Risk
9/25/2008
10:00 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Envysion Makes A Strong Case For Managed Video As A Service

Tests show the package is versatile enough to use for far more than monitoring PoS.

Envysion aims its managed video as a service video-monitoring and storage application at management, marketing, and loss prevention, but we found the service a valuable security tool beyond those applications.

The versatility of Envysion's digital video recorder and Web-streaming service means companies can use managed video as a service instead of investing time and money building or expanding an in-house closed-circuit television-DVR system, with all the attendant hardware, throughput, power, and storage problems.

In fact, the more we tinkered with the Envysion framework, both in our test area and in several real-world businesses, the more places we could picture it in use for secure, managed video.

Using Envysion's administration panel, the system subscriber can build user accounts and set up a variety of parameters for each DVR-camera combination from anywhere, via the Internet. In tests, the suite enabled us to connect from an office setting, a residence, an ice cream shop offering free Wi-Fi, and the waiting area at the local airport to monitor our locations.

THE UPSHOT
CLAIM:  Envysion's video-monitoring and storage application aims to put low-cost, secure, managed video within reach of any company that has an area to observe, and enables monitoring from anywhere via the Net. Managed video as a service lets companies--especially those with multiple sites--easily expand video monitoring and storage without the expense of in-house setups.

CONTEXT:  Envysion is unique in that it offers turnkey, quickly installed video services to customers that need to see all of their sites through a common portal. A secure GUI aggregates locations' video into common views in ways that competitors--traditional closed-circuit TV-DVR vendors--can't.

CREDIBILITY:  Envysion's new video management framework is impressive, although the system has some weak links, including limited browser options and no audio. Still, Envysion's video service could find a place in marketing, human resources, security, loss prevention, and other aspects of almost any organization that uses Internet Explorer.
The service includes powerful integration with point-of-sale terminals and a variety of configurable alarms and other triggers. Recording can be activated by alarm inputs, access card swipes, and other "triggers," including door security and building alarms.

The Envysion system does have some weak links--most notably, its Microsoft Internet Explorer-only requirement. The insistence on IE means that managers who live off their iPhones or the like are out of luck, even though these devices often handle other streaming video adequately. In addition, we couldn't hear what was going on because it lacks audio. Envysion says it's beta testing audio capabilities.

CUT TO THE CHASE
Of course, no one can stay glued to the stream waiting for something to happen. Fortunately, Envysion's DVR makes it easy to sort through recorded video. Users can view happenings via time and date go-to searches, or define an area of any display and search for motion in that zone over a defined time period. Clips can be bookmarked on the Web portal for easy access or downloaded to a local PC.

Installing the equipment is simple, and the Envysion DVR accommodates a variety of camera options. Any number of employees can use the system. The company manages user rights, but the process is quick. Prices range from $5,170 for a 320-GB DVR (roughly 30 days of storage per camera) and four cameras to $12,000 for 16 cameras and 750 GB of video. Prices include installation and a three-year software license. Sites also can opt for a three-year subscription plan starting at $160 per month for software and storage and a one-time installation fee of $875.

The company offers two tiers of DVR support: bronze, which sends e-mail alarms if service is interrupted, and gold, in which Envysion calls the subscriber.

For security, Envysion says it's compliant with Payment Card Industry Data Security Standards, and its ActiveX viewing plug-in uses a three-way handshake between Envysion's service and the local DVR, employing a one-time-use token that prevents replay (application layer) attacks on video.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5208
Published: 2014-12-22
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbit...

CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8896
Published: 2014-12-22
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify ...

CVE-2014-8897
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

CVE-2014-8898
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.