Emphasising proactive rather than reactive security shifts the focus from dealing with crises and damage control to prevention. Advantages of a proactive approach include cost efficiency, better business continuity, and fewer crises that draw attention away from strategic improvements. Staying ahead of threats is a core mission of the security department, and technology has evolved to enable security professionals to deliver on that mission better than ever. We asked our Expert Panel Roundtable: How are security systems transitioning from reactive to proactive, and what is the benefit?

Multiple technology trends are transforming the physical access control market. There is a fundamental shift away from physical cards and keys toward digital identities — mobile credentials, digital wallets, biometrics, and cloud-native access platforms. These next generation access solutions are radically reshaping how buildings operate, protect staff, and perform functionally. At the same time, AI and analytics solutions are being layered onto these physical access control systems to support predictive threat detection and behavioural insights. Access data itself is becoming an asset for sustainability, space optimisation, and smart building initiatives. Risk, impact operations and experience The annual HID Global Security and Identity Trends Report highlights these and other issues The annual HID Global Security and Identity Trends Report highlights these and other issues. The survey cites improving user convenience as a priority for nearly half of organisations, while 41% are focused on simplifying administration, and 28% struggle with system integration. These are not theoretical challenges, they are day‑to‑day friction points that add cost, increase risk, impact operations and experience, and, of course, must be addressed. HID Global’s commercial focus HID Global’s commercial focus is to help organisations digitise their access control — with mobile identities, biometrics, and cloud platforms — and then to use the data to deliver more value. “We are turning access control from an operational cost into a software-driven asset that improves efficiency, supports Environmental, Social, and Governance (ESG) goals and even creates new revenue opportunities,” says Steven Commander, HID Global’s Head of Consultant Relations. The impact of digital transformation Digital transformation is the method of moving access control from hardware and physical credentials Digital transformation is in the process of moving access control from hardware and physical credentials to a software-driven, integrated experience. The transformation strengthens security while also improving user convenience — transforming the “pavement to the desk” journey. HID enables this shift through mobile credentials, biometrics, cloud-native platforms, and solutions that allow third-party applications to run on door hardware. “This helps customers turn access data into operational and commercial outcomes, while also improving the overall user experience,” says Commander.  Digital transformation in access control is not focused on chasing the latest trends. Rather, transformation is about turning software, data and integration into outcomes that matter to customers, says HID. “Security becomes stronger and more adaptive,” says Commander. “Operations become simpler and more cost‑effective. Experiences become seamless and consistent. Sustainability moves from ambition to action. And the financial case becomes clearer as efficiencies are banked and new value streams emerge.” The challenge of futureproofing with long lifecycles Given that physical security technologies will be in place for 15 to 20 years, it is important to plan for how systems can evolve over time. Considering how rapidly security threats, compliance standards, and user expectations change, 15 to 20 years is a long time. The decisions made at the beginning of a system’s lifecycle can either limit flexibility later (which will be costly) or enable long-term adaptability. Support for open standards such as Open Supervised Device Protocol (OSDP) is therefore important Choosing products and platforms that are open, interoperable, and designed for updates can enable future-proof projects. Support for open standards such as Open Supervised Device Protocol (OSDP) is therefore important.  In addition, systems built on open controller platforms — such as Mercury — enable organisations to switch software providers or expand functionality without replacing core door hardware. Architectural openness is key to system lifecycles and maximising the return on investment (ROI) from a chosen solution. Digital credentials and mobile access Flexibility and upgradeability should also be top of mind when it comes to endpoints like access control readers. While RFID cards are still commonplace, there is a clear trend toward digital credentials and mobile access. Readers that support both allow organisations to transition at their own pace, without committing to a full system overhaul. A long system lifecycle does not mean technology should remain static. Security, particularly cybersecurity, demands more frequent updates. Technologies that support firmware upgrades in the field extend the value of a deployment while helping organisations keep pace with emerging threats. In that sense, lifecycle thinking is not just about longevity — it’s about maintaining resilience and readiness over time. Applying biometrics and mobile identities Biometrics is becoming mainstream as a credential alternative, strengthening security without adding friction Biometrics is becoming mainstream as a credential alternative, strengthening security without adding friction. Many organisations are now deploying biometrics to support fast, seamless access journeys, with adoption already around 39% in access control according to HID’s recent research.  In addition, 80% of organisations surveyed expect to deploy mobile identities within the next five years. Full technology integration enables tap‑to‑access without opening an app; the user journey becomes faster, safer, and more convenient. “It is where the industry is headed and we are at the vanguard of this,” says Commander.    