Responding Rapidly to Security Vulnerabilities

While hardening is important, it does not guarantee that the device you install today will be secure tomorrow. Potential problems can lie dormant for years and then provide easy access for hackers when uncovered. For example, Shellshock was actually introduced as a product feature in 1989. Its vulnerability existed undetected in numerous products — including “hardened” versions of Linux and Unix operating systems — for 25 years. But within a single day of the vulnerability announcement in 2014, hackers reportedly were taking advantage of this critical bug.

At Tyco Security Products, we understand that a vulnerability discovered in one of our security products could potentially put your entire business at risk. That’s why we’ve put a team and process in place designed to deliver a fast, actionable response to help protect your investments from harm.

Our Cyber Protection Team continuously monitors for vulnerabilities using multiple resources. When a new bug is discovered, the Cyber Protection Team and key product engineers work quickly to tackle and resolve security concerns before they become critical to your operation.

This dedicated response enables us to create a security advisory, typically within 24 hours. The notification includes information about which products are vulnerable along with mitigation steps. It also lists products that we have confirmed are not vulnerable for greater peace of mind.

In the case of significant vulnerabilities, advisories are updated as needed until the issues are resolved. Quality engineers ensure that software patches are fully tested and validated. While we cannot predict how long it will take to resolve an issue, it took the team just two weeks to deliver patches for ShellShock and Heartbleed, both critical vulnerabilities.

BugHeart

Learn more about our Cyber Protection Program and how we’re working to protect our physical security products from attacks, damages, disruptions and misuse. You can also sign up to receive security advisories.

New American Dynamics RAID Storage System Reduces Downtime

American Dynamics has released a new version of the RAID Storage System for VideoEdge network video recorders (NVR). This includes enhancements to the NVR archived storage and improved battery back-up capabilities to reduce downtime and ensure your data is properly backed up.

Key Features:
  • Store critical video and audio longer
  • Minimize video loss and hard drive failure with RAID 5
  • High reliability with redundant power supplies and hot swappable drives
  • Expandable to 630TB of video storage with expansion unit
  • Cost-efficient, reliable storage solution optimized for video surveillance
  • Reduces power/cooling costs and total cost of ownership
  • Supports iSCSI and Fiber FC interfaces
  • Ideal for mid-large-sized installations or cloud data centers

Using an American Dynamics RAID storage system gives users one unified solution to administer and monitor video storage and recorders. This single user interface reduces the complexity and cost of integrating disparate solutions.

Learn more about our RAID storage system.

American Dynamics Micro NVR Doubled Storage Capacity

American Dynamics introduces the enhanced VideoEdge Micro network video recorder (NVR). This micro recorder includes an embedded PoE switch to automatically power cameras.

Watch this video to see the new VideoEdge micro NVR in action.

  • Easy, out-of-the-box installation – No external switch required with 4 or 8 channels
  • Automatic device discovery
  • Increased storage capacity – Store up to 2TB of video
  • Pre-installed victor Web LT software with embedded video analytics
  • Access to live and recorded video at any time with VideoEdge Go mobile app

Learn more abouto the VideoEdge micro NVR.

Tyco Security Products Technology Partner for NIST Cybersecurity Best Practices Guide for the Financial Services Sector

NISTThe National Institute of Standards and Technology (NIST) developed an IT asset management and cybersecurity best practices guide for the financial services sector.  Tyco Security Products served as a collaborating vendor for the creation of this guide. The guide provides a comprehensive view of how to implement standards-based cybersecurity technologies to reduce vulnerabilities, improve response to security alerts and increase resilience. Security engineers and installers will find examples of installation, configuration and integration tips to increase cybersecurity resilience.

Cybersecurity Risk Factors

IT asset management (ITAM) lays the foundation to implementing an effective cybersecurity strategy. Consider risk factors like size, sophistication, risk tolerance and threat landscape. Often the challenge users face is tracking a diverse set of hardware and software. Lack of control of the entire system is another challenge confronted by companies. Many have several different third-party technologies and various contractors involved, which makes a standard across the products a challenge.

