Construyendo Soluciones Exitosas de Ciberseguridad

Luis Enrique BonillaBusiness Development ManagerLatin America & Caribbean, Tyco security solutionsJohnson Controls

CyberSeguridad de la Seguridad Física

Consideraciones del consumidor

The Evolutionary Threat Landscape• Yesterday, Today & Tomorrow• Threats Evolve… so do Expectations• Product Cybersecurity vs. Information

Security • Changing Landscape = Changing Opportunities• Physical Security and Cyber Security

Threats

Internal Threats

Unkempt Systems

Obsolete Platforms

Lack of Expertise

Development Bugs

Misconfiguration

Unintentional Threats

Hackers

Malware

Spyware

External Threats Cyber

RiskDisgruntled

Employees

Malicious

Operators

Neglectful

Personnel

Modelo de CiberSeguridad

Aspectos y consideraciones de ciberseguridad según TYCO1. Conectividad de los dispositivos2. Soluciones Unificadas de administración e integración de productos3. Controles y mejoras basado en el programa de CyberSecurity4. Capacidades y Certificaciones5. Tendencia de Equipos “Hardened” by Default

A Higher Level of Commitment

design concept

development

deployment

rapid response

begins at initial

continues through

is supported through

and includes

Conectividad de los dispositivos – Factor de Riesgo

OSDP - Open Security Device ProtocolIndustry Standard Enables Secure Interoperability Between Field Devices

RS-485 two-way communications protocol between field devices – readers, biometrics, I/O modules – and control panels

Supported by the SIA (Security Industry Association)Access Control & Identity Subcommittee Dynamic token between cards and reader

Currently an ANSI standards candidate

Equipos de Seguridad Física con protocolo Wiegand son altamente vulnerables por “sniffing” https://www.youtube.com/watch?v=7VVpg6Fh1a4&feature=youtu.be

Estrategia para mitigación del riegos:

Card Cloning – Copying card credential data and replaying the information directly to the card reader

Copia de la señal wiegand entre el lector de tarjetas y el controlador

Conectividad segura de los dispositivos

R

OSDP – 2-wire RS485 & 2-wire power/gndPowered lock output

R R

PoE Switch

RRExit

reader

IP-ACM w/PoE

Ejemplo para Control de Acceso

Multi-drop

Addr 0Addr 1

RRR R

Addr 7Addr 6Addr 4 Addr 5

Addr 2

R

Addr 3RR R

Multi-drop

Addr 0Addr 1

RRR R

Addr 7Addr 6Addr 4 Addr 5

Addr 2

RAddr 3

iSTAR Ultra ACM 1iSTAR Ultra ACM 2

iSTAR Ultra GCMUp to 16 OSDP Readers + 16 Wireless Readers

OptionMulti-drop

Evolution of Secure Identity Solutions

Keys Today Infrastructure for Tomorrow’s Keys

What are the options?

Security

PROPRIETARY Copyright 2019

Biometric Authentication Technology• What is biometric security?

PROPRIETARY Copyright 2019

Biometric Authentication Technology

• The common Physical characteristics are:• Fingerprint • Face• Retina • Iris • Vein pattern• Hand and finger geometry

Which one to choose?

Biometric Solutions need to be integrated

FingerprintEasy

PalmVeinTouchless

Iris RecognitionHigh Secure

Facial recognitionConvenientOSDP V2 Encrypted card Number

La biometría deber ser integrada Comunicación sistemas biométricos con los controladores de Acceso

3D FingerprintMorphoWave

OSDP V2 Encrypted card Number

PalmVeinTouchless

Iris RecognitionHigh Secure

Facial recognitionConvenient

Biometric solutions for Authentication

FingerprintEasy

PalmVeinTouchless

Iris RecognitionHigh Secure

Facial recognitionConvenient

Convenience Security Cost

Hand Wave Speed

2 Factor Authentication - I want to know it’s really you at the Door

Two factor authentication at the door that increase the security with 50 %. Know the true Identity of your visitor before entering on the property

§ Enable/Disable per reader§ Scheduled or event driven bypass§ E-mail notification for self-registration§ Journaled for reporting

iSTAR Ultra & Ultra SE 18

Que sucede cuando las cámaras que te cuidan se puede volver armas?

Vulnerabilidades y Puertas Traseras en equipos de Video Vigilancia• Fabricantes con soluciones OEM heredan alto porcentaje de vulnerabilidades• No existe respuesta rápida a incidentes pues no se controla el firmware de OEM

Vector de ataque común en la infraestructura de red• Violación a la privacidad, exposición de marca, perdida de confianza clientes.

Credenciales por defecto vs Hardened by default• Alto porcentaje de equipos conservan contraseñas por defecto• El ”hardening” depende en gran medida del instalador • Actualización de Firmwares no es común en la rutinas de mantenimiento. • Soluciones VMS no se mantienen actualizadas • Sistemas como NVR siguen operando en OS EOL.• Hardened by default - Tendencia minimizar riesgo.

Controles y mejoras basado en el programa de CyberSecurity

Business Drivers Capabilities Outcomes

Baseline Expectations• Strong Cybersecurity Posture + Greater Connectivity • Rapid Response / Resolution

The Business Mission: Balance • Inspiring Consumer Confidence + Limiting Inconvenience

Visibility / Control • 93% prefer to be involved in decisioning related to cybersecurity**• 91% prefer security visibility of cybersecurity posture**

**Source: 2017 Harris Poll commissioned by RSA

Capacidades y Certificaciones Shared Responsibility

• Customer Engagement

• Education

• Thought Leadership

– Board Member of ISA Secure

• – Incident Response and Security Teams

•• – Open Web Application Security Project

•

• – CVE Numbering Authority

Cyber Solutions

En el negocio de la seguridad física, simplemente tenemos que ser mejores que la mayoría….

Disruption is Not an Option

the protection of….n Privacy…n Sensitive

information…

n Trade secrets…

the continuity of business….

n Workplace efficiency…

n Critical operations…

the safety of….n Children…n Travelers

…

n Employees…

n Customers…

the retention of customers….

n Maintaining brand reputation…

n Assuring quality…

n Meeting service levels…

the compliance with policies and regulations….

n Government…

n Healthcare…

n Banking and Finance…

n Privacy Laws…

Final Revies…

Inspiring Consumer Confidence + Limiting Inconvenience Balance

Partnership

Expertise

Maturity

Empowering Customers, Enabling Business & Ensuring Success

A Multifaceted, Robust org enables true Differentiation and Success

Transparency, Responsiveness and a higher level of Commitment

Differentiation Product Cybersecurity done right sets our products apart from the rest