Ongoing challenge of cybersecurity At HID Global, cybersecurity is embedded into everything, from corporate processes and development practices to the solutions they bring to market. “Our approach ensures that customers can strengthen their overall security posture, not only by deploying secure products but by benefitting from HID’s commitment to the highest industry standards,” says Commander. HID holds multiple globally recognised certifications, including ISO 27001, ISO 14298, SOC Type 2 and CSA STAR, which demonstrate their robust information security and cloud security practices. In addition, HID’s SEOS® secure chipset is independently SEAL-certified, providing one of the most advanced levels of protection available on the market today. “Ultimately, this means organisations are not just purchasing isolated secure products; they are implementing solutions developed and delivered within a comprehensive, cybersecure framework,” says Commander. “When deployed according to best practices, HID solutions enable customers to achieve the highest levels of resilience against evolving physical and cyber threats.” Developing green and sustainable solutions A huge amount of waste is generated from the manufacture of plastic RFID access cards Digital credentials align with the sustainable solutions that everyone wants. A huge amount of waste is generated from the manufacture of plastic RFID access cards. Over 550 million access cards are sold annually. This creates 2,700 tons of plastic waste and 11,400 tons of carbon, based on a PVC card weighing 5 grams.  Therefore, digital credentials self-evidently reduce the reliance on plastic cards (helping reduce carbon emissions by up to 75% according to HID’s research), while leveraging access control system data supports energy optimisation by shutting down or reducing systems in unused spaces. Energy use and CO₂ emissions can be cut dramatically, showing how access systems can contribute to sustainability goals and green building certification. What is the latest in smart buildings? Smart buildings increasingly rely on mobile access control as the backbone for digital services. Real-time access data enables new services such as automated room bookings, HVAC control, lift/elevator calling, e-bike hiring, and so on. Smart buildings increasingly rely on mobile access control as the backbone for digital services The financial upside is clear; smart, digitally transformed buildings can deliver around 8% higher yields per square foot versus traditional office space. Operational savings accrue from reduced administration, the removal of card production and shipping, and lighter IT support. This creates a value cycle — better experiences drive adoption, adoption fuels monetisation, and monetisation funds further improvements. Achieving technology impact in the real world One standout project is One Bangkok – a $3.9 billion mixed used development in Thailand – which demonstrates the scale of what can be achieved when access control data is used for optimisation, particularly when it comes to monitoring facilities usage and occupier behaviours. By switching lights off or lowering the temperature in unused rooms, for example, the One Bangkok building demonstrates this potential with a 22% reduction in energy consumption, saving 17,000 MWh and 9,000 tons of CO₂ annually.  Sustainability is a key factor in contributing to how properties are valued. And sustainability extends far beyond digital credentials having a lower environmental impact than plastic cards.  Buildings with recognised sustainability certifications often command rental premiums of around 6%, and three‑quarters of security decision‑makers now consider environmental impact in their procurement assessments.

ISC West 2025 in Las Vegas showcased the latest advancements in security technology, offering security professionals a glimpse into the future of the industry. This year's expo highlighted the growing influence of artificial intelligence (AI), cloud computing, and enhanced integration. The pioneering comprehensive and converged security event attracted nearly 29,000 industry professionals to the Venetian Convention Centre.  Integration into unified platforms Several companies emphasised the importance of cloud-based solutions and the integration of diverse security components into unified platforms. For example, Brivo's Security Suite provides “everything in one platform” – not just access control. Customers only pay for what they use because the system is flexible and scalable from a single door to enterprise level applications. Brivo’s suite includes video, but the system can also tie in with third-party “partners.” Genetec's Security Centre allows for more frequent updates through the cloud. Milestone is undergoing a two-year transition to bring its Xprotect system into the future by incorporating Arcules and Briefcam into a video-as-a service product. Suprema introduced BioStar X, which integrates access control and video analytics into a single platform. AI and mobile credentials  Axis Communications’ Cloud Connect product announced three new partnerships at ISC West 2025 Axis Communications’ Cloud Connect product announced three new partnerships at ISC West – Eagle Eye Networks, SecuriThings, and Wesco. They join the three partners announced during the first year of Axis Cloud Connect – Genetec, Kone (elevators) and Milestone. AI and mobile credentials were still hot topics at ISC West 2025, but the conversation has evolved beyond amazement at the technologies’ capabilities and now centres on more practical aspects. From the theoretical to the practical “AI and mobility are still the ‘flavors de jour,’ but messages are evolving to manifest AI for better outcomes,” says Heather Torrey, General Manager, Commercial Security, Americas, for Honeywell Building Automation. The company has reframed its security portfolio to be very building- and business-focused, continuing to grow and evolve after the recent acquisition of LenelS2. “From the theoretical to the practical, we want customers to be part of the conversation so we can deliver AI that is meaningful to them, focusing on what’s most important,” says Torrey. Under Honeywell’s new ownership structure, “each part of the business can be more focused on customers’ needs,” she says. Honeywell continues its journey around mobile access and