Risk
9/25/2008
10:00 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Envysion Makes A Strong Case For Managed Video As A Service

Tests show the package is versatile enough to use for far more than monitoring PoS.

Envysion aims its managed video as a service video-monitoring and storage application at management, marketing, and loss prevention, but we found the service a valuable security tool beyond those applications.

The versatility of Envysion's digital video recorder and Web-streaming service means companies can use managed video as a service instead of investing time and money building or expanding an in-house closed-circuit television-DVR system, with all the attendant hardware, throughput, power, and storage problems.

In fact, the more we tinkered with the Envysion framework, both in our test area and in several real-world businesses, the more places we could picture it in use for secure, managed video.

Using Envysion's administration panel, the system subscriber can build user accounts and set up a variety of parameters for each DVR-camera combination from anywhere, via the Internet. In tests, the suite enabled us to connect from an office setting, a residence, an ice cream shop offering free Wi-Fi, and the waiting area at the local airport to monitor our locations.

THE UPSHOT
CLAIM:  Envysion's video-monitoring and storage application aims to put low-cost, secure, managed video within reach of any company that has an area to observe, and enables monitoring from anywhere via the Net. Managed video as a service lets companies--especially those with multiple sites--easily expand video monitoring and storage without the expense of in-house setups.

CONTEXT:  Envysion is unique in that it offers turnkey, quickly installed video services to customers that need to see all of their sites through a common portal. A secure GUI aggregates locations' video into common views in ways that competitors--traditional closed-circuit TV-DVR vendors--can't.

CREDIBILITY:  Envysion's new video management framework is impressive, although the system has some weak links, including limited browser options and no audio. Still, Envysion's video service could find a place in marketing, human resources, security, loss prevention, and other aspects of almost any organization that uses Internet Explorer.
The service includes powerful integration with point-of-sale terminals and a variety of configurable alarms and other triggers. Recording can be activated by alarm inputs, access card swipes, and other "triggers," including door security and building alarms.

The Envysion system does have some weak links--most notably, its Microsoft Internet Explorer-only requirement. The insistence on IE means that managers who live off their iPhones or the like are out of luck, even though these devices often handle other streaming video adequately. In addition, we couldn't hear what was going on because it lacks audio. Envysion says it's beta testing audio capabilities.

CUT TO THE CHASE
Of course, no one can stay glued to the stream waiting for something to happen. Fortunately, Envysion's DVR makes it easy to sort through recorded video. Users can view happenings via time and date go-to searches, or define an area of any display and search for motion in that zone over a defined time period. Clips can be bookmarked on the Web portal for easy access or downloaded to a local PC.

Installing the equipment is simple, and the Envysion DVR accommodates a variety of camera options. Any number of employees can use the system. The company manages user rights, but the process is quick. Prices range from $5,170 for a 320-GB DVR (roughly 30 days of storage per camera) and four cameras to $12,000 for 16 cameras and 750 GB of video. Prices include installation and a three-year software license. Sites also can opt for a three-year subscription plan starting at $160 per month for software and storage and a one-time installation fee of $875.

The company offers two tiers of DVR support: bronze, which sends e-mail alarms if service is interrupted, and gold, in which Envysion calls the subscriber.

For security, Envysion says it's compliant with Payment Card Industry Data Security Standards, and its ActiveX viewing plug-in uses a three-way handshake between Envysion's service and the local DVR, employing a one-time-use token that prevents replay (application layer) attacks on video.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4403
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

CVE-2012-2930
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

CVE-2012-2932
Published: 2015-04-24
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

CVE-2012-5451
Published: 2015-04-24
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

CVE-2015-0297
Published: 2015-04-24
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.