23 September 2015 - Security Buyer Magazine

Straight Talk: We put our questions to Geoff Moore of Red Solutions and he doesn’t hold back…

Tired of all the PR spin? We ask key names in the security industry some to-the-point questions. This month: Geoff Moore, Red Solutions, Dubai. The security industry in the GCC is ‘becoming much more professional’ – discuss. Is that true? I don’t know. I think that you need to make a distinction between different parts of the industry and different business models, and you also need to make the distinction between professionalism on the buying side and on the selling side. The vast majority of installers and so-called “systems integrators” are just a type of electrical contractor, who responds to tenders, pick parts from a catalogue and then afterwards screw those parts to the wall. If the tender was for a security system then I guess that makes those people security installers, but if it were for an audiovisual system or a telephone system the company would be called something else. There are some perfectly professional contractors out there in all sorts of different sectors, doing a good job at following this ‘cookie-cutter’ approach to systems implementation. There are other types of company who choose to work with end users, determining their problems and developing solutions that address those problems, selecting the most appropriate technologies from the market, tailoring them to the specifics of the client’s needs (technical, economic and aesthetic), and then providing lifelong support of those systems once they are installed. This is Red’s business model, and I have to say that although we believe this is the right and professional way to do business, quite honestly it is extremely rare. Unfortunately, we still see cost of purchase as the biggest influence on buying decisions across the region, not cost of ownership, system performance or quality of work. While that remains the same there will always be too many of the first type of contractor I describe and too few of the second. Without more real professional security solution providers there is no breeding ground for quality work and the industry is likely to remain where it is. There’s also a thing called ‘inflation’ which some people may have heard of, so prices are supposed to go up every year, not the other way. Regional industry trade shows – worth the effort for integrators or not? No. Not to exhibit, anyway. Trade shows are the realm of manufacturers and distributors. When an integrator puts up a stand, all they see are other integrators and guys looking for a job. Our rule for exhibiting is “go where you’re not expected”. What question do you get asked most often by clients? “What is your best price?” We also see a lot of misunderstanding from clients in Dubai on their responsibilities regarding Law 24, and this can result in wasted time and false starts on projects. DPS do make all of the information available, and the law isn’t going away, so clients, MEP contractors and consultants just need to familiarise themselves on how the system works and stop trying to always back the integrator into a corner. What question do you wish you got asked? “We’ve budgeted AEDxxx for our new integrated security system, you guys have proved you’re able to do the job during pre qualification process, so now can you just please go ahead and deliver the solution?” I think it would also be nice if sometimes people asked “please tell us everything that you can do for our organisation?”, and then if they actually listened. Describe your average week. An average week for me is not very typical. There’s quite a lot of structure to the way we work at Red. There needs to be, because we’re operating in so many different areas. Some parts of the business have their own dedicated teams and some just have the same people ‘double-hatting’. My role touches on everything we do, and so from time to time everyone needs a little bit of me. If we didn’t keep some sort of structure in place then I would never get anything done. I spend around about as much time in the office as on the road with clients and suppliers, and also try to get some time each week shut off from everyone to work on my pet projects – of which there are many – all of which are top secret! Without deadlines I tend to get a little lost, so I try to make sure that I set unreasonable goals for myself to push towards all the time. And I’m an obsessive list maker too. What’s on your desk right now? Because of the type of work we do we’ve implemented a strict clear desk policy that keeps loose paperwork to a minimum, and since I’m writing this at almost midnight after I’ve put away my papers for the day there’s very little on my desk except my Thor, Ironman, Hulk and Captain America bobble-heads, plus a little R2D2. What part of your role as CTO would people be most surprised you get involved in? At Red we don’t have any salespeople, as such, and we follow a solutions oriented approach to developing opportunities with our clients. So a big part of what I do is spending time with clients who haven’t yet discovered what they need, just listening. Some people in technology businesses say that it’s their job to “educate the market”, which I think is a terribly pompous and arrogant thing to say. The market is perfectly well educated. People know their own businesses very well, but sometimes they don’t use the same language as us when talking about their risk management issues. We need to listen to these clients and learn about what’s important in their world, so that we’re in a better place to talk to them about managing risk in a context that’s relevant for them. I also sometimes make tea. Red Solutions’ uniqe selling points in three words We’re not thesame. If you would like to nominate someone forthright to answer our Straight Talk Q&A, email eprocter@ssngulf.com

