Subscribe to RSS - IDmachines


Eidola, created for integrators to ensure cybersecurity

Wednesday, March 30, 2016

YARMOUTH, Maine—Have you heard enough about cybersecurity dangers for physical security integrators and manufacturers?

Here’s a new, and perhaps more welcome, angle of the cybersecurity story.

At the Interoperarability Fest on Wednesday night, April 6 at ISC West, you'll be able to see "Eidola." Click here for time and location.

What's Eidola? It's a technical automation and security system lifecycle management platform that’s designed to help integrators and installers secure their installations from the testing and installation stage through the maintenance stage. And it’s also designed to be used to generate RMR for integrators.

Eidola is a new product from IDmachines that “manages the lifecycle of a security solution from a cybersecurity perspective,” Sal D’Agostino, founder and CEO of IDmachines told me. "Eidola checks the make, model, firmware versions and other detailed device information, as well as strength of the device’s connection (authentication) on the network."

D’Agostino is an entrepreneur who has “always been involved in automating things.” He is the former EVP of Core Street and CEO of Computer Recognition Systems, Inc.

D’Agostino said “the complexity of security systems is growing astronomically and there’s a huge skills gap in terms of networking and cybersecurity skills.”  Today’s security systems include “IP-connected devices of all shapes and sizes on the network … you’ve [also] got network gear and stuff on virtual machines,” he said.

D’Agostino has said before that security integrators should “be deploying security solutions not vulnerabilities.” Eidola helps ensure this, he said.

Eidola can be used to test the configuration of a system’s components, and it also provides “a real live sandbox that can emulate an enterprise network,” D’Agostino said.

After that’s done, Eidola can be used to document IP addresses/MAC addresses and ports, so the integrator can deliver “more than just as-built drawings,” D’Agostino said. The integrator can give an end user a document that outlines the “state of the network." The integrator “get a sign-off by the customer on the documented system delivered that can be used again during the operation and maintenance lifecycle.”

This documentation is useful for the end user and integrator and can help identify problems in the future.  

Because Eidola can be used to check on the health of a security system, it can also be used to capture RMR, he said.

Andrew Lanning, co-founder of integration firm IST, said Eidola will be a very important tool for IT-savvy integrators working in enterprise environments, but its greatest value may be for a security company installer who is not an IT expert.

Those installers are adept at using a multi-meter to test voltage levels. D'Agostino describes Eidola as a "multi-meter for the 21st century." Lanning agrees, saying at its most basic level, Eidola is “really a network multi-meter that can let the installer know that a network is sound,” he said.

The roll out of Eidola is underway. It will be “generally available in the next 30 to 60 days” to a select group of integrators. The roll out will include “training, technical training and business model training on how to sell the product,” D’Agostino said.

The integrator will get an Eidola kit and a licence to resell Eidola as a service. “There are a number of different ways in which the product can be monetized by the integrator,” D’Agostino said.  

The Eidola kit has five components: 1. a high-performance, rugged industrial computer with multiple network connections, serial ports and digital I/O that provides the sandbox for the integrator or user's test environment. "This computer can also be left behind in those cases where longer term or harsh environmental testing requirements exist," D'Agostino said. 2. a portable field device (the 21st century multimeter) that also has network, serial and digital I/O. but on a smaller scale. 3. a set of connectors and cabling for easy installation and testing. 4. a travel case and documentation
D'Agostino said that the first two items "have an ad hoc wireless network that can connect to any Wi-Fi supported device, typically a smartphone or tablet, which provides an easy-to-use, push-button interface for performing the diagnostic, configuration and viewing and sharing the reports."

A broader roll out of the product is planned for later this year.

The cyber elephant in the room

Wednesday, November 11, 2015

SAN ANTONIO—I've spent several days recently with two major camera companies, Hikvision and Axis Communications. The last week in October I was on a Hikvision trip to China where I met with executives from the company, toured the headquarters and one of their factories, and also went to China's version of ISC West. This week I'm in San Antonio at the Axis partner event.

There are more than 400 integrators and technology partners here this year. Yesterday's agenda included information on the company's technology road map, a panel discussion on school security, an IT director for Westgate Resorts, and a forensics expert talking about camera evidence and how integrators' careful design and installation of video surveillance can help in law enforcement, rescue efforts, and criminal prosecution. There were also break-out sessions and there's a full agenda for today as well.

I'll have more stories on both the Hikvision trip and the Axis event, but I took note that both companies made a point to talk about cybersecurity, both internal efforts to ensure that their products are safe and external efforts to educate their integrator partners on best practices.

This is good news. It's about time the physical security industry starts talking about the cyber elephant in the room.

When I was at Hikvision, the president of the company, Yangzhong Hu and Hikvision international marketing director, Keen Yao fielded questions about cyber breaches the company has suffered. They also talked about their efforts to correct problems and instill cybersecurity best practices internally.  Hu said the company has partnered with international cybersecurity companies and professional hackers to proactivley test products, protocols and processes associated with cybersecurity.

Hikvision has a Security Center section on its website, which includes information about any current problems with its products, a location to report security issues, advice and best practices for end users and integrators on cybersecurity. Hikvision has also spoken about cybersecurity at ISC West, PSA-TEC and it will speak at ISC East next week as well. The goal, according to Hikvision North Amercian marketing director Alex Asnovich, is to share cybersecurity knowledge and best practices with the entire industry.

Yesterday at the Axis event, Sal D'Agostino, CEO of IDmachines, who has been working with Axis on cybersecurity, and John Bartolac, who heads up cyber strategy for Axis in North America,  led a break-out session about cybersecurity and the threat landscape. They introduced Axis's new "hardening guide", a 25-page document of cybersecurity best practices and protocols. Bartolac said Axis has been working on the cybersecurity issue for six years (most notably with its government customers). It is now expanding its efforts to educate its integrators and other partners about cybersecurity.

I've heard lots of cybersecurity statistics, and they're always chilling, but D'Agostino showed a live map of cyberattacks yesterday. Check it out here.

D'Agostino said the guide includes many "easily actionable items" for systems integrators.

“We’re supposed to be installing a security solution, not introducing a vulnerability,” D’Agostino said. “We want to help our [end users] meet their corporate goals. … It’s not acceptable anymore to say, ‘I didn’t know [about potential cyberthreats],’” he added.

The threat continues to evolve, he said. Not only do integrators have to worry about safeguarding the video that comes out of the camera, they need to be concerned about cameras being “taken over and used as a weapon.”

D'Agostino pointed out that using cybersecurity best practices and helping end users understand protocol is a great way for systems integrators to  "have a conversation with the IT side of the shop."

“As cameras are used not just as a security device, but as a business-enablement tool, you’re going to find yourself in a situation where you’ll be talking to the chief marketing officer or the IT department itself,” D’Agostino said.

Integrators who have cybersecurity knowhow can help IT department understand the value of their video data to the corporation, he said.

Bartolac said that Axis has a roadmap of cybersecurity tools that it will be offering to integrators. The hardening guide is just the beginning, he said. Axis also has plans to share cybersecurity best practices with the industry at large.

At TechSec, we've been talking about cybersecurity for a few years. Here's a link to a story about a TechSec educational session led by Diebold's Jeremy Brecher that we did in 2014 about cyber attacks and the potential problems for physical security devices. We'll be talking about cybersecurity in the cloud at our Cloud+ conference Dec. 7-8. Rodney Thayer, who's an expert in designing network security systems and hacking, is doing a not-to-be-missed educational session at Cloud+. Check out the educational program here.

PSA Security is also taking the lead on educating the industry about cybersecurity. PSA has a wealth of information on its web site. Click here.