A few weeks back, I explained how I think about my risk model when it comes to cybersecurity in my smart home. Shortly after that piece was published, Comcast issued a report that showed how wrong many people were when it came to understanding which devices posed the largest threat to their home network security.
In my article, I recommended using an outside device or service to monitor your network, so I figured I’d share my experience with some of the options out there.
I use a service or device to both monitor which devices are on my Wi-Fi network and assess traffic patterns. Many companies, such as Comcast and Eero, offer a security service on top of their internet service or router for a monthly fee. These security services let you track the devices on the network and will usually alert you to weird traffic patterns, such as when a connected dishwasher suddenly tries to send 100 times the usual data it uploads each night.
There are also physical devices that plug into your router that will monitor and alert you to traffic issues. I use a $399 device called the Firewalla Purple, which provides an incredible amount of customization and monitoring capabilities. The Firewalla doesn’t just look at traffic patterns, but at where traffic is heading and what type of traffic is traveling on the network. It also provides basic firewall and intrusion detection.
It’s powerful but can be somewhat intimidating, too. For example, I get a lot of notifications, including ones about ports that have been left open on a specific device or data that is hitting questionable services. The average human isn’t going to know what those messages mean, and might panic. Even I get overwhelmed by notifications. But if you’re willing to look up the alerts, you’ll learn some pretty awesome stuff and feel more capable of managing your network. You can also turn off notifications or limit the types of alerts you see. (Here’s a seven-and-a-half-minute video on managing alarms!)
Or you can install a device from a startup called Everything Set. I’ve run the device, which is currently in beta, on my network for about six weeks. Instead of freaking me out about abnormal uploads or notifying me when my kid’s MacBook is watching video, I just get a weekly report with a security score and some charts highlighting any devices that have shown higher-than-average use.
The first week, my security score was a 10 (even though I had open ports!), but it has since dropped to a 9.0. That is still apparently pretty good, but I don’t exactly know what has caused my score to drop. I did add a Eufy lock and an IKEA Dirigera hub during this time frame, so perhaps that’s it. The CEO of Everything Set told me that the company is working on sharing more information and an updated version of the software should launch early next year (this is a beta product).
I’ve also used Eero’s cheaper security plan, which is no longer available. If you want to get security through your Eero router, you now have to pay $9.99 a month for security as well as access to 1Password, a VPN service and parental controls, and an ad blocker. Without paying a cent, I do still get access to notifications when a new device joins my network and I can dig in on a specific device to see how much data it’s using.
Google Nest WiFi Pro gives you proactive network speed monitoring and optimization, guest networking, parental controls, automatic software updates, and adult content site blocking, for free. You can turn on Google’s SafeSearch to block adult sites, but you can’t block specific sites or even categories. It’s helpful, but not really robust enough to be a security service.
For Comcast’s 32 million broadband subscribers, if they pay for an Xfinity Gateway, they also get xFi Advanced Security, which helps monitor network traffic going into and out of the home, proactively flagging “odd” or malicious behavior. Comcast has been adding functionality to its modems for more than half a decade as the number of devices in the home has skyrocketed and the complexity of managing a home network has become more difficult.
Asad Haque, executive director with Comcast, said that the Gateway’s “advanced security capabilities are very helpful. Just like [a] deadbolt on a door provides security to what is behind that door, Gateway’s ability to guard [the] network protects what is behind that gateway.” He added that the next layer of security will be built into the connected devices in the home, touting the work that the Matter home interoperability protocol has done on this front.
“It is often too much for consumers to understand ‘DMZ’ architecture where untrusted/guest devices are segmented off, but that is a good practice as well,” he said. I am going to recommend you avoid doing that unless you have a really high risk profile. It’s very complicated and can break certain device capabilities when a user’s phone is on one network and the device is on the other.
And what about antivirus software? While it can protect users’ computers and phones both in and outside of the home, for those worried about their many connected devices that aren’t computers, even antivirus provider Bitdefender recommends some form of router-based service or standalone device. Bitdefender also provides its software to Netgear, which offers its own Armor-based security service tied to Netgear routers.
Shalini Sengupta, senior product line manager for Netgear Armor, said physical devices may not protect any devices outside of your home network (which is why antivirus software that does is useful on computers that leave the home network). As for buying a physical device or relying on your ISP or router maker, Sengupta thinks devices that come with a router or from the ISP are a bit more consumer friendly because security software on a home router automatically activates as you set up your router. And many of these services let you try the service in one-month increments so you can find out whether or not it actually helps.
The bottom line is if you want to set up a smart home, it’s probably worth considering your risk profile, as I wrote about two weeks ago. And if you don’t like the risk you’re taking, investigate an outside device or service. I think they are worth the cost in terms of peace of mind. Plus they usually offer many other functionalities, such as parental controls or ad blocking, that make them worth the added cost.
Updated: This story was updated on Dec. 31, 2022 to reflect that Eero Secure offers a subscription to 1Password not Last Pass.