Hikvision Deletes Genetec Support

By John Honovich, Published Feb 20, 2018, 08:34am EST

There will be no peace between Hikvision and Genetec.

A year after Genetec expelled Hikvision (and Huawei, citing Chinese government control concerns), relegating them to a restricted category, requiring a liability waiver and a special license fee, Hikvision has responded by deleting Genetec's protocol support. This was in line with Hikvision's attacks on Genetec as 'dirty' and 'running fast in the wrong direction.'

An immediate consequence is that Genetec users with Hikvision cameras now need to choose between (1) upgrading and losing integration with Genetec (since the upgrade deletes the protocol) or (2) not upgrading anymore and risk Hikvision vulnerabilities.

More broadly, this shows Hikvision is looking to put pressure on Genetec.

Inside this note, we examine the move, its potential impact, and options for users of these products.

Background ******

** **** ** *** same **** **** **********.* ******** ******* **** disabled *****, ********* *** ******* Genetec ******** *******, ** this ******* *****:

**** ***** *** *** meaningful ******** ** ***** surveillance *** **** ** longer **** ***** **** video ********** ********. ***** almost ** *** **** PSIA, **** **** *** no ******.

*** ******** ** *** Genetec ******** **** **** an ****** ***** ******* is ****** **** *** Genetec **** ***** *** protocol ** ***** ******* way ** ***********.

ONVIF ** ****** *******

********* / ******* ***** may ******** ***** ** an ****** *** ******* does *** ******* / validate ********* ******* *** ONVIF. **** ** **** did, ***** ***** ********* works **** *** *********, video *********, *** ***** configuration, ** ***** **** consistently *** **** **** VMD, ******, ***** *********, I/O, *** *******, ***.

** *** *** ****, you **** ******* ********* a ********* ****** *** a ******* *** ***, on *** ***** ****, Hikvision ******** *** ************* available *** *** **** Genetec *** ********** *** likelihood ** *********** ******.

Neither **** ***** ** **** **** **** *****

******* ***** *** ** right ** *****, ***** moves, ** **** *****, show **** *** *** companies ** *** **** to **** **** **** other.

Ask ********* *** ******* *******?

******* ******** **** *** users *** *********** ******* to *** ********* ******* with ******* *** ** able ** ******* ******* firmware **** ********* **** includes *** ******* ********. We *** *** ***** what ***** ** *** readily **** **** ******* it *** **** *** be * ***********.

Advantages *** ********* ********* ** *** **** ****

** *** **** **** for *********, ********* *** continued ** ************ ****** sales *** ********* ************ in *** **** *** their ******* ***** ********* continue ** ****. ***** is ** ******* **** that ********* ***** ** stop ***** ********** *********. And, ** *** ******, that ********* ** **** broadly ****, *** **** increases *** ******* **** they **** **** ******** and ************ ***** ********* products *** *******.

Disadvantages *** ******** ********* ** *** **** ****

********* *** **** *** by * ***** ** negative ***** *** ************* vulnerabilities **********. **** *******, after ******* ******** *********,*********'* ***** ****** ** camera *********** ********. *** ********* is ************ ******* ** International ***** ********* **** for *** ************* *** Chinese ********** *********. **** Genetec *** **** **** did ** ********* *** been ** ********* ********** point ** **** ***** Hikvision's ******. ******* ******* over ***** ** * huge **** ** ********** and ******** ***** ********.

Unprecedented ************ *****

*** **** ********, **** is ******* ** ************* manufacturer *****, ********** ***** Hikvision's ******* ***** *** Genetec's ****** ******** ** Western ***********. ** ****** business **********, **** ******* stand ** **** **** cooperation, ***** ***** ******** strengths. *******, ******* ******* indicate ** ** **** unlikely *** *** ********** in *** *********** ******.

What ****** ******* *** ********* **?

*******, **** ** *** recommend *** *** ********* do ****?

Comments (77)

This should be interesting to watch. I love watching this kind of thing play out. Always so much to learn. 

