Three Security Trends for 2022 – Blurring of Cyber and Physical Security

By Gina Stuelke, CEO of Kenton Brothers

The lines are blurring between cyber and physical security. Here are three important trends we are seeing in the commercial security space for 2022.

1) Organizations will invest in new commercial access control systems and video analytics solutions that are more integrated.

CyPhy Part 1During the pandemic, many businesses had to get creative in managing new health and safety mandates. Controlling social distancing was critical. To adhere to health mandates, retailers, corporate offices, and others needed to know how many people were in their facilities at any given point. This has generated huge demand for occupancy management solutions.

While most are using this technology to count people entering and exiting a building, organizations will continue expanding this technology across all areas of their facilities.

These spatial analytics are helping businesses unlock insights about how people use their facilities. Long after the pandemic is over, they can extract data to learn:

  • How many people are waiting in the lobby
  • How many people are in the cafeteria
  • How specific spaces are being used over time

This data then becomes the catalyst for building improvements that enhance the visitor, employee, or tenant experience.

Implementing video analytics within camera systems can further strengthen site security and delivers more insights. From people counting and directional flow to object left behind and crossline detection, analytics are giving security teams a clearer picture of what’s happening in their environments. Analytics also allowed remote teams to stay on top of threats while securing near-empty facilities during the pandemic. Beyond safety objectives, organizations are using analytics data to reduce wait times, optimize staff scheduling and enhance business operations.

Corporate offices are also finding ways to best optimize their workplaces as they give employees the flexibility to split up their work time between the office and home. This space utilization intelligence helps them better track employee office attendance, monitor meeting room demands and make more informed floor plan changes such as adding more desk-sharing options.

All of this leads to higher operational efficiencies, effective resource management and cost savings.

2) Cybercrime will continue to grow and inspire new strategies.

CyPhy Part 2In today’s world, while we can harden and tighten the physical security of a facility, a truly secure IT perimeter no longer exists. Physical security professionals are collaborating with cyber security teams to put measures in place to deter hackers and protect their businesses.  Choosing trusted vendors and deploying physical security solutions that come with layers of cyber defenses are critical. It’s a layered and collaborative approach.

A report by Cybersecurity Ventures predicts that global crime costs will reach $10.5 trillion annually by 2025. With a growth rate of 15% per year, this is said to represent the greatest transfer of economic wealth in history.

As we continue to see more devices come online (at the rate of 17 per hour) and data processing becomes central to operations, businesses will need to remain agile and responsive to the evolving threat landscape. Businesses will also need to offer greater transparency to meet customer expectations of keeping their data private and secure. All of this will bring in a new model for physical and cybersecurity that relies on continuous verification rather than just hardening networks and systems.

3) More organizations will make the move to the Cloud and embrace a hybrid model.

CyPhy Part 3The pandemic is largely responsible for the surging demand for the Cloud. As online usage and remote work spiked, there’s been a global shift to accelerate digital transformation.

According to a report titled Predictions 2021 by Forrester, global public cloud infrastructure was predicted to grow 35% to a market value of $120 billion in 2021. To thrive in the long run, physical security professionals will need to determine how to best leverage cloud technology and offerings in the years ahead. More chief security officers will let go of the division between cloud and on-premises physical security systems and embrace a hybrid deployment model. This allows them to implement specific systems or applications in the cloud while keeping existing on-premises systems.

This hybrid approach can also be the simplest answer when deciding how to enhance scalability, redundancy, and availability to meet changing needs. Beyond that, cloud offerings provide tons of added value. Physical security teams can quickly migrate to newer technologies, minimize hardware footprint, boost cybersecurity and reduce costs.

It’s an exciting time in the security industry!

Innovation and continuous improvement are happening every day in the commercial security industry, both core values of KB! Let us be your commercial security partner and we will help you navigate these changes!

Introducing the LenelS2 Elements Security System

By Courtney Emra, Lead Customer Service/Sales Assistant at Kenton Brothers

At Kenton Brothers Systems for Security, it’s important that we partner with the best solution providers in the industry. LenelS2™ is one of those providers.

