Security Product Reviews

Library Reference – Security News And Views – Security Product Reviews

Vanderbilt releases SPC 3.8 with a more intuitive interface and added remote maintenance capabilities

Intrusion detection Vanderbilt has released the latest update to SPC, the cloud-based intrusion detection system it inherited after its acquisition of Access Control Technology Ltd last year. The company says that SPC 3.8 more effectively supports dual authorisations and will make installations speedier and more cost-effective. SPC harnesses cloud services, apps and a dedicated software suite to provide comprehensive alarm management functionality.

The pace at which we are developing our systems is unparalleled, and SPC has a strong legacy, incorporating the latest technologies, design, and manufacturing methods to help drive this pace, says John O Donnell, product marketing at Vanderbilt. SPC 3.8 is a hardware and software intrusion system that keeps pace with market-driven features. Ultimately, we are aspiring towards a future single platform migration strategy within our product portfolio, and SPC is at the heart of this. embedded content Dual authorisation Vanderbilt has updated the interface in a bid to make it more intuitive. There are also enhancements to its remote maintenance capabilities. All SPC systems can be remotely updated as opposed to a more time-consuming, expensive physical site visit to the latest SPC firmware. As we continue to innovate this legacy system, the access engine within SPC has been boosted with additional functionality to support dual authorisation, continues John O Donnell. This escort facility ensures greater security measures when using the system. The support system has been complemented with the ability to obtain support information directly from the SPC help page, allowing access to customer and installer documentation.

The cause and effect engine has also been upgraded with a new layout and options to simplify programming. Vanderbilt is a major player in access control, intrusion detection and video management. We recently caught up with the company s CEO, Joe Grillo, who recently came third in our roll call of the top 10 influencers among security manufacturers/service providers 2017, at IFSEC International 2017. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now

Converged security management: The key to mitigating cybersecurity risks

Converged Security Management: The Key To Mitigating Cybersecurity Risks

The IoT revolution has come about thanks to falling component prices, global mobile device adoption, improvements in telecoms infrastructure and the rise of application programming interfaces (APIs). Unsecured and therefore vulnerable devices are now easily searchable through online vulnerability search engine Shodan, among many other means. A series of cyber-attacks targeting such devices as conduits to wider corporate networks has exposed the complacency of some manufacturers over cybersecurity.

The consequences of successful breaches the loss of sensitive data and potentially multi-million pound fines levied for breaches of the forthcoming Global Data Protection Regulation (GDPR) mean the issue is finally getting the attention it warrants. The arguably lower standards of security for consumer devices is a problem, as is the use of third-party suppliers who may not take security as seriously as they should. According to the Department of Homeland Security, this inter-connectedness of devices introduces cyber-physical technologies that connect cyber systems to physical systems, thereby removing the barrier between the cyber and physical worlds but the greater connectivity also expands the potential attack surface for malicious actors. Author bios James Willison BA MA MSyI James is founder of Unified Security Ltd and vice chair of the ASIS European Convergence/ESRM committee. James was awarded the Imbert Prize for an outstanding contribution to the Security Industry in 2011 for his work on convergence with ASIS Europe and the Information Security Awareness Forum. He has worked with BP, Loughborough University, Mitie TSM, the EU and AXIS Communications on convergence. He is an ISACA Academic Advocate and a member of the draft ASIS/ISACA/ISC(2) Security Awareness Standard Working Group. Unified Security Ltd provide consultancy to organisations on how to align their physical and information security functions. This encompasses security policy, common reporting processes, converged security risk assessment, training courses and white papers.

