Network Security, Evolved
As is often the case in both the online and physical worlds, feeling safe isn’t always congruous with being safe. Sure, you know online threats exist and bad things can and do happen, yet the fact that these potential threats exist in a virtual environment makes them intangible; less immediate, less threatening. In other words, easy to ignore. Well, cybersecurity expert Bitdefender is here to assure us the threats are very real, and they have a solution.
As I understand it Bitdefender pretty much created the home security hub market in 2015 with the BOX. It was an interesting product from a technical perspective, and much-needed, even if most of us weren’t fully aware of just how much. It was met with lukewarm “not quite ready for prime-time” reviews. I kept asking myself are such devices necessary? Why do I need a security hub when my router has a firewall? Turns out there’s good reason (several, actually) to have one.
Yes, every router has a firewall. Yes, it’s always “on”. But typical router security is passive, meaning it’s not actively monitoring the network and assessing the behavior of connected devices. What good is a firewall, or any security, if it can’t alert you to a problem? It’s the equivalent of a smoke detector with no alarm.
Enter, the BOX
The BOX is first and foremost a security hub even though it’s often referred to as a “smart” router. It’s not an inaccurate description, but it places too much emphasis on the router which is very clearly a secondary feature (more on this later) that can be disabled depending on the type of configuration you choose. That being said let’s get this out of the way up front: If router performance, not advanced security features, is your primary focus then there are better performing and less expensive options.
The original BOX was a small “puck”, similar in size to the older Apple TV or Roku with decent but far from impressive hardware specs. Based on reviews it was a very promising if underwhelming first attempt.
Now in its second generation (released Dec. 2017) the new Bitdefender BOX has upped the ante both in terms of its award-winning security software and considerably more robust hardware. In short the BOX 2 has more of, well, everything.
Watch and Learn
One of the more useful features of the Bitdefender BOX (at least to me) is its ability to employ machine learning, or what Bitdfender calls Anomaly Detection. The BOX “learns” how each connected device behaves under normal operating conditions so any deviation, e.g. someone hacking a “smart” security camera — something which might otherwise go unnoticed — triggers a block.
In addition to hacking protection it can also actively identify (and alert you to) a multitude of phishing, malware, and virus threats and will even stop you from inadvertently sending sensitive personal or financial information over an unencrypted connection. In short, the BOX goes far beyond the passive security of a typical (dumb) firewall.
Finally, to tie it together all devices and alerts are centrally managed from Bitdefender Central (mobile app and Web-based) which might also be one of the more important and overlooked selling points. So with all of that in mind let’s get started.
The Other Players
As of this writing there are only a handful of similar products currently available that I’m aware of, but not all offer the same level or type of security features, nor do they all function as a router. Here are a few, though there will certainly be more.
I haven’t tried any of these so I can’t say how they compare to the BOX but here’s a feature comparison table for the BOX, Cujo, Norton Core and F-Secure from the Bitdefender website.
UnBOXing First Impressions
The BOX comes in a surprisingly sturdy and very nice-looking, uh... box. I was happy to find a thick and secure foam insert firmly wrapped around the device. I've purchased high-end stereo gear whose packaging wasn’t this nice. It looks like something Apple would have designed.
The first thing you notice when you remove the BOX from its well-padded packaging is how light it is given its size. You would be forgiven for thinking it was empty but a look through the top grate reveals a single circuit board. Given its impressive feature-set I expected it to be stuffed to the gills with hardware and was a little disappointed it wasn’t. I admit I’m someone who (perhaps foolishly) equates solid and heavy with quality, but make no mistake, the BOX is all business. The A9 processor runs slightly warm so I assume(?) the empty space is necessary for cooling in the absence of a fan and is not the byproduct of an aesthetic choice. In any case it’s dead quiet.
The BOX has a clean aesthetic as a 7.5" x 4" x 4" rounded triangle with three shiny cream-colored panels attached to a matte dark gray central structure. There’s a bright bluish-green “ring” status light that glows from behind the front panel, cooling perforations running down the triangle’s “points” and top and bottom plates, and three rubber feet. Though not small or discrete it is a reasonably attractive piece of kit, more so than the Norton Core’s geodesic design, at least to my eye. It probably won’t draw any more attention than a typical router or “smart” home hub device (e.g., Amazon Echo, Google Home etc.). I like having it in plain view but there are a couple things I might change. Keep in mind I’m nitpicking, none of them are deal-breakers.
I prefer it were smaller/shorter. At nearly 8" tall with a smallish footprint and featherlight weight I’ve found the weight of two ethernet cables hanging off the back can sometimes create a bit of instability if placed near the rear edge of a table, console etc. where the cable weight, if unsupported, can pull it. For example, Cat7 ethernet cables are heavier and stiffer which doesn’t help matters. Also, the status light can be dimmed to 75%, 50%, 25% and 10%. It’s a nice touch but I would also like the option to turn it off completely and have it only turn on if/when an issue arises or a firmware update is available.
The BOX includes a one-year subscription to the Bitdefender Total Security software suite. There are desktop and mobile apps for macOS, Windows, iOS and Android which complement and extend the BOX’s security features to provide virus and malware protection (and much more) on individual computers and mobile devices whether you’re at home or out in the world and no longer connected to the BOX network. Even better, the apps can be installed on an unlimited number of devices.
