Eleven top security-focused companies touted their latest offerings on June 30 during an all-virtual, first annual Content Delivery & Security Association (CDSA) Cybersecurity Tour during Mobile World Congress.

During the nearly three-hour event, CDSA thought leaders led M&E executives and content owners through some of MWC’s highlights, introducing representatives from the 11 showcasing companies, who showed off their technology, products and services, and discussed challenges and current trends in the space.

Tour participants also got to have their questions answered by leading experts at the participating companies.

Here’s a rundown of what Synamedia, X Cyber, Softtek and GeoComply had to share:

Synamedia
Amid the challenges of the past year, “the risk did not disappear,” Orly Amsalem, principal business development manager of video anti-piracy at Synamedia, told attendees.

“On the contrary, the pirates have evolved,” she said, noting: “They have new methods, new ways. And they attack both content and service. And they do it sometimes even without you knowing about it.”
Synamedia offers advanced cyber-intelligence services and a “holistic security portfolio to protect the entire distribution path that can help you to mitigate those different risks and protect your content service and revenues,” she pointed out.

There are various “vulnerabilities” across companies’ over-the-top (OTT) video distribution paths, which “pirates are exploiting in order to see your content and services,” she said.

Although organisations may already have a digital rights management (DRM) system in place, “that’s no longer enough” because “pirates have evolved; they are finding and exploiting new vulnerabilities in your distribution path that enable them to steal not just your content, but also your service,” according to a video Amsalem played for attendees. “Some operators report five times more actual traffic through their” content delivery network (CDN) “than they expected and the same is probably happening to your business,” according to Synamedia. “Pirates are using your infrastructure to monetise your content and you are paying for it,” according to the company.

The company’s SecurityGuard protects organisations’ video delivery infrastructures and puts an end to pirates stealing your service, according to Amsalem. SecurityGuard provides clients with a unique, non-tradable ID and cryptographic keys that together prevents pirates from “hacking the authorisation process and enforce concurrency limits,” according to the company.

ServiceGuard also “blocks pirate emulation scripts to mitigate attacks on your concurrency mechanism” and “prevents tampering with the video application,” blocking pirate viewers from receiving unauthorised access to your service, according to the company.

There are “bad players” who launch multiple trial periods or “buy stolen credentials on the dark web for a 10th of the original price,” Synamedia pointed out. Hackers often perform credential stuffing attacks using credentials available on the dark web after they are stolen in data breaches, and they rely on the fact that many consumers use the same credentials to access multiple devices, according to the company. Service abuse is also not exclusive to bad players and fraudsters, the company said, noting credential sharing with family or friends or even swapping credentials with strangers using social media platforms has never been easier. This is happening among as many as 20% of a video service’s legit subscribers, according to Synamedia.

The company addresses that issue with Credential Sharing & Fraud Insight (CSFI), which it said uses behavioural analytics and machine learning models.

X Cyber Group
“Cybercrime is the new gold rush,” according to Matt Lane, co-founder and director of X Cyber Group.

It is “something we’ve seen over the past 18 months or so,” said Lane, who focused his session on what he called the “human side of cyber.”

“Disinformation,” meanwhile, is “being used to impact share prices,” he said, noting these activities are “very much permeating everyday interactions online.

X Cyber Group helps its customers “defend themselves” but those customers can, “to some extent, look after themselves,” he said, adding: “Most of our clients, in fact, have got all the usual tools and training programmes — things like this — in place. So really, we’re looking to see what else can we provide value on. And for our clients, that tends to be these auto events that happen away from the traditional network defence perimeter.”

The company provides its clients with four key areas of expertise, he concluded: Domain knowledge – how services interact and where, how, and why data traverses the internet, and how we can lawfully locate, obtain, and utilise this information to inform decision making; target expertise, including a deep understanding of how targets behave, and where, why and how they’re fallible; proprietary technology; and it being a trusted partner for clients.

Softtek
“There have been a lot of different challenges in the industry over the last 15 months,” Leonel Navarro, information security practice global VP and offering manager, told attendees. For example, Softtek has seen an increase in the number of cyberattacks, he said.

“Cybercrime is one of the most important business risks documented for the technology, media and TV communications industry” because there is “a lot of content that is out there that can be used in an inappropriate way,” he told attendees.

“At least 90 percent of the applications that we have tested over the last 15 months have at least one critical or high vulnerability in the code,” according to Navarro, warning that it’s “very important that you need to keep on your radar.”

The two top vulnerabilities, meanwhile, continue to be cross-site scripting and input validation, he said.

He went on to suggest that organisations factor in security right from the start of every project.

The main cybersecurity challenges now in the industry are: Demonstrating compliance, improving operational efficiency, avoiding downtime, secure integration of third-party vendors and protecting consumer data, according to Softtek.

The top overall industry challenges, meanwhile, include content security, cost, visibility, operational efficiency, customer experience and protecting customer data.

But the pandemic has “really made the information security industry… more relevant,” after growing “exponentially” over the last 15 years, he said.

GeoComply
There is a massive VPN problem in the M&E industry, according to James Clark, director of global sales at GeoComply, which fields a VPN protection solution called GeoGuard.

Describing the scale of the problem, he noted that most VPN users admit that their primary goal is to access geo-restricted content. There are about 250 VPNs that his company tracks at any given time and about 20-30 of them are big ones that are commonly used, he said.

A GeoGuard customer found that 66 percent of users on stolen or shared credentials were using a VPN and the customer saved $500,000 in bandwidth costs after implementing effective VPN blocking, according to Clark.

The VPNs serve many millions of customers globally, he told attendees, noting that one has over 140 million customers and that traffic is driven by OTT content popularity.

Just over 30 percent of global internet users use a VPN and just over half of them are using a VPN to access better entertainment content, he told attendees, citing GlobalWebIndex data.

“In other words, all of the different deals that the rights owners are doing around the world and the licensees are taking to promote that content are being subject to people viewing that content on a VPN and potentially not actually being in the place where that content is supposed to be seen from,” he explained.

“Premium services attract premium problems” and VPN blocking is “not as effective as it should be,” according to Clark, who noted: VPNs continually update themselves to avoid detection; there is a geo-piracy technique that uses hijacked residential IP addresses from tens of millions of compromised devices to bypass traditional VPN detection; there are a large number of additional IP addresses to track; and premium VPNs targeting major OTT services with dedicated IP ranges to avoid blacklists.

This is the second of three stories covering the June 30 Cybersecurity Tour during Mobile World Congress. Read the first story here.