Q&A with Mr. Ami Finer, Provision-ISR Sales Director, and Mr. Gil Israeli, Head of Product Incubation at Check Point Software discusses a partnership seeking to revolutionise high-end CCTV systems with true embedded cybersecurity.
What is this partnership about and why was it needed?
Ami Finer: As we know, CCTV products are installed in sensitive locations, from private homes and small offices to large enterprises, including high-risk government buildings. Each of these devices has the potential to transfer sensitive information via video and audio streams – a fact that makes them “sexy” in the eyes of skilled hackers looking to show off their abilities.
However, the situation gets worse knowing that most CCTV products fitted by professional installers or by the end users, remain with the default username and password: a perfect ground for any cyber-attack action. Our goal at Provision, is to lead from the front with the most secured CCTV devices that give users peace of mind. With this partnership and through Check Point’s expertise in cybersecurity, Provision-ISR CCTV devices will gain the best-of-class security protection against sophisticated threats, right out-of-the-box.
Gil Israeli: Interconnected IoT smart devices, like IoT cameras, present multiple opportunities for cybercriminals to disrupt operations, yield financial gain, and get access into sensitive networks. These Internet-connected devices are inherently vulnerable and provide access to corporate networks thus becoming a prime target for ransomware and Denial of Service (DoS) attacks. Protecting these devices against exploitation is of critical importance.
If you build embedded consumer and Internet-of-Things (IoT) devices, like Provision ́s CCTV cameras, the expanding threat landscape requires you to protect your customers from cyber attacks with out-of-the-box firmware security. Check Point’s solution for firmware cyber security empowers Provision-ISR to secure its IoT camera devices by enabling them to uncover firmware security flaws and harden its products with on- device runtime protection.
Ami Finer: Provision-ISR decided to take a unique approach when it comes to cybersecurity for CCTV. We have decided to entrust the cybersecurity management of our CCTV devices to Check Point Software, a leading provider of cybersecurity solutions to corporate enterprises and governments globally. By joining forces, we believe we have set a new standard for cybersecurity in CCTV. An end-to- end cybersecurity solution on all Provision-ISR devices.
Can you dive a little deeper into the solution? What exactly is it and what is it called?
Gil Israeli: Check Point Quantum IoT Protect Nano Agent is an embedded runtime protection for IoT devices, such as IP CCTV systems, with on-device runtime protection, preventing zero-day attacks regardless of where they are or how they are deployed.
Should such an attack be detected, the nano agent can either block the attack entirely or alert the organisation’s security team, with minimal impact of device performance. Additionally, this solution does not require signature updates, an essential feature for IoT devices.
The Nano Agent provides out-of-the-box threat prevention capacities even in offline scenarios.
Important for enterprises, the Nano Agent has built-in integrations with Check Point Infinity NEXT, providing users with easy and consolidated management, visibility, and logging for IoT and OT devices in a variety of deployment scenarios. The nano agent can also be deployed in standalone mode in isolated environments with no network or Internet connectivity.
You can find a detailed list of capabilities on our website.
On how many Provision-ISR cameras will be deployed this security solution?
Ami Finer: The Check Point nano agent will be on all Provision-ISR devices: cameras, recorders, and servers. This process will take around 1 year to achieve in full since it requires some hardware changes to some product lines.
Is it possible to upgrade older/existing CCTV cameras (retrofitting) or would people have to buy brand new ones?
Ami Finer: Some yes and some no. For items with hardware that can carry the Check Point nano agent, a version upgrade will be possible, and users will be able to enjoy this new feature. For other items, we must change the hardware to support the Check Point nano agent.
Why are Internet of Things (IoT) devices, like CCTV cameras so vulnerable? Can you share examples of real attacks using CCTV cameras?
Gil Israeli: IoT devices come with a few intrinsic flaws that make them susceptible to a hack:
- Lack of standardisation creates a hodgepodge of devices
- Weak security approach, including flimsy or nonexistent passwords
- Outdated and unpatchable architecture, firmware, software
- Larger number of devices expands the attack surface and opens up the possibility of a botnet campaign
As a result, it is all too easy for hackers to gain access to these devices and either wreak havoc with the IoT devices themselves or move laterally to harm mission-critical systems and steal the personally identifiable information (PII) of customers or employees, intellectual property, or other assets. Hackers may also gain control over the network and hold it for ransom. We see that in general, vendors build and sell IoT solutions based on functionality and ease of use, often rushing products to market to beat the competition— without looking at the security big picture.
Ami Finer: The Verkada breach was a real example of hacked surveillance cameras. The IoT building- security startup was hacked in 2021, exposing footage from over 150,000 connected surveillance cameras belonging to 95 customers. It gave the attackers inside views of facilities including prisons, schools, companies, and even car manufacturer Tesla. The Verkada breach is nothing unique; in fact, too many situations like this have recently come to light.
Why should device manufacturers invest more in building IoT security into their devices?
Gil Israeli: While there are no standards and regulations yet, more secured devices are of essence to us all from consumers to enterprises and nations. Take the US for example, which in December 2020, passed the IoT Cybersecurity Improvement Act demanding better, tighter standards for IoT devices. This is an important step, acknowledging the serious threat these devices pose. One study showed that customers are worried by IoT security and would be willing to pay 22% more and buy 70% more of secured IoT devices.
Ami Finer: even important legislative actions like these are too late for most enterprises, as they are already using IoT from unregulated vendors. They may not even be aware of what IoT devices are in their environment. Obviously, when buying new devices, it is essential to choose vendors that are trustable and that are known for putting security first, like Provision-ISR.
Provision-ISR is exclusively distributed in New Zealand by Security Wholesale Ltd – www.swl.co.nz.
