Its cool and we have used Vivotek for many years with great results and happy customers. However, the question I have since almost every install we have is physically separate from the ADMIN LAN and most often never connected to any source of internet, is this more of a gimmick selling point that we will never see much use of or am I missing something?
Full Disclosure. I completely get the point if cameras are on the LAN or not physically separate from the internet. Just trying to get past the "OH COOL" point like when they introduced a wireless system that didn't like any facility bigger than 2-3 partitioned rooms.
Ya... Sounds good on paper. Tends to destroy the system in reality.
Method 1: If you have system system setup to disable the port on interrupt then you would lose the camera feed/playback if there is excessive packet drop (could happen for multiple reasons) and you would need manual intervention to get the camera back online.
Method 2: If you have the system setup to disable on new/unknown MAC Addresses (how most system are setup) then you give the attacker a chance to spoof the camera's MAC Address and plug their computer into the segmented network.
Both methods leave something to be desired. That being said Method 2 coupled with monitoring software tends to be the best way to go for most customers. Since your best chance to ID a threat would be a quick interrupt followed by higher traffic than normal.
Does this seem like a step in the right direction? To me it does. While I have never used or sold any of the above products and even with the limitations at least they have taken steps to address cyber security beyond just hiring Cisco for a puff piece or hiring then handicapping a cyber security specialist. Any manufacturer of IP cameras making even the faintest attempt beyond just firmware updates and forcing strong passwords is a change for this industry.