credentialing and migrating to cloud solutions. Innovations in Access Control Gallagher’s new Quickswitch access control board simplifies the migration from legacy systems Access control remains a critical component of security systems, and ISC West 2025 showcased several innovations in this area. Acre is releasing “Gallery,” its version of the App Store for access control. DormaKaba is launching the Keyscan KC Series door controller with TCP/IP connectivity and enhanced features. Gallagher’s new Quickswitch access control board simplifies the migration from legacy systems. Johnson Controls highlighted its C-Cure command centre and C-Cure IQ web client, offering a unified approach to access control and video. Hardware integrations for security panels For service provider Alarm.com, hardware products prepare a path to greater customer experiences, says Abe Kinney, Alarm.com’s Director, Product Management, who oversees hardware integrations for security panels, sensors, video, etc., and drives new product development. “We are looking to bridge the physical world to digital world,” he says. “We want to bring an advantage to our dealers that they can bring to customers.” Because Alarm.com’s customers pay a monthly fee, the products must be durable and economical, says Kinney. “It should work with no need for truck rolls.” The importance of longevity and flexibility Products are evaluated based on features, price, and ease of installation Products are evaluated based on features, price, and ease of installation. In particular, longevity is important for the Alarm.com’s pro channel. There is also a growing emphasis on deterrence industrywide. Says Kinney: “We recognise that detection is part of it, but we need to prevent problems from happening in the first place. And the industry is re-evaluating.” When it comes to cloud intelligence, Eagle Eye Networks puts the emphasis on flexibility. They offer AI that can perform anywhere on the system infrastructure, on the camera, on their on-site bridge device, or in the cloud. They support their own AI and also any AI product from a third party. “We focus on what customers want from the data AI detects,” says Hans Kahler, Eagle Eye Networks’ Chief Operating Officer. Integration with other systems A timely alert from gun detection could save a life, but AI can also generate information that might be used and analysed later, such as point-of-sale information, dwell time, foot traffic, etc. “What people want is the ability to work with the data for business intelligence,” says Kahler. Integration with other systems provides new opportunities for customers: For example, a licence plate reader at a restaurant drive-thru could trigger customisation of the menu board digital signage based on the customer’s previous buying pattern. Relentless Innovation Assa Abloy handles more than 40 million SKUs for all its various brands, faked in 28 factories in the US Assa Abloy handles more than 40 million stock keeping units (SKUs) for all its various brands manufactured in 28 factories in the United States. Merely complying with regulations such as the “Buy American Act” is a monumental effort considering the massive product line, attendees heard at Assa Abloy’s Annual ISC West Breakfast focusing on compliance challenges in the security market. Meanwhile, back at the trade show booth, Assa Abloy focused on “relentless innovation” in every corner of its product line. Assa Abloy’s message: Innovation in security does not have to be about AI or automation. In fact, inventive approaches to products come in all shapes and sizes and at every level of the product portfolio, and innovation is happening faster than ever. For example, the Safebolt product from Securitech, a brand recently acquired by Assa Abloy, can quickly lock down existing doors with the press of a red button on a cylindrical or mortise lock. Temporary Systems to Secure Events Securing events is the focus of Allied Universal's Unified Command Solutions, which specialises in setting up temporary security systems for conventions, trade shows, festivals, construction sites, parades, and other events. They can add technology to situations where previously mostly security officers were used, providing safety/security and enabling more efficient event operation.  “We can put cameras anywhere, whether they need power or not, use cell service or WiFi, a localised network or the internet, or whatever,” says Andrew LaMadrid, VP, Sales for Allied Universal's Unified Command Solutions. Event operation and management IDIS came to ISC West looking to leverage new products that they did not promote in the past The focus is on easy implementation, flexibility, and fast setup and removal. “We look for a solution to solve each customer’s pain points,” says LaMadrid. They specialise in setting up and deploying surveillance cameras for safety/security and for event operation and management. Mobile surveillance is a relatively new “piece of our puzzle” when it comes to protecting high-profile events. “People are excited about what we can offer that’s new,” says LaMadrid. Unified Command Solutions has been around for about 12 years and was acquired by Allied Universal last summer. IDIS came to ISC West looking to leverage new products that they did not promote in the past, and visitors were very interested in those solutions, says Scott Switzer, IDIS CEO. “The progression of our product line has been tremendous,” he says. Last year, the IDIS booth offered only basic analytics, but this year they had 30 different advanced analytics including gun and aggression detection using the advanced solution “IDIS Vaidio AI.”  