Avigilon Blue: A Powerful New Integrator Cloud Service Platform

/in , /by
            Avigilon Blue is a new product from industry leader in IP video and access control Avigilon. What makes this product unique is its ability to integrate on premise using a “quick-to-deploy Avigilon Blue Connect device that stores all video locally while sending video analytics clips to the cloud.” (Avigilon.com)
           This cloud-based, software-as-a-service platform is easy to set up, configure, and link to the cloud. This process takes only minutes and uses universal “plug-and-play” network protocols with an intuitive web-based user interface.
Once logged in to the system, the administrator can access Avigilon’s Subscription Center to view real-time account and subscriber information. The dashboard, viewable on any typical Internet connected device, allows quick identification of trends and system behaviors to isolate problems without dispatching personnel to the site being monitored.
The platforms also supports both Avigilon and ONVIF compliant cameras, using real-time alarm notifications on any desktop or mobile device to bring attention to critical events requiring the most immediate attention.
Probably the greatest asset of Avigilon Blue is its simplicity. What looks like a cable-box or router, the compact blue box that houses Avigilon Blue can be located anywhere in the facility reachable by network cabling. The software is intuitive and easy to configure even for IT novices. Furthermore, Avigilon Blue is highly scalable. As the need for expansion arises, Avigilon Blue can keep pace.
            The platform is powered by Microsoft Azure and leverages cloud services that are built, deployed, and managed through a global network of trusted datacenters, providing enterprise-grade security right out of the box.
Avigilon Blue aims to be a game changing security platform for enterprises both great and small. As the industry moves more and more into the cloud, Avigilon Blue will be leading the way on the bleeding edge of hosted security services for the coming years.
             Security Technology of South Texas is an Authorized Dealer and Integrator for Avigilon.  We have the experience and commitment to excellence to give your business the security measures  it needs to keep your product, employees, and site safe.
————————————————————————————————————
 Call Us 24/7    at (210)-446-4863
 or email at
————————————————————————————————————
Source: Avigilon.com

Cyber Threats to the US Power Grid

/in , /by

Every day billions of activities from across multiple digital platforms must be monitored and checked by cyber security experts working to protect the US power grid from cyber attack. 24 hours a day, workers must monitor electronic messages from both within the state owned power utilities themselves and from the outside.

The IT infrastructure of the power grid makes for a prime target for potential attackers, and the ability to generate widescale physical world consequences through penetrating power companies’ systems makes for an enticing hack to some “threat actors”. TVA, Tennessee Valley Authority, for example, operates 29 power-generating dams, seven nuclear reactors and maintains multiple connections to the Oak Ridge nuclear weapons production arsenal. These factors cause it to be regarded as amongst the most prime targets for cyber terrorists.

Andrea Brackett, director of TVA’s Cybersecurity group, says this federal utility company has adequate protection.

“There are all kinds of threat actors that attempt to test us on a daily basis, but I think we are in a really great spot with all kinds of layering of defenses to make sure that we’re protecting our operational assets from different types of cyber attacks that could happen, whether that is from the internet or internally from within TVA,” she said. “We’ve not had any events that have impacted our operational capability.”

But in the climate following recent hacks into Equifax and Yahoo, cyber crime seems to be a looming threat, with the energy sector regarded as a sort of pinnacle for those with cyber terror ambitions.

Homeland Security Secretary Kirstjen Nielsen believes we are in fact in something of a “crisis mode” with respect to cybersecurity.

“Cyber threats now represent a greater threat to the United States than physical threats,” Nielsen recently warned. “Our digital enemies are taking advantage of all of us. They are exploiting our open society to steal, to manipulate, to intimidate, to coerce, to disrupt and to undermine.”

Each day TVA alone watches as tens of thousands of attempts to hack into their networks are made. Many of these conducted by hostile nation states in an ongoing back and forth, testing the resilience and responsiveness of US cyber defense.

Ultimately the US will be forced to bring its infrastructure more and more into the age of the Internet and rely less on the mere antiquation of its machines as a defense, and as it does, external and internal threats alike will continue to test the security apparatus charged with protecting the grid. As it stands now, there are many other countries with newer infrastructure that may be easier to break into, although there are few prizes more enticing to cyber terrorists than the power grid of the US.

——————————————————————————————————————————————

Security Technology of South Texas is locally owned and operated out of San Antonio, Texas. We provide integration of security products and infrastructure for commercial scale projects in the South Texas area.

Call us today to set up a consultation, 24/7 210-446-4863 or email admin@gostst.com on our website

Surveillance Cameras’ Feeds Made Vulnerable Due to Bug: Zero-Day Exploits

/in , /by

Last month researchers from cybersecurity firm Digital Defense disclosed they had discovered a vulnerability in Nuuo NVRmini 2 Network Video Recorder firmware, basic software which is used in hundreds of thousands of IP surveillance cameras across the world.

