18 December 2017

Arc Monitoring completes major control room upgrade

The revamp of one of the UK’s fastest growing independent Remote Video Response Centres (RVRCs), reflects the confidence Arc Monitoring has in the continuing growth in demand for the services provided by operators within its NSI Gold Category II control room. “The boom within the construction industry, as well as a large number of solar energy farms springing up all over the UK, are just two examples of where opportunities have been created for RVRCs such as Arc Monitoring, to offer a cost-effective alternative to having security guards on site 24/7,” said Jonathan Sturley, Managing Director of Bristol based Arc Monitoring. “This is in addition to the demand for our services from a diverse range of other vertical markets including the luxury home sector, trading estates and car dealerships. “The significant investment we have made in upgrading our facilities will ensure we are able to continue to recruit additional high calibre operators in line with demand.” In addition to doubling the number of work stations within its control room, Arc Monitoring has upgraded its IT infrastructure in order to take advantage of the latest data process and network recording and storage technology. It has also improved its demonstration and training facilities. Established in 1999, Arc Monitoring is an independent NSI Gold Category II Approved CCTV Monitoring & Alarm Receiving Centre which partners with professional Installers across the UK. Built, operated and certificated to British Standard BS 5979 and BS8418, Arc Monitoring has for over 18 years provided an alarm response service and remotely monitored thousands of sites across the UK.

Arc Monitoring completes major control room upgrade Read More »

We Don’t Always Go Lights and Sirens

Every security incident is unique, just like every medical emergency. Regardless of the differences, the goals are very similar: identify the problem, prevent further damage and fix what has been broken. The disconnect from one event to another is the rate at which we respond, which should be based on severity, not category. There is great risk to an organization that throws all available resources at one problem just because that is what’s on the burner at that particular time. What we end up sacrificing is proper coverage for other events. Not to mention, having ‘too many hands in the pot’ could lead to missing important steps due to a lack of organization and structure. To reduce this risk, organizations need to put a greater emphasis on the triage phase of their incident response efforts. This is the key moment when security analysts take the first pieces of available information and use critical thinking skills, intuition and previous experience to judge the severity of the event based on the damage it has caused or is likely to cause, not solely on the category in which it belongs. 9-1-1, What is Your Emergency? We have all undoubtedly heard this phrase in movies or on television. The calm voice of a 9-1-1 dispatcher who is ready to take whatever information the often panic-stricken person on the other end of the line is able to give them. Are they reporting a car accident? A shooting? A fire? A hangnail on their big toe? Every time the phone rings in an emergency call center, the nature of the call is different, but one thing is certain: someone needs help. Once the information is received by the dispatcher, the information is then relayed to local emergency medical services (EMS) first responders and their job, just like that of an information security analyst, is to make an initial assessment of severity to determine the priority level of the call – which means they don’t always go lights and sirens! There is a very strong parallel between the decision that EMS workers and analysts make when it comes to the priority at which an incident should be responded to. And like EMS, when a major breach or incident occurs, it’s up to analysts’ to respond in a way that reduces and prevents further damage when every second counts! We are also first responders. While we may not hold people’s lives in our hands, we are responsible for ensuring that the livelihood of our fellow employees remains intact. There are several common phases of incident response as it relates to information security. At Duo, we break our incident response process into the following phases: Detection Reporting/Alerting Triage Analysis Containment Mitigation Follow-up Believe it or not, EMS follows a very similar structure when responding to calls, which also starts with detection and reporting. This is followed by EMS workers figuring out exactly what the problem is (triage and analysis) before they can give proper medical care (containment and mitigation). After all of that is complete, there is paperwork to be done (follow-up). Regardless of whether we are talking about human lives or computer systems, incident response starts with two primary elements, detection and reporting, which are the lifeblood to the most crucial phase of incident response: triage. Triage Proper detection and reporting is crucial to ensure that the triage phase is most effective. These phases can occur in numerous ways, but ultimately boil down to relying on either tools or people. Unfortunately, tools and people are not perfect. False positives can occur from a detection and reporting standpoint, just as easily as things can be overlooked. In an emergency situation, panic sets in, causing our judgment and perspective to change, which could alter the information necessary to triage properly. For an analyst, an important part of triage is being able to identify the function and information impact of the event that has occurred. The table provides a general standard to describe the high, medium and low ranking levels: Priority Level Functional Impact Informational Impact High All users are unable to perform critical functions Data was exfiltrated and potentially made publically available Medium A subset of users are unable to perform critical functions Data was changed, deleted or otherwise compromised Low Users can still perform critical functions Data was not affected   The table below shows a side-by-side comparison of EMS and security-related incidents which have been triaged as high, medium and low. Subtle differences between each level show how the priority of an incident can change between incidents of the same category; in this case, a car accident and a phishing campaign. Known Information Following the Detection and Reporting Phases Priority Level EMS Security High Male, mid-20s, currently unconscious following a car accident Employee notices hundreds of messages containing an attachment have been sent from their account on their behalf Medium Male, 26 years old, experiencing dizziness following a car accident Employee clicked the link within a phishing message and entered their credentials into a fake website Low Male, 26 years old, involved in a car accident with a broken wrist Potential phishing message reported without clicking links or opening attachments   In all three of these examples, severity of the incident was taken into consideration, which helped to determine the priority level. Triage is the phase that can make the difference between a good and bad outcome because it changes how and when we respond. The examples in the table show that a high priority level resulted in EMS workers needing to arrive on scene as quickly as possible because the patient’s life was at stake. The analysts in the high priority example also needed to respond as quickly possible because damage was already being done using the employee’s account. As we can see from the table, the category of the incident did not determine how the events were responded to. Not every car accident and phishing campaign result in a worst case, high priority scenario, and the triage phase helps

