C•CURE Go Reader Mobile App

The innovative C•CURE Go Reader mobile app extends the reach of your C•CURE 9000 system more powerfully than ever before. An inspired evolution of the C•CURE Go mobile app, C•CURE Go Reader lets you grant or deny access in even the most remote, disconnected areas such as construction sites, offline events and roaming security checkpoints.

ccure-go-reader

Using an Android device, C•CURE Go Reader pairs with a multi-technology read head to mimic a full-fledged iSTAR door, complete with schedules, clearances and holidays. As a virtual “door” in C•CURE 9000, C•CURE Go Reader inherits all clearances of an associated iSTAR door group, ensuring strict security even if you are far away from your nearest iSTAR controller.

C•CURE Go Reader provides peace of mind in many different situations:

  • Construction sites can be dangerous areas and, long before the walls of the buildings are built, security is compulsory.
  • Offsite events pose unique security challenges for companies who need to safeguard employees and visitors with limited physical boundaries.
  • Roaming security checkpoints allow your guards to spontaneously check access badges in hallways or near secured areas.
  • Roll calls are extremely important, to make sure employees have evacuated during emergency situations.
  • C•CURE Go Reader makes it easy to verify that employees have reached the designated areas during the emergency.

Visit our webpage for more information.

Cyber Protection Program – Security Features

What Comes After Device Hardening?

It’s common knowledge that encrypted communication and other device hardening features are necessary for cybersecurity, but it’s vitally important to think beyond hardening.  Now that the security industry has adopted IP technology, manufacturers and integrators must consider not only the security operator’s needs, but also those of the IT manager.

An unsecured device can be the target of a cyber attack that might affect the entire network. While IT managers in government agencies, utilities, transportation, retail operations and financial enterprises are most acutely aware of the dire consequences of a successful hack, IT managers in all sectors are demanding security measures that go well beyond hardening before accepting devices onto their networks.

Here are four features that Tyco Security Products offers to achieve network acceptance for our Software House C•CURE 9000 Access Control Systems and American Dynamics victor Unified Video Management Systems that incorporate iSTAR controllers:

 

  1. Archive and Failover featuresto ensure continual operation and fast recovery
  1. LDAP Support to manage credentials.
  1. FIPS 140-2, Level 2, end-to-end validated encryption
  1. Network Storm Protection that ensures an iSTAR controller continues to operate during a denial of service attack.

Not every industry or enterprise requires the same security features for network acceptance. Our application specialists are available to advise which features are relevant to a specific application.

Learn more about our Cyber Protection Program and how we’re working to protect our physical security products from attacks, damage, disruptions and misuse.

IP-ACM Ethernet Door Module

Flexible, secure Ethernet edge device reduces wiring and extends cost effectiveness of an IP-based access control system.

IP ACM

IP-ACM is a flexible, future proof Ethernet door module that provides IT savvy customers with a highly secure option to manage their security, while reducing wiring and installation costs. The IP-ACM is installed near the doors that it’s controlling and communicates securely over IP to an iSTAR Ultra GCM using AES-256 encryption. The GCM contains the local access database and makes all access decisions. Each IP-ACM can support two doors, or one door with in and out readers. Each iSTAR Ultra supports up to 32 readers maximum.

Visit our webpage for more information.

Responding Rapidly to Security Vulnerabilities

While hardening is important, it does not guarantee that the device you install today will be secure tomorrow. Potential problems can lie dormant for years and then provide easy access for hackers when uncovered. For example, Shellshock was actually introduced as a product feature in 1989. Its vulnerability existed undetected in numerous products — including “hardened” versions of Linux and Unix operating systems — for 25 years. But within a single day of the vulnerability announcement in 2014, hackers reportedly were taking advantage of this critical bug.

At Tyco Security Products, we understand that a vulnerability discovered in one of our security products could potentially put your entire business at risk. That’s why we’ve put a team and process in place designed to deliver a fast, actionable response to help protect your investments from harm.

Our Cyber Protection Team continuously monitors for vulnerabilities using multiple resources. When a new bug is discovered, the Cyber Protection Team and key product engineers work quickly to tackle and resolve security concerns before they become critical to your operation.

