Security Convergence Solutions
Meeting strategic security requirements with the
Dynamic Security Product family
Security technology for digital information has become an essential part of normal business operations as
well as a national priority. The risk increases each year because government and business are increasingly
dependent on ICT. New technologies such as Wi-Fi have specific vulnerabilities that increase the exposure. The
threat posed by information theft and sabotage has spurred new regulations and standards such as ISO 17799,
FISMA and the Sarbanes-Oxley act.
Businesses and government agencies are seeking more effective risk mitigation to protect valuable or
sensitive digital assets such as accounting records, customer information, proprietary trade secrets and
confidential or classified data. Physical and IT safety products are proliferating to respond to this market.
Coordinating the data and control capabilities of these different products and approaches has become a major
concern for security management, but true convergent security solutions are lacking. Most security systems
implement static access control. Users get the same rights at all times, even during holidays and off-work
hours, creating opportunities for identity theft and unauthorized tampering. This creates a dangerous and
Made4Biz’s Dynamic Security systems are the first to seriously address the challenge of security convergence.
They provide information security that is comprehensive, flexible and adaptive, encompassing both physical
security and IT access security protection. Dynamic security solutions implement security policies that are
location and time sensitive, and that can take into account threat levels, Homeland Security information and
other data. They allow rapid and automated security incident handling in emergencies, when time and accuracy are
Dynamic security minimizes unnecessary exposure by preventing access to data and facilities at times when
access is illogical and unnecessary.
Dynamic Security’s open architecture brings a wide variety of isolated security technologies into a single,
integrated framework. Critical alarms and alerts arrive at a single web-based console. All the information is
pooled into a single system and used to enforce an adaptive, dynamic security policy. This makes the best use of
physical, IT and human security management resources. It provides significantly improved, cost- effective risk
mitigation for critical online business resources, assets and processes, from smaller organizations to
multinational enterprise operations.
Security breaches are expensive. A recent ASIS report estimates that theft of intellectual property costs
about $60 billion annually. A US GAO report (GAO-02-363) singles out identity theft as a major concern.
Legislation to protect consumers places an increasingly stringent burden of responsibility on firms to ensure
data security. According to AMR, in 2004, legislative compliance costs
alone exceeded $10 billion, and that is only the beginning. Tough new legislation
enacted in several states in the United States would fine firms tens of thousands of dollars a month for data
security breaches Europe, Japan and Canada have enacted similar statutes, and a US federal data protection
statute is in the works, in addition to Sarbanes-Oxley, FISMA and other security legislation already in place.
The additional legislation, increasing opportunities for theft and mayhem presented by new technologies, and the
increasing sophistication of thieves and vandals will require ever increasing investment in security solutions.
Identity Theft and Insider Attacks
Digital information systems are exposed to risk from thieves, embezzlers and saboteurs. These risks escalate
with increasing dependence on digital storage, IP networks and wireless technology. The extent of the problem
cannot even be properly estimated because of the difficulty of obtaining and pooling the data. A 2005 CSI/FBI
study noted that respondents systematically failed to report security breaches for fear of negative impact on
their firms' image and stock price.
The number one concerns are identity theft and insider attacks. In 2005, consumer complaints about identity
theft accounted for 37% of all complaints according to the FTC. According to the FBI, in over 85% of the cases
the thief will use a peer’s credentials to cover up his or her activities, a technique called ‘Internal Identity
Theft’. In over 90% of the cases the predator will exercise the ID theft while the peer is off the premises.
Some notable recent examples of identity theft:
Insider data theft at Acxiom Corporation cost it 5.8 million of dollars. Contract employee Daniel J. Baas,
was sentenced to 45 months in prison in March 2005 for stealing password files.
In February 2005, Choicepoint announced that thieves used stolen identities to create dummy businesses that
mined identity data of as many as 145,000 people. The announcement caused a 25% drop in Choicepoint shares.
