The company in-sources biometric technology for government and commercial applications Gemalto has recently announced the closing of the acquisition of 3M’s identity management business after approval by the relevant regulatory and antitrust authorities. This strategic acquisition rounds out Gemalto’s government programs offering by adding biometric technologies and more secure document features, and it ideally positions the company to provide solutions for the promising commercial biometrics market. The identity management business will be integrated into Gemalto government programs business. In 2016, the acquired business generated $202 million in revenue and an estimated $53 million in profit from operations. “With the acquisition of 3M’s identity management business, Gemalto makes a strategic move by in-sourcing biometric technology. Combining our market access, technologies and expertise will enable Gemalto to further accelerate the deployment of trusted national identities and to offer strong end-to-end biometric authentication solutions throughout the digital economy,” said Philippe Vallée, Gemalto CEO, “I warmly welcome the new teams joining Gemalto and we look forward to working closely together towards success.”

Platform enables easy and economical FIPS 140-2 Level 3-compliant solutions that satisfy ever-increasing security requirements in healthcare, home automation, secure-access control systems, and portable data storage STMicroelectronics and ClevX, an intellectual-property innovator and technology developer for portable storage and mobile device manufacturers, have announced the availability of a FIPS 140-2 Level 3 compliant Encryption Technology Platform reference design for security applications using commercial/ industrial-, rather than military-grade chips. The STM32 microcontroller-based platform will aid designers and manufacturers to design and build highly secure FIPS-compliant solutions suited for applications that require certified cryptographic functions. These application domains include consumer, corporate, and industrial applications in healthcare, home automation and security, secure-access control systems, and portable data storage. “Using the STM32’s advanced security features helped ClevX fortify their secure portable-storage reference platform,” said Tony Keirouz, VP IoT Strategy, Security, and Microcontrollers, STMicroelectronics’ Americas Region. “With the reference platform’s quality independently proven through its FIPS 140-2 Level 3 certification, and the benefit of using high-quality commercial-grade products instead of military-grade ones, designers and manufacturers can meet their application’s security needs on time and on budget.” The new ST/ ClevX reference design is based on the ClevX-patented DataLock/ DataLock BT technology platform for secure portable-storage media. The design uses ST’s ultra-low-power STM32 MCUs and Bluetooth® Low Energy chips (BlueNRG), along with both ST/ ClevX-based hardware, firmware and the related smartphone/ wearables app is immediately available for licensing and partnerships. “With ever-increasing public and corporate requirements for privacy and security,” said Lev Bolotin, Founder/CEO, ClevX, LLC, “The DataLock and DataLock® BT Security solutions use ST and ClevX technologies to allow designers and manufacturers to create and build cost-effective FIPS 140-2-compliant solutions that are simple to use while allowing legitimate operators to authenticate themselves to the devices and systems they need to use with FIPS-compliant solutions.”

New integration improves network visualization and the assessment of security controls in the public and private cloud Skybox™ Security has recently announced new inter-operability with Microsoft Azure Virtual Network (VNet), enabling customers to gain security visibility into virtualized networks created in the Azure Cloud. The Skybox™ Security Suite easily integrates with Azure VNet, incorporating the virtual environment in its network model to provide normalized visibility and access simulation capabilities across public, private and hybrid IT networks. This capability improves configuration security and enables security teams to quickly understand Azure’s role in the integrity of an entire network. “We’ve reached the tipping point for cloud with more than 60 percent of organizations now pursuing a hybrid IT approach. Cloud security, however, remains a challenge for most,” said Skybox VP of Products Ravid Circus. According to the Cloud Security Alliance (CSA), one of the top threats to companies in cloud environments is the risk of exploited system vulnerabilities. “The only way to effectively prioritize those vulnerabilities is by having visibility of the organization’s entire attack surface, regardless of the environment,” Circus explained, “And, you need context. We not only show how the virtualized network contributes to an organization’s attack surface, we give the context needed to understand where potentially exploitable vulnerabilities exist.” Skybox automatically integrates Azure VNet data into the network model, including gateway routing, VPN connections, subnets, hosts and security groups. Through one normalized view, security teams can analyze network access paths, both north-south (into and out of the data center) and east-west (within it). This improves access troubleshooting and understanding of potential attack paths. Skybox previously announced integrations with Amazon Web Services and VMware NSX. The addition of support for the Microsoft Azure Virtual Network provides even more visibility into virtualized networks strengthening the hybrid network security management capabilities of the Skybox Security Suite. Skybox Security™ arms security professionals with the broadest platform of solutions for security operations, analytics and reporting. The Skybox™ Security Suite merges data silos into a dynamic network model of the organization’s attack surface, giving comprehensive visibility of public, private and hybrid IT environments. Skybox provides the context needed for informed action, combining attack vector analytics and threat-centric vulnerability intelligence to continuously assess vulnerabilities in your environment and correlate them with exploits in the wild. This makes the accurate prioritization and mitigation of imminent threats a systematic process, decreasing the attack surface and enabling swift response to exposures that truly put your organization at risk. The award-winning solutions in vulnerability and threat management, automated firewall and security policy management and attack surface visibility increase operational efficiency by as much as 90 percent and are used by the world’s most security-conscious enterprises and government agencies, including Forbes Global 2000 companies.

