Emphasising proactive rather than reactive security shifts the focus from dealing with crises and damage control to prevention. Advantages of a proactive approach include cost efficiency, better business continuity, and fewer crises that draw attention away from strategic improvements. Staying ahead of threats is a core mission of the security department, and technology has evolved to enable security professionals to deliver on that mission better than ever. We asked our Expert Panel Roundtable: How are security systems transitioning from reactive to proactive, and what is the benefit?

Multiple technology trends are transforming the physical access control market. There is a fundamental shift away from physical cards and keys toward digital identities — mobile credentials, digital wallets, biometrics, and cloud-native access platforms. These next generation access solutions are radically reshaping how buildings operate, protect staff, and perform functionally. At the same time, AI and analytics solutions are being layered onto these physical access control systems to support predictive threat detection and behavioural insights. Access data itself is becoming an asset for sustainability, space optimisation, and smart building initiatives. Risk, impact operations and experience The annual HID Global Security and Identity Trends Report highlights these and other issues The annual HID Global Security and Identity Trends Report highlights these and other issues. The survey cites improving user convenience as a priority for nearly half of organisations, while 41% are focused on simplifying administration, and 28% struggle with system integration. These are not theoretical challenges, they are day‑to‑day friction points that add cost, increase risk, impact operations and experience, and, of course, must be addressed. HID Global’s commercial focus HID Global’s commercial focus is to help organisations digitise their access control — with mobile identities, biometrics, and cloud platforms — and then to use the data to deliver more value. “We are turning access control from an operational cost into a software-driven asset that improves efficiency, supports Environmental, Social, and Governance (ESG) goals and even creates new revenue opportunities,” says Steven Commander, HID Global’s Head of Consultant Relations. The impact of digital transformation Digital transformation is the method of moving access control from hardware and physical credentials Digital transformation is in the process of moving access control from hardware and physical credentials to a software-driven, integrated experience. The transformation strengthens security while also improving user convenience — transforming the “pavement to the desk” journey. HID enables this shift through mobile credentials, biometrics, cloud-native platforms, and solutions that allow third-party applications to run on door hardware. “This helps customers turn access data into operational and commercial outcomes, while also improving the overall user experience,” says Commander.  Digital transformation in access control is not focused on chasing the latest trends. Rather, transformation is about turning software, data and integration into outcomes that matter to customers, says HID. “Security becomes stronger and more adaptive,” says Commander. “Operations become simpler and more cost‑effective. Experiences become seamless and consistent. Sustainability moves from ambition to action. And the financial case becomes clearer as efficiencies are banked and new value streams emerge.” The challenge of futureproofing with long lifecycles Given that physical security technologies will be in place for 15 to 20 years, it is important to plan for how systems can evolve over time. Considering how rapidly security threats, compliance standards, and user expectations change, 15 to 20 years is a long time. The decisions made at the beginning of a system’s lifecycle can either limit flexibility later (which will be costly) or enable long-term adaptability. Support for open standards such as Open Supervised Device Protocol (OSDP) is therefore important Choosing products and platforms that are open, interoperable, and designed for updates can enable future-proof projects. Support for open standards such as Open Supervised Device Protocol (OSDP) is therefore important.  In addition, systems built on open controller platforms — such as Mercury — enable organisations to switch software providers or expand functionality without replacing core door hardware. Architectural openness is key to system lifecycles and maximising the return on investment (ROI) from a chosen solution. Digital credentials and mobile access Flexibility and upgradeability should also be top of mind when it comes to endpoints like access control readers. While RFID cards are still commonplace, there is a clear trend toward digital credentials and mobile access. Readers that support both allow organisations to transition at their own pace, without committing to a full system overhaul. A long system lifecycle does not mean technology should remain static. Security, particularly cybersecurity, demands more frequent updates. Technologies that support firmware upgrades in the field extend the value of a deployment while helping organisations keep pace with emerging threats. In that sense, lifecycle thinking is not just about longevity — it’s about maintaining resilience and readiness over time. Applying biometrics and mobile identities Biometrics is becoming mainstream as a credential alternative, strengthening security without adding friction Biometrics is becoming mainstream as a credential alternative, strengthening security without adding friction. Many organisations are now deploying biometrics to support fast, seamless access journeys, with adoption already around 39% in access control according to HID’s recent research.  In addition, 80% of organisations surveyed expect to deploy mobile identities within the next five years. Full technology integration enables tap‑to‑access without opening an app; the user journey becomes faster, safer, and more convenient. “It is where the industry is headed and we are at the vanguard of this,” says Commander.    