Sitecom Cloud Security - Hitman Pro in the Router

I just looked at the (Dutch) Sitecom site http://www.sitecom.com/nl/sitecom-cloud-security/347

According to that site Sitecom Cloud Security (SCS) uses Kaspersky, Bitdefender and HitmanPro.

According to that site SCS costs in Holland:
One year subscription - Euro 24,99
Two year - Euro 39,99
When you buy a router with SCS from Sitecom, you get 6 months subscription. See for example Dutch site http://www.sitecom.com/nl/wi-fi-router-x6-n900/wlr-6100/p/1593

Mark/Erik,
Allow me some questions (yes, I know this is not the Sitecom support forum):
- which ports does SCS check;
- what is the current situation about the ad-blocker;
- what exact info is sent back to the cloud cq. the anti-malware, anti-phishing, ad-blocking, etc, which are used;
- what is the current situation about other modem/router manufacturers implementing the technology?

 

Hi Mark,
It´s been a while since this post and I am a bit curious about the development.
Now with fast internet connections (Fiber), I am always on the lookout for a router with that little bit of extra protection.
A router more pointed towards the businesses segment with your tech (obviously), and the possibility to handle a lot of connections without loosing performance.



/E

 

Since it's possible to add a real-time scanner for a router, wouldn't it be possible to release a version for desktops/laptops?

 

"Moderators:
I vote for this thread to be moved to"other anti-malware software" were Marc and Eric visit more frequently.

/E

 

Within 5 years most consumer solutions will have UTM features built in. I wouldn't even consider NOT having a UTM solution in the home.

At one point or another I have had the following solutions in the home;

Juniper
Fortinet 90D
ZyXEL USG60
ASUS RT-AC87R

The biggest problem I find with 'most' of them is latency. The Fortinet's have both Proxy, and Flow-through scanning on the AV side. (selectable) But even with a fairly OK throughput, once you start enabling all of the UTM features you still experience some latency. ZyXEL USG60 uses Kaspersky UTM, very speedy, but even with that under some conditions I would experience some latency, that's with 190mbps throughput. What bothers me is the 'vague' information on the Sitecom website. I don't see actual raw numbers of things like throughput with various features enabled. I don't see much data on actual router features. No specifics like session limits, etc. That worries me. My home network needs 40,000 session or more capability with up to 50 connected clients. I also need capabilities in a router to handle up to 50 clients. Not many consumer grade routers, and even not many lower end enterprise routers can keep up. I doubt Sitecom has the capabilities either. The lack of external antennas is troublesome, also these don't appear to support 2x2/4x4 mimo.

Right now the Asus RT-AC87R is the top of the game. It uses Trend Deep Security, cloud based, and also virtual patching of exploits in realtime. Double Dual Core Processors, and 384MB of Ram. For $279.00 without a yearly subscription I think it's the top of the game right now, and probably quite a bit better than these Sitecoms. AC87 can handle 40,000+ sessions, and UTM throughput is 1735Mbps. I'd buy a Sitecom in 10 seconds if I thought it would top the AC87R, or be able to keep up on our home network.

 

Hi Esse, we've been very busy working on Exploit Protection technology for HitmanPro.Alert version 3 (our signature-less solution against advanced threats on Windows).
As mentioned in an earlier post, we've also been working with a chip manufacturer to include our UTM technology. Maybe more news on that front later this month.

There is no respectable enterprise-level device below $10,000 capable of delivering 1735 Mbps UTM throughput. E.g. a Palo Alto Networks PA-3020 is listed for $14,000 and has up to 1000 Mbps threat prevention throughput.

If ASUS's consumer device does offer almost twice that throughput (1735 Mbps), believe me, it's not actually scanning the traffic (no deep packet inspection). Which means it's just a ordinary URL filter and technology-wise not even close compared to our solution.
A Sitecom WLR-8100 (802.11ac) router with our UTM technology is capable of reaching 140 Mbps deep packet inspection throughput (between Internet and LAN) and allows well over 50 connected clients. BTW, how fast is your internet connection at home?

Update: I've looked it up and as expected, AiProtection by Trend Micro in ASUS's router is just an ordinary URL filter. So no real antivirus or exploit prevention on the router.

 

Thanks Marc, looking forward to both these achievements.

/E

 

140Mbps is respectable, as is 50 clients.

