Manufacturing

 

 

https://sm.asisonline.org/Pages/Securing-the-Sum-of-Many-Parts.aspxSecuring the Sum of Many Parts with Endpoint ManagementGP0|#3795b40d-c591-4b06-959c-9e277b38585e;L0|#03795b40d-c591-4b06-959c-9e277b38585e|Security by Industry;GTSet|#8accba12-4830-47cd-9299-2b34a43444652019-05-01T04:00:00Zhttps://adminsm.asisonline.org/pages/lilly-chapa.aspx, Lilly Chapa<p>​AVX Corporation manufactures and supplies sensors, antennas, and other electronic components that make up phones, computers, medical devices, and more. For many years, the firm faced various company acquisitions, managed multiple facilities, and used numerous security systems.</p><p>Each acquisition and location brought with it a new—and separate—antivirus solution for that facility’s network. And when Zack Moody, CISSP, joined AVX as information security manager two years ago, he was tasked with facilitating a singular network security approach that could protect the organization’s 29 facilities in 16 countries. </p><p>“The job was much larger than AVX knew, but this was an opportunity I was willing to accept,” Moody says. “I wanted to create a program from scratch.”</p><p>Through his experience in both the private and public sectors, Moody says he knew there were many ways to approach the challenge at hand—either through a compliance or risk perspective. </p><p>“It was hard—there’s lots of noise from the compliance standpoint, but there was also a lot of risk to take into consideration,” Moody explains. “How do you find that balance? A good security professional is going to understand that as long as you’re implementing security correctly, compliance falls into place. It took a long time to figure out the business side, because AVX is such a massive organization and spread throughout the world.”</p><p>The first thing Moody did in the decision-making process was conduct a global security assessment to identify the biggest risks and gaps. </p><p>“For me, when I looked at what was the biggest risk, endpoints obviously came to mind,” he explains. “One way attackers enter your organization is typically with malware, so how does it get in? It’s either through a USB or email. And if it gets onto the machine, that’s where it’s going to execute from, so we have to strengthen that.”</p><p>The security assessment revealed that AVX’s facilities were running five or six different antivirus solutions worldwide. Moody says he knew that finding one effective solution that would stop malware execution at the endpoint was imperative for AVX’s systems. </p><p>“Throughout AVX facilities there were different price ranges, even with the same vendor, because people purchased things separately from the next facility,” Moody explains. “There was no central view into the influence, no central control—and if a fix or change needed to be pushed out, you’re not just pushing one patch, it was one patch to this vendor, one patch to another vendor.”</p><p>In Moody’s search for a standardized solution, he focused on the need for endpoint protection, detection, and response capabilities, which would provide multiple ways to handle malware threats. He also looked for something that would allow him to manage the system from one platform and provide the tools needed to actively detect threats.</p><p>AVX found its solution in SentinelOne’s Endpoint Protection Platform, which met the requirements through an all-in-one approach—there was no need to purchase different licenses or pieces of software, which many other competitors required, Moody notes. </p><p>“SentinelOne provides the capability of rolling back the operating system in case there is a ransomware system on a computer,” Moody notes. “There’s the argument that you shouldn’t have to have that, but for me it’s better to have, because you never know.”</p><p>Moody says he was also impressed by SentinelOne’s reliance on its customer base, which often informs what new features are developed—in fact, AVX played a part in SentinelOne’s development of its firewall and USB controls, he notes.   </p><p>Implementation of the platform was seamless, Moody explains, and AVX ran the program in detect-only mode for the first two weeks so AVX could teach it what programs or actions to whitelist—including the legacy antivirus software that facilities had in place.</p><p>“During that period, we could see what they were identifying as good, bad, and ugly, and had the opportunity to compare it to what rules are currently in place with the existing antivirus systems the site was using,” Moody explains. “We could start whitelisting those known systems, so when we turn on the detect mode, there are fewer false positives.”</p><p>One challenge AVX faced was one many manufacturers are familiar with—the computers, programs, and code used in manufacturing are, as Moody puts it, “some of the oldest known to man” and don’t work well with newer endpoint solutions.