Report an Attack

Do you have a CDN security gap?

Share:



My colleague Tim Pearson recently wrote about how DRM, CDN and tokens can all work together to protect against piracy. For years, CDN technology has made high-quality content delivery possible. However, is it possible that the CDN has left the door open for online piracy, a common enemy to all video service providers, streaming operators, and content creators?

Unfortunately, the answer is yes. CDN vendors have provided excellent delivery capabilities to their clients. However, access control has not always been top of mind, particularly in the context of OTT, where content has been protected by Digital Rights Management (DRM) – and sometimes only when the content has been deemed valuable enough to protect. 

And as the industry is experiencing, there’s a rise in pirate activity to access, consume and resell content. Industrious pirates are always in the mix, such as gaining access to CDN-hosted content via vulnerabilities with Widevine DRM and DRM content keys. Some pirates deliver their services by directly connecting to legitimate CDNs – which has the net result of the operator not only losing potential revenue but also having to pay for the pirate activity too. The damage inflicted is significant; in a research piece NAGRA authored with the Digital Citizen’s Alliance, it’s estimated that piracy costs the U.S. market $1Bn per year – and estimations suggest a similar figure for Europe. 

Such market developments are now reaffirming a need for streamers to increase their security approach to better manage access control of their CDNs to block those illegitimately trying to access their content. 

Security Solutions and Considerations 

Many security tools are available to service providers to protect OTT streaming, such as multi-DRM, device authentication, application hardening, and watermarking. Streaming operators can also consider a multi-CDN strategy to better address scale, reach, latency, and resiliency issues.  

To help strengthen CDN security, NAGRA offers a holistic session management approach. NAGRA’s Active Streaming Protection solution framework builds a bridge between CDNs and streamers’ security platforms to provide consistent access control, fraud detection, and immediate remediation should a leak occur.  

How does NAGRA Active Streaming Protection drive holistic session management? It works by:   

  • Collecting Playback sessions’ logs
  • Collecting CDN logs
  • Collecting Watermarking logs and leakage reports
  • Triggering Analytics on the logs to detect content and service frauds
  • Creating remediation plans

And what are the benefits to streaming operators? 

Consistent access control 

  • Authorization across multiple CDNs
  • Session control at both CDN and TV Platform levels
  • Manage CDN traffic smartly by providing content delivery rules aligned with business context

Fraud detection 

  • Consumption monitoring and Fraud/Anomaly detection
  • Forensic watermarking with piracy detection
  • Immediate remedial actions on CDN sessions, Playback sessions, subscriber accounts, and devices

Enhanced business performance  

  • Security Monitoring & Analytics blends data from all NAGRA Active Streaming Protection framework components to help identify a range of threats and recommend specific actions.
  • Enforce geographic limitations on the ability to access video streams even for authenticated users
  • Prevent exploding CDN costs in the case of piracy

While many OTT services already have some form of session control in place, most remain incomplete or weak from a security standpoint. A true holistic session management approach provides complete and consistent control over different types of sessions covering the full breadth of OTT streaming:  Application Playback sessions, CDN delivery sessions, Watermarking sessions across communication sessions between applications and servers, across the whole OTT ecosystem. The right solution should also have the capability to accommodate broad needs such as multi-CDN and low latency while also fighting against content piracy and service fraud. 

Reach out for a Security Assessment Today! 

NAGRA works with major video operators across the pay-TV and streaming industry to secure both services and revenues.  This continual dialogue means we understand the market’s challenges and are ready to help!  Perhaps you are mid-migration to OTT or are launching an OTT service for the first time.    

Contact us here to learn more, chat with one of our security experts, or request our security assessment service to identify any weaknesses in your current defenses; we’d love to continue the conversation.