LenelS2 ElementsLenelS2 is a leader in advanced physical security solutions, including access control, video surveillance and mobile credentialing. Their products, systems and services tackle the evolving needs of some of the world’s most demanding organizations. They provide a security backbone with deployment options that incorporate multiple technologies including mobile, cloud, artificial intelligence and cybersecurity. Their open architecture supports hundreds of third-party system interfaces that extend the capabilities of many security management systems.

The LenelS2™ Elements™ system is a comprehensive, yet simple, unified access control and video management solution built for the cloud. From single-site access control and video surveillance to more complex systems, the Elements system contains all the key ingredients for an effective and scalable, cloud-based solution; providing businesses with a brand-new security option that’s as simple as it is essential.

Perfect for Small and Medium-Sized Businesses

LenelS2 Elements ArchitectureThe Elements security solution is perfect for small to medium-sized businesses or satellite locations that need secure workplaces, but may not have permanent IT staff or security professionals. Easy to operate and maintain, the Elements system provides hassle-free, effective security that allows businesses to focus on more important things — like running their business.

Updates and enhancements are pushed in real time, reducing costly site visits. This makes budgeting more predictable and helps keep capital expenses down. Mobile first, the system can be accessed at any time, from anywhere. As the only unified access control and video management system that integrates with the OnGuard security management platform, the Elements solution can expand to meet a growing business’ needs.

LenelS2 Elements Checks All the Boxes

  • Cloud Based
  • Ideal for small and medium businesses
  • Easy to budget, get predictive monthly billing
  • Browser based user experience
  • No need for IT or security personnel

 

Red Team Testing: It’s the 1992 “Sneakers” movie in real life in 2022.

By David Strickland, Vice President of Kenton Brothers

1992 Sneakers Movie Poster

The 1992 movie Sneakers, starring Robert Redford and Dan Aykroyd, was about a Red Team that was hired to break into companies all over San Francisco.  They were hired by the same companies they were trying to break into. This was done to test their security measures (both Physical and Cyber) – What we like to call “convergence” these days.

Robert Redford’s Red Team was made up of both physical security experts (a thief and a federal agent) and cyber security experts (a hacker and electronic technology expert). Their mission was to test and penetrate the defenses of the target company to point out any weaknesses. If vulnerabilities were found, the company could shore up their defenses and make their company more secure.

Fast forward 30 years to 2022. The Red Team Testing technique is still in full swing.

Red Team Testing is still the pinnacle of testing your security systems so that you can determine your risk of exposure. The Red team will look at every aspect of your convergent security systems and create a detailed report on your weaknesses.

Red Teams ask the question – What would happen if your company was faced with some of the following scenarios?

  • Active Shooter
  • Cyber Attacks (Internal and External)
  • Industrial Espionage
  • Theft (Physical, Digital, Intellectual Property)
  • Sabotage
  • Power outage
  • Mass Casualty event (Weather, explosives, Chemical)
  • Pandemic
  • Work Place Violence

Here are a few of the techniques Red Teams will use to test your company’s exposure level:

Physical Security Penetration Testing:

Red Team TestingRed Teams will test physical penetrations with your company’s physical assets (buildings, vehicles, networks, people) and measure the company’s response and how long it took to detect and act on those tests. They will measure the effectiveness of your policies and procedures and how they affect your deterrence and detection systems.

The Red Team will pose as employees or service providers to gain access to your company’s inner workings. They may also attempt to break into see what is possible and if they get caught. They’re looking for assets they can compromise and gain access to while on the inside.

Did your coworker leave proprietary information on a white board for all to see? Did everyone sign out of their workstations? Are your access control doors propped open for easy access? If someone unplugged one of your surveillance cameras and plugged it in to their laptop, could they gain access to your network? Can they connect a thumb drive to your server? Could they sneak a weapon in? Have all of your Internet of Things (IOT) devices had their default usernames changed? The list is long.

