Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Construyendo Soluciones Exitosas de Ciberseguridad
Luis Enrique BonillaBusiness Development ManagerLatin America & Caribbean, Tyco security solutionsJohnson Controls
CyberSeguridad de la Seguridad Física
Consideraciones del consumidor
The Evolutionary Threat Landscape• Yesterday, Today & Tomorrow• Threats Evolve… so do Expectations• Product Cybersecurity vs. Information
Security • Changing Landscape = Changing Opportunities• Physical Security and Cyber Security
Threats
Internal Threats
Unkempt Systems
Obsolete Platforms
Lack of Expertise
Development Bugs
Misconfiguration
Unintentional Threats
Hackers
Malware
Spyware
External Threats Cyber
RiskDisgruntled
Employees
Malicious
Operators
Neglectful
Personnel
Modelo de CiberSeguridad
Aspectos y consideraciones de ciberseguridad según TYCO1. Conectividad de los dispositivos2. Soluciones Unificadas de administración e integración de productos3. Controles y mejoras basado en el programa de CyberSecurity4. Capacidades y Certificaciones5. Tendencia de Equipos “Hardened” by Default
A Higher Level of Commitment
design concept
development
deployment
rapid response
begins at initial
continues through
is supported through
and includes
Conectividad de los dispositivos – Factor de Riesgo
OSDP - Open Security Device ProtocolIndustry Standard Enables Secure Interoperability Between Field Devices
RS-485 two-way communications protocol between field devices – readers, biometrics, I/O modules – and control panels
Supported by the SIA (Security Industry Association)Access Control & Identity Subcommittee Dynamic token between cards and reader
Currently an ANSI standards candidate
Equipos de Seguridad Física con protocolo Wiegand son altamente vulnerables por “sniffing” https://www.youtube.com/watch?v=7VVpg6Fh1a4&feature=youtu.be
Estrategia para mitigación del riegos:
Card Cloning – Copying card credential data and replaying the information directly to the card reader
Copia de la señal wiegand entre el lector de tarjetas y el controlador
Conectividad segura de los dispositivos
R
OSDP – 2-wire RS485 & 2-wire power/gndPowered lock output
R R
PoE Switch
RRExit
reader
IP-ACM w/PoE
Ejemplo para Control de Acceso
Multi-drop
Addr 0Addr 1
RRR R
Addr 7Addr 6Addr 4 Addr 5
Addr 2
R
Addr 3RR R
Multi-drop
Addr 0Addr 1
RRR R
Addr 7Addr 6Addr 4 Addr 5
Addr 2
RAddr 3
iSTAR Ultra ACM 1iSTAR Ultra ACM 2
iSTAR Ultra GCMUp to 16 OSDP Readers + 16 Wireless Readers
OptionMulti-drop
Evolution of Secure Identity Solutions
Keys Today Infrastructure for Tomorrow’s Keys
What are the options?
Security
PROPRIETARY Copyright 2019
Biometric Authentication Technology• What is biometric security?
PROPRIETARY Copyright 2019
Biometric Authentication Technology
• The common Physical characteristics are:• Fingerprint • Face• Retina • Iris • Vein pattern• Hand and finger geometry
Which one to choose?
Biometric Solutions need to be integrated
FingerprintEasy
PalmVeinTouchless
Iris RecognitionHigh Secure
Facial recognitionConvenientOSDP V2 Encrypted card Number
La biometría deber ser integrada Comunicación sistemas biométricos con los controladores de Acceso
3D FingerprintMorphoWave
OSDP V2 Encrypted card Number
PalmVeinTouchless
Iris RecognitionHigh Secure
Facial recognitionConvenient
Biometric solutions for Authentication
FingerprintEasy
PalmVeinTouchless
Iris RecognitionHigh Secure
Facial recognitionConvenient
Convenience Security Cost
Hand Wave Speed
2 Factor Authentication - I want to know it’s really you at the Door
Two factor authentication at the door that increase the security with 50 %. Know the true Identity of your visitor before entering on the property
§ Enable/Disable per reader§ Scheduled or event driven bypass§ E-mail notification for self-registration§ Journaled for reporting
iSTAR Ultra & Ultra SE 18
Que sucede cuando las cámaras que te cuidan se puede volver armas?
Vulnerabilidades y Puertas Traseras en equipos de Video Vigilancia• Fabricantes con soluciones OEM heredan alto porcentaje de vulnerabilidades• No existe respuesta rápida a incidentes pues no se controla el firmware de OEM
Vector de ataque común en la infraestructura de red• Violación a la privacidad, exposición de marca, perdida de confianza clientes.
Credenciales por defecto vs Hardened by default• Alto porcentaje de equipos conservan contraseñas por defecto• El ”hardening” depende en gran medida del instalador • Actualización de Firmwares no es común en la rutinas de mantenimiento. • Soluciones VMS no se mantienen actualizadas • Sistemas como NVR siguen operando en OS EOL.• Hardened by default - Tendencia minimizar riesgo.
Controles y mejoras basado en el programa de CyberSecurity
Business Drivers Capabilities Outcomes
Baseline Expectations• Strong Cybersecurity Posture + Greater Connectivity • Rapid Response / Resolution
The Business Mission: Balance • Inspiring Consumer Confidence + Limiting Inconvenience
Visibility / Control • 93% prefer to be involved in decisioning related to cybersecurity**• 91% prefer security visibility of cybersecurity posture**
**Source: 2017 Harris Poll commissioned by RSA
Capacidades y Certificaciones Shared Responsibility
• Customer Engagement
• Education
• Thought Leadership
– Board Member of ISA Secure
• – Incident Response and Security Teams
•• – Open Web Application Security Project
•
• – CVE Numbering Authority
Cyber Solutions
En el negocio de la seguridad física, simplemente tenemos que ser mejores que la mayoría….
Disruption is Not an Option
the protection of….n Privacy…n Sensitive
information…
n Trade secrets…
the continuity of business….
n Workplace efficiency…
n Critical operations…
the safety of….n Children…n Travelers
…
n Employees…
n Customers…
the retention of customers….
n Maintaining brand reputation…
n Assuring quality…
n Meeting service levels…
the compliance with policies and regulations….
n Government…
n Healthcare…
n Banking and Finance…
n Privacy Laws…
Final Revies…
Inspiring Consumer Confidence + Limiting Inconvenience Balance
Partnership
Expertise
Maturity
Empowering Customers, Enabling Business & Ensuring Success
A Multifaceted, Robust org enables true Differentiation and Success
Transparency, Responsiveness and a higher level of Commitment
Differentiation Product Cybersecurity done right sets our products apart from the rest