Differentiation through hardware will become even more difficult Artificial Intelligence (AI) is one of the next big growth areas for the mobile industry according to a white paper released by IHS Markit ahead of Mobile World Congress. “We see AI making smart devices even smarter with improved user experiences,” said Ian Fogg, Director of Mobile and Telecom Analysis at IHS Markit, “Existing AI agents like Apple’s Siri and Google Assistant will expand across the industry, complemented by embedded AI in all parts of mobile devices from cameras, to audio, to machine.” “Smartphones will both be the interface for consumer AI and deliver the vast amount of data technology companies need to train AI systems,” Fogg said. Software investments and partnerships are critical for hardware companies to create smarter AI-enabled experiences, said the IHS Markit white paper. Vendors such as Google, Apple, Sony, Microsoft and Samsung have heavily invested in the development of their own AI and voice-assistant capabilities. In order to compete, smaller players with less in-house software expertise and resources will be looking to partner-up. “As Amazon’s Alexa makes its way onto other devices, Google must and will increase the reach of its own Assistant to all Android smartphones – reducing the differentiation for Google’s Pixel smartphone,” Fogg said, “Over five years since Apple’s Siri first launched, Apple must offer new AI-powered capabilities to remain competitive.” By 2020, over six billion smartphones and $74 billion in app spend The AI opportunity comes at a time when the global smartphone installed base is still growing, the white paper said. By 2020, the smartphone-installed base will exceed six billion units, up from four billion in 2016, with revenues totaling $355 billion. “Spending on mobile apps shows no sign of slowing down,” said Jack Kent, Research Director at IHS Markit, “Consumer spending on mobile apps will reach $74 billion in 2020, up from $54 billion in 2016. Major companies are increasingly trying to use the fast-maturing mobile apps and services market as part of a wider platform strategy to tie consumers into ecosystems. The combination of consumer apps, communications, advertising, commerce and payments will drive new growth opportunities.” The number of addressable smartphones for device-based payment services, such as Apple Pay and Android Pay, will rise to more than five billion units by 2020, up from 2.7 billion in 2016.

Company will double R&D spending to target growth opportunities in consumer markets and outpace new entrants in thermal detection ULIS, a manufacturer of innovative thermal sensors, announces that the company will again significantly increase its R&D spending for 2017 to reach €15M ($16.8M). This investment marks the company’s strong growth and market leadership progression over the last 15 years. ULIS generated €61.5M ($69.3M) in sales in 2016, a rise of nearly 30% compared to 2015. Buoyed by the spurt in additional growth and market changes, ULIS’ new level of R&D investment will represent 20% of its annual sales. Previously, the company pledged 10% of its annual revenue to R&D. It aims to further simplify access to thermal imaging within growing smart building, automotive and consumer electronics markets by making the key component – the thermal sensor – more compact, more affordable, easier to integrate and available in mass volumes. As applications of thermal imaging become increasingly diversified, attracting new players worldwide, ULIS deems this investment necessary to sustain the pace of market developments and further advance its market lead. ULIS exports 97% of its products. ULIS will accelerate the design of models and features better adapted to system maker and end-user needs in new markets (leisure equipment, smart buildings, driving assistance for cars with or without drivers etc). It will pursue development of disruptive technologies that reach new heights in performance of thermal image sensors for clients in traditional markets, for example defense and security. The company will also commence 24/7 non-stop production to meet new demands for mass volume. “ULIS is happy to mark its 15th anniversary with an even stronger commitment to democratizing thermal image sensors, making them available and affordable for all,” said Jean-François Delepau, Managing Director of ULIS, “It has taken an enormous investment in capital, human resources, skills and technological expertise and much dedication from ULIS staff to gain the market confidence in our products and innovations that we enjoy today. We are very grateful to our customers and the ULIS team. Today, the diversity of market applications for thermal imaging is creating a new dynamics; changing the rules of the game. The barrier to entry has been raised. Success requires a greater intensification of resources and state-of-the-art know-how across all domains, plus the experience to transform these assets into value-added products. We look forward to fulfilling our promise to provide thermal sensors that are the best suited to meeting market demands for the right performance and quality at the right cost.” Since its founding in 2002 as a spin-off from CEA-Leti, ULIS has become the second largest producer of thermal image sensors (micro-bolometers) for defense, surveillance, thermography, firefighting, outdoor leisure and automotive markets. It offers a targeted range of high-quality, compact, low-cost micro-bolometers that are the key component of many top brand cameras and thermal imaging equipment sold across Europe, Asia and North America.

