Current section: Video security
- How to buy
On March 9th, a group of hackers gained access to live video feeds, recorded videos as well as Verkada customer data. The news broke first in Bloomberg, and Verkada later posted a security update on their website.
According to Verkada, “The attack targeted a Jenkins server used by our support team to perform bulk maintenance operations on customer cameras, such as adjusting camera image settings upon customer request. We believe the attackers gained access to this server on March 7, 2021, and maintained access until approximately noon PST on March 9, 2021. In gaining access to the server, the attackers obtained credentials that allowed them to bypass our authorization system, including two-factor authentication.”
There is also information circulating that the hacker group obtained access to so-called super-admin accounts and a password that gave them access to every customer account.
We want to assure everyone that the methods used to compromise Verkada’s devices and infrastructure cannot be used against Ava Security.
We are a Unified Security company, and security is at the core of our products and everything we do. Our Ava Reveal data protection platform is used across the company to add a unique layer of security.
Ava does not employ the concept of a super-admin that can be used to access all customer systems. Ava Aware customers are fully in control of the creation and administration of accounts on their systems, and there are no backdoors or secret hidden accounts. Ava also does not use Jenkins, or any similar system, to bulk edit any deployments, nor does it have any backdoor into our customers' systems.
We designed our Deployment Management Portal (DMP) to allow Ava’s partners and the Ava Support team to help operate and support deployments. Command of whether this is enabled and what permissions are granted are controlled by the customer. Access by Ava Support is controlled by multi-factor authentication (MFA) and limited to specific individuals based on their role. Besides, all use of this mechanism is logged and audited.
Ava is a security-first company, with a strong product and security culture. We believe that to deliver an effective security solution, the system itself must be secure. Our company’s first offering in the market was Ava Reveal, a cybersecurity solution for data protection. We later broadened the offering to include Ava Aware, Ava Cameras, and the Ava Cloud Connector for video security and analytics. We have industry-leading portfolios and expertise in both video and cyber security, and share secure development models and expertise across domains to ensure all our products are secure from the ground up. While it is impossible to guarantee 100% security, we follow internationally recognized security standards and processes to minimize the risk.
We realize that security incidents in our industry create uncertainty and that our customers and partners might have a lot of questions about security in general and our approach to security in particular. We will be as open and transparent about our process as possible.
We developed the Ava video security solution to include security in all aspects of design and implementation:
If you have any questions regarding our approach to privacy and security, please email us at firstname.lastname@example.org at any time.