Category: Article

Security camera shipment continues to grow at 14.1% CAGR to reach 190 million units in 2020 (according to IHS report, September 2016) however, revenue growth slowed to 8.1% CAGR. There are too many cameras and video footage to be consumed by human operators. Most security video footages are erased or over-written without being watched. Video analytics technology was once perceived as a solution to automate the utilization of the abundant video footage resources. By means of identifying and tagging the appearance of certain patterns in a video, the system could perform search and run statistics on it. Such output could further be accumulated and analyzed to find trends and correlations. However, the potential has not been translated into business momentum. Complexity in analytics algorithm made it difficult to develop new software to detect a desirable pattern, and the tremendous demand for CPU processing power made it difficult to get timely analytics output. Artificial Intelligence may be the key to unlocking this potential. Video analytics technology has been evolving over the past 10 years. It is getting on the headlines more often lately due to the use of Artificial Intelligence. Machine learning greatly simplifies the software development process and the processing power of GPU made it possible to perform near real-time video analysis. For example, in the 2016 G20 summit, China deployed security solution developed by Dahua Technology using AI – Deep Learning to automatically screen pedestrians in airport and train stations for criminal suspects. Deep Learning has been accelerating the pace of intelligent surveillance Deep learning refers to artificial neural networks that comprise many layers. It aims to emulate human’s ability to analyze and study. It imitates the mechanism of the brain in order to interpret data such as image, voice, and text. Deep learning has been successfully applied in image and voice recognition and is set to be a future development direction. In 2013, deep learning was listed by MIT as one of the top ten breakthrough technologies. In the security industry, the application of deep learning is important for two reasons. On the one hand, it improves the accuracy of some algorithms; on the other, it realizes functions which cannot be done without using deep learning. For instance, facial recognition includes three key parts: face detection, facial features alignment, and feature extraction comparison. If deep learning technology was adopted, the performance of each part would be improved dramatically. Using deep learning, the facial expression, gender, age, hair color, accessories, emotion etc., all can be better recognized. Moreover, GPU can be used to accelerate the computation of deep learning algorithm. A traditional intelligent analysis is unable to cover a large-scale scene with more than 300 people, not to mention group analysis of moving scenes. Now based on the deep learning technology and GPU, it can easily deal with 300 targets simultaneously and further estimate the crowd density and identify the movement of the crowd, to provide more useful information to security staff. Obviously, deep learning accelerates the development of intelligent surveillance. On 7 March 2017, Dahua worked together with NVIDIA, a world-leading Artificial Intelligence (AI) computing company, to launch the ‘Deep Sense’ server for smart video structure analysis. Meanwhile, Dahua also cooperated with many renowned universities in and out of China to advance research on deep learning. As a result, Dahua’s face recognition algorithm ranked number one on the public authoritative testing platform LFW, beating Tencent, Google and other top academic and commercial groups around the world. Dahua made an early start on AI technology Dahua Technology made an early start in AI application amongst players in the global security industry. In 2009, Dahua established a department to research on intelligent algorithms, exploring potential applications in security solutions. The department was later merged with other research groups to form the Institute of Advanced Technology, which focuses on advanced technologies on AI, optics, Codec and ISP etc. ANPR (automatic number plate recognition) by Dahua has greatly improved traffic and parking management for better environments, promoting sustainable urban development. Deep learning is also being applied to the recognition of vehicles and people. Human objects can be classified according to clothing, hair color, wearing eye glasses, backpack, gender, age range and even facial expression. Vehicles can be classified by color, make, model and type on the top of vehicle license plate. Vehicle identification and statistical analysis The ability to utilize AI to identify and analyze vehicles is going to be very valuable. A witness may remember the color and make but not the plate of a vehicle. After applying deep learning, there has been an obvious improvement in AI-powered security applications. On the one hand, the rate of plate number recognition has increased significantly, on the other it is now able to identify car features like type, make, model and color in a more systematic way. Combining various elements in one search, it becomes possible to identify a target vehicle even if the license plate is not captured. Human recognition and statistical analysis Traditional intelligent video analysis technology was previously not able to perform recognition of body shape, gender, age, hair color or hair length, but Dahua’s deep learning technology made it all possible. Deep learning video analytics server handles recognition of up to 80 people within 40ms. Human recognition also suits to be applied in crowded places with continuous flows of people such as on escalators, crossroads, business centers and gates of exhibition centers, and its accuracy rate reaches up to 95%. As long as there is enough training done, the recognition rate is only constrained by how much of the target is exposed to the camera and its moving speed, just as if a human operator is watching the video full time. Application of AI to campus safety In recent years, the American TV series called Person of Interest has been very popular. This TV series described details of predicting crimes by AI. A software genius called Finch invented a program for advance recognition of a potentially violent criminal…

