Maintain cybersecurity of software with long-term support firmware track

Article
January 25, 2019
While updating surveillance camera firmware is critical in keeping systems up-to-date and secure, some organizations can be reluctant to do so, due to concerns that upgrades can affect system stability. But ignoring or delaying firmware upgrades can be counter-productive, particularly when firmware updates bring important cybersecurity benefits. To address this, Axis now offers a new approach to keeping firmware up-to-date: long-term support (LTS).

All hardware needs firmware in order to operate – whether that’s a laptop, mobile phone, or a surveillance camera – and from time-to-time, all firmware needs updating. It is widely recognized that a lack of firmware maintenance can mean systems are exposed to security vulnerabilities and be affected by software bugs. However, some businesses are still not upgrading their system firmware, even when fixes are available.

As Sebastian Hultqvist, Global Product Manager at Axis explains, “In some case, regular firmware upgrades are not being carried out due to fears of data loss, reduction in system stability, or loss of integration with critical third-party software, disrupting the customer’s workflow.”

The irony is that by not maintaining firmware, businesses are leaving themselves exposed to more serious risks to their network, particularly in relation to security, which may have an even more detrimental effect on business operations.

A different approach to firmware updates

Axis employee, Sebastian Hultqvist
Sebastian Hultqvist, Global Product Manager at Axis.

In standard firmware maintenance, upgrades arrive periodically and include updates to camera functionality, in addition to bug fixes and any relevant vulnerability patches. Of course, opting to upgrade firmware is not mandatory, but always recommended for effective and secure camera operation.

Customers who have bought the system with the specific functionality they require don’t necessarily want to adopt new features, particularly when this means additional work needed to ensure systems software integration remains compatible after the update. Therefore, the firmware update is ignored.

To address this issue, Axis now offers a long-term support (LTS) programme for firmware. LTS delivers important bug fixes and vulnerability patches, without affecting camera functionality. In effectively applying a ‘feature freeze’ to the camera software and only creating firmware updates to address bugs and vulnerabilities, products remain protected and integrated with third-party software. While similar long-term support for specific software is common more broadly across the IT industry, it’s not something seen often in the security sector.

The double benefit of LTS

For organizations taking advantage of LTS, there are two key benefits: firstly, the knowledge that the system remains secure as bugs are fixed and vulnerabilities are patched, and secondly that the systems integrity remains in place as specific camera functionality isn’t affected.

The ‘active track’ for firmware updates – containing functionality upgrades in addition to bug fixes and vulnerability patches – will continue. LTS firmware upgrade ‘tracks’ will be issued every 12-18 months, based on a regular active track release. Subsequent major and minor firmware upgrades for the LTS track will focus solely on stability improvements and vulnerability patching.

Customers will be able to switch to new LTS tracks when available, which gives them the option to acquire new functionality if desired. The customer upgrade cycle can then be aligned to other system changes, such as VMS software upgrades or periodic hardware replacements, which would require the system to be requalified in any case.

Hultqvist adds,

There is no doubt that deciding whether businesses should upgrade its firmware or not has its individual complexities. Although the concerns raised regarding business continuity hold validity, LTS demonstrates our commitment to meet our customers’ needs.

For more information on how to choose and download the latest active track and LTS releases please visit www.axis.com/support/firmware.