Vivotek Trend Micro Cyber Security Camera App Tested

By Ethan Ace, Published Jul 22, 2019, 10:27am EDT (Research)

******* *** ***** ***** *** ******** five ******* ******* ******* ** ** cameras, **** ***** ******* ********* *** for ******* *******.

IPVM Image

**** *** *** ********** ***** *****'* IoT ******** ******** ******** **** ******* cameras *** **** ** ***** ***** force ******** ******** *** **** *,*** cyber *******.

** **** ******, ** **** ** the *******/***** ***** *** *** *** how ** ********, ******* **:

  • **** ***** ******** ****** **** ** monitor *** *******?
  • **** ****** ******* *** ********?
  • *** **** ** ******* ** ***** cameras' ********* ******* *******?
  • *** ****** ** *** *************?
  • **** ******* **** ** ********* ****?
  • *** **** ** ********* ** ***?

*******

***** ** *** *****, *******'* ***** Micro *** ******** *** *** **** positives:

  • ******* ********* ********:**** *** ****** ** *** ***** of *******, *** ***** ***** *** blocked *** ****** **** *,*** ********* attempts ** * ****** ********* ** the ********, ********* ********** ** ******** surveillance *********. ***** ********** ************* ** cyber ******** *** ** *** **** how ** ********* ******, *******, *** research ***** ******* **** **** ********** simply ** ********** *** ***.
  • ******* ******:*** ***** ***** *** ****** ***** to ******* ******* ****** ** ***** security ******, ***** *** ******'* ***** in ****** **** *****, ***** ***** VMS, ** *******'* *** ***** ********. These ****** *** *** ********* ********* for *** ** ** *******.
  • ****** ************:********** *** *** *********** **** ******** uploading ** ** *** ****** *** turning ** **. ** ***** ************* or ********* ** ******** ** ********.

*******, ***** *** *** ****** ***** limit *** **********:

  • ** ****** *******:***** *** *********** ******* **** ******* during *** ****** ** *** *******, there ** ** ******** *********** ** what ***** ******* ******* **, **** a **** ** ******* *** ****. Investigation ** *** ******** ****** ******** more ******** ********.
  • ** ********* ** ***** ********:******, ***** *** ** ********* ** delay ******** *** ***** *************, ** users **** ******* * ******** ***** or *** ***** *** **** ******, potentially ******** ** ****** *** *** in ******** ****** *******.
  • ** ****** ******* *******:** *** *****, ****** ****** ***** passwords ******** ***** *** *** ******* brute ***** *********, *** *** ****** attacks ***** ******* ** ******* ****** UI *** *****. ******* **** **** brute ***** ********* ** ******* *** 100 ***** ******** ** ** *******, but ** **** ****** ** ******** this.

Less ******** ** ******* ********

**********, * **** *** ******** *** monitors **** * ******* ** ****** security ********* ****** *** ** *** their ******* ** *** ****** ********, significantly ******** *** *****, ****** ** still ***** ** ********* ** ********* internal / ****** ******* ** ******.

Versus *********** ***** ******** ********

***** *******'* ***** ***** *** ****** multiple ******** *************** *** ******* ** other *******, ** **** *** ***** simple ******* ******* ** *** ******** attempts, *** ******** ** ******* *************' cameras, ********* *****, *********, *** ****** (see:** ************ ***** ******** ********).

*******, **** ** ***** *********** ****** do *** ****** ***** ** ***** attempts. *******, *** ******* ** ********'* IP ******* ** ****** ******* *** a *** ****** ** ****. ** many *****, ***** *** **** ** idea **** *** ******* *** ****** locked, ** ******* ******* ** *** remain *********.

Pricing *** ************

*** ***** ***** *** ** **** for * ****** ** *-* *****, depending ** *** ****** *****,******** ** ***** ************* ****.

***** **** ******, ******* ****** **** $15 *** *** ****** *** *** year ** $** *** ****** *** an ********* *******. ******** *** **** than ** ******* *** ********** **% ($12 *** ****** *** *** ****, $28 *** ****** *********).

Vivotek / ***** ***** ********

*******'* ***** ***** *** ** ***-********* in ******* ******** *********** ******. ***** ** **** ****** ************* required, **** **/*** *** ******* ****** are **** ** *****-***** ******* (******* currently, ********* ** ** ******** ****** pack, ********* *****).

IPVM Image

***** ***** ********** *** **** *** are ************* ******* ** ******* *** can ** ******** ******* ** *********.

***** ** * ****** ******* ******* totals ** **** **** ** ****** as **** ** ** ****** ** export **** *** .*** ****** *** further *************.

IPVM Image

Events ********

*** *** ******* ***** ******** ******:

  • ***** *****:************ ***** ******** ** * **** over * *** ******. *** ****** will ** ****** *** *** ******* after * ******** ***** ***** *******.
  • ***** ******:*** ***** ******** ** ***** *****'******* **********(********* **** *,*** ******** *******).
  • **********:** ***** ***** ******* ******** ****** activity **** *** ******, ** **** self-quarantine ** ***** *** ***** ** be ******** ******* ******* ****** ** other *******.