However your data on AiProtection isn't entirely correct. AiProtection has several aspects, including Exploit Prevention, URL Scanning, and Intrusion Detection with virtual patching. It's tied into Trend's Deep Security enterprise system. So the ideal way to learn what AiProtection is would be to examine Trend DSE white papers. Note, Trend's URL scanning has been shown to block 80%+ of all malware itself, without any additional factors. The layers in AiProtection are;

1) Router Vulnerability Scan
2) URL Scanning
3) Vulnerability Patching (virtual exploit prevention)
4) Infected Device Prevention (stops compromised devices from using your network)

All of this is accomplished with 2X dual core processors, and 384MB of Ram, so no slowdowns, and high bandwidth can be maintained. But I agree, it's probably not offering anything other than 'trivial' packet inspection. My USG60 destroys it on the level of inspection and throughput it offers. Your Sitecom device is significantly less powerful than a USG60 I have sitting at home on the shelf collecting dust, but I am intrigued enough to buy one if you can point me to a US-Seller, or a discounter for it I will order the top end model this weekend and give it a thorough test run!

Thanks for responding.

 

something like this was put forward a few years back,don't think it was hit man pro though,it seems to have vanished and reappeared from time to time a few times since then

 

Actually, I was not incorrect, just a bit short in my explanation. Let me explain the ASUS AiProtection layers:


Router Weakness Scan
Scans your router for any security vulnerabilities and recommend options for increased protection.
This feature keeps track if there is e.g. a vulnerable Wi-Fi driver in the router which need to be update. Or a vulnerable Bash (Shellshock) or OpenSSL (Heartbleed). This has not much to do with immediate protection of connected clients and can be seen as a periodic firmware update check that every router has.

Malicious Sites Blocking
Restricts access to known malicious websites in Trend Micro’s database for always up-to-date protection.
This is the URL filter, blocking malware on known bad sites.

Vulnerability Protection
Resolves common exploits within the router configuration.
This keeps an eye on open ports with vulnerable services to prevent abuse by remote hackers.

Infected Device Prevention and Blocking
Prevents infected devices from communicating personal information and/or infected status to external parties.
This is also the URL filter - not a new layer. It blocks known command-and-control sites.

So AiProtection is basically a URL filter. The rest revolves around the router itself and not on web traffic, offering no additional protection for connected clients.


HitmanPro.UTM only offers services to protect connected clients:

Anti-Virus and Anti-Malware
Proprietary deep packet inspection (DPI) engine with cloud-assisted signatures and cloud-based scanning of unknown files using engines from HitmanPro, Bitdefender and Kaspersky. Some of the technology behind could be compared to Palo Alto's WildFire, only HitmanPro.UTM is a lot quicker and used by millions of users. We have a patent on the deep packet inspection engine with cloud-assisted signatures for consumer devices.

Exploit Prevention
Analyses web traffic for typical exploit kit behavior to stop exploit payloads from reaching requesting vulnerable clients.

Malicious Sites Blocking
Blocking of known malicious sites, like phishing and sites known to distribute malware. If Anti-Virus and Anti-Malware detect malware on an unknown malicious site, the site is automatically added.

Botnet Warning Systems
Warns when the router detects command-and-control traffic coming from an infected connected client. This works by querying a special database of active sinkholes wherein the public IP address recently communicated with - so no analysis of web traffic.

Advertisement Blocker
Prevents loading of advertisements in web traffic, making web pages load faster, look cleaner and safer. Prevents malvertising.

Do-not-track
Makes websites know that the family (all connected clients) doesn't want to be followed and that you want the keep your surfing behavior to yourself.

 

Interesting, and impressive. My only concern would be if the hardware it's bundled with can handle the throughput. I have tried devices above my required throughput and sessions, and they still ultimately slowed down activity slightly, despite being over spec. Thats including Fortinet's 90D, which far surpassed what I needed, but still offered pretty noticeable impact on things like streaming (multiple streams). ZyXEL USG60 is a powerhouse for the price point, but also had a slight - but noticeable impact on multiple 1080P streams that frustrated me because I was utilizing only a fragment of it's power. That's been my major complaint using higher security/enterprise solutions in a situation where performance needs to be maintained.

Granted the ASUS+Trend solution is roughly 80%+ effective according to some tests, I'd like a more robust exploit/IDS/Malware system in place beyond that. But the performance of the ASUS+Trend combo is ridiculously good - and it's blocked every infected website I have thrown at it.

This sounds like an enterprise level solution for the home and with enough horsepower to get the job done.. Only major concern would be the range of those internal antennas.

Finally - any US Resellers of these? I'd like to order the top model this evening.

 

Another thing.. ASUS's new AdaptiveQOS is probably the most amazing QOS I have ever seen. That would be tough to give up.
The parental controls on ASUS's next gen routers is incredibly robust..