Cyber Security Penetration Testing

Where physical penetration testing might seem like a hammer, think of cybersecurity testing as a scalpel. Red Teams utilize web application attacks, such as cross-site scripting, SQL, piggybacking, injection and backdoors, to uncover a target’s vulnerabilities. Testers then try and exploit these vulnerabilities. These types of risk include stealing data, intercepting private/confidential traffic, asset discovery, exploitation and complete shutdown. As we all have become aware, Ransomware is a true and present threat to every size of business.

In the complex cybersecurity landscape, penetration testing has become a must for most industries. In many, in fact, it’s required by law.

For instance:

  • Health organizations ensure healthcare data security under HIPAA
  • Financial institutions test for FDIC compliance
  • Businesses accepting or processing payment cards must comply with Payment Card Industry standards
  • Critical infrastructure entities must follow guidelines outlined by NERC

Even businesses that might think they don’t have any valuable information to protect could be at risk of someone trying to take over the network, install malware, disrupt services, and more.

The End Game

What does all this sneaking around mean and why should you care? Red Team Testing allows you to identify and exploit your security weaknesses without the impact of debilitating consequences. From a Red Team’s report, you can adjust your response to the threats that you see as your biggest exposure. You’ll have the ability to identify specific weaknesses and the best approach for shoring them up.

Breaches Happen Every Day – Here’s an example.

One story about a Red Team that comes to mind was about a team that created malware laced thumb drives. And they labeled them with the contracted company’s logo to make them look official. The Red Team followed several employees to a local convenience store and would drop these thumb drives by their car door when the employee would enter the store. When the employee would come back, they would see the logo and thumb drive and assume they had dropped it. They would dutifully pick it up and bring it back to work with them. Curious about what was on the thumb drive, they would insert it in the USB port on their workstation and physically introduce malware to their cyber network. Game over.

This is a great representation of the techniques a red team employs to gain access. They used social engineering to “hack the employees” and defy the policy of no outside USB connections on the network. It seems innocent enough to the employee, however the vulnerability was able to exploit the banking information of a large regional bank. Fortunately, this was a test. Only a test.

Security Systems and Processes have the best chance for success when they’re working in unison. You may have the best security system in the world, but if you forget to arm it, it’s useless. Red Team testing allows you to test both systems and processes.

Interested in how this testing could help your organization? We can help! Please reach out today and we will discuss exactly how Red Team testing can increase the protection of your business.

Technology Update from ISC West 2021

By David Strickland, Vice President of Kenton Brothers

ISC West 2021The 2021 International Security Conference West Coast (ISC West) was much smaller this year, but still packed a punch for technology announcements. The smaller crowd still showed a lot of enthusiasm for the latest and greatest innovations in Commercial Video Surveillance, Access Control, Visitor Management, Intrusion detection, Public Safety and Emergency management.

Cyber and Physical Security Convergence

The overwhelming conversation this year was around the convergence of cyber and physical security. The physical security of cyber networks and the management of commercial and industrial IOT (Internet of Things) devices. High profile hacks have made the world pause and analyze how to better protect their networks and data from outside intrusion.

Currently Worldwide – 65 billion IOT devices

  • 127 IOT devices being connected every second.
  • Each device allows for the possibility of a vulnerability onto your network.
  • More to come on this from Kenton Brothers in the future.

Artificial Intelligence

ISC West 2021 - Artificial IntelligenceArtificial intelligence and Robotics continued it’s flag waving this year. There are always large crowds around booths and displays for this type of technology. The use of artificial intelligence to analyze commercial video surveillance and create a proactive approach to stopping intrusion or crime continues to be a very strong driver for many companies.

Davantis, BriefCam and Avigilon continue to lead the way and evolve the technology to more use cases. The video analytics, AI learning and user input continue to make huge gains in deep learning and proactive measures.

With diminishing law enforcement personnel levels all across the country AI can help bridge the gap. There is no doubt that it is a force multiplier and will change the law enforcement and security industries forever.

Robotics

ISC West 2021 - RoboticsThe robotics offerings showed very well this year at ISC West. Cobalt robotics continued to show the strength of AI, Deep Learning and Human Intelligence all working together to create secure spaces. Their announcement of the open IP addresses check was a topic that many responded to. Robots can also help with wireless signal intelligence: WiFi and cellular signal strength heatmaps, locations of rogue wireless access points, and the presence and identity of nearby electronic devices through techniques such as MAC address fingerprinting.”