Sarb Sembhi CISM Sarb is CTO and CISO at Virtually Informed, and has previously been a CTO and CISO for the Noord Group. A former consultant in risk and security, Sarb has also worked with the London Chamber of Commerce and Industry Defence and Security Committee and its cybersecurity working group. Other roles have included president of the ISACA London Chapter, chair of ISACA International GRA Region 3 Sub-Committee, chair of ISACA International GRA Committee, ISSA UK Advisory Group member and InfoSecurity Magazine Editorial Group member. Sarb has also served on several security standards groups and speaks at risk and security events around the world. Sarb was shortlisted in IFSEC Global s Top 50 influencers in security & fire 2017: Cybersecurity.

l

Watch: Highlights from the Drone Zone 2017

IFseC 2017 The Drone Zone returned to IFSEC International in 2017 for the second time. Drones have applications in perimeter surveillance, intruder alerts, mobile CCTV, emergency communications networks, facilities surveillance, criminal tool prosecution, fire scene investigations and drone detection. Watch our highlights video from the Drone Zone, which took place within Borders & Infrastructure Expo at London ExCeL between 20-22 June 2017.

embedded content Free Download: Securing UK borders: An examination of the implications of leaving the EU for UK border management. Recent tragic events in Manchester and London have, among other things, underscored the importance to national security of getting Brexit right. This report considers the implications of leaving the EU for the management of the UK s borders and making it as easy as possible for international business to thrive and legitimate movement to occur in a post-Brexit UK.

Click here to download now

The pioneer behind the world s first unpickable lock: Abloy celebrates 110th birthday

Security lock pioneer Abloy is celebrating its 110 th birthday. The venerable Finnish brand, which merged with ASSA in 1994, revolutionised the locking industry when it patented the disc cylinder-operated lock in 1919. The innovation was the brainchild of founder Emil Henriksson, who in 1907 decided to redeploy the rotating detainer discs inside cash registers inside locks.

The precision mechanics engineer patented the idea 12 years later and registered the Abloy trademark. Virtually unpickable, the lock propelled Abloy to being a market leader not just in Finland but globally too. Henrickkson later integrated electromechanical technology with the mechanical lock, during the 1960s and 1970s. In 1994, Abloy merged with ASSA to form the ASSA ABLOY group. In recent years Abloy has developed access control systems such as PROTEC2 CLIQ and CLIQ Connect, which reduced the number of keys required. Abloy s product range includes both mechanical and electric locks, as well as access control systems, which are deployed in a wide range of sectors. From museums and sporting venues to hospitals, airports and government buildings, its locks protect some of the world s most iconic landmarks.

Architect says sprinkler installation at Glasgow Hospital was used as an excuse to flout other buildings standards

Cost-cutting Credit: George Allison under CC BY-SA 4.0 An architect who helped design Scotland s largest hospital has warned that corners were cut in the construction of the 14-storey complex in the name of keeping down costs. Robert Menzies, now retired from his role at BMJ Architects, believes the installation of a sprinkler system in Glasgow s Queen Elizabeth University Hospital has been used as an excuse for flouting other building standards. He says the complex, which includes a children s hospital, adult hospital and laboratory, lacks exit stairways and exceeds size limits on fire compartments, while a hose-reel for firefighters is too short and some fire doors open in the wrong direction.

Insulation panels used in Grenfell tower are also fitted to the hospital, although the health board has insisted they are safe. Menzies drew up the hospital s exemplar design which sets criteria that firms bidding for construction projects must meet as senior healthcare architect at BMJ. He says the construction contract was given to London-based Brookfield Multiplex in defiance of architects recommendations that a bid from Balfour Beatty be accepted on the basis of cost , he suspects. They ve then made the stairs the minimum width possible. Surely you d want to make them wider to compensate for not having enough stairways in the first place? Robert Menzies, BMJ Architect We thought we would provide a monitoring role right through to completion of the actual build, in terms of where this is compliant and where it s not, so we were surprised to be told we were no longer required, Menzies told the Glasgow Evening Times. I had read the winning bidder s fire strategy and it concerned me a lot. It was almost like they the health board didn t want us around asking questions. It was very odd.

Lack of stairways On the lack of stairways he said: They are supposed to provide three stairways minimum as an emergency escape route if there are more than 100 people per storey. In the adult tower, there are 112 patients per floor but only two stairways. They are only slightly over, but that s just the patients there are also staff and visitors. They ve then made the stairs the minimum width possible. Surely you d want to make them wider to compensate for not having enough stairways in the first place? At least one fire compartment was too big in the original designs, says Menzies at least for the limit prescribed in Scotland, set at 1500sq, whereas it did meet the 2,000sq metre limit set in England. Pointing to the high failure rate of sprinklers in US hospitals 20% of which have had fires where sprinklers failed Menzies told the Glasgow Evening Times that an over-reliance on sprinklers was foolish. If you re putting sprinklers in and you re saying a fire will never occur as a consequence, then why do you need escape stairs? Why do you need anything?

