Made4Biz Dynamic Security Resources

Security technology for digital information has become an essential part of normal business operations as well as a national priority. The risk increases each year because government and business are increasingly dependent on ICT. New technologies such as Wi-Fi have specific vulnerabilities that increase the exposure. The threat posed by information theft and sabotage has spurred new regulations and standards such as ISO 17799, FISMA and the Sarbanes-Oxley act.

Businesses and government agencies are seeking more effective risk mitigation to protect valuable or sensitive digital assets such as accounting records, customer information, proprietary trade secrets and confidential or classified data. Physical and IT safety products are proliferating to respond to this market. Coordinating the data and control capabilities of these different products and approaches has become a major concern for security management, but true convergent security solutions are lacking. Most security systems implement static access control. Users get the same rights at all times, even during holidays and off-work hours, creating opportunities for identity theft and unauthorized tampering. This creates a dangerous and needless exposure.

Made4Biz’s Dynamic Security systems are the first to seriously address the challenge of security convergence. They provide information security that is comprehensive, flexible and adaptive, encompassing both physical security and IT access security protection. Dynamic security solutions implement security policies that are location and time sensitive, and that can take into account threat levels, Homeland Security information and other data. They allow rapid and automated security incident handling in emergencies, when time and accuracy are essential.

Dynamic security minimizes unnecessary exposure by preventing access to data and facilities at times when access is illogical and unnecessary.

Dynamic Security’s open architecture brings a wide variety of isolated security technologies into a single, integrated framework. Critical alarms and alerts arrive at a single web-based console. All the information is pooled into a single system and used to enforce an adaptive, dynamic security policy. This makes the best use of physical, IT and human security management resources. It provides significantly improved, cost- effective risk mitigation for critical online business resources, assets and processes, from smaller organizations to multinational enterprise operations.

Digital information systems are exposed to risk from thieves, embezzlers and saboteurs. These risks escalate with increasing dependence on digital storage, IP networks and wireless technology. The extent of the problem cannot even be properly estimated because of the difficulty of obtaining and pooling the data. A 2005 CSI/FBI study noted that respondents systematically failed to report security breaches for fear of negative impact on their firms' image and stock price.

The number one concerns are identity theft and insider attacks. In 2005, consumer complaints about identity theft accounted for 37% of all complaints according to the FTC. According to the FBI, in over 85% of the cases the thief will use a peer’s credentials to cover up his or her activities, a technique called ‘Internal Identity Theft’. In over 90% of the cases the predator will exercise the ID theft while the peer is off the premises.

Some notable recent examples of identity theft:

• Automatically and completely remove all rights of a terminated employee or contractor.

• Automatically limit remote access (location-based access control).

• Automatically limit after-hours and holidays access (time-based access control)

• Automatically detect suspicious behavior patterns.

Rogues, thieves and vandals do not challenge the strong points of the system, which are the points that conventional security systems keep reinforcing. Instead, they identify and challenge the weak points of security systems that are not addressed by conventional security approaches. These are:

• No coordination between subject location and subject access rights (location-based security).

• No coordination between time of day and subject access rights (time-based security).

• No method for systematic close-out of access rights.

• No way to recognize suspicious usage patterns.

These weaknesses exit because there is no automatic intelligence to tie together disparate bits of information, to discern patterns and to do automatically carry out security procedures.

Organizations use an increasing array of security systems and applications to meet rising IT and physical security needs. Such products include LAN and WAN security, Web security, systems security, applications security, ID management, authorization servers for single sign-on, intrusion detection and firewalls as well as physical access protections using cards and biometric systems. These products do not exchange data, creating security islands that have different control interfaces and that can hide vital information. This "tower of babble" presents a formidable challenge for security management.

Administrators have to be intimately familiar with different:

• APIs

• Protocols

• Platforms

• Disciplines

• Credentials

• Syntaxes

• Know-how

This chaotic situation damages the organizational:

• Security implementation quality

• Time-to-response on security events

• Security service level

• Cost of managing the security

Lack of an integrated framework can cause missed alarms and allow suspicious usage patterns to go unnoticed. Administrators miss the Big Picture, unnecessarily exposing the system and increasing vulnerability.

A typical access control system stores security profiles of employees or other subjects that remain essentially unchanged as long as the user is part of the system.

A user has the same access rights during working days and working hours and when he or she is on vacation or traveling on business.

Bogus identities of absent users can be used to abuse the system. Off hours access encourages tampering by rogue employees. Ideally, a security system would "know" when a user is on campus, off campus on business or away on vacation, and could adjust rights accordingly. Likewise, policy enforcement and incident handling may need to be different in normal times and when there are specific alerts. Unfortunately it is usually not practical to implement these adaptive changes with human administrators. The relevant information is not easily available or cannot be easily used for policy implementation.

The plethora of new security systems and technologies has a great potential for synergistic function, provided they can be made to work together. Preventing identity theft is a perfect example of how synergy between systems can mitigate risk.