Financial Services NIST Cybersecurity Practice Guide

The guide details security characteristics and best practices for addressing security controls that should be considered by security program managers. Learn more about:

  • Managing assets connected to the enterprise network
  • Developing accountability
  • Detecting and alert authorities
  • Develop software restriction policies
  • Tracking assets on the system
  • Reducing risk on data encryption, authentication, incident reporting, scanning and more

13ITL002_nccoe_logoIf you have feedback on the guide or further questions email financial_nccoe@nist.gov.

The National Cybersecurity Center of Excellence, part of NIST, addresses businesses’ most pressing cybersecurity problems with practical, standards-based example solutions using commercially available technologies.

Download the guide.

Learn more about Tyco Security Products cyber protection program.

Cybersecurity Acronyms

As with any industry, there are a slew of acronyms that are used. Cybersecurity is no different. To completely understand the standards and best practices for cybersecurity, you must understand the various groups and terminology being used.

Tyco Security Products Cyber Protection Program

Developed over five years from providing critical solutions to the U.S. Government and other multi-national customers, Tyco Security Products Cyber Protection Program is one of the first in the industry to offer a holistic, six-part approach to cyber security for physical security products. We have effectively worked with government agencies to meet the appropriate standards and validations. Below is an explanation of many of the various cyber security groups and common terminology used.

FIPS

Federal information Processing Standards (FIPS) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with agencies.

Having a FIPS validation ensures that encryption completed properly. Test results are validated by the United States National Institute of Standards and Technology (NIST), yet another acronym.

FISMA

The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against threats.  View the Tyco Security Products FISMA-ready configuration guidelines. These guidelines apply to Software House CCURE 9000 and American Dynamics victor video management system (VMS) software and VideoEdge network video recorders.

NERC

The North American Electric Reliabilty Corporation (NERC) is a non-profit organization that works with all stakeholders to develop standards for power system operation, monitoring and enforcing compliance with those standards.

NERC CIP

NERC Critical Infrastructure Protection (CIP) is 9 standards and 45 requirements covering the security of electronic perimeters and the protection of critical cyber assets as well as personnel and training, security management and disaster recovery planning. View the Tyco NERC-CIP V5 ready configuration guidelines for Software House CCURE and iStar.

DISA

The Defense Information Systems Agency (DISA) is a United States Department of Defense (DoD) agency that provides information technology (IT) and communications support to any individual or system contributing to the defense of the United States.

SRG

Security Requirement Guide (SRG) is compilation of singular, actionable statements that comprise a security control or security best. An SRG is used by DISA field security operations and vendor guide developers to build security technical implementation guides (STIGs). I know we cannot stop with the acronyms. A STIG is a guide for implementing IT systems within the DoD. View the Tyco DISA security requirements for VideoEdge using the General Purpose Operating System SRG.

SANS

System Administration Networking and Security (SANS) released Top 20 security vulnerabilities. These are security controls for protecting a network. VideoEdge and victor have been designed and have had the necessary features implemented to assist our installers and users with configuring their networks in the manner they need to implement the SANS controls they elect.

Learn more about our cyber protection program.

New Regional Sales Manager – Midwest

American Dynamics introduces Dan Howard as the new Area Sales Manager for the Midwest. He will oversee sales activities for American Dynamics VideoEdge video recorders, victor video management system, storage solutions and monitors in Illinois, Indiana, Kentucky, Ohio, Michigan, Wisconsin, West Virginia and Western Pennsylvania. Dan resides in Cleveland, Ohio.

Dan brings a vast knowledge of video surveillance systems and IP cameras. Most recently, he was a regional sales manager for a video security company.

Dan Howard

Dan Howard
danhoward@tycoint.com
+1.440.552.2063

If you have any American Dynamics questions, please contact Dan. We look forward to working with you.

Introducing the Cyber Protection Program from Tyco Security Products

Developed over five years, Tyco Security Products Cyber Protection Program is one of the first in the industry to offer a holistic approach to cybersecurity for physical security products. We’re committed to cybersecurity through a product’s entire lifecycle — from requirements through obsolescence.

