Over the next several months I’ll be returning to blogging about one of my favorite topic areas, Internet Security and Privacy.  For this post I’ll do some background on the new generation of whole-home internet security devices.  Then I’ll do another post about the first new device I’ve used, the CUJO.

I’ve been seeking ways to enhance the security of the Internet for myself, my family, and my home for many years.  For example, back in 2011 I wrote about how you may need multiple anti-malware products to adequately protect yourself.  And in 2012 I wrote about the use of enhanced DNS offerings as an added layer of security for web browsing.  Please note that both postings are dated and contain suggestions I wouldn’t make today.  Web of Trust went through a rough patch over privacy issues. I still use it to check out suspicious sites but usually don’t run with it always monitoring my website activity.  Both OpenDNS and Immunet were acquired by Cisco and, as a result of Cisco’s business focus, have questionable futures for consumer use.  As a warning sign, an increasing number of links for the consumer OpenDNS website are broken.  In the case of OpenDNS, I’d already recommended Norton ConnectSafe instead.  Immunet was unique in its support for running concurrently with other anti-malware, but fortunately there is a better approach now.

It looks like we are entering a new Golden Age of home internet security offerings, and I hope they actually prove to be as golden in the protection they offer.  These new devices, from add-on devices such as CUJO, to mesh routers with optional add-on security services such as EERO , to security company offerings of routers (Norton Core, Bitdefender Box 2) that are finally bringing enterprise-like network edge security to the home. Why now? We have four trends coming together. 

On the demand side, the Internet of Things (IoT) is placing large numbers of devices in our homes.  These devices can’t run a full-suite of security software, they may not be updateable (i.e., to fix vulnerabilities), and their market lifetimes are short (so they may not receive security patching support even if technically updateable) even though their usage lifetimes may be long.  In other words, the WiFi lightbulb I buy today may be replaced by a new and incompatible model next year, but I’ll still be using it 5 years from now.  Last year we saw how these IoT devices could be compromised, and in this case hijacked to create a large DDoS attack.

The second trend is the cloud.  As cloud capabilities grow, the ability to use it to enhance security grows as well.  For devices to be applicable for home use they have to stay in a consumer-friendly range, say under $300 for early adopters and under $100 at full adoption.  By moving more resource intensive processing to the cloud, vendors are able to offer capabilities to devices at these price points that would otherwise cost $1000s. Of course cost efficiency of the cloud is just one way to look at it.  The cloud enables computations, on large data sets, that just aren’t possible in other environments.

The third trend, also enabled by the cloud, is the maturity of machine learning.  Put (over)simply, with machine learning you feed a model a set of known malicious examples and a set of known benign examples.  It learns how to tell the difference, so when you give it a sample that is completely unknown it can tell if it looks malicious.  The more examples you feed it, the better it can distinguish between good and bad.  The training of the model is hugely expensive and is done in the cloud.  The resulting model it generates is relatively small and fast and can live on a modest device like a home router (or the anti-malware suite running on a PC).  The router also reaches out to the cloud when it encounters something suspicious, but not clearly malicious.  And this isn’t just about analyzing executable software, you can do the same thing with network traffic.  So if the model learns what the normal network traffic to and from company A’s lightbulb looks like, then it can block suspicious traffic to or from an A lightbulb.

The fourth trend is simply Moore’s Law.  The computational power available in a device for under $300 has grown to the point of being able to fully inspect network traffic, maintain and processes expanded sets of rules, run the models output by machine learning, process automatic updates, etc.

Of course this all works for more general purpose computing devices (PCs, tablets, and phones) as well as “things”.  So while I wouldn’t suggest removing all anti-malware software from your general purpose devices, the added layer of protection from placing security at the edge of your home network is worthwhile even if you have no IoT devices.  If there is a Zero Day attack circulating for your PC, you have at least two chances (the network edge and the anti-malware running on your PC) to block it while waiting for the vulnerability to be patched. Another example, your carrier may not update your Android phone quickly enough  to protect against a known vulnerability, but that vulnerability could be blocked from ever reaching your phone.  At least while you are connected in your own home.  Therein lies the weakness of edge protection, which falls into the category of useful, but certainly not sufficient, for mobile devices.

Despite my enthusiasm for a network-edge solution for home Internet I see two major roadblocks ahead.  The first is that whole-home security solutions typically require an annual subscription for their cloud-based services.  What is the price point, or combination of price points that will appeal to a broad spectrum of consumers?  How long is the included subscription?  A month, a few months, a year?  Is there a basic level of free service and then paid enhanced services?  Etc.  This is one way vendors will differentiate themselves, and we run a significant risk that these network edge devices will become like PC anti-malware software where the subscription runs out and the devices are not updated to deal with new threats.

The second roadblock is that most people simply obtain a modem/router/access point single box solution from their internet provider.  Until those providers start including these next generation whole-home security features, adoption will not spread far from early adopters and those they directly influence.  In fact, even for an early adopter the internet providers may put roadblocks in your way of incorporating the latest security devices.  You need a major hack to use CUJO with Comcast Xfinity, which I’ll talk more about in my next post.