Assisting Law Enforcement Agencies in Securing Remote Access to Criminal Justice Information Services Gemalto has collaborated with Caliber Public Safety (Caliber), a leading provider of public safety software in the United States, to provide law enforcement and other government agencies an efficient way to comply with criminal justice information services (CJIS) policies, ultimately heightening security. By combining Caliber’s public safety expertise in records management and Gemalto’s SafeNet authentication service, the two companies have created a strong portfolio of cloud-based identity and data protection solutions. Gemalto and Caliber’s solutions allow law enforcement to rapidly deploy strong authentication technology to meet CJIS requirements and pass state audits. When it comes to law enforcement, timely information is critical to stop crime. Criminal justice information (CJI) is shared at all levels – including state, federal, and local municipal agencies – meaning that any leakage of sensitive data, ranging from fingerprints to criminal backgrounds, can jeopardize efforts. The CJIS security policy defines requirements for sharing and protecting information such as two-factor authentication, when accessing CJI data. Gemalto and Caliber provide law enforcement agencies with comprehensive, easy-to-deploy CJIS advanced authentication solutions for both mobile soft tokens and physical ones. The authentication as a service approach means public safety organizations have little to no installation overhead and can deploy it almost immediately. The self-service platform allows law enforcement officers to take care of ongoing token management, saving time for IT administrators, while extensive pre-configured reports provide immediate visibility and tracking of all authentication events. “By leveraging our public safety cloud infrastructure, we are able to offer powerful security and risk mitigation, while ensuring the highest levels of compliance possible,” Gregg Merlihan, Senior Executive Vice President at Caliber Public Safety stated, “The technology is simple to use and its design accommodates growth and scale, along with a budget and approach to make quick and effective deployments a reality.” “We have a long history at Gemalto of working in the government space, which helps us understand the unique security needs of these agencies,” said Francois Lasnier, Senior Vice President of Authentication Products at Gemalto, “Since the deadline for meeting the CJIS regulation has passed, law enforcement agencies have now started to undergo formal audits to ensure they are compliant. Gemalto’s authentication solutions provide them with a rapid path to making sure they pass these audits.”

Will fuel new model for security application development and consumption; Entrepreneurs and developers to benefit from accelerated go-to-market opportunities Palo Alto Networks® the next-generation security company, has recently announced that it is forming a $20 million security venture fund. The fund will provide early stage capital investments to fuel development of innovative security applications for the Palo Alto Networks next-generation security platform. The fund will be aimed at seed-, early- and growth-stage security companies with a cloud-based application approach. These companies can accelerate their routes to market for their respective technology by developing cloud-based applications built upon the Palo Alto Networks platform and the new Palo Alto Networks Application Framework, easily engaging the tens of thousands of Palo Alto Networks customer deployments. The fund expects to collaborate with Greylock Partners and Sequoia Capital to identify and evaluate innovative security applications for potential co-investment. By providing capital, the fund will enable entrepreneurs and security vendors to focus on developing high-value functionality for customers, instead of developing the infrastructure and data stores necessary to effectively deliver their applications and establish a foothold in the market. The investments in entrepreneurial security companies are designed to accelerate the development of new security applications for the Palo Alto Networks platform. Such applications will help customer organizations more easily access, evaluate, and adopt new advanced security capabilities and activate cloud-delivered security applications from different providers as their security needs change. “This new fund will build upon our reputation for developing innovative, next-generation security technologies and demonstrate the excellent momentum that we have achieved with our ecosystem of security partners. It represents an essential part of our mission to help organizations prevent cyber breaches by inspiring and accelerating a groundswell of security innovation in a model that can be easily accessed and deployed by customer organizations.” – Chad Kinzelberg, Senior VP, Business and Corporate Development, Palo Alto Networks  