On team Hikvision you have a massive market share with millions of cameras and dvrs. Most of the cameras I see day-to-day are Hikvision. Just last week I met a guy who hired me on the side to come help him out with his Hikvision NVR (the new one with the new UI) he couldn't get the cameras from the old recorder to work on the new recorder. My point is, this guy loved his Hikvision NVR. I know a lot of consumers who do, they're not paying attention to what Genetec is doing or what reports come out on IPVM. Not saying this is right or wrong it's just how it is. I've found that most consumers do not care about the level of security in their IoT products. As soon as they see the price tag of a higher quality product they often are willing to take the risk. 

On team Genetec you have very capable video management software deployed inside a higher end market that is smaller than Hikvisions. People who use Genetec care about the security of their equipment and can afford more expensive cameras. Until the Chinese government isn't involved in Hikvision these clients will almost always side with Genetec. 

Hikvision wanted to get into this high-end market, Genetec is making this very difficult. If other VMS's decided to play nice with Hikvision and promote their product than Hikvision will win this in the long run.

If other VMS follow suit and start shutting out Hikvision than Hikvision is bound to lose in the US market regardless of what consumers think. Selling 4 camera systems isn't going to cut it in the long run or make the cost of operating in the US market worth it. 

What should they do? In a perfect world, we would see them work together. We would see the hostility between the US and China go away and we could all work together to make a safer more secure world. The reality is that won't happen for a long time if ever. In the business world, it's time for them to duke it out. 

John, good feedback. On this:

We would see the hostility between the US and China go away

And that's the fault of the Chinese government - an aggressive autocratic, anti-democracy regime that sponsors cyberattacks, steals intellectual property, attacks human rights, engages in systematically unfair trade practices, etc.

The west will buy enough rope from China to hang itself


Chinese government - an aggressive autocratic, anti-democracy regime that sponsors cyberattacks, steals intellectual property, attacks human rights, engages in systematically unfair trade practices, etc.

This describes pretty much every great nation's government, even Canada. Especially the US out of all countries in the world. US even publicly promotes Israel. Who has been known to commit terrorist attacks, not just cyber attacks. With this logic in mind we should all be persecuted for simply living in the country and paying taxes.

Our problem is not these manufacturers working with government. Our problem is the people who control government. Even if they don't work with them : America has already been found to have the ability to tap cameras. I doubt they only target Hikvision.

I am aware even saying something like this may seem worthy of a tin foil hat but we have the choice to change the people in power. We have the choice to change how we designate people in power.

Right now much of the world's politics are capitalist in nature. Excessive greed is what designates who gets to write history. If you are super greedy then you get to call more of the shots. This needs to change and then companies like Hikvision won't have such a tough time.

Because in all honesty Hikvision products are pretty sweet. Just not cool with being spied on.

This describes pretty much every great nation's government, even Canada

So you think Canada is an "aggressive autocratic, anti-democracy regime that sponsors cyberattacks, steals intellectual property, attacks human rights, engages in systematically unfair trade practices"? 

Can you share some specifics to support this description of Canada?

comments about the rest of my post may have been more interesting but ok ill bite.

I'm not completely in tune with all this but hmm let me see..

aggressive autocratic : Stephen Harper, Prime Minister of Canada in 2004 to 2006. This guy is demonized all the time and i am fairly certain autocratic is a word that is used to describe his line of thinking.

anti-democracy regime that sponsors cyberattacks : this one is two parts so you can check out Stephen Harper scandals and, lately, Trudeau (the most recent prime minister) is being demonized for creating an anti-democratic canada. Seriously.

Now about cyber attacks.. Canada has their own "CIA/NSA". It is the CSIS. They deal with cyber attacks and even terrorism. To understand and defeat these things you have to try them. So technically speaking they do sponsor cyber attacks even if they may only be in a controlled environment.

but again this is Canada's "CIA". They are defending us and probably are using virtual methods to protect us even if it means playing on the offensive.

Canada is also a close ally of a few nations known to commit cyber attacks. Being friends with multiple nations doing it is not a good sign either (US and Israel).

steals intellectual property : CSIS has apparently been accused a few times of violating human rights. Spying, etc. With that you have to download a bunch of stuff. That is stealing regardless of whether the data is a photo or the source code to a private build of shinobi.

This can also be considered a cyber attack.

attacks human rights : i guess above covers that but you can look up other stuff too.

engages in systematically unfair trade practices : This is really a matter of opinion. Inflation of the dollar in canada is evidence the government isn't capable of maintaining the value of the currency. Federal reserve? The dollar not being backed by anything other than our belief in it is also quite unfair.

