Risk
9/25/2008
10:00 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Envysion Makes A Strong Case For Managed Video As A Service

Tests show the package is versatile enough to use for far more than monitoring PoS.

Envysion aims its managed video as a service video-monitoring and storage application at management, marketing, and loss prevention, but we found the service a valuable security tool beyond those applications.

The versatility of Envysion's digital video recorder and Web-streaming service means companies can use managed video as a service instead of investing time and money building or expanding an in-house closed-circuit television-DVR system, with all the attendant hardware, throughput, power, and storage problems.

In fact, the more we tinkered with the Envysion framework, both in our test area and in several real-world businesses, the more places we could picture it in use for secure, managed video.

Using Envysion's administration panel, the system subscriber can build user accounts and set up a variety of parameters for each DVR-camera combination from anywhere, via the Internet. In tests, the suite enabled us to connect from an office setting, a residence, an ice cream shop offering free Wi-Fi, and the waiting area at the local airport to monitor our locations.

THE UPSHOT
CLAIM:  Envysion's video-monitoring and storage application aims to put low-cost, secure, managed video within reach of any company that has an area to observe, and enables monitoring from anywhere via the Net. Managed video as a service lets companies--especially those with multiple sites--easily expand video monitoring and storage without the expense of in-house setups.

CONTEXT:  Envysion is unique in that it offers turnkey, quickly installed video services to customers that need to see all of their sites through a common portal. A secure GUI aggregates locations' video into common views in ways that competitors--traditional closed-circuit TV-DVR vendors--can't.

CREDIBILITY:  Envysion's new video management framework is impressive, although the system has some weak links, including limited browser options and no audio. Still, Envysion's video service could find a place in marketing, human resources, security, loss prevention, and other aspects of almost any organization that uses Internet Explorer.
The service includes powerful integration with point-of-sale terminals and a variety of configurable alarms and other triggers. Recording can be activated by alarm inputs, access card swipes, and other "triggers," including door security and building alarms.

The Envysion system does have some weak links--most notably, its Microsoft Internet Explorer-only requirement. The insistence on IE means that managers who live off their iPhones or the like are out of luck, even though these devices often handle other streaming video adequately. In addition, we couldn't hear what was going on because it lacks audio. Envysion says it's beta testing audio capabilities.

CUT TO THE CHASE
Of course, no one can stay glued to the stream waiting for something to happen. Fortunately, Envysion's DVR makes it easy to sort through recorded video. Users can view happenings via time and date go-to searches, or define an area of any display and search for motion in that zone over a defined time period. Clips can be bookmarked on the Web portal for easy access or downloaded to a local PC.

Installing the equipment is simple, and the Envysion DVR accommodates a variety of camera options. Any number of employees can use the system. The company manages user rights, but the process is quick. Prices range from $5,170 for a 320-GB DVR (roughly 30 days of storage per camera) and four cameras to $12,000 for 16 cameras and 750 GB of video. Prices include installation and a three-year software license. Sites also can opt for a three-year subscription plan starting at $160 per month for software and storage and a one-time installation fee of $875.

The company offers two tiers of DVR support: bronze, which sends e-mail alarms if service is interrupted, and gold, in which Envysion calls the subscriber.

For security, Envysion says it's compliant with Payment Card Industry Data Security Standards, and its ActiveX viewing plug-in uses a three-way handshake between Envysion's service and the local DVR, employing a one-time-use token that prevents replay (application layer) attacks on video.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3587
Published: 2014-08-22
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists bec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.