Appear – Firewalling in the Age of IP: Rethinking Security for Live Media Workflows
Ian Wagdin, Vice President of Technology & Innovation at Appear
As live production workflows shift towards IP and cloud-based models, the security considerations facing broadcasters and media companies are also evolving. Where operations were once confined to private, closed networks, today’s environments often depend on public infrastructure and remote collaboration. This move brings clear advantages in terms of flexibility and scalability – but also introduces new risks.
Firewalling has long played a role in securing digital workflows, but traditional approaches were not designed with media transport in mind. With live content increasingly delivered over IP, and often over the public internet, firewalling strategies must be scrutinised to ensure they can support the performance and security needs of modern media delivery.
More Connectivity, More Exposure
In the past, production environments operated within a contained network perimeter. Contribution feeds, playout chains, and editing systems were rarely exposed to external networks. That has changed. From cloud playout to remote contribution, content now moves across networks that are not always under direct control.
A single security incident can lead to serious repercussions – ranging from unauthorised access to content, to disrupted services and lasting reputational harm. Standard enterprise firewalls, typically built for broader IT functions like VPN access, general network defence, and web filtering, are often not equipped to handle the specific performance and reliability requirements of high-bitrate, low-latency media workflows.
Firewalling for Real-Time Media
Generic firewalls are typically built for common enterprise traffic, such as web browsing, email, file transfers. They’re not optimised for real-time video or audio streams. Media applications operate under different conditions, and often struggle to meet the specialised requirements including high data rates, stringent latency requirements, and the need for seamless redundancies.
To be effective in live media environments, firewalling needs to account for both the data and control planes. The data plane is responsible for transporting media streams and is highly sensitive to issues such as latency, jitter, and packet loss – any of which can impact the quality and reliability of live content. The control plane, on the other hand, manages session initiation, signalling, and device access. It plays a crucial role in orchestrating media workflows and is often a target for attacks aimed at disrupting services or compromising system credentials. Both layers require tailored security measures to ensure seamless and secure operation.
A firewalling solution for live media must do more than just block traffic. It needs to maintain throughput, allow for redundancy, and work in conjunction with other tools like NAT, VLANs, and traffic optimisation.
Implementation Challenges
Although best practices exist, uptake across the industry has been uneven. Concerns around added latency, configuration complexity, or disruption to workflows have led some organisations to delay implementation.
But the shift to public internet and cloud-based distribution makes this approach increasingly critical. Major events, including sports, entertainment and news are routinely streamed over networks that are vulnerable to external threats. Without purpose-built firewalling, media organisations face risks of cyber threats that could disrupt their content delivery.
We asl have to think about how we manage the traffic specifically as we often use multicast traffic in the broadcast workflow. To configure a firewall for unicast and multicast traffic, you need to create firewall rules that allow or block traffic based on its source, destination, and protocol. For multicast, you’ll need to ensure it’s enabled and allow specific multicast group addresses. Unicast traffic can be configured with standard firewall rules based on IP addresses and ports.
Managing firewall rules across multiple sites or partners adds another layer of complexity. A centralised management interface can help simplify policy deployment and ensure consistency across distributed infrastructure.
Designing for Media-Specific Needs
In response, more media-aware security tools are becoming available. These are built to support the performance expectations of broadcast and live-streaming environments. These solutions incorporate advanced firewalling techniques, including optimised traffic management, to ensure that high-capacity media workflows can handle large-scale IP video streams securely, without adding latency or causing performance bottlenecks.
Additional features such as de-jitter buffers, forward error correction (FEC), and bitrate policing help stabilise streams and manage network behaviour. ST 2022-7 support allows for seamless failover, while conformance to standards like SMPTE RP 2129 further strengthens security by allowing only authenticated and authorized traffic to pass through designated perimeters.
These tools do not eliminate risk, but they provide a foundation for more resilient media operations – especially when integrated into broader infrastructure planning from the outset.
Security as Part of Infrastructure Design
As workflows become increasingly decentralised, security must be considered at the architectural level. It’s no longer sufficient to treat firewalling as an isolated task managed by the IT team – it needs to be part of how media systems are designed and maintained. The next generation of firewalling for live media must deliver strong security while also maintaining smooth, uninterrupted performance for high-bitrate, real-time workflows.
A firewalling strategy that’s fit for purpose can help ensure operational continuity and reduce the likelihood of service disruption. In a sector where timing, reliability, and trust are essential, getting security right is no longer optional.
At Appear all our hardware platforms are designed from the ground up to support current security practices. The X10 and X20 both support 10G bi-directional IP interfaces that provide firewall-grade IP security at every connection node that can monitor and regenerate traffic as required.
