Introducing the Kenton Brothers CyPhy Security Plan

By Neal Bellamy, IT Director at Kenton Brothers

CyPhy Security PlanLately we’ve been talking a lot about Cyber Security. As with all types of commercial security, Cyber Security is best implemented as layered defense. In other words, a single key or credential won’t gain access to the entire kingdom. Also, like Physical Security, even a small oversight can become the launch point for a larger attack.

For years, Kenton Brothers has been doing our part to help maintain security on your physical security devices. We use unique, randomly generated passwords for all of your devices. We make sure the firmware is updated at the time of install and implement other industry standard security best practices. While it’s a good start, there were still some gaps. So we are taking it to the next level.

The Kenton Brothers CyPhy Security Plan

Kenton Brothers is introducing our CyPhy Security Plan. Security is not a “set it and forget it” proposition. The security landscape, both Cyber and Physical, is always changing. It must be evaluated and re-evaluated to make sure the greatest number of holes are closed. With the CyPhy Security Plan we will still make sure your physical security systems are set up with the latest software, unique passwords, etc.

With this new program, we will follow the security hardening guides from all manufacturers, lock down all switch ports and ensure firewalls are set up and configured properly. After the initial installation is complete, we will be involved ongoing. We will monitor new releases from the manufacturer and alert you to any critical security related issues for your system. Furthermore, if you have the manufacturer’s software upgrade plan in place, we will remotely upgrade your systems and firmware every 6 months.

Where applicable, the CyPhy Security Plan includes:

• Using unique and randomly generated passwords for each purpose and user
• Upgrading firmware to the latest supported version
• Setting the server firewall to only allow authorized communications
• Locking switch ports to allow only authorized devices
• Monitoring manufacturer’s software for critical security alerts
• Enforcing encrypted communication wherever possible
• Disabling services, applications and ports not being used on devices
• Using unprivileged account for normal system usage
• Enforcing encrypted edge storage
• Filtering communication to local IP addresses only
• Disabling SD card slots not being used
• Following hardening guides from all installed manufacturers

We want the CyPhy Security Plan to dovetail into your existing cyber security plan.

If you have other cyber security initiatives already installed, like MFA, managed firewall, managed global service accounts, VPNs etc., we will help you integrate those into the physical security devices, networks and servers. We will also make suggestions to improve the security and operations of your systems. For example, deploying internet facing servers in the DMZ or connecting the security systems to Active Directory for ease of user management.

If you don’t have a cyber security plan in place, you can rest assured that the physical security devices will be protected and can even use our commercial security best practices to increase the security for your other systems.

Of course, there is no un-pickable/un-hackable lock, and there will never be a perfect defense for cyber attacks. Setting up a layered defense will significantly decrease the chances of a successful cyber attack on your network. The CyPhy Security Plan is our commitment to protect you whether the attack comes to your front door, or from the internet.

To learn more about our CyPhy Security Plan, please give us a call and we will discuss your current setup as well as the benefits of ramping up your security efforts.

Physical Security as a Service? It’s Time!

By David Strickland, Vice President of Kenton Brothers

Physical Security as a ServiceKenton Brothers Systems for Security has been in business since 1897. This year we are celebrating our 125th year! Over that time, we’ve seen our industry innovate and transform several times. Currently, we are at another crossroads of evolution and innovation.

Traditionally, organizations have developed and generated their own internal physical security teams… one person or policy at a time. As their needs grow, so would their team. This team worked hard to stay on top of the regulations required of them as well as the technology available to them to meet those regulations. They would enhance capabilities based on the threats they faced, and manage the risk the best they knew how.

Many of the systems internal security teams traditionally invested in have become more and more complex and even introduce new risks with the convergence of IT/OT security and physical security considerations. This pressure to keep up with modern technologies and the threats they bring has become a real strain on resources. This, coupled with a very low labor pool, has led to some great conversations with our customers.

The Need for Physical Security as a Service

Over the last two years, Kenton Brothers has been approached by companies and organizations from many different industries. They want to know more about what we offer to help support getting them out of this downward loop. We quickly noticed that many of these customers’ needs analysis meetings carried the same theme. “There just aren’t enough resources to go around. With current personnel levels, there’s just no way to cover everything correctly.”

After several interviews, the pattern appeared and these valued customers needed support in the following ways:

  • Physical Security as a ServiceAdministration of Access Control, IP Video surveillance, Intrusion Detection system
  • Hosting and Managing of Access Control, IP Video surveillance, Intrusion Detection system
  • Policy and Procedure creation
  • Personnel Training
  • Physical Inspections and Maintenance
  • Alarm Management
  • Cleaning and Repairing equipment
  • Firmware and End of Life Management
  • Forensic Discovery and Preservation
  • Technology Selection
  • Future planning
  • Red team testing

An additional question was raised. “Would Kenton Brothers be able to take over the day-to-day running of our systems?” The answer is YES.