What Makes You Different? The most common question IDIS hears at their trade show booth is: “What makes you different?” The answer: They offer an end-to-end solution, including cameras; they manage, control, design from end-to-end; and there is no need for multiple integrations. The time needed to install an IDIS system is significantly less because of the simplicity. “We have customers we have supported and grown together for over 20 years,” says Switzer. The company previously deployed IDIS cameras under the Costar brand before the Korean IDIS brand was introduced into the U.S. (IDIS purchased Costar and changed the name to IDIS America.) “This has been a tremendous show for us; we are looking to build our momentum and let more people know about IDIS,” says Switzer. Managing real AI at the edge The depth of their metadata enables new applications, whether for security or business operations Based in Prague, Czech Republic, and with U.S. offices in Pennsylvania, FF Group provides licence plate recognition for harsh environments. Using Axis cameras, they offer “managed real AI at the edge,” selling through a nationwide distributed network, says Alex Osypov, CEO and Founder of FF Group. Markets include parking lots, cities/municipalities, police, government, water systems, etc. The depth of their metadata enables new applications, whether for security or business operations. They are looking to combine and correlate data including LIDAR, RADAR, etc. to exploit the advantages of “data fusion.” Osypov says: “The market is growing because we are involving other adjacent markets.” Unified platforms and advanced tools Several companies are focusing on enhancing security operations centres (SOCs) by providing unified platforms and advanced tools. Axon’s Fusus system “layers” onto existing infrastructure, tying together various sensors into a single interface for real-time monitoring and information sharing. Increasingly, enterprises have invested in a lot of technologies – ac, video, asset trackers – but none of it talks together. Fusus ties all the systems together so that operators no longer have to look at 10 different screens. Rather, there is a “single pane of glass” that shows everything and facilitates sharing of information with law enforcement.  Motorola also showcased its Security Operations Centre, which integrates hardware, software, smart sensors, communication radios, and broadband devices to streamline incident management.

Physical security technologies are a prominent tool used by correctional facilities to provide a safe, secure, and controlled environment for staff, inmates, and the wider community. Among several functions, security technologies are used to prevent unauthorised access, to detect contraband, to monitor inmate movements and activities, and to protect staff. For security technology manufacturers, integrators and consultants, the corrections market presents distinctive challenges. We asked our Expert Panel Roundtable: What are the unique aspects of the corrections market, and how should the physical security industry adapt?

Allied Universal®, the world’s pioneering security and facility services provider, is one of America’s best workplaces for culture, belonging and community according to Newsweek. The news outlet’s 2025 list of America’s Greatest Workplaces for Culture, Belonging & Community features companies that prioritise culture, foster genuine belonging and build strong communities. Newsweek ranking “This honour is a reflection of the workforce we’ve built on teamwork, collaboration, and mutual respect,” said Allied Universal Global Chairman and CEO, Steve Jones. “We promote a workplace where every team member – no matter their background or experience – feels valued, included, and aligned with our core values.” The Newsweek ranking recognizes U.S. employers with more than 1,000 employees and is based on a national survey of over 2.7 million employee reviews and interviews, plus third-party analysis of leadership, integrity, compensation, and work-life balance.

ZBeta, a pioneer in delivering comprehensive physical security consulting services, now announced the addition of Jim McCormack as Learning and Development Manager. In this role, he will focus on building the company’s commitment to learning, technical excellence, and collaboration. McCormack will shape and oversee ZBeta’s learning and development initiatives, spanning onboarding, career growth, and knowledge sharing. His focus will be on creating programs that scale — helping new hires hit the ground running, supporting ongoing development, and deepening expertise across every corner of the company. Zbeta’s ongoing commitment “At ZBeta, our greatest asset is the collective knowledge and drive of our people,” said Anna Yates, Vice President of Talent and Culture, ZBeta. “Jim’s approach to learning and development will further strengthen our foundation and help us continue to set new standards for client service and performance, and further demonstrate Zbeta’s ongoing commitment to our people and our clients.” Developing talent and driving operational excellence Investing in people and growth sits at the heart of ZBeta’s mission. McCormack’s addition builds on this commitment and deepens its focus on developing talent and driving operational excellence. By nurturing a culture of ongoing learning, ZBeta is redefining what modern consulting means — forward-thinking, collaborative, and always striving to exceed client expectations. Evolving diverse learning, training, and quality programs A strategic and results-driven executive, McCormack brings more than 13 years of leadership experience designing, implementing, and evolving diverse learning, training, and quality programs across global organisations. His expertise spans the full learning lifecycle — from designing comprehensive training programs and implementing global learning management systems to driving leadership development and embedding Diversity, Equity & Inclusion principles into organisational cultures. Prior roles of McCormack Before joining ZBeta, McCormack served as Global Learning and Development Lead for SMB at Accenture, where he oversaw teams across six global locations and implemented standardised assets to foster collaboration and performance excellence. Previously, he held senior training leadership roles at Indeed.com, where he led the financial operations training strategy. McCormack is also the founder of RKW Training, a consultancy specialising in onboarding, management development, and learning strategy design. ZBeta’s focus on people “ZBeta’s focus on people and its culture of continuous learning and collaboration aligns perfectly with my passion for building educational and training ecosystems that empower businesses to grow and thrive,” said McCormack. “By focusing on capability building and knowledge sharing, we can elevate how our teams deliver for clients and for one another.”

