Intelligent Video

As brick and mortar companies continue to drive the level of competition up in the retail market space as they compete against online companies offering free shipping and very low prices, they must seek every possible advantage so as to grow their revenues while still addressing conventional security threats such as inventory loss through internal and external theft, also known as “shrinkage”.

Fortunately for those working in a retail space, the security industry has developed products allowing for greatly enhanced security in addition to a whole range of features that are useful in tracking customers and streamlining various processes. There are five key areas associated with the concept of “Intelligent Video”: People counting, traffic pattern analysis, customer satisfaction, the reduction of theft, and monitoring the exterior. Here we will look at these aspects of “Intelligent Video”, more commonly known as analytics enhanced video surveillance.

 

Unlike a company that operates strictly online, traditional storefronts have a difficult time determining just how many people visited their location each day. Counting visitors can enhance efficiency and make it easier to make decisions which could affect conversion rates and per-customer transactions. Cameras at the entrance should use WDR or “Wide Dynamic Range” so as to bring the clearest images to the analytics software.

Using analytics to monitor and analyze traffic patterns can involve heat mapping, which visually shows a hot and cold flow on screen based on customer flow. Regional people counting analysis helps show how people move through the store. Data like this can be used in determining where to place products, how high on the shelf, and etc. This software can also show how much visitors look at any particular display. Ultimately, all this data can be combined to get a very clear picture of what your customers do on average, and therefore what your best options are for the store.

 

As far as improving customer satisfaction goes, it simply follows from the implementation of changes based on analytics information. Line times can be reduced or eliminated in the store. On a broad scale, analytics will determine how many people to bring onto staff on any given day and what hours they should work. HD cameras can also be used to individually capture transactions at the register.

As for reducing theft, a wide range of options is available. IR cameras for very low light areas to motion detection or more advanced tech such as tripwire or removed object analysis will enhance overall effectiveness in managing inventory and reducing theft. PTZ (Pan, Tilt, Zoom) cameras are useful in monitoring the exterior of the building. Having a camera for every corner and corridor also eliminates the possibility of false injury claims and confirms facts in the case of a burglary.

 

One offering for upgrading existing systems comes through a company called Avigilon. Avigilon is a Vancouver based security equipment designer and manufacturer, perhaps most well known for the software they have developed to analyze raw video data, with no input other than the pixels streamed through an HD camera setup.

“Open Video Management” using what they term “Self-Learning” video analytics is the cornerstone of any modern video analytics solution. The company also manufactures several lines of high quality HD cameras and access control gear, but it is not a requirement that all equipment be from Avigilon. Avigilon analytics is performed on-site with a proprietary set of hardware and software, and is effectively limited only by the quality of the video input.

When combined, the elements of a professionally installed video analytics system work in concert to reduce risk and bring new potential to a business.

 

Security Technology offers the integration of security solutions such as these, along with analytics to get the best overall picture of what goes on in your storefront.

Please contact us through email at admin@gostst.com on our website or via phone at  210-446-4863   24/7

Sources: Security Today Magazine

IoT Moving Into 2020

 

The term “Internet of Things” was coined in 1999, gaining significant traction in 2011 after a report by Gartner added it to a list of emerging technologies. As more companies worked on advancing and creating new applications for IoT, the technologies involved gained ongoing global coverage. In its inception people often referred to the IoT as “embedded internet” due to its increasingly pervasive nature and presence in many aspects of our lives. Of course with any emerging technology there are associated risks, and these threats will grow and evolve as the technology does. In this article we will look into these risks, where IoT is moving, and the ways in which organizations are mounting defenses for their networks.

 

IoT is an umbrella term to include all devices with IP addresses connected to the internet. There are presently five types of IoT applications.

These include:

  • Consumer IoT–e.g. Light fixtures, connected thermostats and alarms, and systems such as Nest

  • Commercial IoT–these applications include healthcare and transport, connected pacemakers and other medical implants or wearables, and vehicle to vehicle communication

  • Industrial IoT–including network connected control systems, smart agriculture, and big data

  • Infrastructure IoT–this aspect of the IoT deals with network connectivity of smart city applications such as surveillance cameras, facial recognition, and traffic analysis devices

  • Military IoT–including application of IoT technologies in the military and police, to include network connected robotics and wearable biometrics for police and infantry

 

The technology underpinning the IoT allows users and systems to connect seamlessly to a wide array of networks and expands connectivity between physical and digital systems. With organizations and governments prioritizing this move into the cloud, the technology and protective measures must race to keep up with demand.

The number of IoT devices worldwide have been growing at a rapid pace from the late teens:

  • 2018–7 billion IoT devices

  • 2019–the number of devices more than triples to over 26 billion

  • 127 Devices are connected to the web every second

  • By 2025–more than 75 billion devices are expected to be connected

 

In the year 2020 it is predicted that 93 percent of enterprises will adopt IoT technology, 90 percent of cars will be web connected using IoT technology, and 3.5 billion cellular IoT connections will be installed.

