In an era where cybersecurity threats evolve daily, building secure products requires more than reactive patches. It demands a proactive, systematic approach from the ground up. 

For me, product security is not about adding a protective layer at the end. It is about understanding how a system behaves, how it may fail, and how it could be misused before we decide how to build it. In our video surveillance and data analysis solutions, this matters even more because they protect sensitive environments, operational data, and evidence that our customers rely on every day. 

My role at March Networks sits at the intersection of product security, architecture, and practical risk management. I work closely with our R&D teams to make sure security decisions are not only technically sound, but also aligned with how our solutions are deployed and used in the real world. 

Over the past year, March Networks has partnered with Security Pattern to establish a comprehensive threat modeling and risk analysis process. This collaboration has helped us move from security as a review activity to security as an engineering discipline, built directly into the way we design and develop our video surveillance solutions. 

Explore our cybersecurity practices.

What is Threat Modeling? 

Threat modeling is a structured methodology that identifies, evaluates, and prioritizes potential security threats early in the product development lifecycle. Rather than discovering vulnerabilities after deployment, when fixes are costly and disruptive, threat modeling establishes a strong foundation for secure device development by identifying risks before they become problems. 

“Conscience is our magnetic compass; reason our chart.” — Joseph Cook 

This quote captures the essence of our framework perfectly. Our threat modeling methodology rests on two complementary pillars that work together just as conscience and reason do: 

The compass: systematically identifying threats with STRIDE and CIA. Just as a conscience guides without letting anything slip through, STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) serves as our moral compass for threat identification. It ensures that we approach every system with rigor and completeness, never overlooking a category of risk. Pairing STRIDE with CIA (Confidentiality, Integrity, and Availability) allows us to map both potential threats and the security capabilities already present in our solutions. Together, these frameworks provide an exhaustive, conscientious lens through which no threat category goes unexamined. 

Brass compass on vintage map symbolizing cybersecurity threat modeling guidance

 

The chart: metrics as a rigorous map for risk scoring. Once threats are identified, reason takes over. A well-defined set of metrics, measuring both the impact and the feasibility of each threat, provides the navigational chart that guides our decisions. These metrics allow teams to objectively rank risks, prioritize countermeasures, and track improvement over time. Without this structured scoring map, threat identification alone would leave teams adrift; the metrics transform a list of concerns into an actionable, prioritized roadmap for security investment. 

Threat modeling map with STRIDE, CIA, compass, and solution landscape diagram 

The combination of these two components was refined through the collaboration between March Networks and Security Pattern, adapting approaches originally designed for new product development to also address the analysis of existing solutions. This dual framework enabled development teams to design new features and implement appropriate countermeasures as integral parts of the overall system architecture and has also proven to be a powerful driver of innovation in security. 

Why Threat Modeling Matters 

Traditional security approaches often treat cybersecurity as a checklist item to address late in development. This reactive stance leads to overlooked features, unnecessary implementations, and vulnerabilities that are expensive to remediate. Threat modeling flips this paradigm by making security a foundational design principle rather than an afterthought. 

In my experience, the value of threat modeling is not only in the final list of threats. The real value is in the conversations it creates. It brings product owners, architects, developers, QA, and security specialists into the same discussion early enough to influence design decisions. That is where meaningful security improvements happen. 

By understanding threats before implementing countermeasures, organizations can: 

  • Reduce development costs by avoiding expensive post-deployment fixes 
  • Improve product quality through systematic vulnerability identification 
  • Build customer confidence with demonstrable security commitments 
  • Maintain compliance with evolving industry standards and regulations 

Our Journey: Measurable Security Improvements 

Since implementing our threat modeling process with Security Pattern, March Networks has applied this methodology across our March Networks Solution Releases. The process covers products from Command Enterprise Software and its applications to Command Recording Servers and R6 embedded recorders, including a model for edge devices configured on recorders, like cameras and encoders. The results speak for themselves. 

Progressive Enhancement Across Releases 

Release MN.2025.0.0  

Initial implementation, with a deep analysis of existing solutions and their already implemented security features. 

  • 178 threats identified and evaluated 
  • 46 security capabilities implemented 
  • 87% threat coverage achieved 

Release MN.2025.1.0  

Refinements on the analysis and additional improvements. 

  • 183 threats identified (+5 new threats analyzed) 
  • 51 security capabilities implemented (+5 new capabilities) 
  • 88% threat coverage (+1% improvement) 
  • Key additions: SIEM integration, hardened HTTP/S authentication options 

Release MN.2025.2.0 

Additional refinements and improvements. 

  • 184 threats identified (+1 additional threat analyzed) 
  • 52 security capabilities implemented (+1 new capability) 
  • 89% threat coverage (+1% improvement) 
  • Key additions: SNMPv3 support, CyberArk integration for credential rotation 

Release MN.2026.0.0  

Further refinements and improvements. 