Ongoing challenge of cybersecurity At HID Global, cybersecurity is embedded into everything, from corporate processes and development practices to the solutions they bring to market. “Our approach ensures that customers can strengthen their overall security posture, not only by deploying secure products but by benefitting from HID’s commitment to the highest industry standards,” says Commander. HID holds multiple globally recognised certifications, including ISO 27001, ISO 14298, SOC Type 2 and CSA STAR, which demonstrate their robust information security and cloud security practices. In addition, HID’s SEOS® secure chipset is independently SEAL-certified, providing one of the most advanced levels of protection available on the market today. “Ultimately, this means organisations are not just purchasing isolated secure products; they are implementing solutions developed and delivered within a comprehensive, cybersecure framework,” says Commander. “When deployed according to best practices, HID solutions enable customers to achieve the highest levels of resilience against evolving physical and cyber threats.” Developing green and sustainable solutions A huge amount of waste is generated from the manufacture of plastic RFID access cards Digital credentials align with the sustainable solutions that everyone wants. A huge amount of waste is generated from the manufacture of plastic RFID access cards. Over 550 million access cards are sold annually. This creates 2,700 tons of plastic waste and 11,400 tons of carbon, based on a PVC card weighing 5 grams.  Therefore, digital credentials self-evidently reduce the reliance on plastic cards (helping reduce carbon emissions by up to 75% according to HID’s research), while leveraging access control system data supports energy optimisation by shutting down or reducing systems in unused spaces. Energy use and CO₂ emissions can be cut dramatically, showing how access systems can contribute to sustainability goals and green building certification. What is the latest in smart buildings? Smart buildings increasingly rely on mobile access control as the backbone for digital services. Real-time access data enables new services such as automated room bookings, HVAC control, lift/elevator calling, e-bike hiring, and so on. Smart buildings increasingly rely on mobile access control as the backbone for digital services The financial upside is clear; smart, digitally transformed buildings can deliver around 8% higher yields per square foot versus traditional office space. Operational savings accrue from reduced administration, the removal of card production and shipping, and lighter IT support. This creates a value cycle — better experiences drive adoption, adoption fuels monetisation, and monetisation funds further improvements. Achieving technology impact in the real world One standout project is One Bangkok – a $3.9 billion mixed used development in Thailand – which demonstrates the scale of what can be achieved when access control data is used for optimisation, particularly when it comes to monitoring facilities usage and occupier behaviours. By switching lights off or lowering the temperature in unused rooms, for example, the One Bangkok building demonstrates this potential with a 22% reduction in energy consumption, saving 17,000 MWh and 9,000 tons of CO₂ annually.  Sustainability is a key factor in contributing to how properties are valued. And sustainability extends far beyond digital credentials having a lower environmental impact than plastic cards.  Buildings with recognised sustainability certifications often command rental premiums of around 6%, and three‑quarters of security decision‑makers now consider environmental impact in their procurement assessments.

ISC West 2025 in Las Vegas showcased the latest advancements in security technology, offering security professionals a glimpse into the future of the industry. This year's expo highlighted the growing influence of artificial intelligence (AI), cloud computing, and enhanced integration. The pioneering comprehensive and converged security event attracted nearly 29,000 industry professionals to the Venetian Convention Centre.  Integration into unified platforms Several companies emphasised the importance of cloud-based solutions and the integration of diverse security components into unified platforms. For example, Brivo's Security Suite provides “everything in one platform” – not just access control. Customers only pay for what they use because the system is flexible and scalable from a single door to enterprise level applications. Brivo’s suite includes video, but the system can also tie in with third-party “partners.” Genetec's Security Centre allows for more frequent updates through the cloud. Milestone is undergoing a two-year transition to bring its Xprotect system into the future by incorporating Arcules and Briefcam into a video-as-a service product. Suprema introduced BioStar X, which integrates access control and video analytics into a single platform. AI and mobile credentials  Axis Communications’ Cloud Connect product announced three new partnerships at ISC West 2025 Axis Communications’ Cloud Connect product announced three new partnerships at ISC West – Eagle Eye Networks, SecuriThings, and Wesco. They join the three partners announced during the first year of Axis Cloud Connect – Genetec, Kone (elevators) and Milestone. AI and mobile credentials were still hot topics at ISC West 2025, but the conversation has evolved beyond amazement at the technologies’ capabilities and now centres on more practical aspects. From the theoretical to the practical “AI and mobility are still the ‘flavors de jour,’ but messages are evolving to manifest AI for better outcomes,” says Heather Torrey, General Manager, Commercial Security, Americas, for Honeywell Building Automation. The company has reframed its security portfolio to be very building- and business-focused, continuing to grow and evolve after the recent acquisition of LenelS2. “From the theoretical to the practical, we want customers to be part of the conversation so we can deliver AI that is meaningful to them, focusing on what’s most important,” says Torrey. Under Honeywell’s new ownership structure, “each part of the business can be more focused on customers’ needs,” she says. Honeywell continues its journey around mobile access and credentialing and migrating to cloud solutions. Innovations in Access Control Gallagher’s new Quickswitch access control board simplifies the migration from legacy systems Access control remains a critical component of security systems, and ISC West 2025 showcased several innovations in this area. Acre is releasing “Gallery,” its version of the App Store for access control. DormaKaba is launching the Keyscan KC Series door controller with TCP/IP connectivity and enhanced features. Gallagher’s new Quickswitch access control board simplifies the migration from legacy systems. Johnson Controls highlighted its C-Cure command centre and C-Cure IQ web client, offering a unified approach to access control and video. Hardware integrations for security panels For service provider Alarm.com, hardware products prepare a path to greater customer experiences, says Abe Kinney, Alarm.com’s Director, Product Management, who oversees hardware integrations for security panels, sensors, video, etc., and drives new product development. “We are looking to bridge the physical world to digital world,” he says. “We want to bring an advantage to our dealers that they can bring to customers.” Because Alarm.com’s customers