Risk
9/25/2008
10:00 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Envysion Makes A Strong Case For Managed Video As A Service

Tests show the package is versatile enough to use for far more than monitoring PoS.

Envysion aims its managed video as a service video-monitoring and storage application at management, marketing, and loss prevention, but we found the service a valuable security tool beyond those applications.

The versatility of Envysion's digital video recorder and Web-streaming service means companies can use managed video as a service instead of investing time and money building or expanding an in-house closed-circuit television-DVR system, with all the attendant hardware, throughput, power, and storage problems.

In fact, the more we tinkered with the Envysion framework, both in our test area and in several real-world businesses, the more places we could picture it in use for secure, managed video.

Using Envysion's administration panel, the system subscriber can build user accounts and set up a variety of parameters for each DVR-camera combination from anywhere, via the Internet. In tests, the suite enabled us to connect from an office setting, a residence, an ice cream shop offering free Wi-Fi, and the waiting area at the local airport to monitor our locations.

THE UPSHOT
CLAIM:  Envysion's video-monitoring and storage application aims to put low-cost, secure, managed video within reach of any company that has an area to observe, and enables monitoring from anywhere via the Net. Managed video as a service lets companies--especially those with multiple sites--easily expand video monitoring and storage without the expense of in-house setups.

CONTEXT:  Envysion is unique in that it offers turnkey, quickly installed video services to customers that need to see all of their sites through a common portal. A secure GUI aggregates locations' video into common views in ways that competitors--traditional closed-circuit TV-DVR vendors--can't.

CREDIBILITY:  Envysion's new video management framework is impressive, although the system has some weak links, including limited browser options and no audio. Still, Envysion's video service could find a place in marketing, human resources, security, loss prevention, and other aspects of almost any organization that uses Internet Explorer.
The service includes powerful integration with point-of-sale terminals and a variety of configurable alarms and other triggers. Recording can be activated by alarm inputs, access card swipes, and other "triggers," including door security and building alarms.

The Envysion system does have some weak links--most notably, its Microsoft Internet Explorer-only requirement. The insistence on IE means that managers who live off their iPhones or the like are out of luck, even though these devices often handle other streaming video adequately. In addition, we couldn't hear what was going on because it lacks audio. Envysion says it's beta testing audio capabilities.

CUT TO THE CHASE
Of course, no one can stay glued to the stream waiting for something to happen. Fortunately, Envysion's DVR makes it easy to sort through recorded video. Users can view happenings via time and date go-to searches, or define an area of any display and search for motion in that zone over a defined time period. Clips can be bookmarked on the Web portal for easy access or downloaded to a local PC.

Installing the equipment is simple, and the Envysion DVR accommodates a variety of camera options. Any number of employees can use the system. The company manages user rights, but the process is quick. Prices range from $5,170 for a 320-GB DVR (roughly 30 days of storage per camera) and four cameras to $12,000 for 16 cameras and 750 GB of video. Prices include installation and a three-year software license. Sites also can opt for a three-year subscription plan starting at $160 per month for software and storage and a one-time installation fee of $875.

The company offers two tiers of DVR support: bronze, which sends e-mail alarms if service is interrupted, and gold, in which Envysion calls the subscriber.

For security, Envysion says it's compliant with Payment Card Industry Data Security Standards, and its ActiveX viewing plug-in uses a three-way handshake between Envysion's service and the local DVR, employing a one-time-use token that prevents replay (application layer) attacks on video.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Listen Now Botnet Takedowns: Who's Winning, Who's Losing
Sara Peters hosts a conversation on Botnets and those who fight them.