  • 185 threats identified (+1 additional threat analyzed) 
  • 53 security capabilities implemented (+1 new capability) 
  • 89% threat coverage (+1% improvement) 
  • Key additions: best practice recommendations added 

What the Numbers Really Mean 

The increasing number of identified threats—from 178 to 185—isn’t a sign of growing vulnerabilities. Rather, it demonstrates our commitment to continuous improvement and deeper security analysis. As our teams become more proficient with threat modeling, we look to define new potential risks that might not have been considered in previous security reviews or are related to new edge cases coming from customer requests or new features implemented. 

Simultaneously, our security capabilities have grown from 46 to 53, directly addressing the threats we’ve identified. More importantly, the overall risk ranking of threats has decreased, with more threats moving into “very low” and “low” categories as we implement targeted countermeasures. This demonstrates that we’re not just identifying problems, we’re systematically solving them. 

The steady improvement in threat coverage, from 87% to 89%, reflects our ongoing commitment to comprehensive security. Each percentage point represents real security enhancements that protect our customers’ critical infrastructure. 

View our cybersecurity approach. 

Security by Design: An Ongoing Commitment 

Security by design is not a slogan. What makes our approach truly effective is recognizing that threat modeling isn’t a one-time exercise, it’s an ongoing process integrated into our development lifecycle. With each release, we: 

  • Refine our threat models based on new insights and evolving threat landscapes 
  • Implement new security capabilities to address identified risks 
  • Validate existing controls to ensure continued effectiveness 
  • Share responsibility with customers through clear operational guidance 

This iterative approach embodies true security by design, where security considerations drive architectural decisions from the earliest stages of development. 

For March Networks, this is especially important because our solutions often operate across complex environments, from enterprise systems to edge devices, and from on-premise deployments to cloud-connected architectures. 

Real-World Security Enhancements 

Our threat modeling process has led to concrete security improvements across our product portfolio. Including: 

  • Enhanced authentication mechanisms that prevent user enumeration attacks 
  • SIEM integration for enterprise-wide security monitoring 
  • SNMPv3 support for secure network provisioning 
  • CyberArk integration for automated credential rotation 
  • End-to-end encryption for media streams 
  • Role-based access control with multi-factor authentication 
  • Signed firmware updates to prevent tampering 

Each capability directly addresses specific threats identified through our systematic analysis, ensuring that security investments deliver maximum value. 

Looking Forward 

Our collaboration with Security Pattern has proven that systematic threat modeling isn’t just a compliance exercise, it’s a competitive advantage. By identifying and addressing security risks early, we deliver more secure products, reduce development costs, and build stronger customer trust. 

As cyber threats continue to evolve, our commitment to security by design ensures that March Networks’ solutions remain resilient, reliable, and ready to protect our customers’ critical assets. We’re not just responding to today’s threats, we’re anticipating tomorrow’s challenges. 

About the Collaboration 

March Networks and Security Pattern have partnered to bring world-class threat modeling expertise to video surveillance and integrated data analysis solutions. This collaboration combines March Networks’ deep domain expertise with Security Pattern’s proven methodologies to deliver security excellence across the product lifecycle. 

For organizations seeking to strengthen their security posture through systematic threat modeling, both March Networks and Security Pattern offer guidance, training, and consultancy services to help you build security into your products from day one. 

 

Vincenzo Bono is the Principal Product Security & Technology Advisor at March Networks, where he has spent more than 20 years helping shape the company’s software architecture, product strategy, and security-focused innovation. With deep expertise in IP video, system design, and cybersecurity risk management, he works closely with cross-functional teams to support secure, scalable solutions for customers around the world. 

About March Networks 

March Networks® is a global leader in intelligent video solutions, helping enterprise and small to medium-sized businesses turn video into actionable intelligence. With over 25 years of experience, we serve 1,700+ financial institutions, 670+ retailers, and 735+ commercial and industrial brands. Our cloud-based technologies combine video surveillance with AI analytics, POS, IoT, and ATM integration to enhance security, efficiency, and the customer experience. Backed by a global network of certified partners, we support customers in 75+ countries with flexible, scalable, open-platform solutions. Headquartered in Ottawa, Canada, and owned by Delta, a global leader in power and thermal management, March Networks operates as part of the Smart Security Solutions Group within Delta Intelligent Building Technologies and is a trusted partner and innovator in cloud-based, AI-powered video surveillance.   

March Networks and the March Networks logo are trademarks of Delta Intelligent Building Technologies (International) Corporation. 

To keep up with March Networks news and updates, subscribe to ourIntelligent IP Video Blogand stay connected by following March Networks onLinkedIn. 

 

About Security Pattern 

Security Pattern helps creators of intelligent connected devices to design, implement, and operate their systems with a sustainable security level. 

Our focus is on the system, which can be a single device, equipment composed of several interconnected devices, or an ecosystem that includes embedded devices, mobile apps, and cloud services. 

We believe effective security requires the right combination of hardware, software, and operational processes. With proven expertise in cryptography, cybersecurity, and embedded systems, we help device manufacturers achieve their security and business objectives through: 

  • Cybersecurity consultancy: Our projects are focused on reviewing the product requirements, process requirements, of both. Examples include threat modeling and risk assessment, gap analysis, penetration testing, and RED/CRA compliance
  • Corporate training: On-site or remote modules on cybersecurity for embedded systems 
  • ARIANNA Platform: Vulnerability management for device manufacturers