Don't get me wrong, I like it here but I'm also not blind to the dark side it continues to carry.

Stephen Harper, Prime Minister of Canada in 2004 to 2006. This guy is demonized all the time and i am fairly certain autocratic is a word that is used to describe his line of thinking.

Autractic means "a ruler who has absolute power". Harper's party lost an election that had a 68.3% voter turnout. Harper than peacefully stepped aside. That's not what an autocrat does. If you think this is anything similar to Xi Jinping, you need to learn a lot more about China and what the dictionary definition of autocratic is.

Canada is consistently ranked one of the freest countries in the world while China is among the worst, e.g., Freedom In the World 2018 - Canada 99/100, China 14/100.

Btw, you think Canada is a human rights abuser? Again, Canada is one of the best at human rights in the world, China among the worst (see Human Freedom Index 2018). May I suggest you read up about China's systematic human rights abuses, it's on a scale that's incomparable to what a Canadian or American would ever experience in our countries.

So as hik dahua preach and sell the virtues of having face detection for the world 

backed up by big data servers analytics on behavioural surveillance 

you would rather have that in the hands of western companies rather than. Our good friends in China ?

Wow. You wanted specifics (by asking in a comment section and not looking yourself). I gave them to you. I never said Canada was worse than China, don't make it about that.

also you need to google a bit. It's like you forgot canada is owned by the crown.

So I'm going to stop replying unless you address the point of my message. Notice my mention of canada was just to further my point.. the point you completely missed (or maybe ignored, I don't know).

and you only reply to part of my post... again. Is part of it greyed out or something?

I wouldn't expect much Moe. To me, John has a history of going from one point to another onrelated point in the next comment.

A thread like this one is about just that. When the option to deflect is there it happens. I posted in this same thread with (to me) a valid point about privacy laws or to Ari about how alarm panels are used.

These points go silent quickly but more controversial items get unlimited replies basically to tell us how dumb we are for having a different view. Expect a lot of block quotes or links. Don't expect to hear things like you're right, I never looked at it like that etc etc. It won't happen :).


Yup! Look at his post now LOL. Completely missed the point once again!

i am actually shocked at how well you just predicted how he would respond.

also seems to think I dislike canada LOL even when I specifically said I like Canada in my first post (the one he clearly didn't read).

LOLOLOL wow. I'm scared to know how many articles are written like these comments.

eat sleap defect repeat

You said "on this side of the pond however, it's not allowed to arm a system from a distance when the system has a certain security grade."

I really don't know how to respond to that other than to say that remote arming and disarming is allowed here, and is part of the positive control I mentioned. This is especially useful when combined with video verification and interior sensors. 

I never said Canada was worse than China

What you did say was that Canada was just like China. To quote us:

JH: Chinese government - an aggressive autocratic, anti-democracy regime that sponsors cyberattacks, steals intellectual property, attacks human rights, engages in systematically unfair trade practices, etc.

MA: This describes pretty much every great nation's government, even Canada.

My rejoinder, and the evidence I provided, was that Canada is clearly nothing like China when it comes to autocracy, cyberattacks, intellectual property theft, human rights abuses, unfair trade practices, etc.

It's like you forgot canada is owned by the crown.

Canada is not 'owned' by anyone. The 'crown' is effectively ceremonial in nature and power is exercised by Canadian citizens in a parliamentary democracy.

You can feel free to dislike Canada or think it's just like the PRC but the case you present for the 'crown' or Stephen Harper as 'autocratic' is just not supported by evidence.

"and you only reply to part of my post... again. Is part of it greyed out or something?"

The rest of your post was your own world view on socioeconomic policy.  i.e. greed is bad.

Well, Genetec is a great VMS !

But you can find them, working tight with Dahua !!! A * private* chinese company with the same * problems* as Hikvision.

In Brazil Dahua / Intelbras uses Genetec as Their server and client software .

Funny in it? 

