Confidentiality, integrity, availability – even lost business. There’s plenty at risk if your system is compromised. As IP-based products are potential pathways to your network, it’s important to protect them from threats like unauthorized access, tampered software and exploitation of vulnerabilities. Together, we can put safeguards in place to make it harder for cyber incidents to occur.
In the sections below, you can learn about the elements underpinning the security of Axis' offerings, and what we do, provide and recommend to mitigate cybersecurity risks over the course of a product's lifecycle.
ISMS, ASDM and AXIS OS
Maintaining the integrity of the systems that support the delivery of our offerings is key. The foundation starts with an information security management system (ISMS) that complies with ISO/IEC 27001. The system includes our Axis Security Development Model (ASDM). ASDM defines the methodology applied to reduce the risk of having vulnerabilities in software such as video management software and AXIS OS, the operating system that powers most Axis devices. AXIS OS is also a platform that enables quick and efficient release of security features and patches across a great number of products.
Axis Edge Vault
Another key element – built into our devices – is Axis Edge Vault. It's a hardware-based platform rooted in cryptographic computing modules like secure element, TPM and system-on-chip security (TEE). The platform supports a host of Edge Vault security features. The Axis device ID, for instance, provides proof the device is from Axis; and secure keystore allows for the secure storage of the Axis device ID and customer-loaded cryptographic keys. Other features include signed OS (firmware), which validates that the operating system is from Axis; and secure boot, which ensures the device boots only genuine AXIS OS. Edge Vault also encrypts the device's file system.
Transparency
Equally important is having transparency – essential to building trust. As a Common Vulnerabilities and Exposures (CVE) Numbering Authority [EN] (CNA), Axis issues notifications about newly discovered vulnerabilities so customers can take timely action to update software. We also publish a software bill of materials [EN] (SBOM) for AXIS OS. And we state the end-of-support date for the device software so customers can better plan when to decommission and replace a product.
During these phases, it's important to mitigate the risks of having compromised components. It's why we implement supply chain controls. We procure critical components directly from strategic suppliers. We closely monitor production processes and ensure transparency to better assess and mitigate potential security risks.
To help counter software tampering after a product leaves Axis, features like signed OS and secure boot, together with making a factory default on the device, offer supply chain protection. Encryption on a device's file system also protects saved data from extraction when a product is in transit or not in use.
When you're ready to connect an Axis device to your network, we recommend that you first perform a factory default on the device. This, together with signed OS and secure boot, ensures the device is free of unauthorized software modifications. You should also go to the Axis website and download the latest AXIS OS for your device, which will include up-to-date security patches and bug fixes. For efficient configuration and management of Axis devices locally, AXIS Device Manager enables batch processing of security tasks, such as managing device credentials, deploying certificates, disabling unused services, and upgrading AXIS OS.
Built-in security features
Device features like signed OS and secure boot ensure only genuine Axis operating systems are used, while secure keystore enables secure storage of the cryptographic keys used to encrypt data. Secure communication via HTTPS is enabled by default on Axis devices and video management software. The latest versions of AXIS OS also support technologies that make zero-trust networking easier. They include IEEE 802.1X, together with IEEE 802.1AR-compliant Axis device IDs, for automated and secure onboarding of devices to an IEEE 802.1X network, and IEEE 802.1AE MACsec for automatic encryption of data communications.
Applying controls
Consult various hardening guides to configure Axis products for your security needs. You should set strong passwords; use only HTTPS for encrypted communication between the device and client; and disable unused services and functions to reduce unnecessary risks. It’s also important to set the date and time on the device correctly to enable accurate system logs and ensure that digital certificates – which services such as HTTPS and IEEE 802.1X rely on – can be validated and used. On supported cameras, you can enable the signed video feature to allow users to check that exported video is free of tampering.
It's important to keep all software – including the operating systems of your devices – up to date to ensure newly discovered vulnerabilities are promptly patched. New AXIS OS releases for connected devices are highlighted on AXIS Companion, AXIS Camera Station, and partner video management software like Milestone XProtect® and Genetec™ Security Center, as well as tools like AXIS Device Manager and AXIS Device Manager Extend, to make it easier for you to implement the updates. You can also sign up to receive security notifications from Axis. If your network is breached, the AXIS OS Forensic Guide helps you conduct a forensic analysis of Axis devices.
Knowing when it’s time to decommission your networked devices is just as important as keeping them up to date and secure while in use. Product pages on the Axis website, as well as tools like AXIS Device Manager Extend, show the end-of-support date for a device's operating system. It allows you to decommission and replace a device in a timely manner, and avoid the risk of operating a device with unpatched vulnerabilities. Removing data on a decommissioned device is also important. By performing a factory default, you can quickly erase all configurations and data from the device. See details on decommissioning products.
This four-page flyer packs in details about Axis' lifecycle approach to cybersecurity.
The e-brochure covers topics such as cyberthreats, procurement considerations, the Axis device lifecycle approach, and compliance.
This free online e-learning course introduces the Axis approach to cybersecurity.
Access a wide range of information on cybersecurity and how Axis supports it.