But what happens when the sprinkler system fails? They re not 100%. A spokesman for NHS Greater Glasgow and Clyde did not dispute the veracity of Menzies claims, but pointed out that all buildings in the hospital complex were certified as compliant with Scottish fire safety and building standards by Glasgow City Council in 2015. Health Facilities Scotland also endorsed the hospital s fire strategy, he said. He said: It is important that everyone working in and coming to these world class facilities for healthcare know that we take fire safety extremely seriously and that there are heat/smoke detection and early warning fire alarm systems combined with automatic fire suppression sprinkler systems fitted in all areas. The hospitals are further protected by designated fire-fighting and fire evacuation lifts, as well as multiple fire escape stairwells. A spokeswoman for Brookfield Multiplex said: The final design met all the requirements of the building regulations and was signed off progressively through construction by Glasgow City Council s building control office.

Construction consultancy firm Currie & Brown has been appointed to verify the hospitals construction and certification process following the Grenfell blaze.

The Axis Partner Showcase to return with integrated solutions from 35 vendors

Installers and integrators Axis Communications is inviting security installers and integrators to attend its Axis Partner Showcase event in October. Scheduled for 11 October 2017 in Manchester, the open day will showcase technologies from 35 vendors that integrate with Axis surveillance solutions. The products on show, which will encompass fields beyond security, will include the latest in retail analytics, behavioural analysis, hosted services and cybersecurity, among other areas.

Confirmed exhibitors include Morphean, Milestone Systems, Genetec and ASSA Abloy. Axis ran its first Axis Partner Showcase in 2015 and said feedback was overwhelmingly positive. New possibilities As connectivity and the integration of products continues, the security needs of businesses change opening up new possibilities, said Daren Lang, regional manager of business development for Northern Europe at Axis Communications. Our strategies and solutions must therefore change to meet the new opportunities created. We are thrilled to announce the return of the Axis Partner Showcase. This event is designed to demonstrate how our partners, in conjunction with Axis, can deliver solutions that stand the test of time whether looking at the shift from forensic to real time analysis, how to deal with issues around cybersecurity, or keeping pace with new regulations such as GDPR. As security requirements shift, we see an increasing demand for alternative solutions. Instead of focusing on surveillance alone, businesses are increasingly seeking ways in which smart systems can be integrated, ensuring technology is flexible and future facing. This is how we help ensure that technology is not only fit for purpose, but fit for the future.

Atul Rajput, regional director for Northern Europe at Axis Communications, said: The pace of innovation is core to Axis philosophy and is of critical importance to keep each of our customers and partners up-to-date with the technology available today as well as its potential for tomorrow. Our showcase event brings this under one roof, providing the best forum available to experience these innovations in person. The Axis Partner Showcase takes place on 11 October 2017, between 10am and 4pm, at Tenants Hall, Tatton Park, Knutsford, Cheshire, WA16 6QN.

Register here to attend. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now

A rundown of ransomware master keys released recently

Most ransomware devs operate just like real-life crooks and stick with their blackmail until they get paid. They don t care about your personal documents, photos, videos and other irreplaceable information, period. No ransom, no files.

At the same time some strange things may happen. There were cases when extortionists called it quits by releasing master decryption keys for their malicious software, thus allowing victims to get their data back for free. Unfortunately, this scenario is the exception rather than the rule. There are different speculations and theories on the motivation of these sympathetic malefactors. Some researchers believe these threat actors simply drop one campaign to move on with another from scratch. Some consider master key dumps to be a display of compassion. Yet other analysts say there are constant wars between gangs where one group hacks another and publishes all keys of their competitors. One way or another, such cases do occur once in a while. The stories below cover all instances of these releases reported to date.