Cobalt continues to wow customers with it’s ability to adapt to the workspace and create endless services.


Schedule a demo today

Name(Required)

ISC West 2021 - AsylonThe show saw some exciting new technology surface this year. Asylon showed off the its offering of Robotic perimeter security. This includes their offerings of both drones and “Guard Dogs or cats”. The combination of these two platforms gives you complete coverage and the ability to gain proactive intelligence quickly. The space is innovating quickly!

Commercial IP Video Surveillance

Axis Communications

Axis Communications enables a smarter and safer world by creating network solutions that provide insights for improving security and new ways of doing business. As the industry leader in network video, Axis offers products and services for video surveillance and analytics, access control, and audio systems. This year, Axis spotlighted their ability to converge their platforms to one united system. Axis produced a great video that showcases the new convergence of their offerings.

Avigilon

Avigilon was busy fielding questions around the H5A system cameras.  This FIPS compliant line of video surveillance has produced some excellent cameras for a wide range of needs.  This line has truly raised the bar for cyber and physical security compliance. The addition of convolutional neural networks as the edge greatly increases the ability to have better, faster analytics driving commercial video surveillance.  All while encrypting the footage.   Check out their video explaining the line in more detail.

One new product that deserves a mention is the G.L.O.V.E.  system.

The GLOVE, which stands for Generated Low Output Voltage Emitter, is a conducted electrical weapon (CEW) from Compliant Technologies. It is designed to be used in conjunction with an officer’s defensive tactics training and other use of force tools to more effectively de-escalate use of force incidents and bring non-compliant subjects under control in a safe and timely manner. Another force multiplier that is more reliable than a Taser.

In conclusion, the show was smaller this year but still packed the same punch! We look forward to next year and getting back to normal soon.

Here’s Why The Children’s Place Wants Us to “Get More Garretts”

By David Strickland, Vice President of Kenton Brothers

How do we react when a customer surprises us with a request?

The Children's PlaceKenton Brothers recently finished a large commercial access control and commercial IP video surveillance integration for The Children’s Place. They’re a nonprofit organization that has been committed to meeting the developmental and mental health needs of the very youngest survivors of abuse, neglect and other trauma since 1978. Within the Kansas City community and beyond, the agency’s specialized expertise in working with traumatized young children has made The Children’s Place a recognized leader in the prevention and treatment of child abuse and neglect.

This story is about one of our best security consultants and his adoption of the KB Core Value of Customer Focus and how he took service to a whole new level.

One day recently, The Children’s Place called and asked for someone to come take a look at adding a video intercom entrance. They had an issue with one of the doors not opening. As a new system, Garrett recognized immediately that it could be a software or scheduling issue. Instead of scheduling a technician, he went on site himself to see if he could help immediately. He was able to get to the site quickly to take a look, hoping it was programming related.

When Garrett arrived at the site, he did some quick troubleshooting.

GarrettThe reader was functioning, it would read badges, but the lock wouldn’t unlock. He located the panel and determined the fuse on the power supply for that door had blown and tried replacing it with a spare from the panel. After attempting to use the lock again, the fuse popped, indicating a short in the wire or the lock, which provided more information for the customer and for our service department for when they arrived on site.

Leon Fisher, the new VP of Operations and Security, has been with Children’s Place for about a week or so at this point. Leon was interested in learning how the systems work. After a quick discussion with him about the location of his panels and their function, it was clear he was interested in learning much.

Garret said, “I explained Gallagher Access Control and the panel parts and functions, where his backup power was for the system, the cameras and their locations, Milestone video software, etc. Then I asked if he had access to the software yet. He said no. “

Garrett was faced with the real time decision to schedule time with our training team or make the right call and do the training right there, right then. As part of our Customer Focus core value Every KB team member has the right to make the right call for the customer. Even if it costs us time and money – do the right thing!

Garrett made the right call.

“We went to Leon’s office and I was able to remote into his server from my laptop. I helped him download and install the Milestone Video client and the Gallagher Command Centre client. From the server, I was able to create login credentials for him and help him log in and begin using the systems.