</p><p>“Throwing SentinelOne on these systems, it’s going to pick up on older applications that may not be digitally signed or seem to appear malicious, but in reality are old applications that we’ve been using for years,” Moody says. “You can whitelist an application, but the good thing about SentinelOne is it will pick up on any strange activity that an application does, even though it’s whitelisted. It can still get blocked if it starts changing files or does something malicious.” </p><p>AVX implemented SentinelOne’s solution in June 2018, and the process took about six months because of the number of disparate and isolated systems throughout the organization, Moody explains. </p><p>But now that it’s up and running, it has streamlined the malware detection and response process. Previously, if an AVX employee encountered a potential malware issue with his or her computer, he or she would report it to the company’s IT department, which would investigate and run scans—often with the same software that didn’t detect the malware in the first place, Moody notes. Depending on the results of the scan, IT would reimage the computer and inform the security department of the potential breach. With the SentinelOne solution, security is the first to address a potential hack.</p><p>“There was a lot of wasted time with the legacy products,” Moody says. “So why not invest in tools that were going to be more proactive on the security side? They give the security team reach into those endpoints and free up our IT professionals. We need to be in control of what’s on our network and what’s happening. Business continues to go on, people can continue to work—the majority of the time, SentinelOne is taking care of things in the background and blocking what it needs to be blocking. But if something happens, we’ll be notified immediately, and we’ll have all the tools to react.”</p><p>Moody says that he is pleased with SentinelOne’s innovative approach to detecting and responding to malware. </p><p>“We wanted to get away from the traditional signature-based detection systems and go towards something more proactive to these threats,” he says. “It’s very important, especially in manufacturing where there’s so much machine code that is old or might change a lot. You have to make that decision—do I trust a company that built their entire organization off legacy antivirus, or a company that is fresh and inventive in today’s world and threat landscape? When I take a step back, we want someone who is going to be with us for the next 40 to 50 years and has a vision of threats today and beyond. I want someone new in the game, and for us, that was SentinelOne.”  </p><p><em>For more information: Daniel Bernard, vice president, business and corporate development, <a href="https://www.sentinelone.com/" target="_blank">SentinelOne,​</a> <a href="https://www.sentinelone.com/support/">[email protected]</a>, 816.668.3472.</em></p>

Manufacturing

 

 

https://sm.asisonline.org/Pages/Securing-the-Sum-of-Many-Parts.aspx2019-05-01T04:00:00ZSecuring the Sum of Many Parts with Endpoint Management
https://sm.asisonline.org/Pages/FLASHBACK-April-1965-Vol-9-No-2.aspx2019-01-01T05:00:00ZFlashback
https://sm.asisonline.org/Pages/Maritime_Maladies.aspx2018-12-01T05:00:00ZMaritime Maladies
https://sm.asisonline.org/Pages/January-2018-Industry-News.aspx2018-01-01T05:00:00ZJanuary 2018 Industry News
https://sm.asisonline.org/Pages/December-2017-Industry-News.aspx2017-12-01T05:00:00ZDecember 2017 Industry News
https://sm.asisonline.org/Pages/Driving-a-Security-Transition.aspx2017-10-01T04:00:00ZDriving a Security Transition
https://sm.asisonline.org/Pages/Changing-Course-for-Success.aspx2017-07-10T04:00:00ZChanging Course for Corporate Success
https://sm.asisonline.org/Pages/Industry-News-May-2017.aspx2017-05-01T04:00:00ZIndustry News May 2017
https://sm.asisonline.org/Pages/Maturity--Model-101.aspx2016-12-01T05:00:00ZMaturity Model 101
https://sm.asisonline.org/Pages/Bottleneck-at-the-Border.aspx2016-03-01T05:00:00ZBottleneck at the Border
https://sm.asisonline.org/Pages/Book-Review---Port-Security-Management.aspx2015-08-01T04:00:00ZBook Review: Port Security Management
https://sm.asisonline.org/Pages/June-2015-Industry-News.aspx2015-06-01T04:00:00ZJune 2015 Industry News
https://sm.asisonline.org/Pages/Watching-The-Port.aspx2014-09-01T04:00:00ZIndustry News September 2014
https://sm.asisonline.org/Pages/A-Diverting-Practice.aspx2005-08-01T04:00:00ZA Diverting Practice