In May 2005, Wachovia Corp. and Bank of America Corp announced that financial records of over 100,000
customers had been stolen by bank employees and sold to collection agencies.
At CardSystems Solutions Inc, an "unauthorized individual" infiltrated the computer network and may
have stolen as many as 40 million credit card numbers.
A data aggregator sold data to customers who used stolen identities to open accounts.
Thieves got around a data aggregator’s identity systems by using login names of former employees and
A 2005 study funded by the Department of Homeland Security investigated the characteristics of insider
computer crime. The study was conducted by the Secret Service National Threat Assessment Center (NTAC) and
Carnegie Mellon University's Computer Emergency Response Team (CERT). You can view the study here -
Some major relevant findings:
59% the attacks were usually carried out by disgruntled former employees or contractors.
The most frequent motive was revenge rather than personal gain.
58% of the attacks took place after working hours
Most of the attacks were executed by remote access
Steps to terminate the former employee's rights were often incomplete and unsystematic.
Most of the insider attacks were only detected after the damage was done, and there was an irregularity in
the information system or a system became unavailable.
75% of the attacks could only be detected by painstaking manual forensic examinations.
In summary, employers could have known of the attacks and sometimes did know, and could have prevented the
attacks if an efficient mechanism had existed to:
Automatically and completely remove all rights of a terminated employee or contractor.
Automatically limit remote access (location-based access control).
Automatically limit after-hours and holidays access (time-based access control)
Automatically detect suspicious behavior patterns.
Rogues, thieves and vandals do not challenge the strong points of the system, which are the points that
conventional security systems keep reinforcing. Instead, they identify and challenge the weak points of security
systems that are not addressed by conventional security approaches. These are:
No coordination between subject location and subject access rights (location-based security).
No coordination between time of day and subject access rights (time-based security).
No method for systematic close-out of access rights.
No way to recognize suspicious usage patterns.
These weaknesses exit because there is no automatic intelligence to tie together disparate bits of
information, to discern patterns and to do automatically carry out security procedures.
|Behavior of rogues, thieves and vandals is adaptive.
Therefore, attacks on the weak points identified above will grow in future, shifting from attacks on areas that
are successfully protected by conventional methods. That means there is little point in investing in more
security of the same kind, which will deliver less and less protection. Buying additional security by
conventional approaches is going to be increasingly more expensive, and not very effective.
Multiple Data sources and Control Interfaces
Organizations use an increasing array of security systems and applications to meet rising IT and physical
security needs. Such products include LAN and WAN security, Web security, systems security, applications
security, ID management, authorization servers for single sign-on, intrusion detection and firewalls as well as
physical access protections using cards and biometric systems. These products do not exchange data, creating
security islands that have different control interfaces and that can hide vital information. This "tower of
babble" presents a formidable challenge for security management.
Administrators have to be intimately familiar with different:
This chaotic situation damages the organizational:
Security implementation quality
Time-to-response on security events
Security service level
Cost of managing the security
Lack of an integrated framework can cause missed alarms and allow suspicious usage patterns to go unnoticed.
Administrators miss the Big Picture, unnecessarily exposing the system and increasing vulnerability.
Exposure due to static security implementations
A typical access control system stores security profiles of employees or other subjects that remain
essentially unchanged as long as the user is part of the system.
A user has the same access rights during working days and working hours and when he or she is on vacation or
traveling on business.
Bogus identities of absent users can be used to abuse the system. Off hours access encourages tampering by
rogue employees. Ideally, a security system would "know" when a user is on campus, off campus on business or
away on vacation, and could adjust rights accordingly. Likewise, policy enforcement and incident handling may
need to be different in normal times and when there are specific alerts. Unfortunately it is usually not
practical to implement these adaptive changes with human administrators. The relevant information is not easily
available or cannot be easily used for policy implementation.
The plethora of new security systems and technologies has a great potential for synergistic function,
provided they can be made to work together. Preventing identity theft is a perfect example of how synergy
between systems can mitigate risk.