Case Study

In one scenario, a customer was losing their System Administrator soon after losing their Director of Security. This left no one to manage their physical security systems. This company is in a highly regulated industry and wasn’t able to find a replacement internally or manage the system correctly on their own in the time given. With three days notice, we went to work supporting our customer. We also created operating procedures for the tasks needed to successfully manage the following areas:

Immediate:

  • Physical Security as a ServiceOnboarding and offboarding employees
  • Issuing credentials, assigning to user groups
  • Managing alarms and system messages
  • Preserving video evidence forensically
  • Running daily checks of access control and video Systems
  • Daily updates to system communications that are shared with IT and executive teams

Secondarily:

  • Working with IT and executive management to communicate the state of system
  • Create polices and procedures for new staff taking over
  • Inspecting system to determine firmware status and Cybersecurity risk

We were able to create a part time Managed Service Agreement (MSA) that dedicated three hours a day to our customer. The agreement allows for additional hours for special projects such as a new location being built that will need to be onboarded in the next few weeks.

At Kenton Brothers, Partnerships and Innovation are core values. Partnerships have to be WIN/WIN and this was definitely the case in this situation. The Innovation came when the company decided to change the position they’re trying to replace by keeping future duties in Kenton Brothers’ hands.

Physical Security as a Service? Yes. If that sounds interesting, we would love the chance to work with your team to explore the idea and what it could mean for your organization. Just give us a call!

Are you running up your Security Debt?

By David Strickland, Vice President of Kenton Brothers

Security DebtOver the last 10 years, companies, schools, churches and local government entities have invested billions of dollars in improving physical security to reduce risk and keep their people, property and possessions safe. As crime has increased, security directors and those responsible for security have done their best to meet the challenge and adapt to the threat levels they face.

With the increased speed of technology advancements, the sophistication of criminals evolving and the reduction of qualified workforce to run and maintain the physical security equipment, organizations find themselves getting deeper and deeper into ‘Security Debt”.

Security Debt: The inability to maintain and service existing physical security systems to their proper functioning standard.

Security Debt begins with smaller things like not acknowledging alarms and alerts in the access control system. Or maybe your organization hasn’t had the normal lobby guard back since the pandemic. Maybe your organization has skipped the last few camera cleaning trips around the building because there isn’t enough time to get to it this month. Sometimes it’s a policy or procedure that no longer is followed like inspecting and locking the doors when school starts.

The good and bad news is that you’re not alone. Organizations just like yours are facing the same struggles. The Security Debt piles up month after month.

Security Debt vs the US Debt Calculator

A snapshot of the realtime US Debt Clock. For an updated view, please visit https://www.usdebtclock.org.

The biggest issue with Security Debt is that it won’t go away on its own. Just like credit card debt that millions of people have, Security Debt gets bigger every month when we don’t actively manage it. The interest compounds and we press against the debt ceiling hoping we don’t have an emergency that exposes our liability. This emergency might appear as a system failure, a missed internal theft or a major life altering event.

An estimated 81% of physical security systems are not currently up to date with firmware and software updates.

Just like financial debt, you must make a plan to get out of Security Debt.

Here are our suggestions on how your organization can get out of Security Debt:

Make a Plan – Yes, I know we just said that, but it’s worth repeating.

  • Bring together the key shareholders in your organization and document the Security Debt you are acquiring.
    • What physical security systems do you have deployed? (Access control, IP video surveillance, intrusion detection, duress systems, mass notification, lobby and guest management, weapons detection, physical security guards, perimeter fencing, parking control.)
    • What type of maintenance and upkeep do these systems need to be kept in optimal operating status? (Cleaning, adjustments, firmware and software updates, alarm and signal maintenance, periodic testing, inspections.)
    • What are your resources to complete the maintenance and upkeep lined out above?
  • Create a timeline and responsibility matrix
    • Who is responsible for what task and by what date?
    • What resources are needed? (Budget, People, Contractors)
  • Change your policies and procedures to match the current business environment
    • Automating the lobby so that a guard is not necessary
    • Changing locks to always be locked and unlocking only when passing through
    • Outsource your ongoing system support
  • Report back progress monthly
    • It’s important to close the loop
    • Reprioritize if necessary
    • Share best practices

Security DebtOne of the best ways to get rid of this debt is to outsource the maintenance and support of your systems. Establishing a relationship with a trusted security partner such as Kenton Brothers Systems for Security is something we would love to talk with you about. Think of us as a fractional Chief Security Officer. Kenton Brothers has manufacturer trained personnel to help maintain your investment as well as manage your daily alarms, annual firmware upgrades and ongoing operating system updates. We have certified physical security experts on staff that can help create policy and procedures for your specific situation.

You have other things to concentrate on. Let Kenton Brothers Systems for Security help you get rid of your “Security Debt”. Let’s talk!

Remote Support on Demand: Unique Solution for 24-Hour Needs

The Remote Services Group video library is another way that Kenton Brothers is creating innovative solutions for our customers.