 

According to the 2018 Open Web Application Security Project (OWASP), the most significant vulnerabilities for IoT technology include:

 

  1. Weak, guessable, or hardcoded passwords—such as short, simple, and publicly available passwords.

  2. Insecure or unneeded network services—which are installed on the device and may expose data such as sensitive and financial information to theft and eavesdropping.

  3. Insecure ecosystem interfaces—external interfaces that connect to the device. The connection may compromise the device and its components.

  4. Lack of secure update mechanism—such as un-encrypted data moving from outward sources towards the device, and poor security monitoring.

  5. Use of insecure or outdated components—such as open-source and third-party components that weren’t scanned for vulnerabilities.

  6. Insufficient privacy protection—failure to protect private information that is stored on the device and connected ecosystems.

  7. Insecure data transfer and storage—such as the lack of access control and encryption during the movement of data.

  8. Lack of device management—on devices deployed in production; results in poor security support.

  9. Insecure default settings—the inability to fix insecure settings creates exploits in devices and systems.

  10. Lack of physical hardening—creates a larger attack surface, which threat actors can leverage to take control of a device or system.

More IoT components mean a greater attack surface is exposed. The more points connected to the network, the greater the risk. Endpoint Detection and Response (EDR) tools can be employed to monitor endpoints and send alerts for critical security events. It is also important to scan devices before allowing connection to your network in order to prevent the introduction of vulnerabilities. Vulnerability scans on a regular basis help to ensure the health of the network.

It is also important to segregate network infrastructure to allow least exposure to the internet. This can be done by creating a dedicated network for IoT with limited access.

Moving into the new decade we can expect IoT devices to become more and more embedded in many aspects of our lives, both personal and professional. The technology enables a move towards digital transformation with many industries moving into the cloud. From the protection of personal devices to the defense of an entire network, it is critical that IoT security be taken seriously. With more connectivity comes increased risk of exposure. The more we entangle the physical and the digital, the more real the results of an attack or security leak become.

Sublethal Remote Camera Guns

 

A company out of South Africa has introduced a unique product for those looking for an alternative to human security presence. The Sublethal Remote Gun is a non-lethal weapon mounted and connected to a camera that allows the user to engage an intruder without being on-site. These remote weapons are designed to fight back against intruders while keeping the user safe. Here we will take a look at the specifics of this security alternative.

 

The primary weapon is a paintball gun using nylon rounds. It is designed to be similar to the rubber bullets used in riot control – causing extreme pain without being life threatening. It is not recommended to use regular paintballs, but frangible solid casing pepper balls can be used. The magazine holds up to 155 rounds just under the size of a US quarter. The gun is difficult to disable and in most cases is mounted on a pole of nearly 20 feet, able to fire down the pole to protect itself from tampering. In the event that real ammunition might be used against the gun to disable it, upgrades to the casing are offered to make it resistant to small arms fire.

The gun is very easy to use and requires only a few minutes of training. Because of this, every controller has a key to lock it down and prevent young children from accessing it. During power outages, the sublethal gun has a battery that can keep it running for 3 days, depending on level of use. Under tests the gun often lasts up to 7 days on a deep battery cycle. A solar panel and solar charge controller can also be fitted to ensure the gun remains functional during an outage.

 

The system is built to be modular but it has not been tested with a lethal firearm and the company does not endorse or assist with such a modification. Although the weapon is designed and sold in South Africa primarily for defense of farms, many other possible installations are suggested by the manufacturer. These include what may be a somewhat optimistic list to include everything from households and businesses to server rooms and casinos.

As a deterrent, the gun has some advantages over a human with a lethal weapon. By engaging from a distance, the risk of physical harm to the user is removed and gives the defender a disproportionate advantage. The intruder stands little chance of winning a fight against a machine and being repeatedly struck by riot suppression rounds is highly demoralizing. Furthermore, the legal risk of using a firearm on a criminal is eliminated. In South Africa, if a criminal intruder is killed the police force must open a docket for murder against the homeowner. This will result in confiscation of their firearms for ballistics tests and a requirement for them to appear in court. Especially if the criminal was unarmed, the property owner may unfairly face significant jail time simply for defending themselves and their land. The sublethal gun requires no license and has a low chance of permanent injury.

 

In the long term a remote gun like this is orders of magnitude less expensive than a human security guard. The guns can be used as a force multiplier to reduce these costs and engage several armed intruders. Especially in the case of farms and homeowners, this may be the only type of weapons system appropriate and affordable. Most do not have the resources to employ 24 hour security.

