Best Practices for Monitoring Cyber Threats to Security Solutions - Feb. 4, 2020 - Security Industry Association
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Introducing your speakers Stephen Schwartz currently leads the software design and product development efforts for all Razberi products and has over 30 years experience in high -growth software and hardware companies. His previous roles include CTO of RFID Global Solution where he led the design and development of products like Visi-Trac asset visibility and Genesta’s SyVox voice recognition logistics solution for companies like PepsiCo, Sara Lee / Bimbo, and QuikTrip. Schwartz has also served several roles within Intermec as the Director of Product Management, Systems Engineering Manager, an d Senior Systems Architect for their RFID hardware and software business unit fielding solutions to hundreds of Fortune 100 companies globally. In his spare time, he is a contributor and voting member of ETSI EN 302 -208, and ANSI X3T6. Schwartz has a bachelor’s degree in Electrical Engineering from the University of Kentucky with graduate studies in engineeri ng from Stephen Schwa rtz, George Mason University and business from Columbia University. Vice President of Development, Ra zberi Technologies Rya n Za to lo kin is th e b u sin e ss d e ve lo p m e n t m a n a ge r, se n io r te ch n o lo gist fo r th e b u sin e ss d e ve lo p m e n t te a m o f Axis Co m m u n ica tio n s. His p rim a ry fo cu s is cyb e rse cu rity a s we ll a s p o sitio n in g a n d p ro m o tin g Axis te ch n o lo gy in co n ju n ctio n with th e h a rd wa re a n d so ftwa re te ch n o lo gie s o f e co -syste m p a rtn e rs. Rya n jo in e d Axis in 2011, a s a fie ld sa le s e n gin e e r, b rin gin g m o re th a n a d e ca d e o f e xp e rie n ce in n e two rk e n gin e e rin g o n th e syste m s in te gra to r sid e o f th e in d u stry. Rya n e a rn e d h is b a ch e lo r’s d e gre e in Bu sin e ss Ad m in istra tio n with a sp e cia lty in co m p u te r in fo rm a tio n syste m s fro m Ea ste rn Mich iga n Un ive rsity. Rya n Za tolokin, Business Development Ma na ger/ Senior Technologist, North America Axis Communica tions
Today’s objectives Threat landscape Understanding the differences between risk, vulnerabilities, threats, and incidents Physical security’s cyber problem Recognizing threats and vulnerabilities The targeting of physical security Why monitoring is required
Threat landscape Not Petya 2017 – $10 Billion in Damages Worldwide ˃ Maersk – $300 Million ˃ Merck – $870 Million ˃ FedEx – $400 Million ˃ Combination of Windows vulnerability combined with ransomware ˃ Collateral damage to nation-state target Ukraine from Russian hackers Devils Ivy – Stack Mirai/Persiria – Botnet overflow – SOAP
Cybersecurity legislation California State Bill 327 NDAA 2018 Starting on January 1st, 2020, any ˃ Bans on specific manufacturers manufacturer of a device that connects ˃ Improve security by default from “directly or indirectly” to the internet must manufacturer on products equip it with “reasonable” security features designed to prevent unauthorized access, modification, or information disclosure. If it can IoT Cybersecurity be accessed outside a local area network Improvement Act 2017 (LAN) with a password, it needs to either come with a unique password for each device ˃ Improve security by default from or force users to set their own password the manufacturer on products first time they connect. That means no more ˃ Contractor to provide “proof” of generic default credentials for a hacker to product without vulnerabilities guess.
Definitions Risk is the probability that an outside element will exploit a system weakness. Vulnerability is a system weakness that creates a risk. A threat is anything that could exploit a vulnerability to be destructive or harmful to assets. An incident (or event) occurs when a threat penetrates the security of a network without authorization.
Physical security’s cyber problem Proliferation of Inter -company Lack of IT Small pool of IoT devices used disconnects oversight into available within physical between physical security cybersecurity security Operations and IT networks professionals Hackers leverage Sophisticated Slow adoption of Large and growing adjacent less solutions are best practices by vulnerable install secure networks complex to manufacturers base to gain corporate implement and installers access https://news.milestonesys.com/automating-trust-for-cyber-threatened-surveillance-systems
Poll: Question 1 Given the current threat landscape and economic e n viro n m e n t, d o yo u p e rce ive a ch a n ge in th e cyb e r th re a ts fa cin g yo u r o rga n iza tio n ? In cre a se Sa m e De cre a se Do n ’t kn ow
Recognizing threats and vulnerabilities Most data breaches are 180 million professional Physical security video surveillance never reported, even less architecture has evolved cameras will be shipped so when not mandated to be more IT -centric by law in 2019 Prevailing culture and Online tools / search lack of understanding IT-based system engines (e.g. breed opportunistic adoption exponentially Insecam.org, Shodan) hackers who gain entry creates further regularly showcase through adjacent vulnerabilities vulnerabilities networks
Threat actors https://vividcomm.com/2019/04/15/threat-actors/
Top IoT security targets https://www.iotworldtoday.com/2016/07/27/10-most-vulnerable-iot-security-targets/
#SimpleSecureVideo
Simplify
Automate Razberi CameraDefense™ Award -Winning, Automated IoT Cybersecurity Software Blocks u n a u th o rize d d evice s Clo se s u n u se d n e two rk p o rts Re stricts d evice tra ffic to kn own n e two rks En fo rce s p a sswo rd co m p lexity De n ie s u n -n e e d e d n e two rk se rvice s Mo n ito rs a le rts fo r th re a t d e te ctio n d isp la ye d o n sim p le d a sh b o a rd
Integrate
Collaborate Live Video Perimeter Radar Diverse Installations Outdoor Camera Cyber Alerts Rugged Appliance Perimeter Radar
Report System Wide Reporting Firmware Management Historical Outline Installation Profile
Summary Use reputable Monitor cyber & health manufacturers threats Consider integrated Follow best practices solutions Automate camera Set up your demo hardening today
Poll: Question 2 Are you interested in having a conversation with Axis Co m m u n ica tio n s a n d Ra zb e ri Te ch n o lo gie s? > Ye s, p le a se co n ta ct m e > No , n o t a t th is tim e
Thank You #SimpleSecureVideo
You can also read