** *** *****, **** ***** ****** events **** *********, **** ** ***** force ******** ****** (****** ** *********) and ** **********.

Attack ********** ********

***** ***** ******* ***** ** *,*** different *******, ******* **** ****** ****** such ** ** ******* ** ****** a ****** **** (***, ***, ***.) to **** ******* *************** **** ** code *********, *** *** **** *************** and ****, ****** ******* *************(.**** ******, **.*** ***** *****):

***** ******* ** **** ****** **** most ** ******* **** ******, ***** is ********* ******* ** *** ****** only.

Limited ****** ******

*** **** ********** ** *** *********** provided ** ***** ***** ** **** it ** ***** *** ******** * manual ********** ** ********* *** ***** nature ** *** ****** ** *** necessary ******** ** ** (** ***).

*** *******, **** ******* ** *** testing **** ***** ** *******:

IPVM Image

******* ** **** ** ******* ** Trend *****'* **********, ** *** **** that **** ** ** ******* ** access * ****** ****:

IPVM Image

** **** ****, ***** *** **** is ******, ** ******** *** ** warranted, *** *** **** ******* *******, recommendations ***** ** ****** ** **** knowledgeable ** ** ******* *** *** know *** ** *******.

Repeated ***** ******** ** *** ******* ***** ***** *********

** *** *****, **** ** *** attempts ** *** **** *** ****** using ********* *********** ********* * ***** Force *****. ** ********* ** ***** to *** ****** **** ***** *********** repeatedly, ******** (***** *** ***** ******), via ******* (********** ********** **** **** incorrect ***********), *** ***** **** ****** brute ***** *****.

********* ** *******, ***** ***** ****** be ********* ** *********** *** ********* at * **** ** * *** second *** ** ******* (*** ********).

VAST ****** ******** ******

** ******** ** ****** *********, ***** may **** *** *******'* **** ******** to **** ***** *********** ** ************* events, **** ****** ** ******* **** time, ******** ** ** *******, ****, and ******** *****.

IPVM Image

VMS ***********

** ******** ** ****** ****** *** their *** **** ********, ******* **** integrates ***** ***** ****** **** ******* Security ******, *** **** ********* ******** should ** ********** ** ** ******** driver ****.

***** ***** ************. ***** ***** ****** events *** ********* ********* ** ***** camera ******, ***** ** "***********" ** "BruteForce", **** *** *********** ********** **** and **** ***********.

IPVM Image

Versions ******

******** *******: *****

***** ***** ***********:*.****

Comments (8)

Its cool and we have used Vivotek for many years with great results and happy customers.  However, the question I have since almost every install we have is physically separate from the ADMIN LAN and most often never connected to any source of internet, is this more of a gimmick selling point that we will never see much use of or am I missing something?

Full Disclosure. I completely get the point if cameras are on the LAN or not physically separate from the internet.  Just trying to get past the "OH COOL" point like when they introduced a wireless system that didn't like any facility bigger than 2-3 partitioned rooms.

Agree
Disagree
Informative
Unhelpful
Funny

It could help defend against hybrid attacks. For example, perp is on premise physically and disconnects a camera, pops the cable in their laptop.

Agree
Disagree
Informative
Unhelpful
Funny

Network switch should disable that port automatically and require system admin to reactivate it.

Agree: 3
Disagree
Informative
Unhelpful
Funny

You are assuming the network is secure like that. This cyber program is a fail safe for human error.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Ya... Sounds good on paper. Tends to destroy the system in reality.

Method 1: If you have system system setup to disable the port on interrupt then you would lose the camera feed/playback if there is excessive packet drop (could happen for multiple reasons) and you would need manual intervention to get the camera back online.

Method 2: If you have the system setup to disable on new/unknown MAC Addresses (how most system are setup) then you give the attacker a chance to spoof the camera's MAC Address and plug their computer into the segmented network.

Both methods leave something to be desired. That being said Method 2 coupled with monitoring software tends to be the best way to go for most customers. Since your best chance to ID a threat would be a quick interrupt followed by higher traffic than normal.

Just my 2 cents. 

Agree
Disagree
Informative
Unhelpful
Funny

Does this seem like a step in the right direction?  To me it does.  While I have never used or sold any of the above products and even with the limitations at least they have taken steps to address cyber security beyond just hiring Cisco for a puff piece or hiring then handicapping a cyber security specialist.  Any manufacturer of IP cameras making even the faintest attempt beyond just firmware updates and forcing strong passwords is a change for this industry.

Agree: 5
Disagree
Informative: 2
Unhelpful
Funny

Attack Signatures Detected

can it detect this signature?

Agree
Disagree
Informative
Unhelpful
Funny: 2

The "Trend Micro's attack signatures" link is dead. Nothing available. 

Agree
Disagree
Informative
Unhelpful
Funny
Subscribe to IPVM Research to read the full report.
Why do I need to subscribe?
The IPVM Research Service includes products tests and shootouts plus competitive and financial analysis, helping decision-makers better evaluate purchasing, partnering, developing, and/or competing against companies in physical security.
Already have an account?
Loading Related Reports