Best Practices for Monitoring Cyber Threats to Security Solutions - Feb. 4, 2020 - Security Industry Association
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Best Practices for Monitoring Cyber
Threats to Security Solutions
Feb. 4, 2020
1
Best Practices for Monitoring Cyber Threats to Security Solutions
Introducing your speakers
Stephen Schwartz currently leads the software design and product development efforts for all Razberi products and has over 30 years
experience in high -growth software and hardware companies.
His previous roles include CTO of RFID Global Solution where he led the design and development of products like Visi-Trac asset
visibility and Genesta’s SyVox voice recognition logistics solution for companies like PepsiCo, Sara Lee / Bimbo, and QuikTrip.
Schwartz has also served several roles within Intermec as the Director of Product Management, Systems Engineering Manager, an d
Senior Systems Architect for their RFID hardware and software business unit fielding solutions to hundreds of Fortune 100
companies globally. In his spare time, he is a contributor and voting member of ETSI EN 302 -208, and ANSI X3T6.
Schwartz has a bachelor’s degree in Electrical Engineering from the University of Kentucky with graduate studies in engineeri ng from
Stephen Schwa rtz,
George Mason University and business from Columbia University.
Vice President of
Development,
Ra zberi Technologies
Rya n Za to lo kin is th e b u sin e ss d e ve lo p m e n t m a n a ge r, se n io r te ch n o lo gist fo r th e b u sin e ss d e ve lo p m e n t te a m o f Axis
Co m m u n ica tio n s. His p rim a ry fo cu s is cyb e rse cu rity a s we ll a s p o sitio n in g a n d p ro m o tin g Axis te ch n o lo gy in co n ju n ctio n with th e
h a rd wa re a n d so ftwa re te ch n o lo gie s o f e co -syste m p a rtn e rs.
Rya n jo in e d Axis in 2011, a s a fie ld sa le s e n gin e e r, b rin gin g m o re th a n a d e ca d e o f e xp e rie n ce in n e two rk e n gin e e rin g o n th e
syste m s in te gra to r sid e o f th e in d u stry.
Rya n e a rn e d h is b a ch e lo r’s d e gre e in Bu sin e ss Ad m in istra tio n with a sp e cia lty in co m p u te r in fo rm a tio n syste m s fro m Ea ste rn
Mich iga n Un ive rsity.
Rya n Za tolokin,
Business Development
Ma na ger/ Senior Technologist,
North America Axis
Communica tions
Today’s objectives Threat landscape Understanding the differences between risk, vulnerabilities, threats, and incidents Physical security’s cyber problem Recognizing threats and vulnerabilities The targeting of physical security Why monitoring is required
High profile breaches make headlines
Threat landscape
Not Petya 2017 – $10 Billion in Damages
Worldwide
˃ Maersk – $300 Million
˃ Merck – $870 Million
˃ FedEx – $400 Million
˃ Combination of Windows vulnerability combined with
ransomware
˃ Collateral damage to nation-state target Ukraine from
Russian hackers
Devils Ivy – Stack
Mirai/Persiria – Botnet
overflow – SOAP
Cybersecurity legislation
California State Bill 327 NDAA 2018
Starting on January 1st, 2020, any ˃ Bans on specific manufacturers
manufacturer of a device that connects
˃ Improve security by default from
“directly or indirectly” to the internet must
manufacturer on products
equip it with “reasonable” security features
designed to prevent unauthorized access,
modification, or information disclosure. If it can IoT Cybersecurity
be accessed outside a local area network
Improvement Act 2017
(LAN) with a password, it needs to either
come with a unique password for each device ˃ Improve security by default from
or force users to set their own password the manufacturer on products
first time they connect. That means no more
˃ Contractor to provide “proof” of
generic default credentials for a hacker to
product without vulnerabilities
guess.
Definitions Risk is the probability that an outside element will exploit a system weakness. Vulnerability is a system weakness that creates a risk. A threat is anything that could exploit a vulnerability to be destructive or harmful to assets. An incident (or event) occurs when a threat penetrates the security of a network without authorization.
Physical security’s cyber problem
Proliferation of Inter -company Lack of IT Small pool of
IoT devices used disconnects oversight into available
within physical between physical security cybersecurity
security Operations and IT networks professionals
Hackers leverage
Sophisticated Slow adoption of
Large and growing adjacent less
solutions are best practices by
vulnerable install secure networks
complex to manufacturers
base to gain corporate
implement and installers
access
https://news.milestonesys.com/automating-trust-for-cyber-threatened-surveillance-systems
Poll: Question 1 Given the current threat landscape and economic e n viro n m e n t, d o yo u p e rce ive a ch a n ge in th e cyb e r th re a ts fa cin g yo u r o rga n iza tio n ? In cre a se Sa m e De cre a se Do n ’t kn ow
Recognizing threats and vulnerabilities
Most data breaches are 180 million professional
Physical security video surveillance
never reported, even less
architecture has evolved cameras will be shipped
so when not mandated
to be more IT -centric
by law in 2019
Prevailing culture and
Online tools / search
lack of understanding IT-based system
engines (e.g.
breed opportunistic adoption exponentially
Insecam.org, Shodan)
hackers who gain entry creates further
regularly showcase
through adjacent vulnerabilities
vulnerabilities
networksThreat actors
https://vividcomm.com/2019/04/15/threat-actors/Top IoT security targets
https://www.iotworldtoday.com/2016/07/27/10-most-vulnerable-iot-security-targets/#SimpleSecureVideo
Simplify
Automate
Razberi
CameraDefense™
Award -Winning, Automated IoT
Cybersecurity Software
Blocks u n a u th o rize d d evice s
Clo se s u n u se d n e two rk p o rts
Re stricts d evice tra ffic to kn own n e two rks
En fo rce s p a sswo rd co m p lexity
De n ie s u n -n e e d e d n e two rk se rvice s
Mo n ito rs a le rts fo r th re a t d e te ctio n
d isp la ye d o n sim p le d a sh b o a rdIntegrate
Collaborate
Live Video
Perimeter
Radar
Diverse
Installations
Outdoor Camera
Cyber Alerts
Rugged Appliance
Perimeter RadarReport
System Wide Reporting Firmware
Management
Historical
Outline
Installation
ProfileSummary
Use reputable Monitor cyber & health
manufacturers threats
Consider integrated
Follow best practices
solutions
Automate camera Set up your demo
hardening todayPoll: Question 2 Are you interested in having a conversation with Axis Co m m u n ica tio n s a n d Ra zb e ri Te ch n o lo gie s? > Ye s, p le a se co n ta ct m e > No , n o t a t th is tim e
Thank You
#SimpleSecureVideoYou can also read