Straight Talk: We put our questions to Geoff Moore of Red Solutions and he doesn’t hold back… Read More »

Hikvision’s CCTV protects Bespoke Vehicle Company

UK News Desk / Ghyslaine Cordrey

Hikvision’s CCTV protects Bespoke Vehicle Company GRW reaping the benefits from the integration of analytics with IP cameras Hikvision, the global leader in video surveillance equipment, and their South African partner Sensor Security, have successfully completed the implementation of a state-of-the-art IP CCTV system to protect GRW’s bespoke vehicle manufacturing premises. Surveilling the perimeter of this large facility and protecting the plant from unauthorized access was a key security concern for the company as manned patrols of the perimeter had proved ineffective. Edmund Casaleggio, Sensor Security’s Sales Executive says, “We designed a solution that would automate the process of securing the boundary and eliminate the possibility of human error. At the same time, we wanted to implement an intelligent camera infrastructure to enable remote monitoring of the production process. The integration of analytics with the Hikvision Smart IP CCTV cameras is a significant added advantage, flagging alarms only when intrusion occurs within the specified range. We did not need to use alarm inputs and outputs to connect passives and actives on the DVR/NVR, and this will save significantly on future maintenance of the system. It also reduced installation time significantly. “The full HD, 1080p real-time video is a huge asset for the supervisory staff and the camera itself, protected within its IP66 vandal-proof housing, has withstood the rigours of a harsh industrial environment really well. True day/night operation thanks to its 30m IR range and Digital WDR and 3D DNR also contribute to the high-quality video at all times. GRW is already reaping the benefits from the integration of analytics with the IP cameras and is set to continue for many years.” A full article describing this installation in detail is available. To download a copy, please click here. Hikvision is the world’s largest supplier of video surveillance products and solutions. The company specializes in video surveillance technology, as well as designing and manufacturing a full-line of innovative CCTV and video surveillance products. The product line ranges from cameras and DVRs to video management software. Since its inception in 2001, Hikvision has quickly achieved a leading worldwide market position in the security industry. [su_button url=”http://overseas.hikvision.com/en/index.html?jmode=j1&country=United%20Kingdom” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about Hikvision[/su_button]

Hikvision’s CCTV protects Bespoke Vehicle Company Read More »

7Safe is challenging the IT professionals at IP EXPO!

Event News / Ghyslaine Cordrey

7Safe is challenging the IT professionals at IP EXPO! Are you a qualified Cyber Professional employed in the emerging global cyber security market? If not, you could be in the future by training with our team of practising Cyber Consultants. 7Safe provides specialist technical security expertise that helps organisations build confidence and trust in the integrity and reliability of their data and IT systems. As part of PA Consulting Group, we offer a comprehensive set of IT, cyber security and education services that few can compete with. Our technical experts have devised two cyber skills contests specifically for IP EXPO Europe; namely: Capture the Flag Capture the Flag (CTF) is a web based hacking challenge developed by 7Safe’s Steven van der Baan in his capacity as a project leader of the OWASP CTF Project. You will not require any previous hacking experience or any tools, just creativity, resourcefulness and networking skills to solve the problems and ‘capture the flag’. At IP EXPO Europe, the challenge will be run against the clock at set times throughout the event. You will encounter some of the latest vulnerabilities in IT systems which you will be required to exploit. Our expert consultants will be on hand to offer tips and assistance and to help you learn how your systems might suffer from similar vulnerabilities. STOMP! Have you ever considered a career as a Cyber Forensics Specialist? Do you think you have the skills required to find and preserve evidence in a criminal or security investigation? We have created a STOMP (Stop the offensive malware process) challenge for this very purpose. STOMP involves a version of the infamous CryptoLocker ransomware. We will set the malware off to do its thing and then there are three separate challenges: • Can you find me? • Can you stop me? • Can you remove me? All you have to do is identify, stop and remove the malware so we can restore our files. It can’t be that hard right? At IP EXPO Europe, the delegate that completes all three challenges in the shortest time each day will be offered a free place at one of our industry and university accredited hands-on training courses. All contestants will also be entered into a prize draw for a further chance of winning a place worth up to win up to £2,100 on one of our amazing training courses! The message from 7Safe’s Cyber Experts is: “Go on, have a go!” If you would to try one or both of these challenges, contact us at 7Safe.com to book your free place. [su_button url=”https://www.7safe.com/about-us/news/details/2015/09/09/7safe-exhibits-at-ip-expo-europe-cyber-security” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here for more information and to register for IP EXPO Europe[/su_button]

