IoT security home routers - Eset's view?

[peteyt 363]

I have noticed a few security companies launching new routers designed for the home user. For example Norton Core and Bitdefender's BOX. These devices are aimed to protect the network and devices on the network such as smart TV's and so on. They appear to work alongside the company's software.

As more devices connect to the internet there's a lot of dangers. A lot of these devices for example often contain bad security and people tend to keep passwords set as the default standard password. Devices have been often hacked and abused e.g. used to spy on people or even used as part of a botnet. However I am wondering if these devices add much more than current routers supplied alongside security products or is this just marketing trying to sell us something else we don't really need? If they are a useful device, what is Eset's view on the device? Is it something it could see itself looking into in the future?

Here are the 2 devices I mentioned https://us.norton.com/core https://www.bitdefender.com/box/

[peteyt 363]

Anyone tried one of these?

[cyberhash 169]

Never looked at one but i would imagine that they would have more to offer than a standard "out of the box" router to your average user for the time being.

They probably perform automatic firmware updates for known bugs/exploits and rule sets that auto update to reduce the threat of  web connected "appliances" being attacked. Most people get a router and either "don't know" or "bother" to check for firmware updates.

Price will always play a factor in devices like this taking off and becoming mainstream, plus i would imagine that this sort of thing will actually become the standard in years to come from all "router/gateway" devices at no extra cost.

Bit of a financial gamble for the likes of Symantec and Bitdefender to produce some hardware that could flop and leave them with a warehouse full of overpriced and unwanted routers.



 



 

 

[peteyt 363]

7 hours ago, cyberhash said:

Never looked at one but i would imagine that they would have more to offer than a standard "out of the box" router to your average user for the time being.

They probably perform automatic firmware updates for known bugs/exploits and rule sets that auto update to reduce the threat of  web connected "appliances" being attacked. Most people get a router and either "don't know" or "bother" to check for firmware updates.

Price will always play a factor in devices like this taking off and becoming mainstream, plus i would imagine that this sort of thing will actually become the standard in years to come from all "router/gateway" devices at no extra cost.

Bit of a financial gamble for the likes of Symantec and Bitdefender to produce some hardware that could flop and leave them with a warehouse full of overpriced and unwanted routers.



 



 

 

I think the idea is good but i wonder if the people it's probably aimed at, the non experienced people and those unconcerned about security, will probably not be bothered. Also I do worry the more things get automated the more lazy people become. Take definition updates while automatic i still check everytime im on to make sure it is updated to be safe. People tend to want a security solution that does everything without interaction and cyber criminals tend to take advantage of this.

If it's a sucess however i can see other vendors trying it. 

[cyberhash 169]

I agree with you that the majority of people are safety conscious and love the principal of plugging in and forgetting, which is a good selling point. But i don't think there is a market large enough for this type of  "overpriced router" to sell in big numbers.

Plus, under the hood are they just a Netgear or Tp-Link router with a custom web interface that auto updates firmware and settings.

Manufacturing hardware is an expensive game and i think if it was looking viable as a business model even larger vendors with manufacturing capabilities would probably offer home user solutions. Someone like Cisco, who has been offering hardware based security since the dinosaurs roamed the planet would probably have had this market carved up for itself.

 

[planet 232]

On 02/07/2017 at 2:08 PM, cyberhash said:

Price will always play a factor in devices like this taking off and becoming mainstream, plus i would imagine that this sort of thing will actually become the standard in years to come from all "router/gateway" devices at no extra cost.

I can imagine this becoming a standard in the years to come with Internet Service Providers teaming up with security vendors to provide the usual ISP-locked gateway device, but with 'Bitdefender security' built in, or for current in-market gateways like D-Link to partner with Symantec to block and protect all devices for security.

This would be a large benefit as security vendors can focus more on a solid security product in a central point, rather than trying to create software for a wide range of endpoints that continue to grow. Blocking ads or trackers from the gateway would benefit TVs that stream online content, with the opportunity to block YouTube ads, for example, or the existing 'web/phishing/malware protection' to apply at the gateway level to easily protect every single device connected.

I can see many advantages to this. It will be an interesting time ahead in the next couple of years to see where it goes.

[PetraS. 2]

Hello,

We are definitely looking into this idea as we can see our competitors are already releasing actual devices this year ( e.g. Norton Core, Bitdefender, Luma, Cujo, Dojo and others)

From our initial analyses we can see that this product does make sense and it's viable in targeted markets.

You raised some good point in this thread and we are aware of them and take them into consideration. If you have any suggestions (e.g. vendors, possible features, demand from customers), improvements or things we should be aware of please don’t hesitate to comment. This is a complex project with many difficult issues we will have to tackle, that we don’t have much expertise in like hardware for example or proper regional certifications. But these obstacles don’t deter us from delivering this kind of product.

[peteyt 363]

3 hours ago, PetraS. said:

Hello,

We are definitely looking into this idea as we can see our competitors are already releasing actual devices this year ( e.g. Norton Core, Bitdefender, Luma, Cujo, Dojo and others)

From our initial analyses we can see that this product does make sense and it's viable in targeted markets.

You raised some good point in this thread and we are aware of them and take them into consideration. If you have any suggestions (e.g. vendors, possible features, demand from customers), improvements or things we should be aware of please don’t hesitate to comment. This is a complex project with many difficult issues we will have to tackle, that we don’t have much expertise in like hardware for example or proper regional certifications. But these obstacles don’t deter us from delivering this kind of product.

Interesting. Glad to see it is something that could become a possibility

[TomFace 539]

5 hours ago, PetraS. said:

Hello,

We are definitely looking into this idea as we can see our competitors are already releasing actual devices this year ( e.g. Norton Core, Bitdefender, Luma, Cujo, Dojo and others)

From our initial analyses we can see that this product does make sense and it's viable in targeted markets.

You raised some good point in this thread and we are aware of them and take them into consideration. If you have any suggestions (e.g. vendors, possible features, demand from customers), improvements or things we should be aware of please don’t hesitate to comment. This is a complex project with many difficult issues we will have to tackle, that we don’t have much expertise in like hardware for example or proper regional certifications. But these obstacles don’t deter us from delivering this kind of product.

Thanks for the info PetraS., looking forward to it-keep us posted.