A few weeks ago, I explained how i think about my risk model when it comes to cybersecurity in my smart home. Shortly after that article was published, Comcast issued a report that showed how wrong many people were when it came to understanding which devices posed the biggest threat to the security of their home network.
In my article, I recommended using an external device or service to monitor your network, so I thought I’d share my experience with some of the options available.
I use a service or device to monitor which devices are on my Wi-Fi network and assess traffic patterns. Many companies, like Comcast and Eero, offer a security service in addition to your Internet service or router for a monthly fee. These security services allow you to track devices on the network and will typically alert you to strange traffic patterns, like when a connected dishwasher suddenly tries to send 100 times the usual data it loads each night.
There are also physical devices that plug into your router that will monitor and alert you to traffic problems. I use a $399 device called the Firewalla Purple, which provides an incredible amount of customization and monitoring capabilities. Firewalla not only analyzes traffic patterns, but also where the traffic is going and what kind of traffic is traveling over the network. It also provides basic firewall and intrusion detection.
It is powerful but can also be somewhat intimidating. For example, I get a lot of notifications, including some about ports being left open on a specific device, or data arriving at questionable services. The average human being will not know what those messages mean and might panic. I even feel overwhelmed by notifications. But if you’re willing to look for the alerts, you’ll learn some amazing things and feel more empowered in managing your network. You can also turn off notifications or limit the types of alerts you see. (Here is a 7.5 minute video on alarm management!)
Or you can install a device from a startup called Everything Set. I’ve been running the device, which is currently in beta, on my network for about six weeks. Instead of freaking me out about abnormal loads or notifying me when my son’s MacBook is watching a video, I just get a weekly report with a safety score and some charts highlighting devices that have shown above-average usage.
The first week my security score was 10 (even though I had open ports!), but since then it has dropped to 9.0. Apparently that’s still pretty good, but I don’t know exactly what has caused my score to drop. I added a Eufy lock and an IKEA Dirigera hub during this time period, so maybe that’s about it. The CEO of Everything Set told me that the company is working to share more information and that an updated version of the software should be released early next year (this is a beta product).
I’ve also used Eero’s cheaper security plan, which is no longer available. If you want security through your Eero router, you now have to pay $9.99 a month for security, as well as access to Last Pass, a VPN service and parental controls, and an ad blocker. Without paying a penny, I still have access to notifications when a new device joins my network, and I can access a specific device to see how much data it’s using.
Google Nest WiFi Pro gives you proactive network speed monitoring and optimization, guest networks, parental controls, automatic software updates, and blocking of adult content sites, for free. You can turn on Google SafeSearch to block adult sites, but you can’t block specific sites or even categories. It’s useful, but not robust enough to be a security service.
For Comcast’s 32 million broadband subscribers, if you pay for an Xfinity Gateway, you also get xFi Advanced Security, which helps monitor network traffic in and out of the home, proactively flagging “odd” or malicious behavior. Comcast has been adding functionality to its modems for over half a decade as the number of devices in the home has skyrocketed and the complexity of managing a home network has become more difficult.
Asad Haque, CEO of Comcast, said that Gateway’s “advanced security capabilities are very helpful. Like [a] A deadbolt on a door provides security to what is behind that door, the Gateway’s ability to protect [the] the network protects what is behind that gateway.” He added that the next layer of security will be incorporated into connected devices in the home, touting the work that the Matter home interoperability protocol has done on this front.
“It’s often too much for consumers to understand ‘DMZ’ architecture where untrusted/guest devices are segmented, but that’s also a good practice,” he said. I am going to recommend that you avoid doing it unless you have a really high risk profile. It is very complicated and can break certain capabilities of the device when a user’s phone is on one network and the device is on the other.
And what about antivirus software? While it can protect users’ computers and phones both inside and outside the home, for those concerned about their many connected non-computer devices, even antivirus vendor Bitdefender recommends some form of standalone device or router-based service. Bitdefender also provides its software to Netgear, which offers its own Arbor-based security service tied to Netgear routers.
Shalini Sengupta, a senior product line manager at Netgear Armor, said that physical devices may not protect any devices outside of your home network (which is why antivirus software that does is useful on computers that go outside the home). home network). As for buying a physical device or relying on your ISP or router manufacturer, Sengupta believes that devices that come with a router or from the ISP are a bit more consumer-friendly because the security software on a home router kicks in automatically. when you set up your router. And many of these services let you try the service in month-long increments so you can find out if it really helps or not.
The bottom line is that if you want to set up a smart home, it’s probably worth considering your risk profile, as I did. wrote two weeks ago. And if you don’t like the risk you’re taking, look into an external device or service. I think they are worth the cost in terms of peace of mind. In addition, they often offer many other features, such as parental controls or ad blocking, that make them worth the extra cost.