Recent ransomware master keys An individual who goes by an online alias guest0987654321 dumped the RSA private key for XData ransomware on May 30, 2017. The message was posted in a dedicated XData thread on the BleepingComputer forum. Kaspersky Lab promptly used this master key to update their RakhniDecryptor tool and add support for the ransomware in question. The developer of AES-NI ransomware known as thyrex made his victims day by releasing private decryption keys on May 21, 2017. The dump originally included keys for AES-NI edition using [email protected] contact email. Later on the same day, the crook also published master keys for other variants, which allowed Avast and ESET to cook up ad hoc free decryptors. Whoever the person nicknamed lightsentinelone is, he did a huge favor for all Wallet ransomware victims by providing a link to a Pastebin page with a complete set of master keys. This dump took place via BleepingComputer as of May 18, 2017. Avast and Kaspersky quickly picked up this data to create free decrypt tools.

In an unexpected move, someone who goes by an online handle checker123 released the RSA private key for the BTCWare strain on May 3, 2017. Whereas researchers had previously created free decryptors for older variants of this ransomware, two newer ones remained uncrackable until this dump. Michael Gillespie, the author of ID Ransomware service, leveraged the leaked keys to contrive a universal decrypt tool supporting all BTCWare iterations. The once prolific Dharma ransomware became decryptable due to a dump of master keys that occurred on March 1, 2017. A newly registered BleepingComputer forums user, gektar , posted the corresponding Pastebin link in the Dharma support topic. Anonymous user named crss7777 released master keys for all variants of the CrySiS ransomware on November 13, 2016. To this end, said a member of the CrySiS crew posted a Pastebin link on the above-mentioned BleepingComputer forums pointing to a page with all decryption keys for the perpetrating program. Having validated these keys, Kaspersky released an updated edition of RakhniDecryptor so that CrySiS victims could recover their data without submitting the ransom. The authors of CryptXXX ransomware strand abandoned their extortion campaign and started RSA private keys giveaway as of July 14, 2016.

Plagued users were able to get their keys simply by logging into the infection s payment server. The relief was only partial, though, because this dump only supported CryptXXX editions that appended the .Crypz and .Cryp1 extensions to hostage files. Another happy ending case took place on May 18, 2016. This time, the architects of the TeslaCrypt ransomware campaign closed the project and provided the master key on their Tor based payment page. A security enthusiast nicknamed BloodDolly hard-coded this key into his previously released TeslaDecoder utility so that it could crack all versions of this ransom Trojan. Meanwhile, security researchers don t just sit there and wait for the bad guys to throw a bone to their victims. They are busy analysing various ransomware samples for flaws in crypto implementation and have had some success cracking them. Fortunately, lots of cybercriminals write shoddy code, so a little bit of reverse engineering often suffices to spot weak links in ransom Trojans behavior and defang them. A number of security vendors, including Emsisoft, Avast, Kaspersky, AVG, and Bitdefender, stand out from the crowd in this regard as they have coined most of the free ransomware decryptors.

Overall, more than 160 decryption tools out there allow ransomware victims to get off the hook without coughing up Bitcoins. Quite a few of them support widespread strains that have infected thousands of users and keep wreaking havoc around the globe. These include decryptors for the notorious Petya ransomware, Nemucod, Merry X-Mas (MRCR) ransomware, Linux.Encoder.1, the first-ever Mac ransomware called KeRanger, Jigsaw ransomware, CTB-Locker (website edition), Chimera ransomware, CryptoMix, and Globe ransomware. The moral of the story is: do not pay from the get-go if you fall victim to ransomware unless of course the hostage data is critical and you are too pressed for time. Chances are that the threat actors will release master decryption keys in a dump like the ones above. Furthermore, security analysts are doing their best to find effective workarounds. Consider using a tool called CryptoSearch. It automatically finds files encrypted by ransomware and allows you to move them temporarily to a new location. This technique streamlines the data recovery process if a free decryptor appears in the future.

And keep in mind that prevention is better than cure. Do not open suspicious email attachments, apply operating system updates once they are available, and be sure to keep your important files backed up. Free Download: the Cyber Security Crashcourse This report contains 40 slides packed with insight into the trends shaping the industry and how you can protect yourself.

Eric Hansleman from 451 Research presents a rapid-fire overview of cyber security.