Not sure Sitecom can measure up in terms of QOS and Parental Controls, I need to find some papers on them. I actually prefer AdaptiveQOS over traffic shaping rules in enterprise appliances, overall it seems to really help in the home with multiple streamers.

 

Yes, US resellers. These routers are not available through (for instance) Amazon or Newegg.

Edit - found this one on eBay:

http://www.ebay.com/itm/Sitecom-Wi-...ng_Mobile_Breitbandgeräte&hash=item233f197053

 

That's from Germany, and it's the slower X6.

As of right now it appears ASUS has the market cornered, even though it's not a true UTM, it's inspection is good.

 

Is it not possible to buy the sitecom routers from overseas resellers? Maybe the problem is I can barely read Dutch and German.

 

Hi Mark/Erik,

Recently I was in Holland in a shop (Mediamarkt) where you can buy them, and I think that I saw on the box mentioned the AVs that were used in the past (BitDefender, Emsisoft, Ikarus, SurfRight) instead of the AVs that are supposed to be used now (HitmanPro, Bitdefender and Kaspersky). However I may have seen it wrong (my bad eyes!). If I did see it right, which info is right? Thanks in advance.

 

I'm sure you can buy them overseas. But that opens up other issues.

1) Support locally in the USA.
2) Where to purchase UTM updates, since it comes with only 6 months free.
3) Repair, if necessary.

I've had hideous experiences ordering technology from overseas, so I avoid it. In this case, without a US Vendor, willing to support/service, and sell subscriptions I think it's probably a good idea to avoid it. At least with ASUS and ZyXEL you have reasonably local resources to reach out to. Also, I never heard of Sitecom, which causes me to pause a bit, as they have almost no reputation in North America. Perhaps if HMP can establish a relationship with a bigger, worldwide, well known manufacturer it will go mainstream. (D-Link, Netgear, ZyXEL, ASUS, TP-Link, etc)

 

The X6 model have a 140 Mbit UTM throughput WAN-LAN, this is plenty fast for most connections I guess?
AV:s used is correct as you have seen it in the shop (if nothing new did happen), it´s different clouds (engines) for the UTM solution and the Hitman Pro scanner.
Regarding the UTM updates, you will get a link to purchase a year at the time when your 6 months are almost over, if I remember correctly. Cheap also, I think I did pay like 14 Euro for a year.

/E

 

Hi Esse,
Thanks.
However things are confusing because Mark posted on 02 Oct 2014 in reply # 135 in this thread :

(emphasis by me on the AVs in the quote)

Maybe I am not understanding things right though, I don't know.

 

Maybe they have consolidated their clouds to one, but it seems more likely that they are separated. The engines used could be as you state above right now, lets see what Marc says.
If I remember correctly, Marc once said they can use just about any engine and/or as many as they like in the UTM cloud, without loosing speed.This could prove a real strength in future I believe.

/E

 

4) Other countries have their own regulatory agencies which do things differently (i.e. bandplans, channels) than the US FCC. So a European WiFi radio might have hair pulling limitations or other annoyances communicating with your USA gear.
5) Radio equipment not carrying an FCC OET ID may not be operated in the US or its territories. Rhetorical: Do Sitecom gear carry those IDs?
Cheers.

 

Hi Esse,

I'm still not yet sure whether I did read it right on the box in the shop; sorry.
Anyways, here is the UK Sitecom site with info about the AVs:
https://www.sitecom.com/en/sitecom-cloud-security/347
It says: Kaspersky, Bitdefender, HitmanPro.

The German site: https://www.sitecom.com/de/sitecom-cloud-security/347
The Dutch site: https://www.sitecom.com/nl/sitecom-cloud-security/347

All saying: Kaspersky, Bitdefender, HitmanPro.

 

Agreed, and a valid concern. Which is another reason why I do not order electric gear from overseas.

 

@FanJ
If you look at post No:8 in this thread you will see some info regarding the engines used. Then again, that was some time ago...

/E

 

My mother's router was broken, so I bought her a new very weak X2 sitecom (distance from router to PC is less than 5 meters, no walls). I enabled cloud security and Internet throughput only dropped from 5.4-5.7 Mbs to 5.1-5.2 Mbs. Bear in mind that only the X1 is below the X2 (with X9 at that time the top-ranked consumer model) so browsing experience on higher ranked models should be seamless.

With a second supplier using this UTM technology the Loman Brother problably have a star/cash cow in their portfolio, congrats