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/Changing-Course-for-Success.aspxChanging Course for Corporate Success<p>​Conventional wisdom suggests that businesses have a natural life cycle wherein new solutions, evolving markets, and misguided management play a significant role in the probable failure of the company. According to this model, every firm—from family businesses to the largest multinationals—falls into decline. Even those businesses that come back after one downturn may not prevail in the next one. These organizations are replaced by new companies that are born to meet evolving market needs, new technology voids, or changing business environments, and the cycle repeats. But some notable companies—IBM and Apple, for example—have overcome periods of decline and have emerged with a new focus, strong core values, and a powerful new leadership position. </p><p>There are many possible paths to this success, but for a large technology company, regaining its leadership position after a major decline requires several critical ingredients, including: </p><ol><li>A clear target-market focus with in-depth understanding of the customer</li><li>A strong, complete offering that cannot be easily duplicated</li><li>A clear market position and message</li><li>Strong organizational alignment with outstanding team commitment</li><li>A financial foundation that will support the necessary actions<br> </li></ol><p>While these elements may seem obvious to any start-up entrepreneur, they may be harder for an established, enterprise-level company to achieve. Here's a look at how these five key initiatives can be applied.</p><p><strong>1. Clear Target Market<br></strong>A statement of mission, vision, and values can help an organization create a roadmap of where it wants to go and how it will get there. A basic underlying tenet of the statement is that the organization, regardless of its nature (i.e., school, auto dealership, technology company, etc.) will provide a high-quality product or solution that the market needs. Organizations must also identify the right way to communicate to the defined market that their product or service has value and is the best choice. They must support that communication with a solid foundation in marketing, sales, and infrastructure. It's a broad "pull" rather than "push" approach that benefits not only the organization but the market as well. </p><p><strong>2. Strong, Complete Offering<br></strong>Businesses that have grown and prospered offer a strong, quality product line designed specifically for the defined market. Maintaining that portfolio is an ongoing process that requires both a commitment and a product roadmap that will position the organization not only as a product leader but also as a technology leader. </p><p>Crystal balls aside, listening and responding to a changing industry is necessary to ensure that the portfolio offers solutions as well as products. Offerings today must feature greater intelligence and performance capabilities that will make a difference to the industry. In the physical security market, for instance, some of these solutions include products with increased connectivity, cybersecurity features, and an understanding of the Internet of Things (IoT). The offerings should be positioned to work in combination with the expertise of select technology partners to deliver an integrated system that solves customer problems through meaningful innovation. </p><p><strong>3. Clear Market Message<br></strong>Successful companies have an aggressive integrated marketing program that combines the best of traditional marketing with new social media and digital techniques to get their message to the market. These companies have implemented and will continue to refine consistent and aggressive public relations, new print and digital advertising campaigns, and advanced inbound marketing. This is all in addition to updated websites that include significant support tools and search engine optimization. <strong> </strong><strong> </strong><strong><br></strong></p><p><strong>4. Organizational Alignment<br></strong>The successful business operation must fit the needs of the market as it exists today. Many companies start the restructuring with the sales organization to create a closer, more-direct line to the reseller and customer. This approach serves customers by ensuring more direct contact, feedback, and intervention. By listening carefully, understanding what the market needs, and giving value, the company, in return, will receive value.  </p><p>Along with a restructured sales organization, an updated marketing organization can better engage in highly strategic and integrated marketing efforts that are designed to reshape the company's image and drive new business opportunities. Populating the department with internal and external teams of experienced industry professionals who have proficiency in both traditional and digital marketing further helps in achieving company goals. </p><p>Finally, in any technology-based organization, the restructuring of the engineering organization is critical to meet the continual challenge of developing and delivering mainstream solutions with meaningful innovation. Ultimately, it is the close collaboration and alignment of these three primary functions—sales, marketing, and engineering—that will eventually drive the organization towards its new goals.