BCDVideo looks at how you can protect yourself against cyber attacks with its latest SMARTtechnology In recent months, there has been a multitude of cyber-attacks targeting video surveillance systems and the Internet of Things (IoT). In the aftermath of the Mirai botnet attack, an incredibly powerful distributed denial-of-service (DDoS) attack, some of the largest surveillance manufacturers scrambled to address the extreme vulnerabilities built into their devices. During the October 2016 attack, Mirai, an open-source malware strain that scans the Internet for routers, cameras, DVRs, and IoT devices only protected by default passwords, used its army of infected devices to disrupt dozens of major websites including Dyn, one of the largest DNS service providers, by flooding the target servers with millions of discrete IP addresses sending junk traffic to block the flow of legitimate users. While DDoS attacks like Mirai, designed to cripple websites by consuming all of their bandwidth, target vulnerable devices across the world indiscriminately, several highly sensitive markets experienced the largest percentage of cyber attacks each year such as healthcare, manufacturing, financial services, government, and transportation. The expansion of the IoT has only compounded the problem by providing hackers with almost unlimited resources for carrying out their attacks. As more devices connect to a single network, the total system security is only as strong as the most vulnerable connected device. So, how can security professionals protect their system against these attacks? Gaining access to your security system Similar to any sensitive data, video surveillance represents an untapped pool of information. Consider the key users of surveillance and the data being stored – defense departments, embassies, hospitals, police departments etc., Beyond capturing metadata, by hacking into a video network, hackers will be able to view the camera footage, connect the infected device to a botnet, or even convert the device into a bitcoin mine undetected. A single data breach cost businesses $4 million on average in 2016, according to the Ponemon Institute. With the costliest attacks coming from malicious code and denial of service. The role surveillance networks play in these attacks comes from the relatively low-security, commonly factory default passwords, many IP cameras, DVRs, and NVRs have to combat the malicious code needed to connect the device to a botnet. Once a surveillance device has been infected, it becomes a tool used to take down target servers. After the latest wave of high-profile cyber attacks, updating default passwords on connected devices has taken first priority when securing a system. Security integrators and manufacturers are quickly adapting to the ever-changing cyber landscape, though. Proactive protection against cyber attacks is being implemented on many new, high-performance video servers. BCDVideo SMARTtechnology BCDVideo SMARTtechnology offers a single pane, simple monitoring solution. System administrators receive alerts for 32 system parameters for proactive troubleshooting on your video recorder or access control server all from within the performance panel. The exclusive SMARTtechnology includes: ●    SMARTvault: It remotely restores the video software and camera settings to the last backup. ●    SMARTrestoration: It restores a system to BCDVideo’s project optimized factory image. ●    SMARTconnect: A trusted private and secure connection to a BCDVideo support technician. It provides technical access (when user approved) for remote diagnostics and troubleshooting. ●    Intelligent hard drives within each system come with a predictive failure alert system and fault indicators to monitor and store data about the drive’s operational state. This allows for preventative onsite service calls and zero downtime before a drive fails. To protect video surveillance systems from hackers, BCDVideo developed SMARTdeflect, an innovative two-factor authentication application designed specifically for BCDVideo access control and video recording servers. The two-factor login process includes a self-generating PIN randomly reassigned every 30 seconds. System administrators will be able to monitor all logins with optional email notifications for every successful or unsuccessful login attempt. Because SMARTdeflect can be accessed on any smartphone, administrators also have the ability to temporarily disable all outside access to a server under attack. Additionally, the easy set-up and customizable system settings give administrators complete control over their servers With cybercrime on the rise, providing simple, reliable security with BCDVideo SMARTtechnology on all BCDVideo access control and video recording servers gives security integrators and end users another measure of proactive defense against cyber-attacks.