While I was there, I asked him about how they use the system currently. He mentioned when they prop the doors open for the bus loading/unloading with children, the doors will beep. I mentioned this is an alert to let someone know a door is open when it shouldn’t be. I mentioned we could turn that sound off per door and implemented it on the spot with help from our remote services group.”

Mobile Features

Then I mentioned that every license of Gallagher comes with some mobile features as well. He asked what they were and I mentioned Mobile Command Centre and 5 built in Bluetooth Credentials. I explained that with Bluetooth credentials, you can use your phone as a badge in addition to the badge they wear. He asked how difficult it was to use, and I explained it would only take me a few minutes to set up and issue the credential for him. I set up the Command Cloud on the server and enabled the Bluetooth reading feature on all readers and then issued him a credential. He called the President in so I could give one to her as well and one other employee. They were very excited about that feature!”

Gallagher Mobile Command Centre

“While the President was in the office, he asked about the Mobile Command Centre and what it can do. I had him download that app and set him up with the authentication code on the spot and explained how to unlock doors and change schedules using the mobile app. I also mentioned using this app you can scan the Gallagher MiFARE DESFire EV2 badges on an android or iOS device.   

I showed Leon how it worked and he asked why they would need that functionality. I mentioned that every Gallagher license comes with one mobile command centre license, but they also come with a mobile evacuation license. I explained you can use the mobile device as a mustering emergency reader to “check employees out of the building” at an emergency muster location. This creates an accurate list of all employees who may still be in the building. For this to work, they would need to add a badge out reader and have employees badge out as they leave the building so that an accurate list of who is in the building and who isn’t can be maintained. At a previous location, Leon mentioned they did this with a white board, but that this method was much more useful and the President agreed.”

Gallagher Mass Communication

“This led me to talking about mass communication which is also built into Gallagher. I mentioned this could be used for emergency messaging and can be initiated from any reader via a mobile device or badge action by anyone they give the ability to in the system. These messages can be pre-written for specific scenarios and sent to specific groups of employees by email, text, or push notification. This was discussed as something they would very much like to implement for employee safety and communication.”

A routine visit?

The Children's PlaceWhat was thought to be a routine visit to look at one problem turned into a four hour impromptu training and education session on the abilities available in the tools they already had. Garrett and the Remote Services Group were able to not only help Leon start using his systems in their most basic functions, but also enhance his experience and comfort by creating specific and tailored solutions within his existing environment. The time spent with The Children’s Place solidified our stance as their building safety partners and removed many potential pain points before they became a problem.

This proactive approach is what Customer Focus means.

When I read Garrett’s breakdown, I reached out to Leon at The Children’s Place to ask him his perspective.

Leon said, “Garrett and the Kenton Brothers Remote Services Group did an amazing job explaining and teaching us about our enterprise level system so that we could use it to its full potential.” He also shared, “It’s overwhelming to start a new position in an organization and at the same time try to learn this advanced system and it’s capabilities. Garrett was incredibly knowledgeable and he was willing to take his time and answer all of our questions. He gave us tips along the way.” Leon mentioned, “It was a shock that a salesperson would be that knowledgeable! We’re even implementing the mobile evacuation system and employee mustering process for emergencies!”

Garrett went further.

Cloning GarrettGarrett called our manufacturing partner Gallagher Access Control and told them The Children’s Place story. Gallagher wanted to help support them also and donated all the licensing needed to implement the mobile evacuation system and the emergency employee mustering process. This was a gift of almost $8,000 in software. Great job Gallagher!

Finally, Leon shared what impressed him most about Garrett and his Customer Focus. One Saturday, Leon was trying to let the cleaning crew in remotely from his mobile phone. He wasn’t sure what he was doing wrong and reached out to Garrett to see if he would answer. Of course, he did – even though it was a Saturday and Garrett was on vacation. He worked with Leon and got the cleaning crew into the building remotely. Garrett even checked in the next morning to be sure all was well.

Leon shared one final work of advice for Kenton Brothers… Get more Garretts! We start the cloning process tomorrow.