This dedicated response enables us to create a security advisory, typically within 24 hours. The notification includes information about which products are vulnerable along with mitigation steps. It also lists products that we have confirmed are not vulnerable for greater peace of mind.

In the case of significant vulnerabilities, advisories are updated as needed until the issues are resolved. Quality engineers ensure that software patches are fully tested and validated. While we cannot predict how long it will take to resolve an issue, it took the team just two weeks to deliver patches for ShellShock and Heartbleed, both critical vulnerabilities.

BugHeart

Learn more about our Cyber Protection Program and how we’re working to protect our physical security products from attacks, damages, disruptions and misuse. You can also sign up to receive security advisories.

EyeLock nano NXT Advanced Iris Reader Integration with C•CURE 9000

High Security Made Simple

The integration of C•CURE 9000 security and event management system and EyeLock nano NXT biometric iris reader gives you powerful identity authentication and security capabilities for a complete biometric access control management system.Eyelock Integration

The integration with C•CURE 9000 allows cardholder names and card numbers setup in C•CURE 9000 to be seen in EyeLock Identity Suite so that this information does not have to be re-entered during the iris enrollment process. Once enrollment is complete, the information stays synced. The integration also allows for the intelligent distribution of iris templates to nano NXT iris readers and will only be stored on devices at doors that each cardholder has access to according to C•CURE 9000.

Unparalleled Efficiency

The nano NXT authenticates up to 20 people per minute, in-motion and at-a-distance with unparalleled accuracy. EyeLock’s advanced technology converts the unique characteristics of each iris into a complex encrypted code that maximizes security and minimizes breach potential. With a false accept rate of only 1 in 1.5 million for a single eye, EyeLock’s iris identity authentication ensures both unparalleled accuracy and security.

Visit our webpage for more information.

Software House Launches Safran Morpho Biometric Readers

Safran Morpho biometric readers provide fingerprint and turnstile application access control for sensitive, high-traffic environments where convenience, speed and security are a priority.

The C•CURE 9000/Safran Morpho solutions are ideal for security critical areas such as server rooms, pharmacies, bank vaults and more. Doors fitted with Safran Morpho biometric solutions are integrated to C•CURE 9000 with MorphoManager.

  • MorphoAccess Sigma Series – best-of-breed finger identification terminal with time & attendance option
  • MorphoAccess Sigma Lite Series – finger identification terminal designed to equip narrow mounting surfaces
  • MorphoWave Tower – contactless access control with a wave of a hand​

Visit our webpage for more information.

Tyco Security Products Technology Partner for NIST Cybersecurity Best Practices Guide for the Financial Services Sector

The National Institute of Standards and Technology (NIST) developed an IT asset management and cybersecurity best practices guide for the financial services sector.  Tyco Security Products served as a collaborating vendor for the creation of this guide. The guide provides a comprehensive view of how to implement standards-based cybersecurity technologies to reduce vulnerabilities, improve response to security alerts and increase resilience. Security engineers and installers will find examples of installation, configuration and integration tips to increase cybersecurity resilience.NIST

Cybersecurity Risk Factors

IT asset management (ITAM) lays the foundation to implementing an effective cybersecurity strategy. Consider risk factors like size, sophistication, risk tolerance and threat landscape. Often the challenge users face is tracking a diverse set of hardware and software. Lack of control of the entire system is another challenge confronted by companies. Many have several different third-party technologies and various contractors involved, which makes a standard across the products a challenge.

Financial Services NIST Cybersecurity Practice Guide

The guide details security characteristics and best practices for addressing security controls that should be considered by security program managers. Learn more about:

  • Managing assets connected to the enterprise network
  • Developing accountability
  • Detecting and alert authorities
  • Develop software restriction policies
  • Tracking assets on the system
  • Reducing risk on data encryption, authentication, incident reporting, scanning and more

13ITL002_nccoe_logoIf you have feedback on the guide or further questions email financial_nccoe@nist.gov.

The National Cybersecurity Center of Excellence, part of NIST, addresses businesses’ most pressing cybersecurity problems with practical, standards-based example solutions using commercially available technologies.

Download the guide.

Learn more about Tyco Security Products cyber protection program.

