Cyber Security, or ‘the security of your security’ as some in the industry are calling it, has been a hot topic in our industry for some time now. Initially it was just another buzz word like IoT or Big Data, but it seemed to begin materializing into video surveillance products in 2016.
When we went from analog cameras to IP cameras, just like going from PBX phone systems to Voice over IP phones, we essentially ended up with a bunch of small computers sitting on our customers’ networks. Most IP cameras make use of Linux-based operating systems running on embedded computers, so they’re all likely to have some basic network security functionality inherited from Linux like the Iptables firewall.
To differentiate themselves, manufacturers began trying things ranging from bundled antivirus software to network switch integration for controlling port security to add cyber security value to their product offerings. It was great to see the industry taking steps toward incorporating cyber security into their network-connected products, but most were releasing products or features that only addressed one aspect of cyber security. As any cyber security practitioner will tell you, a holistic and layered approach to security is required for any degree of success (if you really like reading about security, do a quick search for ‘Defense in Depth’).
2018 seemed to be the year that the industry started taking this concept seriously, with most enterprise Video Management System software manufacturers releasing Security Hardening Guides. These guides are meant to assist customers in implementing cyber security best practices to ensure their products are configured securely. Although these guides are written around a specific product, they typically address a variety of common security concerns from least-privilege user permissions to operating system updates and firewall settings. Even though some may view these guides as ‘just documentation’ rather than a new feature, implementing recommendations made by these guides will likely have more impact on an organization’s security posture than a bell or whistle that only addresses one aspect of security (or one layer of the ‘OSI model’, which you can also look up if you didn’t find enough to read on ‘Defense in Depth’).
The number of network-connected devices grows daily, as well as the amount of information available to management software. Video analytics aren’t useful if they don’t help the user make sense of all of the information available to them, and the same is true for cyber security products and tools. I look forward to seeing these products evolve to provide more meaningful and actionable cyber security information to our customers, but in the meantime be sure to consider reviewing your product’s Security Hardening Guide next time you’re looking for some reading material!