Vivotek Trend Micro Cyber Security Camera App Tested

By Ethan Ace, Published Jul 22, 2019, 10:27am EDT

Vivotek and Trend Micro are claiming five million blocked attacks on IP cameras, with their jointly developed app for Vivotek cameras.

IPVM Image

This new app integrates Trend Micro's IoT security platform directly into Vivotek cameras and NVRs to block brute force password attempts and over 1,000 cyber attacks.

In this report, we look at the Vivotek/Trend Micro app and see how it performs, looking at:

  • What cyber security events does it monitor and prevent?
  • What attack details are provided?
  • How does it compare to other cameras' automatic account lockout?
  • How simple is app configuration?
  • What cameras does it integrate with?
  • How does it integrate to VMS?

*******

***** ** *** *****, Vivotek's ***** ***** *** security *** *** **** positives:

  • ******* ********* ********:**** *** ****** ** two ***** ** *******, the ***** ***** *** blocked *** ****** **** 1,800 ********* ******** ** a ****** ********* ** the ********, ********* ********** by ******** ************ *********. Users ********** ************* ** cyber ******** *** ** not **** *** ** otherwise ******, *******, *** research ***** ******* **** this ********** ****** ** installing *** ***.
  • ******* ******:*** ***** ***** *** allows ***** ** ******* instant ****** ** ***** security ******, ***** *** camera's ***** ** ****** over *****, ***** ***** VMS, ** *******'* *** VAST2 ********. ***** ****** are *** ********* ********* for *** ** ** cameras.
  • ****** ************:********** *** *** *********** only ******** ********* ** to *** ****** *** turning ** **. ** other ************* ** ********* of ******** ** ********.

*******, ***** *** *** issues ***** ***** *** usefulness:

  • ** ****** *******:***** *** *********** ******* many ******* ****** *** course ** *** *******, there ** ** ******** information ** **** ***** attacks ******* **, **** a **** ** ******* and ****. ************* ** the ******** ****** ******** more ******** ********.
  • ** ********* ** ***** settings:******, ***** *** ** threshold ** ***** ******** for ***** *************, ** users **** ******* * separate ***** ** *** event *** **** ******, potentially ******** ** ****** per *** ** ******** camera *******.
  • ** ****** ******* *******:** *** *****, ****** trying ***** ********* ******** times *** *** ******* brute ***** *********, *** did ****** ******* ***** scripts ** ******* ****** UI *** *****. ******* says **** ***** ***** detection ** ******* *** 100 ***** ******** ** 20 *******, *** ** were ****** ** ******** this.

Less ******** ** ******* ********

**********, * **** *** installs *** ******** **** a ******* ** ****** security ********* ****** *** to *** ***** ******* on *** ****** ********, significantly ******** *** *****, though ** ***** ***** be ********* ** ********* internal / ****** ******* is ******.

Versus *********** ***** ******** ********

***** *******'* ***** ***** app ****** ******** ******** functionalities *** ******* ** other *******, ** **** not ***** ****** ******* lockout ** *** ******** attempts, *** ******** ** several *************' *******, ********* Dahua, *********, *** ****** (see:** ************ ***** ******** Compared).

*******, **** ** ***** competitive ****** ** *** notify ***** ** ***** attempts. *******, *** ******* or ********'* ** ******* is ****** ******* *** a *** ****** ** time. ** **** *****, users *** **** ** idea **** *** ******* has ****** ******, ** current ******* ** *** remain *********.

Pricing *** ************

*** ***** ***** *** is **** *** * period ** *-* *****, depending ** *** ****** model,******** ** ***** ************* page.

***** **** ******, ******* varies **** $** *** per ****** *** *** year ** $** *** camera *** ** ********* license. ******** *** **** than ** ******* *** discounted **% ($** *** camera *** *** ****, $28 *** ****** *********).

Vivotek / ***** ***** ********

*******'* ***** ***** *** is ***-********* ** ******* firmware *********** ******. ***** ** **** little ************* ********, **** on/off *** ******* ****** are **** ** *****-***** systems (******* *********, ********* in ** ******** ****** pack, ********* *****).

IPVM Image

***** ***** ********** *** this *** *** ************* updated ** ******* *** can ** ******** ******* as *********.

***** ** * ****** summary ******* ****** ** each **** ** ****** as **** ** ** option ** ****** **** via .*** ****** *** further *************.

IPVM Image

Events ********

*** *** ******* ***** separate ******:

  • ***** *****:************ ***** ******** ** a **** **** * per ******. *** ****** will ** ****** *** 300 ******* ***** * detected ***** ***** *******.
  • ***** ******:*** ***** ******** ** Trend *****'******* **********(********* **** *,*** ******** attacks).
  • **********:** ***** ***** ******* outbound ****** ******** **** the ******, ** **** self-quarantine ** ***** *** issue ** ** ******** without ******* ****** ** other *******.

