersecure without giving up easy access to video.

SecurityLink India ■ August 2019

National Roundup

Annual Subscription: 2000/- for 12 Issues (Courier/ Postage charges extra)

“Security Link India” payable at New Delhi dated__________

* Please subscribe through admin@securitylinkindia.com

WE ARE UPDATING OUR DATABASE For free listing in Database:

For

Advertisement Contact: editor@securitylinkindia.com

* Send your detail to admin@securitylinkindia.com

Security Link India, H-187/5 (1st Floor), Jeevan Nagar Market, Kilokri, Opp. Govt. Boys Sr. Secondary School, Near Maharani Bagh, New Delhi-110 014, INDIA • Tel: +91 11 26342237 • Telefax: +91 11 42828080 • Website: www.securitylinkindia.com 98

SecurityLink India ■ August 2019