If the physical access system "knows" that Joe Smith is not in the office because he checked out, the authorization server can prevent Smith from logging in from office computers, provided there is a smart system that can coordinate between the authorization server and the physical access system. If someone does log in using Smith's ID, this event can be recorded and cause an alert. If the smart system can recognize patterns, it can also detect suspicious events such as attempts by "Joe Smith" to enter the premises when the real Joe Smith has already entered. Since Joe Smith cannot really enter twice, and Joe Smith cannot log in to a computer if he is really at home, these correlations of events implies that identity thefts are in progress and should signal alarms. However, in large campuses, only an intelligent automated system could reliably "remember" and recognize such patterns.

Not surprisingly, integration of the different physical and ICT security technologies, or security convergence, is becoming a major concern of security management for ICT systems. To help the different applications communicate, new standards and protocols such as PHYSBITS (Physical Security Bridge to IT Security) SAML (Security Assertion Markup Language) and Global Platform have been proposed or adopted. Convergent applications can also take advantage of increasingly popular open information exchange standards such as SOAP and LDAP.

As shown in Table 1, ASIS estimated an increase of more than ten-fold in security convergence projects between 2005 and 2008. About 75% of this investment will be in the public sector. .

Table 1: Forecast: Europe and North America Security Convergence spending

However, some of this activity may be missing the mark or creating new problems. Surveys showed that a significant percentage of respondents believed there was a fragmentation of risk management activities, which hindered unification of the risk management approach. This danger highlights the need for approaches and technology that can focus and centralize risk management functions.

Dynamic Security implements a different approach to meeting the security challenge. Instead of focusing more and more efforts on plugging the security holes covered in conventional approaches, Dynamic Security brings together the data provided by the different physical and ICT security systems to implement security convergence. In this way, Dynamic Security is able to fill the security breaches that are most frequently exploited by insider attacks and identity theft. Dynamic security brings together physical and IT security information in one system, and subjects security events to the scrutiny of an expert pattern recognition system.

Security convergence can reduce exposure by

Dynamic Security products at present include:

• Dynamic Security - Location-based dynamic security for your IT Network

• Security Operations Center - Shows you the big picture at a glance. Can operate as a standalone module or as the center of the Dynamic Security system.

• Dynamic Homeland Security - Integrates GiS security devices and external data sources

• Forensics-Based Investigations - Integrated Forensics Database

The SOC is the control center of the Dynamic Security system. It is also available as a standalone security integration platform. The SOC allows security personnel to manage the entire campus security system from one place.

Dynamic Homeland security adds additional capabilities and functions to DS.

• Burglary Alarm

• Fire Alarm

• CCTV

• Voice/Video recording and analysis

• Espionage detection

• Regional syndication

• Integration with external systems:

• Cisco IPICS

• Any data source via Web services

FBI adds an additional layer of functionality to Dynamic Security, allowing interaction with forensic databases and utilization of forensic information.

Dynamic Security supports implementation of regulations and standards such as Sarbanes-Oxley, HIPPA, and Basel II, ISO 17799, FISMA etc. These standards require location-based and temporal-oriented security measures, auditing and forensic investigations, a security plan and a method of implementing it. These regulations and standards often include access control provisions that are difficult to implement without Dynamic Security.

Dynamic Security facilitates:

• Location based security

• Physical presence

• Department, machine and port restricted Log-On

• Temporal oriented security

• Working days

• Working shifts

• Irregular working hours

• Activity based security

• What gets done?

• By whom?

• Correlation with role description

• Follows sequence of events that fit known malicious patterns such as frauds

• Forensic investigations and audit trails

• Based on data generated by Dynamic Security

• Based on data accumulated from external system

The underlying proprietary technology of Made4Biz includes:

The Pattern Recognition Engine detects pre defined events, correlations and patterns within the stream of XML events.

The Business Process Management System (BPM) executes automated, coherent, business processes in response to physical and IT security events. The system supports full workflow process capabilities, including the embedding of human intervention and responses within workflows.

The Job Scheduler automates pre-scheduled time and date-dependent processes. The scheduler automates routines and supports implementation of time-sensitive dynamic security policies.

Context Based Security automates security incident management and the execution of the organizational policies in response to designated patterns of relevant security events. The system responds to the same event in different ways, depending on the alert state of the organization. The alert state can be set to track the DHS Security Alert System, which has already been adopted by a variety of Homeland Security applications.

External Source agents track updates in a database, XML file, Web service or text file (such as logs) and upon detection of such update, parses the log record into an XML message and send it to the Dynamic Security's queue for processing by the event manager. The agent is used mainly for integration of external physical security systems into Dynamic Security's business processes.

Made4Biz Security Inc. is a solutions supplier of critical industry security needs. The company develops software that automates the administration of organizational security related tasks. The Made4Biz team has broad security expertise and brings an exceptional understanding of the marketplace and business needs to all aspects of security management.