pay a monthly fee, the products must be durable and economical, says Kinney. “It should work with no need for truck rolls.” The importance of longevity and flexibility Products are evaluated based on features, price, and ease of installation Products are evaluated based on features, price, and ease of installation. In particular, longevity is important for the Alarm.com’s pro channel. There is also a growing emphasis on deterrence industrywide. Says Kinney: “We recognise that detection is part of it, but we need to prevent problems from happening in the first place. And the industry is re-evaluating.” When it comes to cloud intelligence, Eagle Eye Networks puts the emphasis on flexibility. They offer AI that can perform anywhere on the system infrastructure, on the camera, on their on-site bridge device, or in the cloud. They support their own AI and also any AI product from a third party. “We focus on what customers want from the data AI detects,” says Hans Kahler, Eagle Eye Networks’ Chief Operating Officer. Integration with other systems A timely alert from gun detection could save a life, but AI can also generate information that might be used and analysed later, such as point-of-sale information, dwell time, foot traffic, etc. “What people want is the ability to work with the data for business intelligence,” says Kahler. Integration with other systems provides new opportunities for customers: For example, a licence plate reader at a restaurant drive-thru could trigger customisation of the menu board digital signage based on the customer’s previous buying pattern. Relentless Innovation Assa Abloy handles more than 40 million SKUs for all its various brands, faked in 28 factories in the US Assa Abloy handles more than 40 million stock keeping units (SKUs) for all its various brands manufactured in 28 factories in the United States. Merely complying with regulations such as the “Buy American Act” is a monumental effort considering the massive product line, attendees heard at Assa Abloy’s Annual ISC West Breakfast focusing on compliance challenges in the security market. Meanwhile, back at the trade show booth, Assa Abloy focused on “relentless innovation” in every corner of its product line. Assa Abloy’s message: Innovation in security does not have to be about AI or automation. In fact, inventive approaches to products come in all shapes and sizes and at every level of the product portfolio, and innovation is happening faster than ever. For example, the Safebolt product from Securitech, a brand recently acquired by Assa Abloy, can quickly lock down existing doors with the press of a red button on a cylindrical or mortise lock. Temporary Systems to Secure Events Securing events is the focus of Allied Universal's Unified Command Solutions, which specialises in setting up temporary security systems for conventions, trade shows, festivals, construction sites, parades, and other events. They can add technology to situations where previously mostly security officers were used, providing safety/security and enabling more efficient event operation.  “We can put cameras anywhere, whether they need power or not, use cell service or WiFi, a localised network or the internet, or whatever,” says Andrew LaMadrid, VP, Sales for Allied Universal's Unified Command Solutions. Event operation and management IDIS came to ISC West looking to leverage new products that they did not promote in the past The focus is on easy implementation, flexibility, and fast setup and removal. “We look for a solution to solve each customer’s pain points,” says LaMadrid. They specialise in setting up and deploying surveillance cameras for safety/security and for event operation and management. Mobile surveillance is a relatively new “piece of our puzzle” when it comes to protecting high-profile events. “People are excited about what we can offer that’s new,” says LaMadrid. Unified Command Solutions has been around for about 12 years and was acquired by Allied Universal last summer. IDIS came to ISC West looking to leverage new products that they did not promote in the past, and visitors were very interested in those solutions, says Scott Switzer, IDIS CEO. “The progression of our product line has been tremendous,” he says. Last year, the IDIS booth offered only basic analytics, but this year they had 30 different advanced analytics including gun and aggression detection using the advanced solution “IDIS Vaidio AI.”  What Makes You Different? The most common question IDIS hears at their trade show booth is: “What makes you different?” The answer: They offer an end-to-end solution, including cameras; they manage, control, design from end-to-end; and there is no need for multiple integrations. The time needed to install an IDIS system is significantly less because of the simplicity. “We have customers we have supported and grown together for over 20 years,” says Switzer. The company previously deployed IDIS cameras under the Costar brand before the Korean IDIS brand was introduced into the U.S. (IDIS purchased Costar and changed the name to IDIS America.) “This has been a tremendous show for us; we are looking to build our momentum and let more people know about IDIS,” says Switzer. Managing real AI at the edge The depth of their metadata enables new applications, whether for security or business operations Based in Prague, Czech Republic, and with U.S. offices in Pennsylvania, FF Group provides licence plate recognition for harsh environments. Using Axis cameras, they offer “managed real AI at the edge,” selling through a nationwide distributed network, says Alex Osypov, CEO and Founder of FF Group. Markets include parking lots, cities/municipalities, police, government, water systems, etc. The depth of their metadata enables new applications, whether for security or business operations. They are looking to combine and correlate data including LIDAR, RADAR, etc. to exploit the advantages of “data fusion.” Osypov says: “The market is growing because we are involving other adjacent markets.” Unified platforms and advanced tools Several companies are focusing on enhancing security operations centres (SOCs) by providing unified platforms and advanced tools. Axon’s Fusus system “layers” onto existing infrastructure, tying together various sensors into a single interface for real-time monitoring and information sharing. Increasingly, enterprises have invested in a lot of technologies – ac, video, asset trackers – but none of it talks together. Fusus ties all the systems together so that operators no longer have to look at 10 different screens. Rather, there is a “single pane of glass” that shows everything and facilitates sharing of information with law enforcement.  Motorola also showcased its Security Operations Centre, which integrates hardware, software, smart sensors, communication radios, and broadband devices to streamline incident management.

Physical security technologies are a prominent tool used by correctional facilities to provide a safe, secure, and controlled environment for staff, inmates, and the wider community. Among several functions, security technologies are used to prevent unauthorised access, to detect contraband, to monitor inmate movements and activities, and to protect staff. For security technology manufacturers, integrators and consultants, the corrections market presents distinctive challenges. We asked our Expert Panel Roundtable: What are the unique aspects of the corrections market, and how should the physical security industry adapt?

Allied Universal®, the world’s pioneering security and facility services provider, is one of America’s best workplaces for culture, belonging and community according to Newsweek. The news outlet’s 2025 list of America’s Greatest Workplaces for Culture, Belonging & Community features companies that prioritise culture, foster genuine belonging and build strong communities. Newsweek ranking “This honour is a reflection of the workforce we’ve built on teamwork, collaboration, and mutual respect,” said Allied Universal Global Chairman and CEO, Steve Jones. “We promote a workplace where every team member – no matter their background or experience – feels valued, included, and aligned with our core values.” The Newsweek ranking recognizes U.S. employers with more than 1,000 employees and is based on a national survey of over 2.7 million employee reviews and interviews, plus third-party analysis of leadership, integrity, compensation, and work-life balance.

ZBeta, a pioneer in delivering comprehensive physical security consulting services, now announced the addition of Jim McCormack as Learning and Development Manager. In this role, he will focus on building the company’s commitment to learning, technical excellence, and collaboration. McCormack will shape and oversee ZBeta’s learning and development initiatives, spanning onboarding, career growth, and knowledge sharing. His focus will be on creating programs that scale — helping new hires hit the ground running, supporting ongoing development, and deepening expertise across every corner of the company. Zbeta’s ongoing commitment “At ZBeta, our greatest asset is the collective knowledge and drive of our people,” said Anna Yates, Vice President of Talent and Culture, ZBeta. “Jim’s approach to learning and development will further strengthen our foundation and help us continue to set new standards for client service and performance, and further demonstrate Zbeta’s ongoing commitment to our people and our clients.” Developing talent and driving operational excellence Investing in people and growth sits at the heart of ZBeta’s mission. McCormack’s addition builds on this commitment and deepens its focus on developing talent and driving operational excellence. By nurturing a culture of ongoing learning, ZBeta is redefining what modern consulting means — forward-thinking, collaborative, and always striving to exceed client expectations. Evolving diverse learning, training, and quality programs A strategic and results-driven executive, McCormack brings more than 13 years of leadership experience designing, implementing, and evolving diverse learning, training, and quality programs across global organisations. His expertise spans the full learning lifecycle — from designing comprehensive training programs and implementing global learning management systems to driving leadership development and embedding Diversity, Equity & Inclusion principles into organisational cultures. Prior roles of McCormack Before joining ZBeta, McCormack served as Global Learning and Development Lead for SMB at Accenture, where he oversaw teams across six global locations and implemented standardised assets to foster collaboration and performance excellence. Previously, he held senior training leadership roles at Indeed.com, where he led the financial operations training strategy. McCormack is also the founder of RKW Training, a consultancy specialising in onboarding, management development, and learning strategy design. ZBeta’s focus on people “ZBeta’s focus on people and its culture of continuous learning and collaboration aligns perfectly with my passion for building educational and training ecosystems that empower businesses to grow and thrive,” said McCormack. “By focusing on capability building and knowledge sharing, we can elevate how our teams deliver for clients and for one another.”

March Networks®, a global pioneer in intelligent video surveillance, announces an expansion of its long-standing collaboration with Amazon Web Services (AWS), helping customers reduce long-term video storage costs by up to 80% over 5-years, by deepening its use of Amazon S3 Vectors and Amazon S3 Glacier to advance both video intelligence and cloud storage.   Building on insights and discussions following AWS re:Invent 2025, March Networks is advancing its cloud strategy to bring together fast, scalable video search with cost-efficient long-term video storage. Reducing the cost and operational burden March Networks has relied on AWS for years to deliver secure, scalable solutions across its portfolio. Now, the platform uses Amazon S3 Vectors to power AI Smart Search, enabling natural language search across millions of video images, while Amazon Glacier supports a tiered cloud storage model built for high-volume video archives and long-term retention.  By combining Amazon S3 Vectors with S3 Glacier-backed storage, March Networks helps customers find critical video evidence faster, while significantly reducing the cost and operational burden of storing video for compliance, investigations, and liability protection. This approach is already being adopted by large, multi-site enterprises with extensive video retention requirements.  Long-term video retention requirements “Our customers need simpler, more cost-effective ways to meet long-term video retention requirements without compromising security and compliance – and we’ve just solved that problem,” said Peter Strom, President & CEO of March Networks. “By combining Amazon S3 Vectors for rapid video intelligence with S3 Glacier for cost-effective long-term storage, our partnership with AWS delivers a cloud model that simplifies infrastructure, scales instantly, and lowers total cost of ownership.”  Expanded relationship with AWS Through its expanded relationship with AWS, March Networks delivers:  Faster video investigations using natural-language search powered by Amazon S3 Vectors. Up to 80% lower video storage cost over five years using Amazon S3 Glacier-backed tiered retention. Enterprise-grade durability and resiliency through AWS-managed infrastructure. Instant scalability with no on-premises hardware to deploy or maintain. Hybrid flexibility for customers transitioning to the cloud at their own pace. The continued work with AWS also supports March Networks’ broader initiatives, including the adoption of AWS analytics, Amazon Bedrock to support advanced AI-driven services, and enterprise-grade reporting environments to help customers unlock greater value from their video data. 

Genetec Inc., the pioneer in enterprise physical security software, highlights how modern, data-driven access control is becoming a strategic business priority for organisations in the Middle East, as they look to improve security, efficiency, and return on investment. For many organisations in the Middle East and beyond, access control has long been viewed as a necessary layer of security, providing a means to lock and unlock doors, restrict entry, and track who comes and goes. But in recent years, the role of access control has evolved. Modern access control systems The systems generate a steady stream of data that, when put to work, can deliver far more value than just securing doors. Modern access control systems are smarter, more connected, and capable of delivering measurable business value that goes far beyond physical security. When access control data is unified with other systems, such as video surveillance, HR databases, or business management systems, it can become a valuable source of business and operational insights. It can inform space planning, simplify compliance, reduce administrative overhead, and even reveal opportunities to save energy. Whether they manage facilities, IT infrastructure, or corporate security, modern access control offers a tangible return on investment (ROI). Turning data into operational intelligence Every badge swipe or door event creates data. When analysed, this information can help organisations understand how spaces are used and how people move through them. Dashboards and reporting tools built into a unified access control platform make it easier to visualise patterns and identify opportunities for improvement. These insights are valuable across many industries. In the Middle East, this can range from optimising cleaning and maintenance schedules in shopping malls and office towers, to improving people flow and staffing in hospitals, airports, and government service centres. The result is a system that not only keeps people safe but also supports better day-to-day decisions across departments. Saving time through automation Automation is one of the most immediate ways to boost ROI. Instead of requiring human intervention for every task, modern access control systems can trigger automatic responses based on predefined rules or “threat levels.” For instance, when the last employee badges out for the day, the system can put HVAC and lighting into energy-saving mode. When the first person badges in the next morning, alarms can automatically disarm. Event-based scheduling can also make life easier during special activities. In a multi-tenant facility, elevators can be programmed to require credentials only after business hours. Automation also simplifies compliance. If an employee’s certification expires or a background check lapses, access can be automatically suspended until the records are updated. This helps organisations meet regulatory requirements without the need for additional paperwork or manual oversight. Streamlining operations and user management Legacy access control systems often rely on manual updates and disconnected tools. That can slow down onboarding, increase administrative work, and create inconsistencies that put security at risk. Modern access control systems bring all cardholder management into a single interface. Temporary credentials for contractors can be issued automatically based on their responsibilities and revoked when contracts end. When employees leave, their access rights can be removed immediately when HR updates the database. Reduce the risk of outdated permissions The same infrastructure can support mobile credentials, biometrics, or role-based access rules that adjust automatically as employees change departments. These access rules reduce the risk of outdated permissions while minimising help-desk requests and badge printing costs. And because a unified system ties together access control, video, and intrusion detection, operators can respond faster to alerts Flexibility that protects long-term investments Budget is often the biggest concern when upgrading access control infrastructure. Yet postponing modernisation can end up costing more. Legacy systems are often built on proprietary technology that limits compatibility with third-party devices and makes repairs or expansions difficult. Modern, open architecture systems offer a better path forward. They give organisations the freedom to choose from a broad ecosystem of hardware and integrations, extend the life of existing investments, and avoid being locked into a single vendor. This approach provides technical and financial flexibility, ensuring systems can adapt as needs change. Advantage of automatic updates Deployment choice is another way to protect value. Some organisations prefer to keep their systems entirely on-premises. Others move certain functions to the cloud to reduce maintenance and take advantage of automatic updates.  With flexible deployment options, teams can modernise at their own pace, reuse existing infrastructure, and decide which workloads make the most sense to move to the cloud. Building a foundation for future growth Access control systems are becoming central to how organisations manage not just security, but also daily operations. A unified, data-driven approach helps break down silos between departments and creates a shared source of truth. For facilities teams, that might mean more efficient use of space and resources. For HR, it means accurate attendance data and smoother onboarding. Cybersecurity posture and simplified maintenance For IT and security, it means a stronger cybersecurity posture and simplified maintenance. When all these functions work together, the ROI becomes clear: lower operating costs, greater visibility, and improved user experience. For organisations in the Middle East, modern access control is therefore not only about protecting people and assets, but also about supporting national and regional ambitions around smart cities, sustainability, and world-class visitor and employee experiences.