March Networks®, a global pioneer in intelligent video surveillance, announces an expansion of its long-standing collaboration with Amazon Web Services (AWS), helping customers reduce long-term video storage costs by up to 80% over 5-years, by deepening its use of Amazon S3 Vectors and Amazon S3 Glacier to advance both video intelligence and cloud storage.   Building on insights and discussions following AWS re:Invent 2025, March Networks is advancing its cloud strategy to bring together fast, scalable video search with cost-efficient long-term video storage. Reducing the cost and operational burden March Networks has relied on AWS for years to deliver secure, scalable solutions across its portfolio. Now, the platform uses Amazon S3 Vectors to power AI Smart Search, enabling natural language search across millions of video images, while Amazon Glacier supports a tiered cloud storage model built for high-volume video archives and long-term retention.  By combining Amazon S3 Vectors with S3 Glacier-backed storage, March Networks helps customers find critical video evidence faster, while significantly reducing the cost and operational burden of storing video for compliance, investigations, and liability protection. This approach is already being adopted by large, multi-site enterprises with extensive video retention requirements.  Long-term video retention requirements “Our customers need simpler, more cost-effective ways to meet long-term video retention requirements without compromising security and compliance – and we’ve just solved that problem,” said Peter Strom, President & CEO of March Networks. “By combining Amazon S3 Vectors for rapid video intelligence with S3 Glacier for cost-effective long-term storage, our partnership with AWS delivers a cloud model that simplifies infrastructure, scales instantly, and lowers total cost of ownership.”  Expanded relationship with AWS Through its expanded relationship with AWS, March Networks delivers:  Faster video investigations using natural-language search powered by Amazon S3 Vectors. Up to 80% lower video storage cost over five years using Amazon S3 Glacier-backed tiered retention. Enterprise-grade durability and resiliency through AWS-managed infrastructure. Instant scalability with no on-premises hardware to deploy or maintain. Hybrid flexibility for customers transitioning to the cloud at their own pace. The continued work with AWS also supports March Networks’ broader initiatives, including the adoption of AWS analytics, Amazon Bedrock to support advanced AI-driven services, and enterprise-grade reporting environments to help customers unlock greater value from their video data. 

Genetec Inc., the pioneer in enterprise physical security software, highlights how modern, data-driven access control is becoming a strategic business priority for organisations in the Middle East, as they look to improve security, efficiency, and return on investment. For many organisations in the Middle East and beyond, access control has long been viewed as a necessary layer of security, providing a means to lock and unlock doors, restrict entry, and track who comes and goes. But in recent years, the role of access control has evolved. Modern access control systems The systems generate a steady stream of data that, when put to work, can deliver far more value than just securing doors. Modern access control systems are smarter, more connected, and capable of delivering measurable business value that goes far beyond physical security. When access control data is unified with other systems, such as video surveillance, HR databases, or business management systems, it can become a valuable source of business and operational insights. It can inform space planning, simplify compliance, reduce administrative overhead, and even reveal opportunities to save energy. Whether they manage facilities, IT infrastructure, or corporate security, modern access control offers a tangible return on investment (ROI). Turning data into operational intelligence Every badge swipe or door event creates data. When analysed, this information can help organisations understand how spaces are used and how people move through them. Dashboards and reporting tools built into a unified access control platform make it easier to visualise patterns and identify opportunities for improvement. These insights are valuable across many industries. In the Middle East, this can range from optimising cleaning and maintenance schedules in shopping malls and office towers, to improving people flow and staffing in hospitals, airports, and government service centres. The result is a system that not only keeps people safe but also supports better day-to-day decisions across departments. Saving time through automation Automation is one of the most immediate ways to boost ROI. Instead of requiring human intervention for every task, modern access control systems can trigger automatic responses based on predefined rules or “threat levels.” For instance, when the last employee badges out for the day, the system can put HVAC and lighting into energy-saving mode. When the first person badges in the next morning, alarms can automatically disarm. Event-based scheduling can also make life easier during special activities. In a multi-tenant facility, elevators can be programmed to require credentials only after business hours. Automation also simplifies compliance. If an employee’s certification expires or a background check lapses, access can be automatically suspended until the records are updated. This helps organisations meet regulatory requirements without the need for additional paperwork or manual oversight. Streamlining operations and user management Legacy access control systems often rely on manual updates and disconnected tools. That can slow down onboarding, increase administrative work, and create inconsistencies that put security at risk. Modern access control systems bring all cardholder management into a single interface. Temporary credentials for contractors can be issued automatically based on their responsibilities and revoked when contracts end. When employees leave, their access rights can be removed immediately when HR updates the database. Reduce the risk of outdated permissions The same infrastructure can support mobile credentials, biometrics, or role-based access rules that adjust automatically as employees change departments. These access rules reduce the risk of outdated permissions while minimising help-desk requests and badge printing costs. And because a unified system ties together access control, video, and intrusion detection, operators can respond faster to alerts Flexibility that protects long-term investments Budget is often the biggest concern when upgrading access control infrastructure. Yet postponing modernisation can end up costing more. Legacy systems are often built on proprietary technology that limits compatibility with third-party devices and makes repairs or expansions difficult. Modern, open architecture systems offer a better path forward. They give organisations the freedom to choose from a broad ecosystem of hardware and integrations, extend the life of existing investments, and avoid being locked into a single vendor. This approach provides technical and financial flexibility, ensuring systems can adapt as needs change. Advantage of automatic updates Deployment choice is another way to protect value. Some organisations prefer to keep their systems entirely on-premises. Others move certain functions to the cloud to reduce maintenance and take advantage of automatic updates.  