These lifecycle management tips will ensure your cameras and other security devices will work when you need them.
Someone reported a fender bender in the campus parking lot. You bring up the camera recording to investigate and surprise! There’s no video of the incident. In fact, the camera hasn’t been recording for over a week and no one knew it. It’s not enough to know what devices are on your network. You need to know the current state of those devices. That’s where lifecycle management comes into play.
Why Lifecycle Management of Your Security Devices Is So Important?
In today’s interconnected ecosystem, a vulnerability in one device can threaten the integrity of the entire network. That’s why it’s so important that organizations align their IT infrastructure and physical security assets to the same rigorous lifecycle management policies and practices. This includes proactively monitoring every device with an IP address to make sure it’s kept up to date throughout its lifecycle – from the time it’s installed, through any firmware updates that fix bugs and patch known security issues, until it’s decommissioned when it reaches end of life.
When it comes to product lifecycle management, there are two aspects: functional and economic. Functional focuses on how long one can realistically expect the device to operate and function properly. Economic focuses on how long until the device‘s technology becomes dated and only has limited support from the manufacturer and starts costing more to maintain than adopting new, more efficient technology that supports features like better compression and more advanced analytics. Instituting a lifecycle management program helps you keep close tabs on critical devices and identify those susceptible to risk because of outdated firmware, outdated operating systems, or other issues.
While organizations typically have their own strategies for managing the functional and economic lifecycles of their devices, here are some basic guidelines to consider.
1. Create a Detailed History of Every Device on Your Network
To effectively manage your inventory, you need to collect and maintain a detailed audit of every device to be sure none are overlooked that could easily become an entry point for attackers. Many manufacturers offer device management software to help with that task. These programs not only help you discover what devices are on your network, they also capture key information about them: model numbers, IP addresses, MAC addresses, as well as the current status of their firmware, software, and security certificates. It can even include whether any firmware updates are available for those products.
Once the program collects that information, those who need to use it can view it on a dashboard that displays the data as a detailed list of the manufacturer’s devices.
Device management software also provides an efficient way to perform a variety of maintenance tasks from managing user privilege levels and password changes, to implementing firmware updates and configuration modifications. You can use the software to push out system changes, firmware updates, and new security certificates to hundreds of devices simultaneously, rather than individually. In addition to saving staff countless hours doing security and maintenance tasks, the program generates an inventory of firmware that the security team can review to make sure the manufacturer’s devices are complying with the organization’s most current security policies and practices. Top tier manufacturers also post additional resources on their websites, such as SBOMs (Software Bill of Materials), a detailed guide to all the code libraries inside their applications.
Within device management software is the ability to create a configuration template to speed up configuration of new devices while ensuring that they comply with campus, district, or healthcare facility security standards. For instance, the template can be applied to automatically turn off services that aren’t being used or activate additional cybersecurity features. In many cases, these configuration templates can even be pushed out to older devices, which would improve the overall security of the network.
Another benefit of using this tool is that it helps you keep track of cybersecurity certificates, warranties, and product discontinuation information so you can proactively plan device replacements. This is especially important for companies focused on cybersecurity that typically replace their network cameras every five to seven years.
2. Standardize Procedures for Installing and Decommissioning Devices
Before you onboard a device and assign it an IP address, make sure you change the manufacturer’s default password. It’s one of those low hanging fruits that cyber criminals love to exploit. Check the manufacturer’s website for any available firmware upgrades you need to install before the device goes live. Failure to do so may invite vulnerabilities or operational problems between devices. Also, remember to use NTP (Network Time Protocol) to synchronize each device’s clock across the network – especially since certificates and ONVIF protocols rely on the time being correct.
When you decommission a device, whether due to a functional breakdown or obsolescence, it’s important to erase all the data on the device before disposing it. That includes any usernames and passwords associated with it, as well as its digital certificate and IP address. This is to prevent anyone with nefarious intent from extracting this onboard data and using it to breach your network.
3. Set Configuration Standards, and Back Them Up
Over time, system settings tend to drift. New devices get added that are configured differently from those installed several years ago. Or, someone manually changes a few settings on a device and forgets to reset it to its original parameters.
With templates, you can enforce consistency across the ecosystem. But to truly prevent entropy, consider backing up configuration settings on a regular basis. Backups let you compare device settings over time so you can discover when someone has changed a device’s parameters. Once you’ve identified the out-of-compliance device, you can use device management software to restore the original configuration.
You can also use configuration backups to streamline device replacement. Instead of manually configuring the new device, you can automatically push out the settings from the original device into the new one.
4. Prevent Broken Links Between Your Devices and Your VMS
Maintaining the symbiosis between your security devices and your video management system (VMS) can be complicated, especially if they come from different vendors. For instance, if your cameras are running the latest firmware but your VMS is operating on a much older version, they might not communicate correctly. So, it’s important to check vendor websites to confirm interoperability before installing any new firmware or software on your devices or VMS.
Backward compatibility, a concept taken from the IT world, is another important aspect of lifecycle management. If devices need to run an older version of firmware to maintain connection with older VMS firmware, continued long-term firmware support from the manufacturer of those devices – bug fixes, cybersecurity patches, and other updates – is essential to protecting your network.
The More You Know, the More Secure You’ll Be
Using tools to assist with lifecycle management processes is a smart way to gain insight into the state of your technology ecosystem. You’ll instantly know that devices are up to date with the latest patches, firmware updates, and certificates from their manufacturers. You’ll see which devices are flagged for removal because they’re no longer supportable.
This kind of timely oversight, coupled with consistent policies and procedures, helps you anticipate when devices are reaching end-of-life and determine vulnerabilities that could potentially expose your devices to exploitation and additional risks before they compromise your network. And that’s what proactive ecosystem security is all about.
Ryan Zatolokin is a cybersecurity expert Senior Technologist for Axis Communications.