Security Magazine on Creating a Comprehensive Security Strategy to Reduce Concerns, Risk of Breach

March 12, 2019

Hikvision Strategies for Preventing Malware Attack, Implementing ‘Defense in Depth’

Hikvision Strategies for Preventing Malware Attack, Implementing ‘Defense in Depth’


In the Security magazine article, “Lose Battles, But Win the War: Devising a Grand Strategy for Security,” the author offers recommendations to help organizations reduce security concerns.

“It’s clearly a good idea to build solid defenses to try and prevent successful cyberattacks, but it’s important to be realistic. Consider that 67 percent of global enterprises have now been breached, according to Thales, and you’ll soon realize that it’s not a question of “if” you’re going to be hacked, but rather “when.” Losing the odd battle is inevitable, but with the right strategy you can make sure that you win the war,” said Brad Mallard, the article’s author and the CTO of Fujitsu EMEIA, in the article.

He offers several areas of consideration to begin developing a comprehensive “grand” security strategy:

  • The Cloud: Eighty-one percent of enterprises have a multi-cloud strategy with 77 percent identifying security concerns. From the article: “It’s not unusual for an enterprise to be working with 20 different cloud providers. Businesses and their end users are typically using hundreds of cloud services at any given moment. This all adds up to massive potential for data leakage, for data loss, and for regulatory compliance issues.” The author recommends assessing risk in a broad sense when adopting cloud solutions as well as how people connect at the edge.
  • Detecting When Data has been Leaked: Data security breach is a serious threat for an organization. The article advocates for use of cyber-threat assessment tools using the company name to determine if sensitive information is available outside of the organization. “You can’t take it for granted that your data isn’t out there. Just because you haven’t detected a breach doesn’t mean that it doesn’t exist, after all most breaches are several weeks old before they’re detected,” said Mallard.
  • Evaluate and Assess Partners: Use the organization’s internal level of scrutiny to evaluate partners, including digital and cloud service providers. Mallard added “If new partners with less mature security strategies have access to your environment, then hackers will view them as low hanging fruit and use them as a backdoor in.”

For more, read the article online.

Hikvision Strategies for Preventing Malware Attack, Implementing ‘Defense in Depth’
In the Hikvision blog, “ on Ransomware, a Cybersecurity Attack that Uses Malware to Exploit System Vulnerabilities,” Hikvision overviews ransomware, a kind of malware that exploits vulnerabilities, and methods to prevent it.

The blog also references Hikvision cybersecurity director, Chuck Davis, and his article about reducing security concerns in network security, user security and system administration. In that article, David provides insights to improve network security, and advises the use of “defense in depth” as a cyber strategy.

From the article: “Davis advocates the practice of "defense in depth," an approach to manage risk using diverse defensive strategies. It’s based on the idea that multiple layers of defense will provide additional protection against a potential cyberattack. This includes network segmentation, which simply stated means splitting a network into separate networks that are isolated, not connected, and compromising one won’t compromise the others. For example, finance, human resources and security should each have dedicated networks.”

Davis added, “This is the way corporate networks are built, which is based on the principle of least privilege – this means only giving people or systems access to the resources that they need, and nothing more. This is effective for the obvious reason of keeping sensitive resources only accessible by those who need access, but it is also an effective means of compartmentalizing a network environment in case of cyberattack or malware infection.”

Click here to read more.

IMPORTANT! This model requires non-standard firmware. Do Not Install standard firmware (e.g. v.4.1.xx) on this model. Doing so will permanently damage your system. You must use custom firmware v.4.1.25 from the iDS-9632NXI-I8/16S product page.

View the most updated version of this document here:


The I-series NVR (such as the DS-7716NI-I4) is one of Hikvision's most popular and feature-rich recorders. As such, many firmware revisions have been introduced over the years to continually ensure the product is compatible with the newest technology available. Due to the many revisions, we recommend that the user closely follows the instructions below in order to reduce the amount of time spent as well as the chance of failure.


Database Optimization and Repair

As more affordable IP cameras are introduced over time with greater video resolution and data sizes, more efficient database management also becomes necessary. The introduction of firmware v4.0 brought about a new database architecture in order to be futureproof.


After upgrading to v4.X, the recorder database will need to be converted and optimized. If you are experiencing issues where playback is expected but not found, make sure "Database Repair" is performed as indicated in the procedures and scenarios below.


Preparing the Upgrade

Before proceeding with upgrade, it is recommended that NVR configuration file is exported from the NVR over the network or on to a local USB drive.


Upgrading from v3.4.92 build 170518 or Older

  1. All recorders must reach v3.4.92 before proceeding further. Upgrading from versions before v3.4.92 directly to any version of v4.X will likely cause the recorder to fail.
  2. If the recorder is already at v3.4.92, a full factory default is highly recommended before upgrading to any version of v4.X. There is a high chance of unit failure (requiring RMA) if the unit is not defaulted before upgrade.
  3. After reaching v3.4.92 and performing a full factory default, an upgrade directly to v4.50.00 is acceptable.
  4. After the upgrade is completed and the recorder is reprogrammed, it may be beneficial to perform a Database Repair. For details, refer to the section "Database Optimization and Repair" above.
  5. To verify repair progress, you may refer to the HDD status, or search the recorder log for repair started and stopped entries. Note that while the HDD is repairing, new recordings are still being made, but some existing recordings may not be searchable until repair is complete.
  6. If you continue to observe playback issues after database repair, ensure there are no power, network, or motion detection issues. Should the problem persist, contact technical support.


Upgrading from Any v4.X Build to v4.50.00.

  1. Any v4.X build can be upgraded directly to v4.50.00.
  2. Export configuration is highly recommended before performing the upgrade.
  3. If upgrading from any v4.X version that was not v4.22.005, a Database Repair is recommended. Refer to Step 4 and onwards in the previous section.



Downgrading is not recommended. Due to new features and parameters constantly being added, downgrading may cause the NVR to factory default itself or require a manual default to operate properly.

By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION General Terms of Use . If you don’t agree to these terms, you may not download or use any of those materials.

If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the General Terms of Use above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).