Farpointe Data, the access control industry’s trusted global partner for RFID solutions, has just posted the first radio frequency identification (RFID) Cybersecurity vulnerability checklist for access control manufacturers, distributors, integrators and end users to use to protect their access control systems from becoming hacker gateways to their facilities and IT systems. Knowing what to do is especially important now that government agencies such as the United States Federal Trade Commission, have begun filing lawsuits against businesses that do not provide good cyber security practices. “Seemingly daily, end users are being reminded of how their access control systems are no longer secure,” emphasizes Farpointe Data President Scott Lindley, “They learn how a hotel had to pay a ransom to release guests that got locked into their rooms via a hack of the electronic key system or how easy it is to spoof popular access cards.” Since the start of 2017, end users have been informed of a series of hacks on various credentials states Lindley. The Chaos Computer Club stated that they hacked a padlock product and its accompanying mobile app which communicates via Bluetooth Low Energy (BLE) to the padlock. This could potentially also affect hotels with mobile room keys as their door locks also communicate with smart phones via BLE technology and exchange confidential information. IPVM reported how a $30 copier easily spoofed a popular proximity card. The column stated that the copier used to copy the cards works much the same way as normal card readers, with transceiver coil, power supply, IC chip, buzzer and even LEDs components shared by both. Given the principal operation of contactless card readers, the copier excites the coil and delivers power wirelessly to the card, which then momentarily stores energy and then uses it to broadcast card details back to the copier. In an on-site demonstration at the ShmooCon hacker conference, an ESPKey, a small device that costs about $100 to make and has half a dozen wire clamps, a Wi-Fi transmitter and 4MB of memory, showed that it takes two or three minutes to break into an RFID card reader wall plate, attach the ESPKey and reinstall the wall plate to capture the ID codes of everyone in the workplace. To help prevent such attacks, the new Farpointe Cybersecurity Vulnerability Checklist covers a range of topics that can lead to hacks of contactless cards and readers. Sections include default codes, Wiegand issues, reader implementation tips, card protection solutions, leveraging long range readers, assuring anti-hacking compatibility throughout the system and leveraging additional security components. “We are encouraging every access control manufacturer, dealer, distributor, integrator or end user to go to our website to either download or print out this Cybersecurity Vulnerability Checklist and use it,” adds Lindsey, “The link is available right on our home page. With increasing news stories of hacking throughout the world and the fact that government agencies are now reviewing such cybersecurity lapses should make channel partners providing access control products and systems take notice and implement anti-hacking solutions, such as Farpointe provides, to their customers.”

New gold member partners with CII to improve internet security and fortify open source infrastructure The Core Infrastructure Initiative (CII), a project managed by The Linux Foundation that collaboratively works to improve the security and resilience of critical open source projects, has recently announced that Thales is joining as a new gold member. A leader in critical information systems, cybersecurity and data security, Thales offers advanced data security solutions and services, delivering trust wherever information is created, shared or stored. It is recognized for its deep information and cryptographic security expertise that enables organizations to confidently accelerate their digital transformation. Thales technology is found right across the enterprise, in financial services, retail, healthcare and government and secures more than 80% of debit card transactions around the world. The CII’s mission is to ensure that the open source code that underpins business today is secure and resilient. Many of the world’s largest technology companies already belong to CII, and Thales is the first global security business to join the initiative. “CII is incredibly excited to see our membership base expand and add a security-focused company like Thales, which has a vast understanding of the complex information technology demands we face in today’s digital world,” said Nicko van Someren, CII Executive Director, “Its investment validates the importance of CII and is a great vindication of our work to security harden open source infrastructure to combat today’s complicated threat landscape.” “Thales has implemented open source building blocks and standards both internally and for customers for two decades,” said Jon Geater, Chief Technology Officer at Thales e-Security, “Open Source in general and Linux in particular have become core to delivery of modern products and system, offering distinct utility, cost and performance advantages that we increasingly leverage to solve real-world problems. By joining CII we can bring our expertise and focus on security to bear on strengthening core open source infrastructure and working to eliminate the security weaknesses that can emerge from less well maintained or directed inclusion of Open Source technology into products and infrastructure in the Cloud and IoT era. This shared vision of Thales and the Linux Foundation is critical to Thales’s strategic development objectives, our ability to serve our customers, and to improving the state of the Connected World more generally.” CII recently celebrated its three-year anniversary and announced a new governance structure to enable it to scale up its operations going forward.