Bitdefender security appliance for home networks seeks to replace end-point antivirus

Discussion in 'other anti-malware software' started by ronjor, Nov 25, 2014.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  2. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    In otherwords, a semi-UTM for home users running in transparent/bridge mode behind a router. As I predicted already here on Wilders, within 5 years almost everyone will be running UTM's or UTM-Like appliances in the home simply because simple-NAT isn't doing the job anymore, and threats have become incredibly complex.

    A few things cause me to pause on this device. Most importantly it doesn't have the hardware to decrypt SSL traffic in realtime, analyze it, and re-encrypt it back with ROOT CA issuance. It's possible they are using the desktop light software agents will be doing that. Also I am a bit worried about the VPN aspect of this back to the device from remote. We do this with Forticlients tied to the Fortinet appliance, however this can cause speed/compatibility issues because of the nature of the internet, so I am wondering how they will pull this off with a high degree of reliability, and what happens if the VPN can't be established or files authenticated? Also the wireless radio in it is anemic. So I would recommend disabling the radio, and using this as a transparent bridge between your router and a switch, then attach an AP, or wireless router in AP mode onto the switch to avoid the anemic radio they are bundling this with.

    Another thing that concerns me is this doesn't provide layered support. It's Bit Defender or nothing. Bit Defender on the network, Bit Defender on the desktops. I'm starting to think this would be a cool device to deploy as a flow-through UTM, then install Kaspersky on the Desktops. Similar to how ASUS works with their routers running Trend, then installing Norton or something on desktops. I'll be the first to buy one of these and test it of course, and will post findings here.

    Kaspersky has had flow-through instant-packet-analysis in realtime UTM's deployed since around 2004.
    http://www.kaspersky.com/about/news...ZyXEL_Join_Forces_to_Offer_Gateway_Anti_Virus
    ZyWALL UTM is the world's first solution to deliver real-time scanning of network traffic against the most dangerous viruses. Next generation protection from malware and inside attacks, ease of installation and management, robust functionality, and cost-effectiveness make ZyWALL UTM the ideal solution for small and medium sized businesses”, commented Vitaly Bezrodnykh, Business Development Director at Kaspersky Lab.

    Although I am unsure how I would implement it on my network already having two layer-7 UTM's.
     
  3. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Umm, no thanks.
     
  5. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Get used to it, that's the way everything is going simply because it's getting difficult, and sometimes impossible to deal with threats without a large cloud based infrastructure backing up products. In 5 years or less you won't find a non-cloud based AV other than Clam or F-Prot, bank on it.
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    It's great that this sort of device is coming now for home networks. At the moment I think the ASUS router with embedded Trend might be a better choice, but there will be more choices in the future and prices will likely come down. Perhaps these will follow the inkjet printer model and they will sell the boxes at a loss and make the money back on the yearly subscriptions.
     
  7. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    That's exactly where it is heading. Although different approaches. Here Bit Defender is selling a slow, underpowered system, and keeping costs low by putting an anemic wireless controller in it. ASUS is putting powerful systems out with Trend in them. I prefer Trend's approach because it doesn't push anemic, or dated hardware onto people, and at $200.00 the Bit Defender device isn't much cheaper than full fledged, powerful ASUS routers with Trend.

    The idea here is to drop UTM-Like devices with managed desktops onto the consumer scene. It might get messy for awhile.
     
  8. DX2

    DX2 Guest

    There are other options besides using an AV...
     
  9. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Fair enough.

    People need to realize that in many cases the cloud is safer, and more private than localized infrastructure. Cloud providers are generally targeted businesses, have engineers trained to task, and assigned. Everything is unified, generally updated, and heavily analyzed. Anyone in IT knows the horror stories of individual business and consumer IT. We've taken companies with 100+ desktops, miserable local IT, horribly maintained servers, and totally obsolete patches and firmware, and dropped most of their infrastructure into the cloud w/API's and seen a nearly 80% drop in IT expenses (including malware removal, repairs, etc). Instead of a few greaseballs hiding in a server room, they have a multi-million dollar infrastructure with 32 trained engineers, and live web chat their disposal. All of this reduces threat surface, improves reliability, reduces overhead, and increases productivity.

    Don't fear the cloud.
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    Agreed :) I'll be waiting a while for things to shake out. Regarding different approaches, I wonder if the Bit Defender Box place BD on the desktops or if the "agent" just for integration/management? I'd rather not have the desktop AV tied to the UTM box which locks the whole LAN into one vendor.
     
  11. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    This would be vendor lock. The approach is basically the clients on the desktops function as the desktopAV but call to the appliance for application validation, and threat analysis. This vendor locks you to Bit Defender. However I assume the UTM will work without the desktops, and one could install something else on the desktops without losing much functionality. Similar to how Forticlient can tie into Fortigate appliances, but most people elect to use a different endpoint solution with a Fortigate for a blended approach. Fortigate handles some threats, Symantec others - for example. I'm not a fan of vendor locking across platforms/networks/devices, etc.
     
  12. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    293

    By any chance, does that have anything to do with you being on the "Trend test team"? Have you had a chance to thoroughly test both systems?
     
  13. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    It has to do with raw statistics, and knowledge of hardware. That's an entirely anemic wireless controller on that box. No Wireless AC, no dual channel, very low ram and CPU power. If you are going to release a new router why not stuff current hardware in it? It looks like they are using old off-shelf stuff to keep costs down. Whereas Asus is putting quad cores, gigs of ram, and 8 band radios in their devices FOR NEARLY THE SAME PRICE with no YEARLY RENEWAL of Trend.

    The device has a single-core 400 MHz MIPS microprocessor, 16 MB Flash memory, 64 MB DDR2 RAM, two 10/100 ethernet ports and a wireless chipset that supports the 802.11b/g/n Wi-Fi standards and is capable of speeds up to 150Mbps.
     
  14. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    This is from the blurb about the BD Box:

    Despite these unimpressive technical specifications, Bitdefender BOX does not affect the network performance when positioned alongside a router to scan network traffic because it doesn’t perform deep packet inspection, according to Bogdan Botezatu, a senior e-threat analyst at Bitdefender.

    Saying that it doesn't slow network performance is simplistic. It has to depend on how fast the connection is whether or not the "Box" becomes a bottleneck. Also, if it doesn't perform deep packet inspection how much protection is lost compared with a UTM device that does? Based on this Wiki info quite a lot:

    https://en.wikipedia.org/wiki/Deep_packet_inspection
     
    Last edited: Nov 27, 2014
Loading...