Great question; not to my knowledge. There would be many false positives, especially as people bring in guests. Sometimes guests get a temp badge; at many companies, they get a sticker to put on their shirt and get tapped in by their host, who is responsible for them.
Rather than building a SOC to look at logs and flag unbalanced entries or similar (which would be very expensive), companies tend to rely on their employees’ vigilance.
I suppose the expense, and the risk in relying on employees, is gonna be quite relative to the organization and its priorities. I wouldn’t imagine setting up a log monitor with some basic monitoring should be that expensive. As someone above mentioned, it’s kind of odd that these systems are so utterly disconnected to the broader IT protocols in so many places. I use a few different RMM solutions that could almost certainly handle the log collection, analysis, and real-time monitoring with alerts and I don’t think it’d take much time/effort to set up. The most critical point would simply be maintaining healthy access controls and avoiding the potential for new potential vulnerabilities.
> I suppose the expense, and the risk in relying on employees, is gonna be quite relative to the organization and its priorities.
Of course. If you work in a SCIF, you're going to have a very different set of rules and experiences than if you work at LiftMaster, if you know what I mean.
> I use a few different RMM solutions that could almost certainly handle the log collection, analysis, and real-time monitoring with alerts and I don’t think it’d take much time/effort to set up.
Right! But someone's gotta watch it. All day, and all the time. If it's sending alerts, who is it sending them to? The same security guard can't be responsible for both watching security monitors and watching or responding to access log issues.
The expense is in the people and maintenance, not in the initial buildout, as is true for many large enterprise initiatives.
> As someone above mentioned, it’s kind of odd that these systems are so utterly disconnected to the broader IT protocols in so many places.
My greatest realpolitik lesson at uni was being assigned parking in an "odd" building's gated parking lot. It was close to my dorm, but required carrying your permit to them, so they could enter you into their system for access.
Cue realization they weren't connected to the main university parking registry.
Cue my not buying a parking pass (a substantial cost, as this was an urban campus) for the next few semesters... as my prior auth continued to work on the gate.
And why would parking police think to check for unregistered parkers in a gated lot?
(As far as I can remember, I still had access ~2 years after graduation, then they finally cleaned up their DB)
Yes, locking people into buildings (which is what you are doing if you need a key to get out, whether it's an RFID badge or a skeleton key) has been illegal since the Triangle Shirtwaist Factory Fire
As I mentioned in a sibling comment, you don't lock them in, you just set off major alarms and send an armed response if the door ever opens without badge activation. This presupposes some things about the facility and the facility operator, though.
But places that actually take access control seriously do implement bidirectional badging, and just opening the door to leave without badging out will send a group of people bearing guns in your direction right away.
You'd think that, but, as someone who did a phyiscal pentest on a prison recently, that's 1000% not the case.
You can set up your access controllers for anti-passback, but, most folks don't, because companies don't want to pay the costs associated for an 'in' reader and and 'out' reader and implement that level of security.
Well, the costs for the 'in' and 'out' reader are really not the major issue for most companies, as you could conceivably set a particular perimeter that cordons of 'secure' from 'not secure' and would only have to configure anti-passback for that perimeter. The real trick (and therefore problem) is in making sure that people do not walk through doors together, that is, making sure that only a single person passes the perimeter for a single access request. Single-person passages are way more costly than the readers, and have the additional problem of not allowing all that many people to pass per hour. That means that you may even need multiple for a given people flow. And that's leaving aside the convenience issues.
I used to work on such systems in another life, we could setup antipass back for a gate or area. I believe we could also put a temporal restriction but my memory is a bit fuzzy.
I don't think the contention was that the feature or ability doesn't exist, but rather that companies choose not to do it. When you worked on those systems - did you set up anti-passbacks?
Yes, it was in France and related to security, we had to ensure that the area antipass back was working properly, there were several areas where "random" entry was highly prohibited (let's say live shows).
Recently I worked for a bank where they had different types of entry airlocks, it was a bit a pain, especially the multiperson ones.
That would be a terrible user experience. Most places are not diligent about ensuring each employee separately badges past a barrier. Common to hold the door for Bob while he is juggling a coffee. Boom, missed badge swipe and now things are forever imbalanced.
Notably Apple expects each person to badge in. Google does not, and it is pretty easy to follow a group of people in to a building, but you cannot do that at Apple.
Because nobody has ever jumped over one of those or triggered the motion sensor on the other side of those paddle gates or gone around the side or underneath...
I know many companies I worked for in CA and CO did that at least for their parking garage gates but NOT for their building control readers, even though it was the same badge.
E.g. if "John" badges in... and then 10 minutes later "John" badges in again...
Will most systems complain?