Click here to download now

Fire assembly points: 5 things you should know

The Regulatory Reform (Fire Safety) Order 2005 states that emergency routes and exits must lead as directly as possible to a place of safety and that procedures for serious and imminent danger must enable the persons concerned to immediately proceed to a place of safety in the event of their being exposed to serious, imminent and unavoidable danger . So what do you need to remember about fire assembly points to keep your staff safe in the event of a fire? Here s our top five points to keep in mind: Assembly points outside of the building should be clearly indicated .

These points will be designated in consultation with your fire risk assessment, and the routes to them should be signposted with correct notices. Ensure all signage is unobstructed and easy to see, and that staff are aware on joining the company where their designated fire assembly point is. For larger sites, a well-formulated procedure should be in place to handle the evacuation of hundreds of people safely, ensuring they are moved through various exit points to a single assembly point. Where assembly points are sited is important . Consideration needs to be given to distance from the main building, and ease of accessibility by disabled people. Providing a sheltered, illuminated assembly point can be a good idea depending on the type of people who would be evacuated. For example, a care home may have vulnerable people who would benefit from shelter in the event of forced evacuation in poor weather. It is important that employees and other persons visiting the building are advised which assembly area they must use in the event of evacuation . For employees, this should form part of their induction to the company.

For visitors, it is good housekeeping to advise where the nearest exit points and assembly point is. Having a well-thought out fire safety evacuation policy is of upmost importance in ensuring the safety of your employees and site visitors. A comprehensive fire-risk assessment will look at your existing evacuation procedures, ensuring you comply with the Regulatory Reform (Fire Safety) Order. If you have an existing fire risk assessment, this should be reviewed every 12 months, and a new one should be completed every three years. For new sites, you should have a fire risk assessment completed within 3 weeks of opening. Not had a fire-risk assessment completed recently? Simply contact us for a quick quote .

Best of both worlds: Why an IoT that is both open and secure should be a right, not a privilege

A recent report by SAS and the Centre for Economics and Business Research estimated that by 2020, big data and the internet of things (IoT) will be worth 322bn to the UK economy, and account for 2.7% of GDP. Gartner forecasts that IoT endpoints will reach a global installed base of 20.4 billion units by 2020. IoT networks are already critical to global public and private sector infrastructure, delivering ever expanding capacities and potential benefits.

However, among the many pressures that are rising from the growth of IoT, two are becoming critical: throttled growth of new applications caused by non-interoperative, proprietary technology; and a widening field of security vulnerabilities, only growing more pressing as IoT permeates modern life. As IoT networks connect more and more services throughout our cities, business and homes they are rapidly becoming one of the most critical technologies underpinning our daily lives. Yet we see a great discrepancy in the requirements and demands of cities, utilities and enterprises on the network operators. Does this mean they are not taking their role as seriously as they should, or instead that the essential requirements are not yet well understood? It might seem like wishful thinking to expect that IoT networks should be both open to future development and secure against attack. It isn t. In fact, demanding the best in both these areas is utterly essential. IoT is moving beyond its roots, where devices were predominantly single-ownership/ single-use solutions. They are now able to connect to several different domains and work best when they have open and equal access to data, controllers and platforms simultaneously.

At the same time, security standards are being agreed to ensure that all devices are insulated against and able to respond to breaches. At Silver Spring Networks, we felt it was time that the buyers of IoT Networks understood how important and achievable balancing security and openness has become. Delivering security at a city-wide scale Persistent detection and safeguards from unauthorised access are two of the most important rights that all IoT network providers should confidently demand. Many IoT network platforms have only the most introductory and basic security measures which, given the interconnected nature of most networks, permits serious vulnerabilities to develop. The 2016 DDOS attack on Dyn, one of the companies running the internet s domain name system, provides an example of the repercussions of insufficiently secured IoT devices: disrupting of the connection of thousands of internet users from big online retailers and other popular sites. Shortly after this attack, a tech industry veteran demonstrated the vulnerability of unsecured IoT devices even further. By connecting a $55 IoT security camera to the internet, it was discovered that a full penetration cyber-attack could be carried out in just 98 seconds. IoT networks are large and are often very complex, with multiple points of entry and multiple touchpoints. Furthermore, when compared to computers, tablets and phones they typically have simplified user interfaces to reduce cost and simplify installation.

