M+E Daily

Eleven top security-focused companies touted their latest offerings on June 30 during an all-virtual, first annual Content Delivery & Security Association (CDSA) Cybersecurity Tour during Mobile World Congress.

During the nearly three-hour event, CDSA thought leaders led M&E executives and content owners through some of MWC’s highlights, introducing representatives from the 11 showcasing companies, who showed off their technology, products and services, and discussed challenges and current trends in the space.

Tour participants also got to have their questions answered by leading experts at the participating companies.

Here’s a rundown of what Convergent Risks, BuyDRM, Friend MTS and NAGRA had to share:

Convergent Risks
Mathew Gilliat-Smith, EVP of Convergent Risks, provided updates on his company’s application security assessments, its approach to freelancer home office security, and the SanctumHUB Management Portal and SanctumIR incident response app.

When conducting cloud security assessments, he said, the “typical findings” can include: lack of centralised identity management; vulnerability management tooling and processes missing; lack of anti-malware on virtual machines, which could result in malware not being detected within the Cloud environment; lack of security monitoring for both malicious activity and/or cloud misconfiguration: overly permissive inbound firewall rules; insufficient cloud training of team members; and the absence of application penetration testing.

Meanwhile, when conducting Software-as-a-Service (SaaS) service provider assessments, typical findings can include: vulnerability management tooling and processes not in place; lack of security control testing – simulating malicious activity; lack of understanding of compliance obligations; absence of tooling to detect malicious activity within cloud and the applications running within it; lack of security hardening of cloud workloads; insufficient segmentation of the network; insufficient management of mobile devices; absence of anti-malware on virtual servers; and a lack of code security testing before deployment to containers.

He moved on to ask rhetorically: “What does bad look like” when it comes to application assessments?

He said: “It typically involves any of the above but also uncertainty regarding compliance and data privacy; incident management not being tested; lack of secure coding guidelines; no security hardening or anti-malware; lack of external vulnerability scanning; and lack of key rotation in some areas.”

And typical findings in web app penetration testing can include: The app not performing sufficient validation of user input leading to cross site scripting attacks; URL redirection; and inadequate password policies, he noted.

Moving on to the second area of the presentation, he said Convergent also has a new approach to providing assurance for remote workers in response to the rapid shift in operating practices. Studios are questioning freelancer security. It’s essential to confirm that remote workers are operating securely.

“We have a list of key security procedure we will invite the vendors to engage with because it’s not just them — it’s their wider community of freelancers who they’re using and this is where studios are increasingly concerned that suddenly the whole working culture has changed” and they want to make sure there is some degree of control, he explained. “We’ll conduct the assessment, we’ll do the reporting, and then we’ll provide the remediation advice and guidance,” he added.

Studios can then “plug into” the SanctumHUB Management Portal, which “enables you to … see a snapshot of where the supply chain is in terms of security assessments, what assessments have been started, what’s in progress, what’s been completed, and all the stats that go with it,” he explained.

In addition, the SanctumIR app enables organisations to manage security-related incidents in one place and communicate with anybody who needs to be contacted. The incident and case management platform enables teams to work together on sensitive information and files regardless of where they are located in the world. It provides one single secure place to control and support incidents, upload and store evidence and files. The Incident Lead can also set tasks and confidentially communicate with fellow case-workers securely. “We’ve got a few customers on this already and it’s something that we want to make sure is adopted more widely,” he said.

BuyDRM
DRM and content security services provider BuyDRM will start alpha trials of its new KeyOS MultiMark watermarking SaaS service in the current quarter, according to Gabe Elton, its director of sales.
The “actual go-to-market strategy” for it will start in the fourth quarter this year, he told attendees, adding: “We are looking to aggregate watermarking solutions and providing that as a service – sort of the way that DRM is offered.”

Also planned is a KeyOS MultiMark server watermarking as a solution software offering, formerly called “MediaEngine,” that will start alpha trials in the fourth quarter this year, according to Elton.
The company operates what it says is the largest DRM platform in the world, serving more than 20 billion licenses a year and over 70 million plays a day, he told attendees. Operators including Activision Blizzard, Crackle, Redbox, Showtime and Twitch all rely on BuyDRM’s DRM technologies to power their global video presence, according to BuyDRM.

OTT platform operator Freecaster recently selected BuyDRM and its KeyOS multi-DRM platform to secure both premium live and VOD content for viewers globally.

Friend MTS
Content security company Friend MTS is seeing “churn going up” as more video subscription services launch, according to Andy Wilson, the company’s senior product architect. Many of those subscribers are jumping from one service to another and they are often doing it very quickly, he said.

Meanwhile, “there are a vast number of pirate services out there that present themselves with user interfaces that are very compelling [and] mimic the original content owner’s or the original platform’s user experience very, very well,” he pointed out. Sometimes the same assets are even used after they’re ripped from the original owner’s CDN “by mimicking the tokens that are used for authentication,” he noted.

All of that contributes to the ease in which pirates are extracting content and making revenue from it, leaving the content owners with significant losses, he told attendees.
The methods being used to pirate content are “ever-involving” so it is important to provide “detailed insight into the behavior of those pirates but also to come up with consumption insights as well,” he explained.

Friend MTS provides services that help broadcasters, content owners and pay TV operators to make sure “they’re able to get the revenue reach that they need by primarily going out there and detecting where piracy is taking place by disabling that piracy,” he explained.

The company offers customers a platform that captures and monitors active piracy services and it works to “mitigate those services by gathering intelligence, by infiltrating pirate services and gathering the necessary intelligence on the media they’re carrying and then obviously taking action where appropriate – whether that’s providing that data to our broadcaster or operator customers for them to take affirmative action or passing that across to law enforcement,” he said.

Friend MTS recently launched the fourth-generation version of ASiD, an enhanced and extended set of subscriber-level forensic watermarking solutions that address a wide range of content protection scenarios to secure high-value content and revenue across all types of broadcast and OTT devices, clients and apps. ASiD has been on the market for more than 10 years, Wilson noted.

Due to the increased need for content owners, broadcasters and operators to address real-world piracy, Friend MTS included ASiD OTT Edge-switched, a new smart server-side A/B variant solution that it said offers an additional robust method of watermarking premium content that works to protect live and video on demand assets from illegal redistribution.

NAGRA and Kudelski Security
NAGRA and Kudelski Security continues to add to its offerings in response to the changing nature of the cybersecurity landscape, according to Tom Wirth, SVP of sales and GM, who pointed to the recent rise of high-profile ransomware attacks that included the Colonial Pipeline case.

“We now have services that do ransomware backup,” for example, he said. “People want to buy cyber insurance” also because they want to have the ability to have the costs paid for if an attack like that happens, he noted.

Ahead of the pandemic, NAGRA and Kudelski Security scored a win over piracy in Brazil by working with local authorities and the industry to “shut down 100 restreaming, linear TV sites,” he noted. One of them alone was estimated to be an $18 million a year business, he said.

Other trends over the past year include the ongoing shift of content into the cloud and more people working remotely, he noted during the Q&A. Many workers are returning to the office now and realize that many aspects of business need to be done in the traditional office space, he said.

This is the first of three stories covering the June 30 Cybersecurity Tour during Mobile World Congress.