TSP_CyberProtectionProgram

We’ve developed our cybersecurity expertise after many years of providing critical solutions for the United States government and large multinational customers, and we hold several industry firsts, including FISMA-ready access control and video solutions.

Six Part Approach to Cyber Protection
Our Cyber Protection Program’s six -part approach to cyber protection for physical security products looks far beyond components and devices and cyber security hardening. The scrutiny begins with the initial product concept and requirements, continues through analysis of system design and programming, and culminates with final testing, integration and evaluation.

  • Secure Product Development Practices – Secure coding and testing reduces the possibility of inadvertently introducing vulnerabilities during product development
  • Inclusive Protection of Components and Systems – Include range of capabilities to complement diverse security needs
  • Configuration Guidelines for Compliance – Provide comprehensive procedures on how to configure C•CURE 9000, VideoEdge and victor systems
  • Testing Procedures – Products undergo rigorous, continuous testing both internally and with an independent test house, to minimize the risk of security updates and new configurations in our cyber-compliant products
  • Rapid Response to Vulnerabilities – Quickly assesses the situation, distributes an advisory bulletin and follow up with fully qualified patches
  • Education and Advocacy – Maintain critical training and development certifications, speaks and advocates for cyber protection for security systems

Tyco’s Cyber Protection Team
Our autonomous cyber protection team, an independent branch of the development group, has deep process control knowledge and specialized expertise in cyber concerns with physical security systems.

Learn more about our Cyber Protection Program and how we are working to protect physical security products from attacks, damages, disruptions and misuse.

Tyco Security Products Connected Partner Program

The Tyco Security Products Connected Program integrates with a range of third-party technology partners to create valuable security systems.  View all of our approved integrations on our new connected program compatibility matrix.

Connected Program

The new Connected Program compatibility matrix allows you to:

  • Select any integrated technology partner solution including access control, intrusion, video, fire alarm, RIFD and more
  • Quickly view integration details including driver version, certifications, supported server and client operating systems and more
  • Download integration details, release notes, user guides and additional resources

Our approved integrations are now displayed in a new compatibility matrix on the American Dynamics and Software House websites.

If you have any questions or comments, contact the Connected Program team at tspconnected@tycoint.com.

Control victor VMS Remotely with the New victor Go Mobile App

The victor Go mobile app is now available for download for Apple and Android phones and tablets. This new app offers simple, intuitive operation to access live and recorded video from victor servers remotely any time of day.

victor-go.screenshot

With the victor Go app, users can:

  • Administer sites remotely from virtually anywhere, anytime
  • View live video from VideoEdge NVRs in multiple surveillance pane layouts
  • Instantly control PTZ cameras with intuitive gestures
  • Quickly search recorded video for faster investigations
  • Easily create fixed views
  • Monitor event lists, including dual-phase acknowledgement

Save Valuable Time
Whether you need to respond to a critical event at a moment’s notice or simply monitor your security operation remotely, victor Go can save you time. Simply log in to the victor Application Server via a highly secure connection from WiFi, 3G, or 4G.

Powerful Command and Control Options
View up to six cameras, scroll through pages of camera views, instantly control PTZ camera positions, and digitally zoom in on any camera for a closer look. Search for recorded video, play back video, call up live cameras and a list of events – you can do it all. For added convenience, you can save camera views for quick reference.

Incredibly Fast Searches
Use the Smart Search feature to search hours and hours of video recorded from VideoEdge NVRs in just seconds.

Optimal Video Quality with Minimal Lag
This purpose-built, 64-bit video surveillance app is designed to give you just the right video quality for a mobile device with the absolute minimum latency.

Download the App now
victor-go.appicon

iOS 

Android 

 

American Dynamics Introduces victor 4.8.1

The latest version of American Dynamics victor video management system (VMS) software and VideoEdge intelligent network video recorders (NVR) simplifies administration and speeds up security investigations. Version 4.8.1 includes the following new features:

Watch this video to see the new features in this release.