However, the assumption that large IoT networks cannot be made secure is wrong. Best in class IoT networks harness top-tier, military grade security, including features such as automated, asymmetric key exchange and rotation; hardened crypto processors used in key generation and storage; AES encryption to protect data in transit; and authentication via certificates at multiple layers, including prior to network enrolment. The ability to deploy formware upgrades swiftly and reliably to all nodes in a network is also an essential feature to ensure that networks remain secure across coming decades. Organisations working with IoT networks should be able to confirm that this level of security is present across their entire network, and address any segments where those standards are not or cannot be met. Ensuring an open, adaptable and future-fit network Cyber-attacks will always present a significant and costly liability to IoT networks, but they are not the only threat to consider. We live in a world where technology is evolving at a break-neck pace and new applications are emerging constantly. Networks which are locked into a single vendor s products or proprietary platform, which can t easily adapt to innovation, will also be the cause to painful costs down the line. The best insurance against this future is to deploy a solution based on proper industry standards. Proprietary technologies posing as standards (LoRaWAN, for example) effectively lock in to an ecosystem built around a single chipset.

This threatens interoperability down the line, which leads to massive and costly technical iteration and system integration efforts, all while capping the network s ultimate functionality. The best way to ensure a diverse ecosystem is to implement open, standards-based technologies that are demonstrated to be interoperable at every level of the system. The Wireless Smart Ubiquitous Network (Wi-SUN) standard is set up on this principle. Wi-SUN was designed to underpin the operation and deployment on next-generation star, mesh and hybrid networks. These networks are designed to capitalise on many connected paths, to deliver fast, reliable and city-scale coverage. Each node relays data for the network to provide strong and stable connectivity. Wi-SUN is maintained by a third-party organisation that constantly tests to certify that the IoT equipment is both conformant to the standard and interoperable with other certified networks, fostering a diverse ecosystem. Open standards allow a far greater number of providers to develop solutions, which are tested for interoperability, ensuring those solutions can work together. The best new IoT software, whether it be for management of Smart Grid applications (smart metering, real time grid balancing, renewable management etc.), management of city services (Smart street lighting, traffic flow optimisation, flood monitoring and management, Smart parking optimisation etc.), smart logistics, smart agriculture or many others the best and most effective functionality will only be unlocked through comprehensive, integrated end-to-end solutions.

Networks built around an industry standard that emphasises openness and development is essential to delivering this. Your right to best-in-class IoT At Silver Spring Networks, we think that its past time that IoT network providers were held to standards which reflect the incredible impact of IoT technology on society, now and into the future. We have set out the lessons we have delivering 26 million IoT devices across five continents into a bill of 10 rights IoT customers must be empowered to demand be enshrined in any IoT network services agreement. Security and openness are just two of these. IoT s potential to provide an incredible uplift to society across the world has only just begun to unfold. The buyers of IoT networks have the means to steer this future, by arming themselves with the information and courage to demand nothing less than the absolute best from their providers. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals.

Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.

Click here to Download now

SaaS-based critical communications during terror attacks, natural disasters and business-continuity scenarios

Critical communications platforms are an increasingly vital tool for governments, law enforcement and other blue-light services. Exploiting the prevalence, connectivity and processing power of the modern smartphone, such platforms are sadly indispensable given the growing global frequency of terror attacks and increasingly turbulent weather patterns widely attributed to climate change. IFSEC Global spoke to Nick Hawkins, managing director EMEA at a provider of one such solution, Everbridge.