If you’re a technician installing IP cameras for a bank or credit union, you know how challenging it can be to capture clear video surveillance images in dynamic lighting conditions. While some banks have controlled indoor lighting, others have bright sunlight pouring in through floor-to-ceiling windows in ATM vestibules. Other businesses, including quick service restaurants (QSRs), face similar challenges. To help you get the best video quality possible, some tips on which IP camera settings to use in different lighting scenarios will be pertinent. It’s important to note that surveillance cameras are shipped with default settings that are not always optimized to give you the best image quality for the scene you are trying to capture. In some circumstances, you can simply plug in your camera and walk away, but to get the best quality video in complex lighting conditions, a little fine-tuning is highly recommended. Controlled lighting Let’s first tackle an environment with controlled indoor lighting and assume you’re using our ME4 IR MicDome camera with high dynamic range (HDR). If the lighting is sufficient and consistent across the field of view (FOV) and there are no shadows in the image, I recommend turning off HDR altogether. If the lighting is insufficient and there are shadows in the image, you’ll want to leave it on. This will help brighten the low light areas and reduce noise appearing as pixilation. Not only does the noise detract from the image quality, it also increases your data rates and takes up more storage. You can also adjust the Gain setting on your camera, which boosts the light intensity being captured. If your environment’s lighting is bright and relatively even, you can try turning the Gain setting off altogether, which can reduce the amount of visible noise in the image. Conversely, if there isn’t enough consistency, you can turn the Gain up to 1, 2 or 3. Remember that at night, when the lights are off, you should check how Gain impacts night mode. The ME4 IR MicDome automatically goes into night mode with its smart IR technology providing its own light source. Bright sunlight and shade Now, let’s have a look at the adjustments you would make when you have bright sunlight as well as shaded areas in the same scene, which is typical in an ATM vestibule or a QSR dining area. If there is a small to medium amount of sunlight, the HDR Normal setting will suffice to illuminate the scene without overexposing the brightly lit parts of the FOV or underexposing the shaded areas. If, on the other hand, you have a full-size, two-story window bathing the scene in direct sunlight, you will most likely need to select the HDR Strong setting. The image won’t be as sharp, but you’ll be able to clearly identify an ATM user or fraudster who might otherwise be underexposed and difficult to recognize. You can also schedule a combination of settings, including HDR, by time of day. For example, you may want to set HDR to Strong during the day, but turn it off completely at night. To further optimize image quality at night, you can adjust the camera’s exposure and slow down the shutter speed, allowing in more light. Fast moving objects in the FOV – cars, for example – will appear blurry, but if you’re interested in capturing clear bright images in the dark, slowing the shutter is likely your best option. The training video gives a more detailed explanation of how you can use exposure adjustments to optimize image quality at night. You can make all of these changes using your March Networks client software, where you can see real-time camera views and get instant feedback on the modifications you make. Compression Once you’ve optimized the camera for your specific environment, you can now make a decision on what level of compression to apply. The March Networks ME4 cameras are, by default, set to a variable bit rate capped at 4 Mbps. You can instantly improve the overall image quality by setting the maximum bit rate to 6 or 8 Mbps. It’s important to note that the bit rate is variable and the camera will only use the allocated bandwidth as needed. As seen in the image given on the previous page, the compression level is set to 8 Mbps (or 8096 Kbps) but the camera’s video bitrate is only 4.7 Mbps, so don’t be afraid to increase the compression value as it will have a great benefit on the overall quality of the image.

In today’s highly competitive environment, it is extremely important that providers have both the experience to deliver the right solution and the ability to deliver strong customer service. In the security industry, one solution in high demand is the use of mobile apps for critical functions such as credentialing, remote operations and alerts. Mobile credentialing frees the user from having to carry physical credentials such as tokens or ID badges. Further, mobile access control solutions are well-suited to applications that experience numerous spontaneous events such as lockdowns or weather related emergencies, or with a frequent need to activate/ de-activate access card holders. Key points include: Security: Security has always been a fundamental part of mobile operating systems, and the encrypted security of smart credentials and/ or door management apps makes them more secure and difficult to counterfeit. Mobile devices often require multifactor authentication while traditional access control devices do not. Convenience: Mobile users can control their facilities and access timely information from wherever they are. This is important for emergency situations, and convenient for other scenarios such as activating or deactivating credentials. Mobile credentialing provides, even more, convenience, with new readers that can accept both proximity cards and mobile credentials speeding the transition to mobile technology. Increased integration: With mobile technology, one credential allows access to doors, data and cloud applications, with security and tracking incorporated into every user action. This high-level integration can also be used to trigger automated tasks like time and attendance recording. Cost: Maintaining a physical and logical access control system with disparate applications can be costly, particularly when updates are implemented and integration must be performed across all systems. A physical access control system with mobile credentialing can be easily upgraded to add logical access control for network log-on. For card-based credentialing, material costs must be considered as well; digital credentials have no material cost. Still, users may not get the most out of their system if the provider does not have a customer-focused culture. At a minimum, providers should offer flexibility, post-sales support, availability, expertise and training. Flexibility: Recognizing that off-the-shelf solutions are hardly sufficient for addressing the specific requirements of every installation, customer-focused