We Don’t Always Go Lights and Sirens Read More »

Why Software-as-a-Service security models can benefit small business

The cloud is having a huge impact on the security industry. This has led to a paradigm shift. Companies are no longer just selling systems, they’re providing a service. The concern of the customer is to be secure and this is what’s driving the service side of security. The industry’s focus has changed from its origins of simply creating say, an access control system that would just open a door. Now the blueprint is developed around the customer and how the customer can interact with that system. Software-as-a-Service (SaaS), the best-known example of cloud computing, is a delivery model in which applications are hosted and managed in a service provider’s datacenter, paid for on a subscription basis and accessed via a browser over an internet connection. SaaS applications are a natural fit for start-ups and small businesses. These are unlikely to be attracted by the prospect of setting up and managing on-premises infrastructure and applications. MOST IMPORTANT TO remember is, it is not the business of a start-up or a small-to-medium enterprise to be running their security system. That’s the business of an external security company. So, what the cloud has achieved, is that security is now a managed service for customers. So, if a business is selling cupcakes, that can now be their priority. Simple as. This can lead to large cost savings with the eradication of expenses like installing, maintaining and upgrading on-premises IT infrastructure, versus the operational cost of a SaaS subscription. Moreover, as your business grows and you need to add more users, rather than investing in additional in-house server capacity and software licenses, you simply adjust your monthly SaaS subscription as required. IF YOU TAKE a step back and examine where the industry was ten years ago, this was the case for most companies. Any company in a decent sized building would have had a security manager, an IT manager, an IT support manager. Now, with the cloud these are all external services that you no longer need dedicated bodies to manage. So, expenditure is down, making it an extremely cost-effective and attractive model. Security is just another Software-as-a-Service, as it should be. Where SaaS benefits Vanderbilt as a company, is the instant customer feedback it automatically generates. We can see what features are popular, which in turn tells us what people want and expect more of. In the past, selling an installation disk provided no idea of how many panels it was being used on. But with software, subscription numbers can tell you, for example, that a specific piece of software is being used on 50 panels, therefore people obviously like it. At a basic level, this can start the conversation on how can we improve that software even more and make the customer’s experience even better.

Why Software-as-a-Service security models can benefit small business Read More »

Scroll to Top