<strong> </strong></p><p><strong>5. Firm Financial Foundation<br></strong>Although a company may have been profitable throughout its history, change is costly. Strong financial backing allows an organization to move forward with its redevelopment in a manner that better ensures success. As an example, the capability of sustained restructure has been a key component in the success of Pelco's reinvention. </p><p>Even when these five critical elements are implemented, success is still not a sure thing. Economic uncertainty, fast-moving markets, and competition from nontraditional sources can take a toll. Companies with entrenched or outdated business models are particularly susceptible to business failure. As it becomes harder to hit performance targets, virtually all organizations need to consider some type of strategic restructuring if they want to avoid the end-of-life paradigm. </p><p>If this sounds radical, it's likely due to the negative connotations associated with restructuring. For many, restructuring conjures up images of court-supervised negotiations with different classes of creditors trying to reach consensus. But when viewed more broadly, restructuring represents an opportunity for companies to examine their operating models with the ultimate goal of optimizing their business for the long term. Companies that follow this process can remain a dominant force for many years to come.​</p><p><em>Sharad Shekhar is CEO of Pelco by Schneider Electric.</em>​​<br></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Maturity--Model-101.aspxMaturity Model 101<div><p>​</p><p><img src="/ASIS%20SM%20Documents/1216%20Sidebar%20Graphic%202a.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:356px;" /><br></p><p>Maturity models are a tool used a range of business sectors, including​ manufacturing, software engineering, operations, and logistics. The model is often used to help set process improvement objectives and priorities, and it can provide a method for appraising the state of an organization’s current practices. </p></div><p>Researchers at Carnegie Mellon University (CMU) have been developing early maturity model prototypes since the 1980s. In 2002, CMU released the first version of the Capability Maturity Model Integration (CMMI) tool, which was developed by a group of experts from industry, govern­ment, and CMU’s Software Engineering Institute. Updated versions of the tool were released in 2006 and 2010. </p><p>The Ernst & Young (EY) physical security maturity model developed with Caterpillar is based on this CMMI tool, and also on EY’s cybersecurity maturity model.</p><p>This tool uses a level 1 through 5 rating scale to define maturity levels: (1) Initial, (2) Repeatable, (3) Defined, (4) Managed, and (5) Optimized. For a hypothetical example, take the compliance component of a security department. In the Initial stage of a maturity model, processes are unpredictable, poorly controlled, and reactive. Thus, in that initial stage, the security department is conducting its compliance activities in a haphazard way—putting out fires when they flare, with no real established process for doing so. ​</p><p>When compliance reaches level 3, Defined, the compliance process is established and proactive—perhaps with guidelines enforced by a compliance officer. At level 5, Optimized, the process is so well-established, managed, and defined, that the focus is now on process improvements.  </p><p>​​</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Safety-in-Shared-Spaces.aspxSafety in Shared Spaces<p>​Coworking spaces  are on the rise around the globe. These flexible work settings allow people without a traditional office building to still enjoy many of the amenities that come along with having a dedicated work environment. </p><p><em>The 2017 Global Coworking Survey</em>, conducted by Deskmag, along with SocialWorkplaces.com, found that there are an estimated 13,800 active coworking spaces worldwide, hosting more than 1 million people. </p><p>This represents a major increase from five years ago, when just 2,070 coworking spaces were used by 81,000 people globally. COCO, a coworking company based in St. Paul, Minnesota, offers several different levels of membership and types of space, so clients are only paying for the amount of time they need and space they require, says Megan Dorn, director of operations at COCO. </p><p>“Our idea in doing that was to be with our clients as they grow—from the beginning of their business, to hiring employees, to maybe needing private offices—which we