When it comes to balancing visibility and spending, Security Incident Event Managment (SIEM) licencing models can be somewhat restrictive—something a multinational, born in the cloud technology company was becoming painfully aware of. The organisation wanted to improve its security posture by ingesting more data feeds into its SIEM. However, its cybersecurity team found itself hampered by licence limitations and prevented from feeding in more data by licence utilisation caps. Faced with excessive additional licencing costs, the company needed an alternative solution that would optimise the ingestion of data, reduce licence usage, and boost visibility across its environment—without breaking the bank. Enter Cribl  Looking for the best solution to achieve their data goals, the company reached out to cybersecurity company RiverSafe for advice. Given its ability to optimise, route and enrich data, Cribl was chosen as a possible fit, and RiverSafe began a proof of concept to investigate the potential impact the product could have on the company’s data streams. “We chose four data sources, and deliberately chose some of our most volumetric data sources. We had a success criterion in mind, and that was to send all these data sources to our SIEM environment via Cribl and see what kind of reduction we could get from a percentage perspective,” the head of security programme management said. “It’s seemed to be a very good product and much needed in the marketplace. There are many organisations like us who have the same kind of challenges and the same use case issues, whereby they don’t have the budget or inclination  to spend more and more money on their SIEM.” Instant data ingestion reduction After a successful proof-of-concept, the company opted to implement Cribl Stream. “I know (Cribl Stream) and I knew its capability, so I had an inkling as to what the reduction rate could potentially be. What really surprised me was how easy it was to reduce the data feeds into the SIEM. I was really shocked at how seamless it was to introduce a layer like Cribl to assist with the data optimisation and reduction.” After implementing Cribl Stream as an optimisation layer, the company reduced the amount of data being fed into its SIEM from around 750GB to 450GB. “We were able to reduce our data ingest by about 40%, which matched our original success criteria around the percentage we hoped to reduce the data ingestion by. More importantly, what we were reducing were largely blank fields and null values, content that didn’t feed into our detection rules. We’re able to gain this headroom and cost savings without sacrificing visibility or increasing risk.” Streamlining data ingestion An additional benefit the company experienced post-implementation was streamlined data ingestion. By pointing data through Cribl, the company is able to cherry-pick the data that’s sent to its SIEM, simplifying the onboarding process for new data feeds. “Once we’ve pointed the data to Cribl, we’re able to pick and choose what data we send into the SIEM and what data we don’t. That’s made it a lot more efficient in terms of the way we onboard data, and it’s enabled us to be a lot more granular with the data that we ingest into our SIEM.” Greater scalability With the reduction in data ingestion levels, the company is less likely to run into issues due to SIEM licencing limitations. By employing Cribl to help manage its data, the company hopes to benefit from greater scalability and agility in the future. “Going forward, we’ll have scalability from a visibility and coverage perspective without being constrained by a SIEM licence.” This flexibility is just one of the wide-reaching benefits that the company has experienced since implementing Cribl, and one that’s made a major difference to its operations. “Cribl gives you the flexibility to reduce data ingest, but also the flexibility to be agile and to move your data sources from one environment to another without much configuration. It’s given us the capability to be less rigid in our architecture; that’s been the biggest impact for us.” Significant cost savings Having cut data ingestion by 40% with Cribl Stream, the company is free to load more data feeds into its SIEM without the need to purchase additional licencing capacity. This has not only allowed the company to increase visibility across its digital environment, but also cut down on licencing costs. “Now that we’ve got Cribl in our architecture, we have the ability to ingest more data feeds without having to buy additional licencing—that’s already saved us money. If we didn’t have Cribl, that additional cost would have been between £120,000 and £150,000 per year, on top of what we’re already paying today for our SIEM.” As well as reducing spending on SIEM licencing, the company has been able to cut costs in other areas. “We’re completely in the cloud, so we’re charged for data that we retain for a longer period. Now that we have Cribl, we can send the data that we want to retain to a cheaper storage solution. And with Cribl Replay and Cribl Search, we still have the ability to easily search that data should we need it for audits or incident investigation. That gives us a cost benefit and more flexibility in the long run.” Smarter resource utilisation Cribl is also helping the company put its valuable resources to better use by cutting down on manual data management tasks. Previously, its team had to configure multiple destinations when data was ingested. With Cribl, data from various locations can be ingested once and pointed to numerous locations around the business, eliminating the need for system and platform owners to configure multiple endpoints. FTE effort to implement a data feed “Normally, it would’ve taken us about two days of FTE effort to implement a data feed into Splunk or a similar destination. Since the introduction of Cribl, we’ve cut that down to half a day because now we only need to configure to send to Cribl and Cribl takes care of translating the data into the ideal format for other destinations.” This reduction in time and labour adds up to additional cost savings too. Now, the company can send just the data that’s relevant to a particular end user, rather than shipping the entire data set. This has helped save money on licencing, infrastructure/compute, processing, and effort. “Because we’re a cloud-native organisation, processing costs money—if we’re able to save on that, then we are definitely winning from a cost perspective.”