With flexible deployment options, teams can modernise at their own pace, reuse existing infrastructure, and decide which workloads make the most sense to move to the cloud. Building a foundation for future growth Access control systems are becoming central to how organisations manage not just security, but also daily operations. A unified, data-driven approach helps break down silos between departments and creates a shared source of truth. For facilities teams, that might mean more efficient use of space and resources. For HR, it means accurate attendance data and smoother onboarding. Cybersecurity posture and simplified maintenance For IT and security, it means a stronger cybersecurity posture and simplified maintenance. When all these functions work together, the ROI becomes clear: lower operating costs, greater visibility, and improved user experience. For organisations in the Middle East, modern access control is therefore not only about protecting people and assets, but also about supporting national and regional ambitions around smart cities, sustainability, and world-class visitor and employee experiences.

The client, a large telecommunications provider, had teams working across multiple time zones and operated a sprawling and complex IT system. The scale and density of this system made gaining visibility into IT services extremely difficult, leaving the security team blind to what was happening with its IT environment. With little-to-no operations monitoring tools in place to proactively monitor these systems, the team had no visibility on the availability of its IT services or KPIs, such as failure rates, send request times, and response times. This lack of oversight made it difficult for the team to prioritise issues — and nearly impossible for them to find the root cause of any problem. Proactive measures Without the ability to investigate the source of issues, the team was unable to take proactive measures to prevent them from reoccurring, severely impacting service performance. This was not only a problem for IT teams, but also for executives, who lacked the insight into IT business operations that would help them make decisions. The solution The company needed a solution that would map KPIs to critical service components, enabling the operations team to effectively drill down into issues in real time and conduct in-depth investigations to find resolutions. RiverSafe had previously implemented Splunk Enterprise Security for the customer and given the success of the implementation and the positive client feedback on the platform, RiverSafe was again engaged to deploy Splunk’s IT Service Intelligence (ITSI) tool to help it tackle its visibility problem. Data collection metrics Splunk ITSI uses machine learning to analyse existing data and predict future issues. As well as forecasting potential services bottlenecks, it can also troubleshoot problems and help users resolve issues fast. Delivering comprehensive monitoring across the entire IT environment, Splunk ITSI would also give the team full observability of their IT infrastructure. In particular, the engineering team wanted to gather metric data relating to the Kubernetes platform. RiverSafe reconfigured and implemented data collection metrics used elsewhere in the IT environment in Splunk to allow engineers to collate and access this information from different data sources in one place. The outcome: Actionable insights in days, not weeks In less than a week, the RiverSafe team implemented Splunk ITSI and began running monitoring services. With data from existing KPIs already indexed by the Splunk platform, the team are now able to access service insights even faster. These KPIs allow the operations team to identify trends, detect patterns, and proactively address any anomalies that occur before issues arise. Instant visibility with glass table visualisations To enable rapid and proactive issue resolution, RiverSafe implemented custom glass table visualisations in Splunk ITSI. This enables the team to navigate large volumes of data and reduce the time needed to identify and resolve problems. This simple and accessible dashboard gives the team an instant, digestible overview of its web portal performance metrics. These KPIs included the number of open tickets and failed login attempts, memory usage, API call success rates, average response times, and overall health of container services. Event analytics in Splunk ITSI As a result of RiverSafe’s work, the team has been able to centralise events from all its previously siloed solutions into a single interface with Splunk ITSI. The event analytics in Splunk ITSI help to prioritise responses and react more quickly to customers’ infrastructure events, empowering them to provide a better service. This is thanks in part to Splunk ITSI’s ability to identify and filter out false positives from the event management process. Excluding these invalid events reduced the total event volume by 40%, helping operators focus on the events that really matter. With fewer events to process, a single interface to work from, and a streamlined event analytics framework in Splunk ITSI, operators now process events eight minutes faster on average. This boost in efficiency has led to a major improvement in the company’s SLA performance. Best practices for using Splunk ITSI Overall, Splunk ITSI has delivered enhanced operational visibility, meaning the team can locate bottlenecks in workflows quickly and deliver fast recovery and troubleshooting solutions. Along the way, RiverSafe also provided best practices for using Splunk ITSI and recommended the most effective ways to collect data, including proposing an alternative metric type that would save on storage space when collecting logs.