Disclosure - I work for Genetec

Well said John - The Hikvision apologists continue to either not notice or not care what the Chinese Govt. does in the way of damage to the United States

I'm sure that many of them were among the 143 million Americans that had their  personal information stolen in China's hack of  Equifax, but as long as they're winning SMB camera jobs, they rationalize it's OK to support a Communist state run enterprise 

I wouldn't put full blame on China in the breach of Equifax. Equifax had lots of holes in their system. My brother-in-law's company worked as a contracted IT service with them for several years but they opted to hire untrained workers and farm out IT services to India. You reap what you sow.

Equifax knew they were at fault, that's why they offered credit monitoring services for free after the breach but they included that if you signed up for the service you gave up your rights to litigation later.

I don't disagree with your overall statement, but the hack of Equifax has not yet been verified. I wouldn't use it as a supporting pillar for an argument against China at this time. 


Most analysis of the Equifax breech I've read said it bears a very strong resemblance to the Chinese Breech of the US Office of Personnel Management in 2015

The probability it was China is fairly high, but it hasn't been verified (to my knowledge). It could have been another nation-state, or private, actor spoofing Chinese methodology. Doesn't change the fact that Equifax screwed the pooch IMO. 

Well said John - The Hikvision apologists continue to either not notice or not care what the Chinese Govt. does in the way of damage to the United States

I don't condone hikvision, nor do I personally own any of their products. I am a grandstream guy myself (bought from genetec). I am also a Canadian. So I am being completely honest when I say your statement is very short-sighted. America is damaging other nations right now and I don't mean with insult or slowing of trade. They are literally bombing people right now and selling the land they've stolen. They also promote Israel. If you ask me the US is doing a good job on it's own to hurt itself.

I'm sure that many of them were among the 143 million Americans that had their personal information stolen in China's hack of Equifax, but as long as they're winning SMB camera jobs, they rationalize it's OK to support a Communist state run enterprise

Americans getting hacked happens often. Mainly because of poor decision making. Also you linked to Bloomberg. Bloomberg is an elite owned news site. I don't need to point out how bad a source that makes them for any kind of news.

they rationalize it's OK to support a Communist state run enterprise

I am not a communist but you can't seriously believe capitalism is any better? America is almost in a state of civil war... again. Oh right and America being at war for the last 200 years probably doesn't help their reputation either.

you forgot the 1.2 trillion dollar loan they took from the enemy :)

the 1.2 trillion dollar loan

Jonathan, this is the 3rd time you posted a comment on this on the thread, though the first two times you self-deleted them.

You obviously are referring to US Treasury bonds. 

As a clarification, these are not negotiated 'loans'. The US government, like almost all governments issue bonds. Anyone can buy them. You can buy them. I can buy them, etc.

The Chinese government has chosen to purchase about 1.2 trillion of those US treasury bonds.

The Chinese government buys them to make their exports less costly (i.e., by doing so, it makes the exchange rate more favorable for exporting). They are not doing the US a favor, they are doing their manufacturers, like Hikvision, one.

I deleted the comment and yet you read it, remember it and bring it to the forefront. Seems you are taking some pages of the controlling the group book yourself John.

Publicly making known what I wrote and chose to delete right away doesn't bode well to how you control IPVM John. Feel free to take that any way you like.

You are correct about the loan being bonds that the Chinese are buying (doesn't make it any less dangerous).

The point being made is that rather than telling everyone else how to run their country, it might be wise to be selfsupporting and not needing trillion dollar loans bonds. Sorry John, America does not hold the sole knowlegde of right and wrong, and neither do you.

Publicly making known

You posted a public comment that was emailed to 50+ people who are subscribed to this thread. You protest too much.

wise to be selfsupporting

Pretty much every country issues bonds. China, the Netherlands, Switzerland. It's a standard practice of running a country. Whether a country has too much debt is another story. The US and China both can be argued to have too much.

telling everyone else how to run their country

In America, we have freedom of speech. You can express one opinion, I can express another. Life goes on. It's not like China where people get kidnapped for such things.

You are welcome to continue objecting to us. I am welcome to continue responding.

I noticed in a newer firmware for a TVI DVR model, there was a checkbox that allowed for Genetec support. 

I'm not sure if this is going to hurt either company but I do think Hik has the upper hand here given the fact that Genetec pulled the first douchey move making you pay extra to have a Hikvision camera on their system and Hikvision is by far outnumbered in qty and popularity in products to Genetec. Kind of a political douchey move if you ask me though. Just do your job and stick to making software and quit making me pay extra just to use a particular brand camera.