The up front cost is $1499 per system to include the weapon, controller, rounds, and hardware to mount. Paired with alarm activation on a cell phone or other mobile device, the gun can be made more useful, as unfortunately it is not automatic and requires the user to operate it. The gun works on the cellphone network and does not require WiFi. Through GSM, 4 alarm zone inputs can send an SMS message to the user when triggered. These relays can be used to activate sirens, flood lights, pepper spray dispensers, gates, smoke dispensers and more.

 

While the manufacturer designed the gun as an answer to the problem of crimes against farms in South Africa, it does seem that delivery outside of the country can be arranged. This would of course mean self-installation would be required. The utility of the gun is certainly up for debate, but as an addition to existing security measures and for its relatively low price there is an argument to be made for its use. As an answer to the desire for a remote weapon attached to a camera, the gun might be seen by many as a half measure. Perhaps in the future such a system could be made to detect human presence in off-limits zones and fire automatically.

 

Year 2020: Security Threats in the Coming Year


Moving into a new year, we can expect the trends in information security from the last several years to continue to evolve and affect the methods criminals will use in exploits and the industry’s defenses against them. A few of these, such as the continued migration to the cloud, mobile technologies, and the use of machine learning affect the methods employed by both sides. With a shortage of skilled professionals in cybersecurity and the rapid advance of software development, we can expect serious competition for our data and information security. Here we will take a look at what experts in the field are saying lies ahead in the coming years.

Ransomware

A major method of attack in 2019 was ransomware. While previously online “gangs” would target institutions such as banks in massive multi-million dollar attacks using banking trojans, moving forward it is expected that the focus will shift to smaller attacks on small to medium sized businesses. This is due to it being easier to anonymize smaller attacks, with the profits easier to launder because of less interaction and sharing with physical street gangs in the laundering process.

Phishing 

Phishing will remain an important method in initiating attack, with mobile increasingly becoming the primary vector for phishing attacks aimed at stealing credentials. While conventional secure email gateways are adequate in blocking phishing emails and dangerous URLs, these methods often neglect to defend  mobile attack vectors from account takeover attacks. Personal email, social network accounts, and SMS/MMS messaging can be vulnerable to these attacks.

The Cloud

With business infrastructure increasingly making the move to the cloud, the focus of attackers will follow. This comes with the expected consequence of making attacks more difficult, requiring more sophistication and frequency of attacks which will increasingly rely on luck rather than careful planning and execution. A benefit to corporations using cloud infrastructure is redundancy for data storage and a greater assurance of server up-time. This migration to the cloud should improve security for most, although what attackers will be able to do with machine learning attacks on the cloud remains to be seen.


Having been talked about for several years now, 5G mobile technology will begin to be adopted across major metro areas in late 2020. This increased bandwidth and speed will give rise to a number of new IoT devices and create an uptick in edge computing. With IPv6 adding so many new devices, each one posing a potential risk as an attack vector, companies will need to reevaluate and rethink their threat models. The traditional infosec issues of authentication, confidentiality, authorization, availability and data security will be magnified with the huge build-out of 5G and must be accounted for with an updated risk paradigm.


As for authentication methods, we can expect a move from two-factor (2FA) to multi-factor (MFA), to include biometrics. Implementation of one-time authorization codes (OTAC) will help to provide 2FA circumvention of phishing attacks. Organization are expected to adopt these practices to address credential theft and maintain regulatory compliance, especially those holding highly sensitive data. They will have to contend with more specific phishing attacks leveraging machine learning to optimize attack campaigns. Once done by hand, phishing lures of the 2020s will be tested by AI algorithms in order to improve conversion rates. Phishing domains will even be generated and registered by algorithms independent of human intervention.

Social Engineering and OS Issues

As has always been the case, often the weakest link in the security chain is the human element. We can expect to see an increase of insider attacks in 2020. These occur when an attacker either offers to money or extorts sensitive information from someone working for an organization. This can be achieved through compromising social media accounts and using social engineering methods. This is a low-tech way of breaking security, but often one of the most effective. Some attackers may offer considerable sums of money or cryptocurrency to insiders depending on the target’s position in the company.


One final thing to consider is that Microsoft will be ending support for Windows 7 in the middle of this January. Any businesses and other end-users still using the OS will face the issue of no longer receiving patches and updates, even in the event that a security vulnerability is found. It is expected that at least one significant attack will leverage a Windows 7 end of life vulnerability in the same way that attackers did when Windows XP support came to an end.


These themes will shape the security landscape of the next few years. The interplay between the security professionals and infrastructure meant to protect organizations and those who seek to steal their data will continue to evolve, shaped by emerging technologies. Those organizations best able to defend themselves will be those who anticipate and prepare to resist new and enhanced methods of attack.

STST Inc. is South Texas’ source for professionally designed and integrated security and access control systems.

To set up an appointment to get a quote on your project,

Call us at 210-446-6306

or send an email through our website:

www.securitytechnologyofsouthtexas.com/contact-us/