In today’s highly interconnected world, more and more users are concerned about cybersecurity. With the development of AIoT, these concerns are even greater. Many manufacturers have started on their own initiative to make their products, both their hardware and software solutions, more secure. Dawa too.
As a responsible manufacturer, Dahua Technology attaches great importance to cyber security and privacy protection. The company maintains a high level of cybersecurity to provide users with secure products and responsive support. To this end, a number of initiatives have been taken to continuously allocate resources to improve product security research, development and delivery, research key technologies in the field of security, and establish security breach emergency response systems. .
Focus on security and privacy technology research.
Dahua has been exploring and developing product security technologies for a long time to provide users with strong security guarantees. To help users better comply with global data protection laws and regulations, the manufacturer developed security technologies and better practices industry in the field of data protection, such as authentication, authorization management and encryption of video transmissions. At the same time, products equipped with the functionality of the product security center can analyze the security status of the device. Users receive information on, for example, weak passwords, functional settings, and security modules, allowing them to quickly and easily set the correct security settings that suit the scenarios.
Security guarantee throughout the product development lifecycle
Dahua Cybersecurity Institute has established a professional sSDLC (Secure Software Development Lifecycle) process for security management, which covers the entire product development lifecycle, from requirements, design, implementation and verification up to production. The company is committed to providing users with “Security by Default” and “Privacy by Default” guarantees and has established security and privacy baselines from the initial stage of requirements to ensure that each product meets security standards. Product security is significantly enhanced by ‘STRIDE + Attack Tree + PIA’ threat modeling, standardized third-party and open source software management and control, static code analysis, multiple security tests, and security testing. of penetration.
Vulnerability Management and Emergency Response System
With the establishment of the Dahua Cybersecurity Center (DHCC), Dahua aims to help prevent cybersecurity vulnerabilities by providing security vulnerability reports and sharing cybersecurity knowledge with customers. In addition, Dahua has established a Product Security Incident Response Team (PSIRT) that receives, processes and discloses all security vulnerabilities related to Dahua products and solutions. This equipment works in accordance with ISO/IEC 30111, ISO/IEC 29147 and other industry standards. Dahua strongly recommends partners, customers and end-users to perform regular firmware updates and maintenance during the product life cycle and to report all vulnerabilities discovered in Dahua devices to firstname.lastname@example.org.
Cooperation with international security institutions
In the world of AIoT and cyber attacks, all partners involved must remain engaged and adhere to open lines of communication. Adhering to its core values of openness and collaboration, Dahua continues to work with authoritative international security institutions to jointly build a strong security ecosystem while further developing its security capabilities and solutions. The company cooperates in auditing and certification with several international security institutions, such as the British Standards Institution (BSI), Bureau Veritas (BV), TÜV Rheinland, Intertek EWA-Canada and many others. Dahua complies with applicable laws and regulations, such as GDPR, and its product security and enterprise cybersecurity management activities are certified to ISO/IEC27001, ISO/IEC 27701, FIPS 140-2, ETSI EN 303645, ETSI TS103645 and others. global standards.
Effective cyber and data security protection is vital for the continued and further development of AIoT. Whether you’re a manufacturer, integrator, or end user, let’s work together to create a responsible, open, professional, and consistent cybersecurity environment.