At the client, a multinational Oil and Gas company, the IT team provides technical support and security reporting to over 7,000 retail sites. Their work includes managing all firewalls, switches, VPNs, servers and network appliances, as well as the challenging job of keeping track of operational and compliance status. Due to limitations with its existing SIEM solution, the team in North America struggled to get full visibility on over 40% of the activities within its PCI environment. This significant blind spot left the company vulnerable and at high risk of data breaches. Not only was gaining a complete overview of PCI activity an issue, but the team also had to undertake hours of manual data processing and other activities. This extra workload was partly a result of poor data structuring within the SIEM solution, making it difficult to search. The solution Having already seen the benefits of using Splunk within its European team, the client opted to implement the platform to improve security and observability in North America. To help deploy the new solution, they commissioned RiverSafe due to their expertise with Splunk to deliver the implementation in partnership with its internal team. With the support of RiverSafe, the team created a bespoke design blueprint and built its own Splunk instance within its private cloud environment. This was a significant step for the team, resulting in previously siloed archive data from 15 data sources and 7,000 websites being stored in one space, and creating a one-stop-shop for PCI compliance officers to access the information they need. As an accredited Splunk partner, RiverSafe was able to deliver expertise in demonstrating PCI compliance, providing the in-house team with the ability to verify compliance by improving data handling and automating reporting. The outcome Since RiverSafe successfully implemented Splunk, the team has gained full visibility into their PCI environment, ensuring the security of their data and improving efficiency around reporting. Now, the team is fully equipped to keep on top of both operational and compliance activities. Benefits achieved by the implementation include: 20-30% reduction of time spent on evidence collection for PCI audit 15-20% reduction of operational admin time through the removal of manual processes 24/7 protection of data and the systems processing it thanks to real-time monitoring and alerting capabilities Visibility on the whole environment Improved ability to mitigate potential fraud and prevent security breaches Instant visibility on PCI compliance across the whole environment Immediate notification of any breaches of PCI compliance requirements

Operating in 26 countries, with partnerships in 55 more, Vodafone is one of the world’s pioneering mobile communications providers. The company made the first-ever mobile phone call on 1 January 1985, and now delivers mobile communications to almost 444 million customers. Jake Francis, Head of Technology Security for the Information Security Technology Group (ISTG) for Vodafone in Ghana, initially approached RiverSafe to help with some log monitoring. Team’s monitoring processes The company had been using Splunk in its environment for two years. While some of Vodafone Ghana’s systems were being analysed by Splunk, many crucial systems including Bluecoat, VPN, email servers, routers and switches and firewall logs were not—leaving blind spots in the team’s monitoring processes and leaving them unable to see the complete picture. “There were gaps or loopholes which create opportunities for theft,” Jake explains. “These can then be easily manipulated by those who understand where they are and how to penetrate them.” Real-time anti-fraud capability Jake added: “Every transaction that goes onto the system needs to be vetted to make sure that it’s a legitimate transaction. This is especially important in Ghana where we operate a prepaid market and need to ensure that authorisation for data and payments are legitimate.” “For example, if a customer has paid for one gigabit of data then this is what should be issued to their account. What we found, however, was that some of the retail shops were raising fraudulent claims. We now have the ability to see this more easily.” Jake realised that Vodafone needed better real-time anti-fraud capability in order to prevent internal fraud between Vodafone’s retail stores and its back office systems. “We found that there wasn’t a Splunk app available to combat internal fraud,” recalls Jake, “and we needed this so that we could effectively reconcile revenue.” The solution To tackle this costly action, Jake again turned to RiverSafe to develop a new anti-fraud app. RiverSafe developed scripts and analytics that would address Vodafone Ghana’s unique needs. This additional layer of checks and balances is particularly crucial in Ghana, where the IT and telco infrastructure is developing and often underserved. RiverSafe also reviewed Vodafone’s existing log management scripts, including configured searches and logic. This data was then mapped to documented use cases and consumer requirement reporting, enabling the company’s Revenue Assurance team could verify revenue growth against usage. The outcome With RiverSafe’s help, Vodafone have now implemented bespoke new criteria, metrics, analytics and reporting around fraud trends. The team now also has access to in-depth forensic data so that the ISTG can assist other departments with any internal fraud issues. “Now I can store all this information in my server and go back and write a script against these logs to find out what’s happened if I believe there’s an issue. This enables us to look out for possible trends and scenarios. Now we’re being proactive, not just reactive, and helping the fraud department with reconciliation and revenue assurance.” Other parts of Vodafone The anti-fraud app is now being rolled out to other Vodafone Ghana offices, with plans to implement it in other parts of Vodafone in Africa and Asia, where there is also a large prepaid market. “RiverSafe helped us to meet our security audit requirements… now we’re being proactive, not just reactive. The team has been terrific and their expertise and support has been second to none,” Jake Francis, Head of Technology Security for the Information Security Technology Group (ISTG) Vodafone.