In the wake of a significant merger between two major telecommunications companies, the client, a newly formed telecom giant was looking to unify and modernise security operations across the entire organisation. The merged entity needed to increase asset visibility for its critical business operations, reduce the sprawl of security tooling, and unify its systems. Additionally, the company was looking to improve its overall monitoring capabilities while addressing a substantial amount of technical debt that had accumulated both pre- and post-merger. This transformation would not only optimise operations but also ensure continued compliance with industry regulations. Recognising the complexity of this project, the client decided to bring on RiverSafe due to the specialised expertise and experience with SOC and SIEM transformation projects. The solution The programme of work began with a series of collaborative workshops, fostering a deep understanding of the company’s vision for its future security landscape. During this discovery stage, the RiverSafe team uncovered 12 legacy SIEMs existing within the organisation. They began by consolidating a major cloud-based security platform, evolving it from three separate instances to a single, unified platform. This consolidation included integrating cutting-edge single sign-on capabilities, incorporating new data sources, and seamlessly migrating existing data parsers, dashboards, and lookups. Data management and routing To enhance data management and routing, RiverSafe implemented Cribl, a sophisticated data streaming platform. This allowed for efficient routing of data feeds to multiple destinations and enabled complex data transformation operations, providing the telecom company with greater flexibility and control over its data. The RiverSafe team further identified an opportunity to optimise the existing SIEM infrastructure and devised a strategic plan to consolidate operations onto two robust platforms: a cloud-based security operations platform for general use, and an on-premises SIEM solution to meet specific regulatory compliance requirements. The outcome The impact of this transformation was substantial. By optimising its SIEM platforms, the telecom company significantly improved its operational efficiency and security visibility. The streamlined infrastructure opened up new avenues for automation and data enrichment, further enhancing the company’s security capabilities. The implementation of the data streaming solution not only improved data routing efficiency but also led to substantial cost savings in licensing fees. Beyond these immediate benefits, the transformation laid the groundwork for future innovations through increased automation potential. It also further strengthened the company’s compliance with industry regulations and enhanced its overall security posture and monitoring capabilities.

The client, a pioneering Oil and Gas company, had formed a large central IT capability after many years of mergers and acquisitions. The team had an established on-premise capability, but it was made up of multiple siloed teams and disjointed processes. The company had been progressing a modernising cloud-first approach but had duplicated the organisational and process-based model they had on-premise during the process. Business-focused development teams The resulting cloud offering improved provision times from 4-6 months to 4-6 weeks but there were still huge inefficiencies that were limiting the ability of business-focused development teams to deliver value quickly. The head of the trading division product development teams asked RiverSafe to provide a secure, resilient, consistent and scalable solution that would empower developers in their business segment. Customer requirements The customer requirements were: To be able to provision our own ‘infrastructure’ without relying on handoffs to multiple teams. To accelerate the infrastructure process. “We want hosting of services in minutes not weeks.” To improve our time to market for our products. To minimise downtime. To be able to experiment. All of this with higher levels of embedded security, higher quality and higher resilience. The solution RiverSafe was engaged to help resolve these frustrations and pain points through the implementation of a DevOps approach. They started by value-streaming the existing process, creating automation to replace manual processes, and sizing the application estate to determine what their application needs were. They chose a kubernetes cluster as our target architecture. In this instance, Openshift was the best fit for their needs as most of the existing application estate uses RedHat products. They worked in two teams – one building the ‘platform’, one building a pipeline that could deploy assets into the platform in a secure manner. The platform team The container platform team delivered a platform that had high availability embedded. This provided the capability to significantly reduce downtime by allowing Kubernetes and the terraform modules to scale up and down nodes, pods, and routes automatically based on events occurring within and outside the cluster. Chaos testing was embedded to ensure that previously catastrophic events could be created to ensure service architecture could accommodate these failures within the stated non-functional requirements. The pipeline team In the previous working model, developers were using various tools, leading to a lack of control, and making the overall management of the process very difficult. To resolve these issues, the pipeline team delivered a reference Continuous Integration & Continuous Delivery (CICD) pipeline. This included all the DevOps best practices and ensured fully automated build and deployment flow through environments to production, including security scans, testing and automated change processes. New users with a new pipeline With this pipeline, developers can quickly and easily provision services and components for their applications in just seconds (rather than weeks). Developers have the assurance that they are consistently delivering compliant and tested code which has undergone stringent security scanning at each stage of the process. The team also worked to automate