But like I said, I'm not really sure if this is going to affect either company. Chances are if the customer is paying for overpriced software, they are probably paying for overpriced cameras as well.

Chances are if the customer is paying for overpriced software

Sean, if Genetec is so 'overpriced' and evidently providing value, why do so many people pay for it?

I know you have purchased large scale Hikvision NVR's (32 ch and maybe 64 ch) for testing. But have you actually purchased, with your own money, say 64 channels of Genetec to test over a period of time? if not, are you willing to do this to make a comparison so you can answer the question "was buying all the hardware and licensing to support 64 ch of Genetec really worth the premium over a 64 Ch all in one Hik NVR?"
Im not asking what the better system is, im asking what the better value is. The only way to truely test this is for you to feel it in your pocketbook with no ability to get your money back. Are you willing to do a test like this. yes or no?

Sean when was the last time you used, installed, programmed a Genetec system? 

Never. I have never driven a Lamborghini either, nor am i convinced i need buy one to do so either.

Genetec isn't a a Lamborghini, it's a Ford Transit Connect. If you really need it, nothing less capable or cheaper is going to be a good replacement. If you don't really need it, it's a waste of your money. 

I didn't realize the Ford Transit required a week of training to drive.  I think you have oversimplified what Genetec is.

If it takes a week to learn then the wrong integrator was chosen. Genetec allows for the customization of the user interface to ensure that it is streamlined down for just what the specific user needs (based on login). If you need one locked down to only show 5 cameras, you can make it; if you need one fully wide open for an expert user then you're set. 

Are there systems that are more simple? Sure, but like Ari said- if you need a Connect, using a bike isn't going to help you even if it is "easier"

Actually, learning to "drive" is a three hour course if you take it from Genetec:

Or 9 hours total if you want access and LPR operator training.

Integrator technical training and operator training are very different things.

Touché.  We are talking about driver training and not the cost to maintain, otherwise you would have referenced a De Lorean?


please tell me that you dont have to pay for these training courses.

please tell me that you dont have to pay for these training courses.

You do, the Canadian government is not subsidizing Genetec or the integrators involved.  There is a cost to Genetec to provide training.  Much like the IPVM it keeps out (most of) the riff-raff.

You do


LOLOLOLOL. Who is the instructor? Ben Dover?

LOLOLOLOL. Who is the instructor? Ben Dover?

That’s right, ladies and gentlemen, Sean will be performing here all week at Nelly’s Chuckle Emporium and Discount Camera Warehouse.

Yes, the training for Genetec does have a cost, and it does take longer than a free online webinar for an NVR. If you are looking for the easiest and least expensive thing to install into a site then maybe a plug and play NVR is the way to go- that isn't what Genetec is built for. Genetec is built for the Fortune 500, Government, high security, and clients that need highly customized or capable systems (beyond just the ability to play live and recorded video and do a simple motion search). 

The training for a system capable of that (in addition to the customization and unified interface) would obviously involve more training than a simple NVR interface you can navigate around with only a mouse. 


It's one of those "you get what you pay for" kind of things; but at the end of the day I can do more with a Genetec system in 20 minutes than is even possible to do with off the shelf discount NVR kits- learning how to do that takes time, and isn't free

Sean, I am trying to understand your logic here. Do you think that Genetec is primarily used as a video record/view/retrieve system the way a Hikvision NVR is?


The only way to truely test this is for you to feel it in your pocketbook with no ability to get your money back. 

Sean, we test things for use by security professionals. Whether or not I personally find a Hikvision multi-imager or an Axis network radar or Genetec software to be valuable is irrelevant.

The question is how valuable is it to which security users (and that can range from Ted's Tulsa's rib joint to a regional hospital to the NYPD to a military base, etc.).

The point is there are users with complex, demanding needs (more than the typical user you serve) who values and is willing to pay the price premium of Genetec for the various premium features they offer that iVMS-4200, HikCentral, etc. do not.

I don't want to put myself off as a Gen-Hater. I'm not saying Genetec isn't a good software and they are obviously a leader in the enterprise market. I'm sure its great, they worked hard on it and it probably fits some needs of some very specific enterprise organizations.  Also, luckily for them, with their price point, all they have to do is sell a couple of software packages and they are in the black for the rest of the year. 

