Q&A: Sofia Regojo, chief revenue officer, Verimatrix, on why DRM must be retrofitted with modern cybersecurity

DTVE: How effective is standalone DRM today?

SR: DRM works, and it does what it is expected to do, such as delivering content keys. But DRM alone simply is no longer enough. DRM technology is three decades old and attackers have become highly sophisticated. They’ve found a way to bypass DRM using exploits that DRM was not designed to handle. There is nothing wrong with DRM, but if the infrastructure that the DRM relies upon is not comprehensively protected, DRM alone cannot provide the protection that’s really needed. DRM should be retrofitted with modern cybersecurity to close all security gaps.

DTVE: Are you saying DRM should largely be a thing of the past?

SR: Not at all. DRM works as designed, but it needs to be paired with additional security technology that did not exist a few years ago. Technology evolves, but hackers do as well. Their attacks are much more sophisticated today than they were years ago. Therefore, video security needs to evolve to remain relevant and consistently effective for the organisations that rely upon it to protect their business.

We cannot expect 30-year-old technology to protect against all modern attacks. This is why many companies augment DRM with other technologies. As an example, a few years ago, when it was discovered that DRM alone is not sufficient, tokens were introduced to strengthen DRM’s key delivery. Unfortunately, the industry has learned that hackers found a way around that as well, and even DRM with tokens is no longer enough. The token system needs to be strengthened as well.

DTVE: Further explain the current situation that renders DRM essential yet outdated.

SR: Think of a lock on your door. Burglars can get in by removing the door’s hinges and taking the entire door off. In such a case, even if the lock is sturdy and large, it will not stop the burglars. Does it mean that the lock is useless? Yes and no. If you live in a rough neighbourhood, where burglars learned how to remove common door hinges, then the lock is useless. Spending money on a fancy lock, in such a case, is a clear waste of money. However, if your door foundation and hinges are strong, and you can detect attempts to remove the hinges and call the police, then the lock is an important element of one’s home security. Without the lock, the burglars can get in right away. A lock is an old technology that is still needed, but it cannot do it all. DRM is the same – it has an important role if used correctly.

DTVE: What are pirates able to do when they circumvent DRM?

SR: Let’s say you’re an operator that has DRM plus token-based authentication in place and you follow best practices such as frequently rotating keys. Determined pirates can still bypass the DRM to steal content and replace ads within the CDM. They can cause all kinds of trouble. Tokens alone do not provide the protection needed because they can be easily stolen from a compromised media application. At Verimatrix, we show our customers how easily this can be done – and they’re often quite surprised.

DTVE: Is it the actual content that pirates are after?

SR: Not always. However, everything a pirate does has the potential to impact an operator’s bottom line. For example, pirates can steal login credentials and lock customers out of their online subscriptions so that they are unable to view the content they paid to consume. In that case, the bad guys destroy the customer experience and damage the brand. Pirates can also inflate content distribution costs by making operators inadvertently pay for pirated content distributed over their networks. Pirates can also set up a rival streaming service and siphon away customers. Today’s sophisticated pirates can hijack a service, increase operational costs, degrade the quality of service and ruin the experience of legitimate customers. The damage goes far beyond content theft.

DTVE: What’s the best path forward today to prevent pirates from being successful?

SR: It requires a holistic approach. For example, media apps need to be hardened with layers of security to make them difficult to hack. Those same apps, if empowered with telemetry, can spot piracy at the connected consumer device-level – thus, if a pirate opens a media app on a compromised device, you should be able to quickly detect that has occurred. And if anti-piracy countermeasures are enabled, the pirates can be thwarted immediately before attacks even happen – such as shutting down media app access from a specific compromised device. This new type of anti-piracy defence – at the media app and connected device level – is something that Verimatrix cybersecurity provides to augment DRM.

We see Verimatrix XTD with Counterspy is the best cybersecurity solution for media companies, but it is not the only solution available. Counterspy is fast and easy to deploy and fits with the needs of media companies that don’t want to re-develop their media apps, pay for costly customer code, or wait for long implementation delays. The fact that the agentless solution with zero code can be deployed on existing apps positions Verimatrix as a innovator answering today’s video security needs with ease despite the complexity of the threat.

Sofia Regojo serves as Chief Revenue Officer at Verimatrix. She leads the company’s global sales, customer success and services organization and is responsible for revenue growth and executing go-to-market strategy. She joined in 2022 and brings more than 20 years of experience in the pay TV, video streaming and security industries.

This is sponsored content.