If the physical access system "knows" that Joe Smith is not in the office because he checked out, the
authorization server can prevent Smith from logging in from office computers, provided there is a smart system
that can coordinate between the authorization server and the physical access system. If someone does log in
using Smith's ID, this event can be recorded and cause an alert. If the smart system can recognize patterns, it
can also detect suspicious events such as attempts by "Joe Smith" to enter the premises when the real Joe Smith
has already entered. Since Joe Smith cannot really enter twice, and Joe Smith cannot log in to a computer if he
is really at home, these correlations of events implies that identity thefts are in progress and should signal
alarms. However, in large campuses, only an intelligent automated system could reliably "remember" and recognize
|Convergence of information from the different security systems could plug most of
the holes currently used for insider attacks and identity thefts.
Not surprisingly, integration of the different physical and ICT security technologies, or security
convergence, is becoming a major concern of security management for ICT systems. To help the different
applications communicate, new standards and protocols such as PHYSBITS (Physical Security Bridge to IT Security)
SAML (Security Assertion Markup Language) and Global Platform have been proposed or adopted. Convergent
applications can also take advantage of increasingly popular open information exchange standards such as SOAP
State of Convergence
Forrester estimated that in 2005, firms would treble spending on
integration of physical and IT security systems. Physical Access Control, CCTV, RFID and others will be
integrated with Single Sign-On, Identity Management, and security incident management into one holistic security
As shown in Table 1, ASIS estimated an increase of more than ten-fold in security convergence projects
between 2005 and 2008. About 75% of this investment will be in the public sector. .
Table 1: Forecast: Europe and North America Security Convergence spending
ASIS November 8, 2005
|Large convergence projects
|Physical/logical access control
|Other joint IT-Physical security departments projects
|Public sector: border control and law enforcement
|Small projects - data center, communications
However, some of this activity may be missing the mark or creating new problems. Surveys showed that a
significant percentage of respondents believed there was a fragmentation of risk management activities, which
hindered unification of the risk management approach. This danger highlights the need for approaches and
technology that can focus and centralize risk management functions.
Meeting the Challenge with Dynamic Security
Dynamic Security implements a different approach to meeting the security challenge. Instead of focusing more
and more efforts on plugging the security holes covered in conventional approaches, Dynamic Security brings
together the data provided by the different physical and ICT security systems to implement security convergence.
In this way, Dynamic Security is able to fill the security breaches that are most frequently exploited by
insider attacks and identity theft. Dynamic security brings together physical and IT security information in one
system, and subjects security events to the scrutiny of an expert pattern recognition system.
Security convergence can reduce exposure by
Reducing access rights for off-premises employees;
Reducing access rights after hours;
Raising an alarm when suspicious usage patterns occur, before they can result in system breaches;
Automatically ensuring that accounts and rights of terminated employees are closed out; systematically;
Relating access rights to forensics information about particular employees.
Dynamic Security Products
Dynamic Security products at present include:
Dynamic Security (DS)
Dynamic Security (DS) helps you meet the challenge posed by
convergent security needs. Dynamic Security acquires physical security information, such as entry and
exit of employees to or from the campus or secure areas, and ICT events such as employees logging in to their
workstations. DS limits access rights according to dynamically configured security profiles. It
recognizes suspicious usage patterns, such as attempts to log in using the identities of absent employees, and
implements automated security incident management, including barring of access and appropriate alerts and log
Dynamic, rather than static, location-based security
Security incident management
Correlation, patterns and event management
Security policy management
Automation of security administration
Alignment of policies with Homeland Security (DHS) threat advisory levels
Dynamic Administration of automated security
Internal and external identity theft prevention
Dynamic IT access control
Dynamic control of physical ports and communications channels.
Dynamic physical access control for card based, biometric and other systems
Security for rogue Wi-Fi networks
Desktop burglary sensor - sense suspicious activation of dormant computers in off-hours and automatically
activates security measures.