Cybersecurity Acronyms

As with any industry, there are a slew of acronyms that are used. Cybersecurity is no different. To completely understand the standards and best practices for cybersecurity, you must understand the various groups and terminology being used.

Tyco Security Products Cyber Protection Program

Developed over five years from providing critical solutions to the U.S. Government and other multi-national customers, Tyco Security Products Cyber Protection Program is one of the first in the industry to offer a holistic, six-part approach to cyber security for physical security products. We have effectively worked with government agencies to meet the appropriate standards and validations. Below is an explanation of many of the various cyber security groups and common terminology used.

FIPS

Federal information Processing Standards (FIPS) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with agencies.

Having a FIPS validation ensures that encryption completed properly. Test results are validated by the United States National Institute of Standards and Technology (NIST), yet another acronym.

FISMA

The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against threats.  View the Tyco Security Products FISMA-ready configuration guidelines. These guidelines apply to Software House CCURE 9000 and American Dynamics victor video management system (VMS) software and VideoEdge network video recorders.

NERC

The North American Electric Reliabilty Corporation (NERC) is a non-profit organization that works with all stakeholders to develop standards for power system operation, monitoring and enforcing compliance with those standards.

NERC CIP

NERC Critical Infrastructure Protection (CIP) is 9 standards and 45 requirements covering the security of electronic perimeters and the protection of critical cyber assets as well as personnel and training, security management and disaster recovery planning. View the Tyco NERC-CIP V5 ready configuration guidelines for Software House CCURE and iStar.

DISA

The Defense Information Systems Agency (DISA) is a United States Department of Defense (DoD) agency that provides information technology (IT) and communications support to any individual or system contributing to the defense of the United States.

SRG

Security Requirement Guide (SRG) is compilation of singular, actionable statements that comprise a security control or security best. An SRG is used by DISA field security operations and vendor guide developers to build security technical implementation guides (STIGs). I know we cannot stop with the acronyms. A STIG is a guide for implementing IT systems within the DoD. View the Tyco DISA security requirements for VideoEdge using the General Purpose Operating System SRG.

SANS

System Administration Networking and Security (SANS) released Top 20 security vulnerabilities. These are security controls for protecting a network. VideoEdge and victor have been designed and have had the necessary features implemented to assist our installers and users with configuring their networks in the manner they need to implement the SANS controls they elect.

Learn more about our cyber protection program.

Software House Now Integrated with NEDAP AVI Vehicle/Driver Identification Readers

Software House C•CURE 9000 security and event management solution is now integrated with NEDAP AVI vehicle and driver identification technology .

NEDAPWhen integrated with the C•CURE 9000, NEDAP AVI identification readers can identify vehicles and/or people from long-range distances, making the readers ideal for parking access applications, managing logistics and for weighing installations and mining safety applications. NEDAP AVI identification systems ensure that only vehicles with authorized drivers can access restricted areas while keeping traffic moving through access gates. Vehicles and their operators can be authorized for entry while their vehicles are still moving, and can be identified by the readers through closed windows, increasing passenger safety and overall efficiency.

“The NEDAP AVI identification solution is an integral component in our intelligent physical access control portfolio,” said Rafael Schrijvers, Access Control Product Marketing Manager, EMEA, Tyco Security Products. “With the integration of NEDAP AVI with C•CURE 9000, we offer the most convenient and secure solution for identifying vehicles and persons entering and exiting your protected area.”

NEDAPThe C•CURE 9000-integrated NEDAP AVI identification solution uses UHF tags that can be deployed as passive, battery-operated tags. The UHF tags can be read from distances up to 33 feet and use a circular polarized antenna to provide freedom of tag placement and orientation. NEDAP AVI’s license plate reader automatically reads number license plates and uses an all-in-one camera, analyzer and IR illuminator. The reader is embedded with onboard processing software that can be configured through a web interface and has a range of up to 19 feet. The NEDAP AVI reader supports a large range of IR-reflective license plates, including most European countries.

The NEDAP AVI readers feature easy installation and user set up and can be configured through a web interface.  An optional Wiegand Interface Module for the camera is also included.

For more information on this integration, visit the Software House Nedap AVI Long Range Identification System page.