But to get back to my original point, the large majority of buyers are going to think Genetec is overpriced and convoluted, basically way out of their price range and way too much fluff for what they need. For example, you agreed with me wholeheartedly above that Tulsa Ted's rib joint would find more value in a Hikvision system than a Genetec system. Overall, their is a much bigger need for a typical Hik System like Ted's than their is for a hospital type Genetec system. The SMB and Resi market is only growing as well. This is why Hik has the upper hand in this duel by far. Like I said, anyone who has purchased a Genetec software are probably going to end up buying a brand such as Axis because they equate price with value. Again, not hating on Axis, I'm just saying its a little overpriced is all.

Not to hammer my point home too hard but this goes back to my comment a few months ago when I said that any system 64 cameras or less, Hikvision makes sense over a VMS like Genetec for the majority of users. Price is a huge part of the buying process and it does play a very large part in the valuation process. Most users are A) not going to be able to afford to pay for a Genetec System or B) simply not going to want to pay for the extra premium price for the little bit "fluff" that the Genetec system has when a Hik System will do just fine at a much greater value (price point). To firmly solidify my point, this is why I asked you if you would be willing to pay for 64 Genetec licenses and all the junk you need to run it on but you have no problem paying for a 32-64 channel Hik NVR. You are reluctant to do so, because you would have to increase your subscriber base by 20,000 just to afford the darn thing. I don't blame you and the majority of users agree with you as well.

Like I said, im not a Gen-hater and I agree they currently have an edge over Hikvision in the USA enterprise market. But I do think Hikvision is making a move towards this and honestly I think Genetec may be a little "skeered" of the mammoth freight train that is heading in their market share, hence the publicity stunt towards Hikvision. Hikvisions response is just a proud business playing hardball. Hik has the upper hand here. 

 I do think Hikvision is making a move towards this

Hikvision is certainly attempting.



It is very interesting from the integrator side to see a reactive move (and such a delayed one at that). Genetec announced the change in support for HIKVision (and other notably insecure devices) in an effort to increase the security of their systems and reduce the liability that a system suffered from cyberattack liabilities. The additional cost was not a purely punitive action, it was to cover the liability that Genetec took (both in R&D, support time, etc) in having systems that included HIKVision. On the flip side, HIK taking off support for Genetec is based on nothing more than a "if you don't like me, well then I don't like you!" mentality- with no technological reasoning to support such a move. 

On the lower end, John and Sean are both right- your average every day NVR user will probably not notice or care about such a move. However, at the higher end this is definitely not something that will go over well long term. If a Fortune 500 company or Government client feels that they have to chose between the two, and one company can support their additional fee/lack of support with cybersecurity issues while the other company can only justify it with "we don't like them" then I would be hard pressed to see them both being viewed equally in the mind of the end-user. This seems like an overly emotional play that belies the traditional long term thinking of the Chinese government 

Hik has an bottomless bank account and an endless amount of time, Genetec does not.  The only thing that will stop Hik is the US Govt.

Hik has an bottomless bank account and an endless amount of time

No. They almost certainly have far more short-term money than they have time. Time elements going against them:

  • Chinese overall debt continues to increase (which undermines China's growth and spending)
  • Political problems with the world increases (the US is significantly more negative to the PRC now than they were 3 years ago, that is likely to continue).
  • Hikvision is no longer a 'startup' in the West, easier to justify losses and problems in early stages than when reaching maturity

To be clear, I do agree they have money and they may push longer than anyone else, but I suspect even they know they have to overcome this sooner rather later as its not a tenable long term position to be in.

70% of Hik revenue is domestic.  Genetec's dumb marketing stunt is not going to hurt Hik in the long-term.

70% of Hik revenue is domestic


not going to hurt Hik in the long-term.

Sure, it won't have any impact on Hikvision's Chinese sales. Western VMSes (both yours and Genetec's) are effectively banned anyway.

But it is very much having an impact on Hikvision's Western sales, both directly from projects they are blocked out of (it's not like Genetec's enterprise sales team will be bringing them into any deals) and from general branding impact.