The Linux-based software is used in a wide array of the company’s IP cameras, supports NAS storage and is capable of monitoring up to 64 live video channels. The bug centers around an unauthenticated remote buffer overflow security flaw which an attacker can exploit through executing arbitrary code on a system with root privileges. In addition to allowing a potential attacker to make use of the bug to access and modify video feeds and recordings from their cameras, the exploit also permits changing the configuration and settings of cameras.

This is achieved through “Overflowing of the stack variable, which is intended to hold the request data, results in the overwriting of stored return addresses, and with a properly crafted payload, can be leveraged to achieve arbitrary code execution,” Digital Defense said.

NVRmini 2 firmware prior to and including version 3.9.1 are vulnerable to this exploit, however Nuuo has responded to the discovery and has released a patch to resolve the issue.

So called zero-day exploits are some of the most damaging security flaws you can have in your security solution at large. These exploits or bugs are found in software from the day of its release onwards unless they are detected through chance or pro-active research into the software as described in the situation above. These exploits will be known only to potential attackers and the online communities they share this intel with up to that point, and a significant degree of damage and compromise can occur during that time period, up to and including the possible installation of backdoors unknown to the creators of the software and modification of source code if the exploit allows for that.

The zero in “zero-day” actually refers to the time at which the vendor of the software discovers the vulnerability. Up to that day the vulnerability would be referred to as a zero-day vulnerability, but after 30 days, a 30-day vulnerability and so on. It is during this time that the vendor will typically be working on a patch or workaround to mitigate the exploit, but depending on the specifics of the bug, potential attackers with knowledge of the bug may also be working on “counter patches” of their own.

A zero-day attack should always be considered a serious threat, and even after a patch has been developed, there is no guarantee that every user or even a majority will have installed the patch. Those who write malware have several different attack vectors available to them to exploit zero-day vulnerabilities, from executing malicious code exploiting web browsers to email attachments containing malicious code via SMTP.

In the context of the security industry, these types of exploits can have potentially devastating consequences. As we trust in the convenience and technical superiority of IP cameras and access control systems, it is critical to use reputable vendors and an integrator with the response time to manage and respond to crisis events.

——————————————————————————————————————————————

Security Technology of South Texas is locally owned and operated out of San Antonio, Texas. We provide integration of security products and infrastructure for commercial scale projects in the South Texas area.

Call us today to set up a consultation, 24/7 210-446-4863 or email admin@gostst.com on our website

Intelligent Video Solutions for Campuses

/in , , /by

The promise of AI enabled video in academic settings centers around finding solutions to the social issue of school gun violence. 2018 was in fact the worst year for gun violence by number of incidents in our nation’s history, and this reality is driving demand for innovative campus security solutions. Intelligent video technology facilitates school safety through integrating already existing systems such as security cameras, fire alarms and sprinklers, and automatic door locks. By integrating data from multiple sources and sensors, cloud security platforms can discover new insights and make predictions. Basically, intelligent video has the potential to bring campus security from reactive to proactive.

These intelligent video platforms combine cloud and AI to bring data in closer relationship with each other. Video and sensor data are aggregated to perform analytics functions, allowing a type of machine learning to occur which has the effect of improving efficiency and overall security. While conventional school security measures were designed to function as forensic evidence after the fact of an incident (video to be used by the police and the court systems), these newer “smart” systems aim to go after problems before they make themselves manifest. Using video and IoT sensor data in the cloud, data is analyzed in real time and in aggregate, something human operators simply can not do fast enough to be effective. This allows the campus to identify patterns to help the platform better point out salient insights as it learns over time.

Using a cloud based solution for campus security also makes sense with regard to maintenance and upkeep. On-premise security architecture requires manual updating of software on each server, whereas a cloud system takes its updates automatically from the cloud. The updates are simply scheduled during closed hours as automatic, which reduces the amount of IT manpower needed and allows IT staff to remotely work on the system.

Another benefit of cloud based security is how scalable these systems are. As a campus expands and adds more doors, entry points and etc., the cloud is more than capable of expanding along with any new hardware that is added.

These systems also reduce the need for staffing in large campus security operations. Due to the integration of data from multiple types of sensors, less humans are needed in the response chain to initiate lockdown procedures, active shooter response, and other incident protocols. When integrated with an automated door locking system for instance, the platform can communicate a proactive response in an active shooter situation faster than any human team and lockdown to prevent entry as it alerts the human security element or the police.

——————————————————————————————————————————————

Security Technology of South Texas has the direct experience and skilled team to integrate a cloud based security solution into your school or campus. We meet with relevant staff to design custom, turn-key solutions from the ground up and offer the reliable and reachable service you need for these critical systems.

——————————————————————————————————————————————

Contact us at admin@gostst.com on our website or via phone at 210-446-4863 24/7