providers are willing and able to accommodate customization. Post-sales support/ training: The reality of access control systems is that – like any solution – they require ongoing service, support, and training to provide customers with the continuous, reliable operation they need. One true measure of a vendor is what they can – and will – do to address and accurately fix any issues in a timely manner. Post sales training is also key to assuring the customer knows how to best manage their system in multiple languages. Availability: In today’s connected world, customers have a wide variety of ways to contact a provider, all of which are irrelevant if they can’t actually connect with the vendor. Delays compromise security, so customers deserve a specific person they can rely on when they need help the most, often when something goes wrong and requires immediate attention. Expertise: The expertise and experience of customer-focused organizations can help end users make better and more confident decisions about an access control installation. When combined, customer service and mobile technology offer tremendous potential for maintaining the safety and security of people, places, and assets. Your chosen provider should be able to deliver to you the latest in mobile technology plus a commitment to the best possible customer service. Robert Laughlin, President, Galaxy Control Systems

Ransomware and banking Trojans dominate the cybercrime mainstream today, and their technical operations are heavily analyzed. But little attention has been given to the business model which plays a large role in dictating their behavior, targets, and tactics. A revolutionary concept in cyber crime is what I call ‘distributed cybercrime,’ a business model in which cyber criminals attack many victims in the same campaign. Like many other inventions now common in modern life, distributed cybercrime may seem trivial today. But this concept emerged little more than a decade ago and has already dominated the threat landscape. Improved ROI and the support of a newly erected ‘dark industry’ has made distributed cyber crime the hottest trend in cybercrime. Most of the professional cyber criminal groups today develop malware with a distributed business model, then use professional platforms, distribution services, and infection experts to attack the world. They don’t know who their victims are nor do they care. They’re not looking to get points on style. They’re just businessmen who built the perfect, automated money-making machine. 6 Reasons why cybercriminals love the new business model Beginning in 2006, innovations in malware, banking Trojans and ransomware created a new type of business model for cybercriminals: rather than concentrating all their efforts on penetrating high-quality targets, they can steal small amounts of money from numerous victims. The business model of distributed cyber crime has made some attackers multi-millionaires in a short amount of time due to its many business benefits: 1.    Attacks require less effort as they target ‘low-hanging fruit’ (i.e., individuals or organizations with sub-par security). 2.    Attack skill level is low compared to techniques such as spear-phishing – regular ol’ phishing is good enough for weak targets. 3.    Highly coveted zero-day vulnerabilities are no longer required for profitable attacks – mainstream CVE vulnerabilities with known exploits and existing patches will do, as many victims don’t patch regularly. 4.    Any standard endpoint is a potential source of revenue, making a lateral movement toward the crown jewels irrelevant. 5.    When you attack the world, the sky is the limit – the amount of potential revenues is endless. 6.    Less effort and more profit mean better ROI. Mass distribution, victim profiling, and outsourcing The new business model presented new challenges for cyber criminals. If you want to become filthy rich through distributed cybercrime, you can’t just attack 100 victims – you need to attack hundreds of thousands of victims. This drove professional cybercriminals to build mass-distribution platforms to spread their malware and automated-infection systems to exploit victims’ machines and run the malware. But the quantity of traffic is not enough. Victims must fit a desirable profile. Cyber criminals want to avoid targeting low-income victims with ransomware as they’re probably less able to pay the ransom, and the ransomware’s language should match the victims’ language to ensure instructions on purchasing bitcoin and paying the ransom are understood. Mass distribution experts and traffic dealers offer their shady customers this very type of targeted services. In addition to victim-specific traffic, infection services are also up for sale (or more commonly, for rent). Rather than coming up with new or unique exploits, pre-packaged exploit kits are readily available to launch the attack of your choosing. These kits supply the distribution and traffic services mentioned above, to use the best exploits available to infect victims’ machines and, if successful, run the customer’s malware. The exploit kit method essentially outsources distribution and infection to reliable, high-quality service providers at an affordable price. Where have all the targeted attackers gone? You may ask yourself: what happened to targeted attacks? The answer: absolutely nothing (and thank you for asking). In fact, targeted attacks today are easier than ever, as demonstrated by cyber attackers who do care about the identity of their victims (like nation-states). Targeted attacks did not disappear – they’ve only been eclipsed by the attractiveness of the ROI of distributed attacks. Only when the profitability of targeted attacks can compete with the distributed cybercrime business model will we see their rise to prevalence again. There are initial signs that cybercriminals are testing targeted attacks with malware more commonly used for distributed attacks, as evidenced by recent ransomware attacks on high-quality targets such as hospitals and hotels. The problem comes back to ROI: while cyber criminals demanded up to $5M ransom from one victim, the highest ransom paid by a single victim (as far as we know) was a meager $28K. The next big thing What’s next for the innovative cybercriminal? My Prediction: a hybrid business model with tailored ransom pricing. Imagine a mass-distribution platform doling out ransomware on a global scale that, when executed, will assess the victim’s environment. If that environment is a consumer’s machine, the calculated ransom will be relatively low; if it’s an enterprise network, considerably higher; if it’s critical infrastructure, astronomical. Whatever the next big thing is in cyber crime, you can be sure it will be driven by ROI – nothing dictates the dark industry more than these three simple letters. Tal Sheffer, CTO, Skybox Security