7Safe is challenging the IT professionals at IP EXPO! Read More »

Applied Risk launches ICS/SCADA Security Lab

UK News Desk / Ghyslaine Cordrey

Applied Risk launches ICS/SCADA Security Lab New ICS/SCADA Security Lab detects multiple vulnerabilities in industrial control systems and collaborates with vendor to fix reported security flaws Applied Risk, an established leader in industrial control systems (ICS) security, has announced the launch of its ICS Security Lab to help protect industrial assets and infrastructure from costly cyber attacks. The lab has identified its first vulnerability in Moxa EDS-405A/EDS-408A-managed Ethernet switches, allowing attackers to remotely compromise their availability, integrity and confidentiality with potentially devastating consequences for connected industrial assets across multiple sectors. The ICS Security Lab identified three key vulnerabilities, detailed in its latest advisory. The first is in the administrative web interface of the switches. The control that prevents a user-level account from modifying settings could be easily circumvented to allow increased privileges. Another is a denial-of-service (DoS) issue that could allow an attacker to cause a device to restart via a specific URL. The third vulnerability is a cross-site scripting (XSS) bug in the administrative web interface which can be exploited to inject arbitrary JavaScript code in the admin interface. Jalal Bouhdada, Founder and Principal ICS/SCADA Security Consultant for Applied Risk states: “Responsible disclosure and collaboration with vendors is the optimum approach for ensuring any and all security flaws are highlighted in hardware and software. The positive response from the vendor and its professionalism throughout the process has helped Applied Risk and Moxa to validate and issue a fix for all reported security flaws.” ‎Based in Amsterdam, Applied Risk’s new ICS Security Lab delivers unique market and threat analysis across the chemical, manufacturing, pharmaceutical, power, water, oil and gas sectors. With the latest vulnerability research, reverse-engineering protocol and source code analysis techniques, its expert team of researchers are now able to provide early warning of emerging ICS threats and detail their legitimacy, while confirming affected code bases, products, versions and configurations. Vulnerable and infected ICS systems can be identified too, along with exploit attempts or malware activity. Part of the lab’s service also involves remediation activities, including workarounds and configuration changes to safeguard systems for both suppliers and system owners. Erwin Paternotte, Senior ICS/SCADA Consultant at Applied Risk, states, “Left unchecked, the Moxa vulnerabilities and similar threats could have disastrous consequences. You are effectively handing a facility’s keys to an attacker – giving them full use of your operating infrastructure. The problem can sometimes lie in issues as simple as the use of default passwords, hard-coded encryption keys or the poor authentication of firmware updates. As seen with Moxa, our lab is dedicated to identifying vulnerabilities as part of the product development and ensuring security updates are issued by the vendor in the shortest time possible.” Launched in conjunction with the ICS Security Lab, the Online ICS Cyber Security Awareness Training platform from Applied Risk is designed to establish a widespread and deep-rooted industrial control systems security culture across organisations. It introduces participants to the challenges of technology convergence, before dealing with a threat’s real-world impact, the anatomy of a cyber attack and how the defence-in-depth concept is applied to businesses. Other training options outline the techniques for mitigating cyber risks, while identifying key elements for addressing process control system security and good practice principles. The online training is provided in a SCORM-compliant format and can be hosted either in an organisation’s own compliant learning management system (LMS) or in Applied Risk’s own hosted platform. Jalal Bouhdada continued: “No matter the industry sector, for businesses to create the most secure and reliable operations, training is a necessity. Staff must learn how to contribute to an environment that at its core is secure by design, secure by default and secure by deployment. With the appropriate ICS security education in place, organisations are in a significantly stronger position to protect their industrial facilities against prevalent security risks and associated costs while enhancing compliance and demonstrating resilience.” [su_button url=”http://www.applied-risk.com/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about Applied Risk[/su_button]