The interview below covers deployments in the Boston Bombing and Westminster attack as well as where Everbridge sits in this burgeoning market. IFSEC Global: Who are Everbridge and what do you do? Nick Hawkins: Fundamentally we re a software organisation that provides a critical communications platform that helps to keep people safe and keep s businesses running. So if any organisation of any size wants to look after their staff, or when they have IT issues, they look to our platform to reach out to people to can deal with it and to reduce the downtime and associated costs. Obviously time is of the essence during emergency situations and the whole idea of the platform is to reduce the time it takes for people to take actions One of our largest clients is the State of Florida, home to 20 million people. We protect residents, businesses and visitors to the state when there are hurricanes, weather warnings We were heavily used in the Boston Marathon attack back in 2013. And a lot of organisations use the service to communicate with residents as well as organisations and employees to get them to safety during emergencies. Our platform is also used to bring in extra staff for hospitals and other governmental organisations. Obviously time is of the essence during emergency situations and the whole idea of the platform is to reduce the time it takes for people to take actions whether that s protecting lives or, if business systems go down, the longer those systems aren t up and running, the greater the impact and cost to that organisation.

We have about 3,500 clients. In the UK that includes eight of the top 10 commercial banks, several police forces, government organisations, enterprises Really the platform goes across all verticals. It s not platform-specific. IG: I gather that Everbridge played a role in the Westminster attacks? NH: Yes our platform was used by a few London hospitals and the metropolitan police as well as businesses across the capital who wanted to communicate with employees after the incident The emergency services did a great job, but the bigger picture is: how do you communicate to the public and community to keep them informed of what is happening? I think the thing here is correct communications, and where do you rely on the communication. What we saw in the Boston bombing was that organisations used the platform to communicate not only to the blue light services, but to residents in the community too. We also use multiple modes of communication, because you can t rely on one form of communication such as SMS, voice or email, because one might be taken down How do you communicate out to all those other people affected? And not just the emergency services and other people directly involved.

How many other people were affected by the Westminster attack? Millions. There was a knock-on impact, with additional security and transport affected. Another organisation called the Cross-Sector Security Communications platform used the Everbridge service as well. That s predominantly run by the Met Police. They used it to communicate to people outside those directly involved, to the wider community. It was very actively used. IG: Is this a particularly competitive market? What is your USP?

NH: We differentiate ourselves with what we call critical event management. So it s assessing the situation as to what s happened situational intelligence locating individuals you want to communicate with, and automating the process so you reduce the time that it takes. The key thing is getting the right message to the right person at the right time. We also use multiple modes of communication, because you can t rely on one form of communication such as SMS, voice or email, because one might be taken down. We saw this in the 7/7 bombings when the SMS network was brought down. So a message goes out via one mode and if it doesn t work then it just moves onto the next one. You don t have to do anything; it s automated. We continuously analyse data to identify the best way of communicating, then feed that back in to the whole lifecycle of locate, automate and communicate Analytics and big data is a huge area we re investing in. We re sending in the region of two billion messages a year.

And people are now saying: You sent all these messages what analytics do you undertake with the results? So we continuously analyse the data to identify the best way of communicating, what s the best message to communicate, then feed that back in to the whole lifecycle of what I talked about: assess, locate, automate and then communicate. If you have better analytics and big data feeding into that, you re going to be a lot more knowledgeable about how to assess the situation and communicate. It s a lifecycle, a 360 view of a situation. IG: Does your platform get used in training exercises undertaken by emergency services? NH: Absolutely. If you don t undertake training and planning, then when these incidents happen you can be caught short. And we can have all these plans because we re all mobile today. We have the ability to do it all on the fly.

IG: Thanks, Nick. Is there anything else you would like to add? NH: The police force and emergency services are only so many people. If you expand that out to the community you ve got a much bigger group of people who can assist you, the police and everyone else. We re seeing a lot more incidents, particularly in America, where the public are actually assisting with some of this process through two way communication. In Windsor, where our office is, they brought in hostile-vehicle mitigation systems as a result of the Westminster attack. They did it overnight. But there s only so much the authorities can do. And I think one of the key things we do well is that we do take on new processes and procedures after events and listen to the feedback we get from our customers to improve our services Free Download: Securing UK borders: An examination of the implications of leaving the EU for UK border management.

Recent tragic events in Manchester and London have, among other things, underscored the importance to national security of getting Brexit right.

This report considers the implications of leaving the EU for the management of the UK s borders and making it as easy as possible for international business to thrive and legitimate movement to occur in a post-Brexit UK.

Click here to download now