also have,” she says. “So that’s what makes us a little bit different than your typical coworking space.” </p><p>When the company started in 2010, it had to distribute physical keys to its members, “which is a nightmare as you’re trying to grow,” she notes, and a security concern if a key was ever lost. </p><p>Because COCO normally leases its space in a larger building, it needed a security solution that was as flexible as the working environment it provides. “We usually have to find ways—when we’re opening a space or acquiring a space—to work with the building to find ways to get our security system installed,” Dorn explains. </p><p>When COCO acquired a new space in Chicago last May, the existing security system was a door locked by a PIN code, which the building never changed. The PIN code was distributed to a large number of people.</p><p>“The space got broken into a week before we acquired it. Laptops were stolen, and people were really on edge,” she notes. “So as soon as we came in to the Chicago space, one of our top priorities was to get a really solid access and security system in place.” </p><p>COCO turned to Brivo’s OnAir, a cloud-based access control system that easily integrated into the company’s membership dashboard, called Bamboo. Using Brivo, COCO can easily distribute keycards to its clients and manage membership usage and levels. </p><p>To set up the system, Brivo representatives come to COCO’s space and add card readers to the appropriate doors. They also set up schedules and the different access levels for membership types.</p><p>COCO has one membership accountant who works out of the company’s headquarters and oversees assigning new members a keycard number through Brivo. “It’s all digital, so it can be done remotely,” she notes. </p><p>A community manager at the member’s location—the lead COCO employee for that site—can then log on to Brivo and see which card number has been assigned for that client, add the number to their member profile in Bamboo, and distribute it. </p><p>Changing, granting, and revoking access levels, as well as keeping track of when members come and go throughout the building, are all managed through the Brivo platform. </p><p>“Say you want to upgrade a member from part-time to full-time. We’re able to just go into Brivo and quickly change your access. It’s active the moment that you do it,” she notes. “That’s actually been really helpful for us, given we have all this variability in types of membership.” </p><p>When a member badges in, a wealth of information comes up on the Brivo dashboard for the community manager to see. “Their picture, their name, their membership level, how many times they’ve checked in already that month, it immediately shows up,” she says. “So it tells you in real time exactly who’s in your space and when.”</p><p>The business value of OnAir is immense for COCO, Dorn points out, because the company can tell how often members are actually using the space, and whether they have made payments, as soon as they present their access card to the door reader. </p><p>“Let’s say someone is delinquent on payment. As soon as the member checks in, there’s going to be big red circle with an exclamation point [on the dashboard]–you can’t miss it,” she says. “It’s definitely helped us lower the sheer amount of delinquent payments that we have, and receive that payment.”</p><p>When a member badges in, Brivo also alerts the community manager if that person hasn’t been in the space very often that month. </p><p>“If we can find a member who we consider at-risk, who hasn’t been using the space, and we’re alerted to that we can reach out to them, invite them to an event, or try whatever we can to reengage them,” Dorn says. </p><p>COCO is also in the initial stages of using Brivo MobilePass, which lets COCO staff remotely lock and unlock doors via a smart device, for members who want to access the space after-hours but forget their keycard. </p><p>Because of how easily it can deactivate and reactivate access, COCO also encourages members who leave the company to keep their keycards. </p><p>“The goal is to try to get the member to come back. So if you have that card and you come back, you’re already set up in our system, all we have to do is reactivate the card and then we’ll also waive any setup fees,” Dorn says. </p><p>She notes the combination of security and business insights from Brivo has been tremendous for COCO. </p><p>“Brivo as a security system has helped us go from being a group of people working out of a space to a full-fledged company,” she says. “It really helps us manage all of the different types of membership and the stages of business they’re in.” </p><p><em>For more information: Nicki Saffell, [email protected], www.brivo.com, 301.664.5242 ​</em></p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465