We use applications all the time. Whether we’re checking our Facebook notifications on our cell phones or browsing Netflix on our TVs, they’re constantly presenting us with digital content. But what happens when the stream freezes, or the app crashes?
Application security needs to include hardening the application itself so that even if there are vulnerabilities the developer doesn’t find, it’s protected anyhow. To find out more about this, we spoke to Asaf Ashkenazi, Chief Operating Officer at Verimatrix, who is responsible for engineering, security, product management, and marketing.
Verimatrix started as a content protection and digital rights management (DRM) provider for video operators, helping them meet Hollywood studios’ stringent security requirements. Verimatrix has since expanded, producing cloud services to secure content distribution and protect digital content against piracy.
Since being acquired by Inside Secure in 2019, Verimatrix leverages Inside Secure’s embedded security technology to protect the content’s code itself as it runs on different devices. This allows them to secure and manage content not just during distribution, but also when it has reached its end destination.
This has led to the expansion of Verimatrix’s customer base beyond the film and TV industry, as they’re now relied upon by organizations in the auto manufacturing, finance and healthcare industries to secure digital applications.
Protecting Digital Content During Transfer And Storage
One of the biggest challenges in protecting digital content is its complexity, Ashkenazi says. “It’s the amount of devices that we need to distribute the content to, the vast variety of devices, and the level of security and trust given to each device.”
He highlights this with an example: imagine that you work for a media company. When you distribute content within your organization, you are able to execute some control over the devices that it’s being sent to. Now imagine that you’re delivering a football game to millions of unknown devices. How can you be certain that each of those users will a) be able to watch the game and b) not pirate the content for redistribution?
Ashkenazi says that Verimatrix has tackled this challenge on two fronts. Firstly, their solutions are extremely scalable to be able to protect enterprises with thousands of customers, but also media services with millions of viewers. Secondly, their code protection algorithms allow them to protect content once it has reached an end device, not only while its in transit, by making it extremely difficult for hackers to exploit vulnerabilities in the strands.
“If I can stop the source of the content that the pirates are using to run their own ‘service,’ then their pirated content will not be viewable and the user experience won’t be good,” he explains. “So the user will see that it’s not worth it and pay for a real subscription.”
Asaf said this could involve changing the code so that pirate streams constantly need to buffer or can’t show the final episode. And nobody likes a cliffhanger.
The Threat Landscape Is Evolving
…Yes, evolving, but not completely changing. Asaf has almost 20 years of experience in the cybersecurity industry, and has experienced a lot of this evolution first-hand throughout that period, during which the advancement of technology has paved the way for a world in which we can’t live without our smartphones. In the last 20 years, different content mediums and services have converged so that users can access different services from one provider, such as internet, phone and streaming sites. As this change has happened, Verimatrix has adapted to the market changes and offered comprehensive protection solutions to cover ever-evolving services.
“The evolution of moving to mobile and having everything together is what we’ve adapted to,” Ashkenazi says. “In the past this was a limited area, but now it’s applicable to so many other use cases. It’s all about the distribution of content to a lot of devices, and it doesn’t matter whether this content is a video, an e-sport or a game.”
However, although technology has become more sophisticated, attacks themselves are still based on the same principles. Ashkenazi explains this for us:
“If you look through history, their patterns and how they operate are almost unchanged. It’s the tools and the environment that have changed. But, fundamentally, they deceive, and they steal. In the past, attackers stole gold coins; now they steal bitcoins. They don’t steal a car now; they steal the data to be able to sell the car.”
In today’s digital world, hackers are increasingly targeting cloud environments in order to shut down services and disrupt the business. . “If attackers can stop the availability of a service, they can then extract money from companies that want to get their service back up and running,” Ashkenazi says.
“Our goal isn’t to eliminate crime, because that will never happen,” Ashkenazi says. “But hackers are lazy. Like anyone else, they want to do the minimum amount of work to get the results they want. If there’s an easier way, they’ll take it. If the cost and complexity of the attack outweigh the profit, it’s not worth doing. So instead of looking for a solution that eliminates piracy, we’re looking at disrupting the fundamental way they work by developing our technologies.”
Three Steps To Combating Cyberattacks
We asked Asaf for his top tips for organization wanting to protect themselves against current threats and the cloud-based threats that are emerging as the world becomes digital dependent.
“The first step is awareness. Instead of finding the easiest place to invest, look at it from a hacker’s point of view as to where the vulnerabilities are.” There is no silver bullet solution to security, but being aware that you need protection and knowing where to place it is crucial.
“The second step is adapting to the threat,” Ashkenazi says. “In many cases, the budget is there but it isn’t invested in the right place, because the threat is changing.”
The final step, according to Ashkenazi, is preparation. The risk of an attack still remains, even with secure protection measures in place, so it’s important that organizations are prepared to deal with attacks. “If you’re prepared, there may still be damage and it may still impact your business. But not to the extent that it would if you were surprised.”
Thank you to Asaf Ashkenazi for taking part in this interview. You can find out more about Verimatrix and their range of cybersecurity solutions at their website.