Genetec's dumb marketing stunt

What Genetec did is either a very dangerous marketing (picking a war with a hyper-aggressive Chinese government subsidiary) or a brave move to defend their and their largest Western customer's cybersecurity. I see no evidence that this was done for marketing, especially since it clearly came and is driven by Genetec's very engineering minded founder.


Mr. Racz knows there is a technical solution to isolate cameras on a private network and use the VMS as a hardened proxy thereby removing the cyber threat represented by the camera.  It's a marketing stunt.

Mr. Racz knows there is a technical solution to isolate cameras on a private network and use the VMS as a hardened proxy

That's not a technical solution at the scale Genetec operates. That may be enough if you are selling 8 channel kits but when dealing with in large-scale, multi-site, often international systems (which Genetec specializes in), you can't 'isolate' cameras.

I certainly think reasonable people can disagree about whether Genetec should do this but I don't think the 'technical solution' is as easy as you describe.

I agree with UM4 in the assesment that Genetec should be capable of securing their software, regardless of manufacturer.

Saying just Hik is not safe is making the assumption everyone else with Onvif is safe which is to say the least, a strech.

A selected list of trusted manufacturers would make their point of wanting secure cameras.

We have an 11,000 camera, 700 location enterprise customer that has successfully isolated their cameras as I described above.  To say you can't operate an isolated network at scale is not an accurate conclusion.

And all it takes it one person accidentally messing up a network config at one of 700 locations, or one commIT person plugging in a cable into the wrong switch and now that isolated network isn't isolated anymore. Big risk to take, and if that mistake is ever made then the defense of "yeah I knew I picked risky products but I figured my 700 locations would all operate perfectly through the life of the system"

It also takes just one employee to not arm the alarm, to leave the door unlocked, etc etc.

The fact that human error occurs does not make locks useless or alarms unnecessary.

Also, I imagine the network cabinets to be locked with proper access control and a SNMP service in place to detect loss of signal or connection.

Well, many intrusion detection systems have positive control, meant to account for human error or insiders deliberately leaving the system compromised. 

Intrusion detection design assumes that something will go wrong eventually. Surveillance system design often accounts for technical issues like storage server failures, but often assume the operator is both competent and trustworthy.  

The simple way to do does would be to use a calender function found in most systems, but that does not take into account what happens if you have a day were you keep the shop open late, or work late.
Later than the programmed arming time.

Also disarming automatically is not a good idea in my opinion, what if you choose not to open that day, system still disarms.

Another way to go would be to have a monitoring station control arming and disarming and remind you when you forget.

On this side of the pond however, it's not allowed to arm a system from a distance when the system has a certain security grade.
In short, of the risk of the site is too high, arming at a distance (even with a remote) is not allowed.

#4, are you really operating an 'isolated' network? For example, does every location have a dedicated WAN connection just for the cameras that is separate from IT / 'corporate'? Does the camera network ever go over the public Internet, e.g., from the locations back?

My greater point is that it's practically impossible to force customers to use 'isolated'/dedicated networks at scale. The cost and complexity premium of doing so would make it simpler just to use more expensive trustworthy cameras.

While I'm curious to hear how #4 replies, I dont agree John.

Yes it costs more to create a safer network. But doing so creates the safe infrastructure you need, and it should outlast the camera. The next time you choose a camera, you re-use the network.

With camera prices dropping investing in a proper network should not be impossible. In fact, it's probably the best practice.


The cost of isolating networks increases given the scale and locations. 4 cameras in a small store - easy to isolate cameras. 4,000 cameras across 1,000 branches - much harder and more expensive to isolate cameras.

However, even for small locations, isolation is getting harder. Why? The cloud. More users expect remote / everywhere access which means cameras / recorders need to be cloud accessible.

Hikvision's trust problems will follow them to the cloud. HikConnect means Hikvision has internal access to your network. Hik's Cloud AI (when it's real not just PR) means that Hikvision will have full records of who is inside your facilities and what they are doing.

My metapoint here is that isolation is not an effective long-term strategy. Providers have to build trust, not just say quarantine my cheap vulnerable stuff in the corner.

I've mentioned this before, but in EU privacy laws demand a lot more, especcialy after may 25th.

The end-user is responsible and liable for any breach he has not sufficiantly prevented. He needs to prove what precautions he has taken and how.