Presentation Builder & Timeline Bookmarks 

victor introduces the ability to create timeline bookmarks and package all incident-related materials into an incident report for a single, concise loss case. To reduce post-event investigation time, operators can drag and drop notes, maps, images and other documents into a case to stitch together succinct video evidence of an event for use by law enforcement, human resources or risk management personnel. Navigate through the video by moving the red bar to the left or right. By right clicking the incident, users can export the incident report to a folder that contains all the components of the case. When playing back the incident, the entire case will be displayed with all related case material.

To save post-event investigation time, the new timeline bookmark feature allows operators to mark video for quick replay when something of interest has been observed. Marked event video can quickly be imported into case investigations.

4.8.1_timeline_bookmarks

 

Scheduled Clip Downloads

Operators can improve their bandwidth management by scheduling video clip retrieval for off-peak network times when more network resources are available. Scheduling clip downloads gives security operators the ability to queue sizeable clips or a substantial number of clip downloads for the end of their shift or during down times. To access this feature, users must first ensure the remote directory is configured.victor_4.8.1_scheduled_clip_downloads

When creating a clip, users can select save and then under the clip saving configuration on the right-hand side of the screen, select a specific time from the “Download” drop down menu. Choose from several pre-populated times or choose specify to enter a custom time. In the “clips” tab, users will see a tool tip showing the time and date of the download.


Map Enhancements

victor users can increase their awareness of an overall site layout by adding a geographic information systems (GIS) map. For example, these GIS maps show landmarks around campuses to improve knowledge on how to approach an area where security action is needed. Simply go to the” Builds” tab and choose “New” under “Maps.” Users can now select the checkbox for “GIS Maps” and  see a dropdown of background maps for operators use.

GIS_Map

This version of victor also includes enhancements for Unified client. allows C•CURE 9000 map importing to save setup time and further unify with the access control system. To import a map, go to the Builds tab and select Show C•CURE Maps. This will display all the maps within the C•CURE 9000 system. victor also imports map objects such as doors for automated map setup.  Each icon on the map is fully functional upon import so users can right click to lock and unlock doors and open in swipe and show.

victor_4.8.1_import_CCURE9000_maps


Point-of-Sale Enhancement

For retail applications, victor 4.8.1 enhances the point-of-sale (POS) display to show receipt data alongside the corresponding live video for instant visual verification and simplified monitoring of fraud and theft. Retail companies can more quickly identify if something suspicious is employee fraud or just cashier misuse with the new POS text streaming.

The receipt data can be shown along with or without video. POS receipt data can sync with one or multiple cameras.

American Dynamics 4.8.1 point-of-sale


victor & VideoEdge Silent Install

The new victor silent install simplifies the installation process for victor servers. Security installers will now be prompted through a pre-installation form and checklist before installation. This will automate the installation process to ensure no configuration areas are missed minimizing configuration time.


Email Journal Reports

To save reporting time, users can now configure reports and email them directly from victor. First, users must configure their email preferences under the “setup” tab and “system values” section. Configure the mailbox address, SMTP server password, SMTP port number and SMTP FQDN. To run the report, go to “Home” tab, under “Reports and Data Visualization” update the available date range, reports category and template. Users then simply click the “Execute” button at the bottom of the display to run the reports. Users also can email the Excel report as an attachment.

View a video on configuring this new feature.


Role & Privilege Enhancements

This version of victor includes enhancements for Unified client improves the synchronization between setting operator permissions for victor roles and Software House C•CURE 9000 privileges. This consolidates an operator’s setup, saving time and unifying video security and access control.

Roles are the permissions that dictate the functions an operator can and cannot perform within victor.  You can name the new user while also selecting which clients the user should have access to by checking the box next to any of the following:

Each role starts with full system access by default. To save time, uncheck the “allow view all” check box to remove access to all systems.

Role Access 4.8.1

Users can also select the configuration buttons that a user can see.

Under the device access section at the bottom, select the “Type Exceptions” icon to give privileges to certain actions including:

  • Show
  • Edit
  • Find in Journal
  • Find on map
  • Instant Playback
  • Live audio
  • Run PTZ
  • Search and Retrieve
  • Update PTZ

Users can also select the “Object exceptions” icon to see all the servers and cameras on the system. For each device, users can update the actions for those specific devices by unchecking the boxes on the right hand side.