The client, a large telecommunications provider, had teams working across multiple time zones and operated a sprawling and complex IT system. The scale and density of this system made gaining visibility into IT services extremely difficult, leaving the security team blind to what was happening with its IT environment. With little-to-no operations monitoring tools in place to proactively monitor these systems, the team had no visibility on the availability of its IT services or KPIs, such as failure rates, send request times, and response times. This lack of oversight made it difficult for the team to prioritise issues — and nearly impossible for them to find the root cause of any problem. Proactive measures Without the ability to investigate the source of issues, the team was unable to take proactive measures to prevent them from reoccurring, severely impacting service performance. This was not only a problem for IT teams, but also for executives, who lacked the insight into IT business operations that would help them make decisions. The solution The company needed a solution that would map KPIs to critical service components, enabling the operations team to effectively drill down into issues in real time and conduct in-depth investigations to find resolutions. RiverSafe had previously implemented Splunk Enterprise Security for the customer and given the success of the implementation and the positive client feedback on the platform, RiverSafe was again engaged to deploy Splunk’s IT Service Intelligence (ITSI) tool to help it tackle its visibility problem. Data collection metrics Splunk ITSI uses machine learning to analyse existing data and predict future issues. As well as forecasting potential services bottlenecks, it can also troubleshoot problems and help users resolve issues fast. Delivering comprehensive monitoring across the entire IT environment, Splunk ITSI would also give the team full observability of their IT infrastructure. In particular, the engineering team wanted to gather metric data relating to the Kubernetes platform. RiverSafe reconfigured and implemented data collection metrics used elsewhere in the IT environment in Splunk to allow engineers to collate and access this information from different data sources in one place. The outcome: Actionable insights in days, not weeks In less than a week, the RiverSafe team implemented Splunk ITSI and began running monitoring services. With data from existing KPIs already indexed by the Splunk platform, the team are now able to access service insights even faster. These KPIs allow the operations team to identify trends, detect patterns, and proactively address any anomalies that occur before issues arise. Instant visibility with glass table visualisations To enable rapid and proactive issue resolution, RiverSafe implemented custom glass table visualisations in Splunk ITSI. This enables the team to navigate large volumes of data and reduce the time needed to identify and resolve problems. This simple and accessible dashboard gives the team an instant, digestible overview of its web portal performance metrics. These KPIs included the number of open tickets and failed login attempts, memory usage, API call success rates, average response times, and overall health of container services. Event analytics in Splunk ITSI As a result of RiverSafe’s work, the team has been able to centralise events from all its previously siloed solutions into a single interface with Splunk ITSI. The event analytics in Splunk ITSI help to prioritise responses and react more quickly to customers’ infrastructure events, empowering them to provide a better service. This is thanks in part to Splunk ITSI’s ability to identify and filter out false positives from the event management process. Excluding these invalid events reduced the total event volume by 40%, helping operators focus on the events that really matter. With fewer events to process, a single interface to work from, and a streamlined event analytics framework in Splunk ITSI, operators now process events eight minutes faster on average. This boost in efficiency has led to a major improvement in the company’s SLA performance. Best practices for using Splunk ITSI Overall, Splunk ITSI has delivered enhanced operational visibility, meaning the team can locate bottlenecks in workflows quickly and deliver fast recovery and troubleshooting solutions. Along the way, RiverSafe also provided best practices for using Splunk ITSI and recommended the most effective ways to collect data, including proposing an alternative metric type that would save on storage space when collecting logs.