Applied Risk launches ICS/SCADA Security Lab Read More »

10 reasons to attend IP EXPO Europe next month

UK News Desk / Ghyslaine Cordrey

Your exclusive invitation to join us and 10 reasons why you can’t afford to miss IP EXPO Europe on 7-8 October 2015…. The Opening Keynote – Jimmy Wales – Wikipedia Founder Tackles Cyber Security Hear about the dangers of government snooping, the value of encryption, and the negative impact of cyber security failures on freedom of expression and democracy. Six Events Under ONE Roof – The ONE place where technology works together IP EXPO Europe now includes six co-located events with their own speakers, exhibitors and seminar programmes, all under ONE roof. World Class Keynote Programme – Google, IBM, Microsoft, Linux, Docker & VMware The keynote programme offers the very best speakers from the most exciting organisations shaping the future of how we consume, manage and use technology. And it’s FREE! The Future Of Panel Debates – Cloud, Data Analytics, Security and more…! Join us and discover what the future holds with our panel debate series where the leading industry tech giants of the world ‘clash’ to debate the likely direction of future developments. Plan your day as these are on for ONE time only!! The Cyber Hack – Expert advice to combat hackers See hacks take place in real time by White Hat Hackers and security gurus who share their knowledge and insights into identifying vulnerabilities and the best defences against attacks. The Colo – Colocation and Managed Hosting Zone Join the leaders in one place so you can examine the types of service on offer and speak to the technologists who know the services inside out, to find a tailored solution for you. Leading Industry Exhibitors – HP, Avaya, VMware, Verizon, BT & Polycom The industry’s leading companies will be at IP EXPO Europe 2015 with their advice and insight for you on the latest technologies and market trends. View speakers and exhibitors. The LIVE Lounge – Test out new technologies Have fun and get hands on testing for yourself, some of the newest and coolest tech such as; Holographics, Virtual Reality, Augmented Reality, 3D Printing and more… The IP EXPO Tech Clinic – FREE independent consultancy The IP EXPO Tech Clinic provides FREE independent advice from consultants that is tailored to the unique requirements of your business projects and IT environment. Quantum Cryptography – The Future of Cyber Security Once the exclusive domain of science fiction, new technology breakthroughs are bringing quantum technologies into the present and exploring how it can be used to improve security. Oktoberfest – We’ve given you a bonus reason to attend! Enjoy a refreshing free beer and snacks at selected exhibitor stands as you network with delegates and suppliers on 7th October 2015, 4.00pm-5.00pm. There are many more reasons not to miss this event with our selection of free to attend seminar sessions and specialist suppliers, you’ll be able to find all the answers to your questions at IP EXPO Europe 2015 on 7-8 October at ExCel London. IP EXPO Europe sponsors 2015: IP EXPO Europe 2015 now incorporates Cloud & Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Registration will allow access to all 6 events. *Visitors not registered by 19:00 on 06.10.15 will be charged a fee of £35 DO NOT REPLY TO THIS MESSAGE. VIEW IN BROWSER

10 reasons to attend IP EXPO Europe next month Read More »

Blancco Technology Group acquires Tabernus

UK News Desk / Ghyslaine Cordrey

Blancco Technology Group acquires Tabernus Read More »