I agree that creating a safe network is not easy, but that seperates the men from the boys. We are talking security solutions, not a dashcam for capturing my holiday trip.

My metapoint is there are sound technical solutions available to isolate "at risk" IoT devices, but to go to war with a manufacturer like Genetec did... is purely a marketing stunt. 

We will be launching full video encryption at ifsec all welcome

| are you really operating an 'isolated' network

The customer operates their cameras on a private network that is uplinked to the VMS server.  The VMS server is connected, via a 2nd NIC, to the enterprise network.  In this configuration the VMS server only proxy's RTSP traffic from the cameras.

I very much agree that the rubber band has been stretching a long time. Soon it must break or snap back.

"Ask Hikvision For Special Support?

Sources indicate that end users and integrators wanting to use Hikvision cameras with Genetec may be able to request special firmware from Hikvision that includes the Genetec protocol. We are not clear what terms or how readily they will approve it but that may be a possibility."


Am tempted to believe that the best way to establish who is going to win between HIKVISION and Genetec is to do SWOT analysis and evaluate the analysis.

HIK: Strength , Weakness,Opportunities and Threats.

GENETEC: Strength,Weakness, Opportunities Threats.

then evaluate.

Who knows may be this might help.

Voted: None of them will win.

Reason: Exclude each other are not the appropriate solution.


Sad, Customer will suffer eventually.

I find this an interesting conversation coming out of the US, albeit sometimes off track. Thought I would join in for what its worth.

Here in the Antipodes (NZ) Hik (as its commonly known) is gaining market share over some of the big VMS players, Milestone, Genetec, Exacq, Avigilon and even Aimetis which is relatively new to market; this includes the NVR market which incidentally is regaining traction given the cost efficiency over VMS server infrastructure, we have all the top and bottom lines here, its a saturated market with confused clients who are fundamentally price driven. Just today I visited a client (a tenant in a low rise) where 18 months ago the building installed Pelco Endura, today I find it replaced with Hik NVR's...

As an independent and solutions based designer I am generally product agnostic but to be honest sometimes a particular product outshines others for a number of reasons, including competent installation vs incompetent integrators that tarnish other products' reputation (ref aforementioned finding);

Back to Hik.. their camera and NVR range is hard to beat when it comes down to price and lets face it they are well featured when put up against others, most integrators here will present Hik as an option for that very reason as it means they can compete in a very tight market place.

I am across all the media and comments and have never recommended Hik as a solution per say, instead I present the commentary to my clients when they ask about Hik or when I find it has been included as a nominated option to my specifications that are out to tender, and let them decide. 

The reality comes down to who makes the decision - for me its must always be the client. When IT are involved they are normally risk averse and avoid Hik, when the property/procurement team are involved its normally Hik.

At this stage I am unfortunately on the fence and when Hik is chosen my first reaction is usually take a HIKE; not sure how long I can do this in the current market place, BTW I turned down an opportunity to visit Hik last year in China, appears I missed a very interesting visit, they are turning out product in mass. 

What about all the other things that are "made in china" including those rolling around the states on four wheels... with sat nav etc..

and don't forget we signed the TTPA. China not a part of this but is New Zealand's second-largest trading partner for exports and third-largest for imports, watch this space..

Hire a skip and throw hik and dahua into it

then environmentally dispose of it 

ONvif is an IEC standard now.  "onvif certified your stuff" is last week's metric.  <random vendor> from <random country> with <random funding> and by the way <random attitude> can support IEC.  You go out and buy the standard.  Worst case it's $1/page like an ISO standard.  This concept of who's-dolly-is-it as a business strategy is so 1980's.  Grow up, use standards.    Buy from the bottom 12% of the price range if that's what you're into.  Have your opinions of vendors if you wish, choose from among alternatives.

You go out and buy the standard.

Rodney, in practice, ONVIF generally requires both sides to optimize the integration especially if advanced features are needed (and with bigger customers, they tend to be required). So standard or not, you need the companies involved to do custom work.

To be clear, I still think ONVIF is a good thing, it's just not so complete that direct integrations can be ignored or deleted.

Read this IPVM report for free.

This article is part of IPVM's 6,735 reports, 909 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports