Best Practices for Monitoring Cyber Threats to Security Solutions - Feb. 4, 2020 - Security Industry Association

Page created by Jerry Hunt
 
CONTINUE READING
Best Practices for Monitoring Cyber Threats to Security Solutions - Feb. 4, 2020 - Security Industry Association
Best Practices for Monitoring Cyber
   Threats to Security Solutions

              Feb. 4, 2020

                                      1
Best Practices for Monitoring Cyber Threats to Security Solutions - Feb. 4, 2020 - Security Industry Association
Best Practices for Monitoring Cyber
Threats to Security Solutions
Best Practices for Monitoring Cyber Threats to Security Solutions - Feb. 4, 2020 - Security Industry Association
Introducing your speakers
                                  Stephen Schwartz currently leads the software design and product development efforts for all Razberi products and has over 30 years
                                  experience in high -growth software and hardware companies.

                                  His previous roles include CTO of RFID Global Solution where he led the design and development of products like        Visi-Trac asset
                                  visibility and Genesta’s SyVox voice recognition logistics solution for companies like PepsiCo, Sara Lee / Bimbo, and QuikTrip.
                                  Schwartz has also served several roles within Intermec as the Director of Product Management, Systems Engineering Manager, an          d
                                  Senior Systems Architect for their RFID hardware and software business unit fielding solutions to hundreds of Fortune 100
                                  companies globally. In his spare time, he is a contributor and voting member of ETSI EN 302 -208, and ANSI X3T6.

                                  Schwartz has a bachelor’s degree in Electrical Engineering from the University of Kentucky with graduate studies in engineeri                                           ng from
     Stephen Schwa rtz,
                                  George Mason University and business from Columbia University.
      Vice President of
        Development,
    Ra zberi Technologies

                                  Rya n Za to lo kin is th e b u sin e ss d e ve lo p m e n t m a n a ge r, se n io r te ch n o lo gist fo r th e b u sin e ss d e ve lo p m e n t te a m o f Axis
                                  Co m m u n ica tio n s. His p rim a ry fo cu s is cyb e rse cu rity a s we ll a s p o sitio n in g a n d p ro m o tin g Axis te ch n o lo gy in co n ju n ctio n with th e
                                  h a rd wa re a n d so ftwa re te ch n o lo gie s o f e co -syste m p a rtn e rs.

                                  Rya n jo in e d Axis in 2011, a s a fie ld sa le s e n gin e e r, b rin gin g m o re th a n a d e ca d e o f e xp e rie n ce in n e two rk e n gin e e rin g o n th e
                                  syste m s in te gra to r sid e o f th e in d u stry.

                                  Rya n e a rn e d h is b a ch e lo r’s d e gre e in Bu sin e ss Ad m in istra tio n with a sp e cia lty in co m p u te r in fo rm a tio n syste m s fro m Ea ste rn
                                  Mich iga n Un ive rsity.
       Rya n Za tolokin,
    Business Development
Ma na ger/ Senior Technologist,
     North America Axis
       Communica tions
Best Practices for Monitoring Cyber Threats to Security Solutions - Feb. 4, 2020 - Security Industry Association
Today’s objectives

 Threat landscape

 Understanding the differences between risk,
 vulnerabilities, threats, and incidents

 Physical security’s cyber problem

 Recognizing threats and vulnerabilities

 The targeting of physical security

 Why monitoring is required
Best Practices for Monitoring Cyber Threats to Security Solutions - Feb. 4, 2020 - Security Industry Association
High profile breaches make
headlines
Best Practices for Monitoring Cyber Threats to Security Solutions - Feb. 4, 2020 - Security Industry Association
Threat landscape

   Not Petya 2017 – $10 Billion in Damages
                 Worldwide
   ˃ Maersk – $300 Million
   ˃ Merck – $870 Million
   ˃ FedEx – $400 Million
   ˃ Combination of Windows vulnerability combined with
     ransomware
   ˃ Collateral damage to nation-state target Ukraine from
     Russian hackers

                                     Devils Ivy – Stack
  Mirai/Persiria – Botnet
                                     overflow – SOAP
Best Practices for Monitoring Cyber Threats to Security Solutions - Feb. 4, 2020 - Security Industry Association
Cybersecurity legislation

           California State Bill 327                              NDAA 2018
   Starting on January 1st, 2020, any                   ˃ Bans on specific manufacturers
   manufacturer of a device that connects
                                                        ˃ Improve security by default from
   “directly or indirectly” to the internet must
                                                          manufacturer on products
   equip it with “reasonable” security features
   designed to prevent unauthorized access,
   modification, or information disclosure. If it can        IoT Cybersecurity
   be accessed outside a local area network
                                                           Improvement Act 2017
   (LAN) with a password, it needs to either
   come with a unique password for each device          ˃ Improve security by default from
   or force users to set their own password the           manufacturer on products
   first time they connect. That means no more
                                                        ˃ Contractor to provide “proof” of
   generic default credentials for a hacker to
                                                          product without vulnerabilities
   guess.
Best Practices for Monitoring Cyber Threats to Security Solutions - Feb. 4, 2020 - Security Industry Association
Definitions

Risk is the probability that an outside element
will exploit a system weakness.
Vulnerability is a system weakness that
creates a risk.
A threat is anything that could exploit a vulnerability
to be destructive or harmful to assets.
An incident (or event) occurs when a threat
penetrates the security of a network without
authorization.
Best Practices for Monitoring Cyber Threats to Security Solutions - Feb. 4, 2020 - Security Industry Association
Physical security’s cyber problem

 Proliferation of          Inter -company                          Lack of IT                            Small pool of
IoT devices used             disconnects                         oversight into                            available
 within physical               between                          physical security                        cybersecurity
     security             Operations and IT                        networks                              professionals

                                                                                                      Hackers leverage
 Sophisticated            Slow adoption of
                                                               Large and growing                         adjacent less
 solutions are            best practices by
                                                               vulnerable install                      secure networks
  complex to               manufacturers
                                                                      base                            to gain corporate
  implement                and installers
                                                                                                             access

                    https://news.milestonesys.com/automating-trust-for-cyber-threatened-surveillance-systems
Best Practices for Monitoring Cyber Threats to Security Solutions - Feb. 4, 2020 - Security Industry Association
Poll: Question 1

Given the current threat landscape and economic
e n viro n m e n t, d o yo u p e rce ive a ch a n ge in th e cyb e r
th re a ts fa cin g yo u r o rga n iza tio n ?
In cre a se
Sa m e
De cre a se
Do n ’t kn ow
Recognizing threats and vulnerabilities

                            Most data breaches are     180 million professional
     Physical security                                    video surveillance
                           never reported, even less
architecture has evolved                               cameras will be shipped
                            so when not mandated
  to be more IT -centric
                                     by law                     in 2019

                             Prevailing culture and
  Online tools / search
                             lack of understanding        IT-based system
       engines (e.g.
                               breed opportunistic     adoption exponentially
 Insecam.org, Shodan)
                            hackers who gain entry         creates further
   regularly showcase
                                through adjacent           vulnerabilities
      vulnerabilities
                                     networks
Threat actors

                https://vividcomm.com/2019/04/15/threat-actors/
Top IoT security targets

            https://www.iotworldtoday.com/2016/07/27/10-most-vulnerable-iot-security-targets/
#SimpleSecureVideo
Simplify
Automate

           Razberi
           CameraDefense™
           Award -Winning, Automated IoT
           Cybersecurity Software
           Blocks        u n a u th o rize d d evice s
           Clo se s      u n u se d n e two rk p o rts
           Re stricts    d evice tra ffic to kn own n e two rks
           En fo rce s   p a sswo rd co m p lexity
           De n ie s     u n -n e e d e d n e two rk se rvice s
           Mo n ito rs   a le rts fo r th re a t d e te ctio n
                         d isp la ye d o n sim p le d a sh b o a rd
Integrate
Collaborate

                                               Live Video

                                 Perimeter
                                   Radar
     Diverse
  Installations

                                                                Outdoor Camera
                  Cyber Alerts

                                             Rugged Appliance

                                                                Perimeter Radar
Report

                      System Wide Reporting               Firmware
                                                         Management

         Historical
          Outline

                                              Installation
                                                Profile
Summary

             Use reputable        Monitor cyber & health
             manufacturers                threats

                                   Consider integrated
          Follow best practices
                                        solutions

           Automate camera          Set up your demo
               hardening                  today
Poll: Question 2

 Are you interested in having a conversation
 with Axis Co m m u n ica tio n s a n d Ra zb e ri
 Te ch n o lo gie s?
 > Ye s, p le a se co n ta ct m e
 > No , n o t a t th is tim e
Thank You

    #SimpleSecureVideo
You can also read