** *** *****, **** cyber ****** ****** **** triggered, **** ** ***** force ******** ****** (****** we *********) *** ** quarantine.

Attack ********** ********

***** ***** ******* ***** to *,*** ********* *******, ranging **** ****** ****** such ** ** ******* to ****** * ****** port (***, ***, ***.) to **** ******* *************** such ** **** *********, DNS *** **** *************** and ****, ****** ******* *************(.**** ******, **.*** ***** below):

***** ******* ** **** beyond **** **** ** cameras **** ******, ***** is ********* ******* ** bad ****** ****.

Limited ****** ******

*** **** ********** ** the *********** ******** ** Trend ***** ** **** it ** ***** *** requires * ****** ********** to ********* *** ***** nature ** *** ****** or *** ********* ******** to ** (** ***).

*** *******, **** ******* in *** ******* **** shown ** *******:

IPVM Image

******* ** **** ** 1133810 ** ***** *****'* signatures, ** *** **** that **** ** ** attempt ** ****** * closed ****:

IPVM Image

** **** ****, ***** the **** ** ******, no ******** *** ** warranted, *** *** **** complex *******, *************** ***** be ****** ** **** knowledgeable ** ** ******* may *** **** *** to *******.

Repeated ***** ******** ** *** ******* ***** ***** *********

** *** *****, **** of *** ******** ** log **** *** ****** using ********* *********** ********* a ***** ***** *****. We ********* ** ***** to *** ****** **** wrong *********** **********, ******** (using *** ***** ******), via ******* (********** ********** URLs **** ********* ***********), and ***** **** ****** brute ***** *****.

********* ** *******, ***** Force ****** ** ********* if *********** *** ********* at * **** ** 5 *** ****** *** 20 ******* (*** ********).

VAST ****** ******** ******

** ******** ** ****** reporting, ***** *** **** use *******'* **** ******** to **** ***** *********** on ************* ******, **** graphs ** ******* **** time, ******** ** ** address, ****, *** ******** event.

IPVM Image

VMS ***********

** ******** ** ****** events *** ***** *** VAST ********, ******* **** integrates ***** ***** ****** with ******* ******** ******, and **** ********* ******** should ** ********** ** an ******** ****** ****.

***** ***** ************. ***** Micro ****** ****** *** displayed ********* ** ***** camera ******, ***** ** "CyberAttack" ** "**********", **** the *********** ********** **** and **** ***********.

IPVM Image

Versions ******

******** *******: *****

***** ***** ***********:*.****

Comments (8)

Its cool and we have used Vivotek for many years with great results and happy customers.  However, the question I have since almost every install we have is physically separate from the ADMIN LAN and most often never connected to any source of internet, is this more of a gimmick selling point that we will never see much use of or am I missing something?

Full Disclosure. I completely get the point if cameras are on the LAN or not physically separate from the internet.  Just trying to get past the "OH COOL" point like when they introduced a wireless system that didn't like any facility bigger than 2-3 partitioned rooms.

Agree
Disagree
Informative
Unhelpful
Funny

It could help defend against hybrid attacks. For example, perp is on premise physically and disconnects a camera, pops the cable in their laptop.

Agree
Disagree
Informative
Unhelpful
Funny

Network switch should disable that port automatically and require system admin to reactivate it.

Agree: 3
Disagree
Informative
Unhelpful
Funny

You are assuming the network is secure like that. This cyber program is a fail safe for human error.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Ya... Sounds good on paper. Tends to destroy the system in reality.

Method 1: If you have system system setup to disable the port on interrupt then you would lose the camera feed/playback if there is excessive packet drop (could happen for multiple reasons) and you would need manual intervention to get the camera back online.

Method 2: If you have the system setup to disable on new/unknown MAC Addresses (how most system are setup) then you give the attacker a chance to spoof the camera's MAC Address and plug their computer into the segmented network.

Both methods leave something to be desired. That being said Method 2 coupled with monitoring software tends to be the best way to go for most customers. Since your best chance to ID a threat would be a quick interrupt followed by higher traffic than normal.

Just my 2 cents. 

Agree
Disagree
Informative
Unhelpful
Funny

Does this seem like a step in the right direction?  To me it does.  While I have never used or sold any of the above products and even with the limitations at least they have taken steps to address cyber security beyond just hiring Cisco for a puff piece or hiring then handicapping a cyber security specialist.  Any manufacturer of IP cameras making even the faintest attempt beyond just firmware updates and forcing strong passwords is a change for this industry.

Agree: 5
Disagree
Informative: 2
Unhelpful
Funny

Attack Signatures Detected

can it detect this signature?

Agree
Disagree
Informative
Unhelpful
Funny: 2

The "Trend Micro's attack signatures" link is dead. Nothing available. 

Agree
Disagree
Informative
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 7,092 reports and 940 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports