Risk
9/25/2008
10:00 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Envysion Makes A Strong Case For Managed Video As A Service

Tests show the package is versatile enough to use for far more than monitoring PoS.

Envysion aims its managed video as a service video-monitoring and storage application at management, marketing, and loss prevention, but we found the service a valuable security tool beyond those applications.

The versatility of Envysion's digital video recorder and Web-streaming service means companies can use managed video as a service instead of investing time and money building or expanding an in-house closed-circuit television-DVR system, with all the attendant hardware, throughput, power, and storage problems.

In fact, the more we tinkered with the Envysion framework, both in our test area and in several real-world businesses, the more places we could picture it in use for secure, managed video.

Using Envysion's administration panel, the system subscriber can build user accounts and set up a variety of parameters for each DVR-camera combination from anywhere, via the Internet. In tests, the suite enabled us to connect from an office setting, a residence, an ice cream shop offering free Wi-Fi, and the waiting area at the local airport to monitor our locations.

THE UPSHOT
CLAIM:  Envysion's video-monitoring and storage application aims to put low-cost, secure, managed video within reach of any company that has an area to observe, and enables monitoring from anywhere via the Net. Managed video as a service lets companies--especially those with multiple sites--easily expand video monitoring and storage without the expense of in-house setups.

CONTEXT:  Envysion is unique in that it offers turnkey, quickly installed video services to customers that need to see all of their sites through a common portal. A secure GUI aggregates locations' video into common views in ways that competitors--traditional closed-circuit TV-DVR vendors--can't.

CREDIBILITY:  Envysion's new video management framework is impressive, although the system has some weak links, including limited browser options and no audio. Still, Envysion's video service could find a place in marketing, human resources, security, loss prevention, and other aspects of almost any organization that uses Internet Explorer.
The service includes powerful integration with point-of-sale terminals and a variety of configurable alarms and other triggers. Recording can be activated by alarm inputs, access card swipes, and other "triggers," including door security and building alarms.

The Envysion system does have some weak links--most notably, its Microsoft Internet Explorer-only requirement. The insistence on IE means that managers who live off their iPhones or the like are out of luck, even though these devices often handle other streaming video adequately. In addition, we couldn't hear what was going on because it lacks audio. Envysion says it's beta testing audio capabilities.

CUT TO THE CHASE
Of course, no one can stay glued to the stream waiting for something to happen. Fortunately, Envysion's DVR makes it easy to sort through recorded video. Users can view happenings via time and date go-to searches, or define an area of any display and search for motion in that zone over a defined time period. Clips can be bookmarked on the Web portal for easy access or downloaded to a local PC.

Installing the equipment is simple, and the Envysion DVR accommodates a variety of camera options. Any number of employees can use the system. The company manages user rights, but the process is quick. Prices range from $5,170 for a 320-GB DVR (roughly 30 days of storage per camera) and four cameras to $12,000 for 16 cameras and 750 GB of video. Prices include installation and a three-year software license. Sites also can opt for a three-year subscription plan starting at $160 per month for software and storage and a one-time installation fee of $875.

The company offers two tiers of DVR support: bronze, which sends e-mail alarms if service is interrupted, and gold, in which Envysion calls the subscriber.

For security, Envysion says it's compliant with Payment Card Industry Data Security Standards, and its ActiveX viewing plug-in uses a three-way handshake between Envysion's service and the local DVR, employing a one-time-use token that prevents replay (application layer) attacks on video.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7298
Published: 2014-10-24
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

CVE-2014-8346
Published: 2014-10-24
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.