the automation. They built a self-service process to allow new users with a new pipeline along with automatic onboarding to all of the DevOps tool chain. This includes accounts and permissions allocated within the container cluster stored in a secrets vault. Where this process for onboarding new teams and users used to take four weeks it now took 30 minutes. Initial proof of concept and implemented changes This new approach is repeatable and consistent and ensures that new team members and projects have the tools they need right from the start, without unnecessary delays or wait times. It also means that if changes to a particular tool are needed, these can be rolled out to all existing teams with minimal impact on project timelines. With each of these solutions, we started with an initial proof of concept and implemented changes in a small area, iterated to make sure we improved, and then rolled out to the wider business, improving all the time. The outcome The impact on the business of these changes has already been huge. The previous time wasted for developers to get the tools and provisions they needed has been eliminated with infrastructure able to be spun up in seconds and new developers able to start building code in under 30 minutes (as opposed to several weeks).  Over the course of the project, this has meant a saving of more than 25,000 engineering days to date. The standardisation has meant that managing the software delivery process has become much easier. Prior to the introduction there were numerous support requests to the tools and platform teams due to software build issues. We provide well-documented standards and, as everyone was working on the same pattern, the technology transfer across the organisation was vastly improved. Impacting container platforms and tooling As a result, all of these support requests stopped and the teams could focus on the operational incidents impacting container platforms and tooling. Currently, 735 services have been onboarded, which spanned 56 projects and 1074 repos. The pattern was applied to 1608 pipelines and those pipelines were run 235,000 times. But key for the business has been the cost savings, which so far have amounted to over £17m over a three-year period. And are still increasing as this is rolled out further within the business.

Working in the heavily regulated and frequently targeted financial services industry, the client (a global financial services group) needed to ensure its cybersecurity posture was extremely robust to protect its infrastructure and customer data from threats. The previous threat detection solution posed challenges, notably with a high volume of false positives. Without a robust SIEM tool and relying on less effective UEBA processes, the team recognised the need to fortify its security framework to align with their stringent standards. Another key area of focus was enhancing visibility within their security infrastructure. The existing setup presented an opportunity for improvement in consolidating monitoring capabilities into a unified interface. Additionally, the team wanted to enhance oversight of active directory actions, specifically addressing enumeration attacks, and monitoring the controlled export of company data by internal users. The solution Brought in to increase visibility and reduce overall risk, RiverSafe suggested they implement Exabeam, which would provide the company with all the best-in-class UEBA tools needed. RiverSafe suggested Exabeam due to the platform’s efficient data processing, simple architecture, scalability, and ease of deployment. The off-the-shelf content within Exabeam’s UEBA dashboards and reporting tools offered another key benefit, giving the security team access to data pre-built models and statistics that would allow them to start monitoring and flagging events immediately. Finally, Exabeam’s smart timeline feature that merges all user activity into one stream would address the visibility issue. Security and monitoring purposes With the client ready to implement, RiverSafe deployed Exabeam on their AWS Environment following best practice guidelines. The team mapped out relevant log sources for the system, and onboarded all data streams, filtering and fine-tuning everything to ensure any information being ingested was relevant for security and monitoring purposes. RiverSafe then developed and deployed use cases scoped out in partnership with the client, helping them to get maximum value from their Exabeam implementation. This documentation included custom roles, models and parses, as well as other quality of life improvements, additional search filters, and guidance on maintenance and monitoring techniques. The outcome The client now has an established monitoring workflow for its security team that’s baked into their day-to-day tasks. The team can monitor the entire environment quickly, and has significantly reduced the time it takes to assess threats like phishing and brute force attacks, and investigate unusual internal behaviours. Following RiverSafe’s advice, the client has been able to scale its Exabeam solution by accessing the right hardware required to run the product efficiently. Data loss and maintaining data integrity Noise from the SIEM has been reduced thanks to the optimisation work conducted on log source onboarding. This has resulted in less complexity, fewer false positives, and easier access to the precise information that the team really needs. The security team now has visibility into email, endpoint, active directory, and web activity, and is able to monitor these frequently targeted areas for suspicious events and behaviour. This visibility now also extends to file activity, protecting the company from potential data loss and maintaining data integrity. Managing security data and identifying trigger points Siloes have been eliminated, with security insights now located in a single repository for maximum perceptibility. From server performance to traffic flows, whatever’s happening across its pan-global regions, the security team know about it. Exabeam has equipped the team with a simpler, more effective way of managing security data and identifying trigger points—resulting in a 30% reduction in time spent on threat hunting.