Regulatory and standards compliance:
Policy-based security - Flexible policy engine automates policy-based
security, based on physical presence, threat levels and business rules.
Security Business Process Management (BPM) integrates security incidents and information that originated
in disparate security products.
Convergence - Isolated islands-of-technology converge into a single coherent security system.
Automated Dynamic Provisioning of access rights.
Open Architecture - Standards-based technology seamlessly integrates with installed physical and
IT security management systems.
Web Service and Service Oriented Architecture (SOA) based.
Intelligent System - Correlation and Pattern Recognition correlates events related to physical
presence and network access.
Alarms - triggers alarms and prevents unauthorized use of IT resources.
Security Operations Center
The SOC is the control center of the Dynamic Security system. It is also available as a standalone security
integration platform. The SOC allows security personnel to manage the entire campus security system from one
Security integration platform
Holistic security process management
Scheduler (event-driven and time-based)
Coming soon - physical security integration
Standalone platform for integrating existing security functions
Integration of all the Dynamic product family into one comprehensive security business process
Dynamic Homeland Security*
Dynamic Homeland security adds additional capabilities and functions to DS.
HTML form generation for Security Incident Reporting
External device integration:
Campus physical security
Public facilities, enterprises, educational institutions, critical utilities airports, seaports,
Employee-vehicle relationship security
Visitor security management
Multiple site correlation
Visualization of hazardous areas
Municipal emergency management
FBI adds an additional layer of functionality to Dynamic Security, allowing interaction with forensic
databases and utilization of forensic information.
Additional Functions and capabilities
Hierarchical structured queries
Automatic investigation invocation
Ad-hoc investigation environment
Multi source virtual DBMS (XML, logs, DBMS, WMI, SNMP, LDAP, Search)
Security profiling and investigations
Standards and Regulatory Compliance
Dynamic Security supports implementation of regulations and standards such as Sarbanes-Oxley, HIPPA, and
Basel II, ISO 17799, FISMA etc. These standards require location-based and temporal-oriented security measures,
auditing and forensic investigations, a security plan and a method of implementing it. These regulations and
standards often include access control provisions that are difficult to implement without Dynamic Security.
Dynamic Security facilitates:
Dynamic Security Technology
The underlying proprietary technology of Made4Biz includes:
The Security Operations Center
(SOC) integrates security data and control of all
The Pattern Recognition Engine detects pre defined events, correlations and patterns
within the stream of XML events.
The Business Process Management System (BPM) executes automated, coherent, business
processes in response to physical and IT security events. The system supports full workflow process
capabilities, including the embedding of human intervention and responses within workflows.
The Job Scheduler automates pre-scheduled time and date-dependent processes. The
scheduler automates routines and supports implementation of time-sensitive dynamic security policies.
Context Based Security automates security incident management and the execution of the organizational
policies in response to designated patterns of relevant security events. The system responds to the same event
in different ways, depending on the alert state of the organization. The alert state can be set to track the
DHS Security Alert System, which has already been adopted by a variety of Homeland Security
Forensics-based Investigation (FBI) supports data accumulation and analysis.
The system supports multiple logs; facilitate the correlation of multiple data streams. The facility permits an
organization to maintain specialized logs that track information relevant for different parties, such as campus
security officers or internal auditors.
External Source agents track updates in a database, XML file, Web service or text file
(such as logs) and upon detection of such update, parses the log record into an XML message and send it to the
Dynamic Security's queue for processing by the event manager. The agent is used mainly for integration of
external physical security systems into Dynamic Security's business processes.
About Made4Biz Security
Made4Biz Security Inc. is a solutions supplier of critical industry security needs. The company develops
software that automates the administration of organizational security related tasks. The Made4Biz team has broad
security expertise and brings an exceptional understanding of the marketplace and business needs to all aspects
of security management.
*Starred products are under development and scheduled for release