After the first year Total Security costs $99US per year. Strictly speaking you don’t need to buy the security software to use the BOX as a router only but it’s kind of pointless if you don’t. When you consider the quality of protection and the unlimited devices it covers the cost is extremely reasonable at ~$1.90/week.
The BOX maintains an encrypted connection to the Bitdefender servers which allows you to conveniently manage your connected devices via Bitdefender Central. Since the service requires the use of Bitdefender’s mobile app(s) or website to manage devices you might (rightly) wonder how much access, if any, Bitdefender has to the devices connected to the BOX network. I contacted Support with that very question and here’s their response:
Bitdefender does not have access to the devices that you will connect to the BOX network. In fact, our department uses Team Viewer to remotely connect to customers in order to troubleshoot, therefore, we ask for consent and we have limited access. We do see in our database a list of the names of the devices in your network and if the BOX is active or not, the same information that is displayed on your end.
The only device that we can virtually access, is the Bitdefender BOX itself, but that is only in certain circumstances and under one form:
- We only connect to the BOX when troubleshooting is necessary and we ask for permission from the customer to gather the latest logs from the BOX itself.
- We can only access the Bitdefender BOX from our end with your consent, and the only visible information on our end regarding the BOX would be the logs, in form of text.
Configuration Options / Setup Requirements
Setup instructions and videos can be found on the Bitdefender website though only the Central mobile apps can be used for the initial setup. There are 3 configuration options available depending on whether you use:
- The all-in-one modem/router provided by your ISP.
- Your personal modem and router (which is what I use).
- The BOX as a standalone router.
- Setup Requirements
- Broadband Internet Connection (Cable/DSL/UTP)
- Bitdefender Central Mobile App (iOS and Android)
- A mobile device with:
- 4G/3G data connection
- iOS 9 or higher
- Android 4.4 or higher
Once setup you can use the Central mobile app, or to a lesser extent the Web interface, to (partial list):
- Add new users
- Assign a specific device to a specific user
- View bandwidth usage by the hour
- View threats for the past 7 days
- Manage parental controls
- Manage detected threats per device (block/unblock)
- Manually run a Protection and/or Vulnerability scan on a device-by-device basis
- Edit the device name and icon
- Configure the parental controls
- Pause Internet on a device-by-device basis
- Port-forwarding for individual devices
The Bitdefender Central Web interface (above) was a little buggy for me initially but it’s working nicely now and offers basic management features, though the mobile apps provide more settings. The Web interface lacks any router configuration, and the mobile apps offer limited network options. The following settings are only available when using the BOX as a standalone router (except where noted *), otherwise they are disabled. Presumably your existing router would have all these settings and many more.
- Wi-Fi name and password
- LAN address
- WAN (DHCP, PPPoE, Static IP)
- Custom DNS servers
- Guest Network*
*The Guest Network feature was added September 2018 and is most likely intended for when the BOX is used as a standalone router. If that’s how you’re using it great, you’re all set. Enjoy.
However, the Guest network can also be enabled when using your personal (or ISP supplied) router as the “primary”. In such a configuration the BOX’s Wi-Fi is disabled by default since the primary router is running the show, but enabling the Guest option seems to partially override this behavior. Why does this matter?
Keep in mind when using your own router it must be physically connected to the BOX which means they will by necessity (probably) be in very close proximity. If you then enable the BOX’s Guest Network there will be two disparate routers each broadcasting their own signal essentially side-by-side, possibly on the same channel or maybe not. Technically this will work but it’s far from ideal and is not recommended as a long-term strategy.
A better solution: If your primary router supports a Guest Network in AP/bridge mode then it’s preferable to configure it there and leave the BOX’s Guest option disabled unless you absolutely need it.
Protection and Vulnerability Scanning
A notification will appear in Bitdefender Central to let you know when a new device has connected and the result of the scan, good or bad. In the case of a problem the alert will contain a brief description of the threat or vulnerability. Whether it’s something you can resolve from your end will depend on the type of problem detected. For example, a weak username/password is easily fixed but a software defect in a connected device is not (see below).
Threats are blocked by default though you can always override it with an “Allow” option. Devices can also be blocked and sites and urls whitelisted. My question is: How do you know when it’s safe to “Allow” a detected threat or device? That’s where the BOX alerts come into play.
The alert contains a brief explanation of the threat and how it could potentially affect your device and network so you can make a reasonably informed decision as to how to proceed. Depending on the type of threat the alert details may vary somewhat with regard to their usefulness. I've found some to be wonderfully detailed while others are a bit vague but still informative.
Different types and levels of manual protection and vulnerability scans can be performed on a device-by-device basis at any time. Again, depending on the type of device (computer, mobile, or non-computer/IoT) there will be different available options. Not surprisingly computers and mobile devices have the most thorough scanning options (below):
- Network Vulnerability Scan
- Quick Scan
- System Scan.
Below are two issues the BOX caught on my personal devices.
Denial of Service: Canon
When I connected a Canon printer I was immediately alerted to a very serious Denial of Service (DoS) vulnerability in the Canon software but was assured the printer was protected while on the BOX network. Although the BOX can’t fix software issues in other products I contacted Canon support and provided a screenshot of the alert in the hope they might take action to resolve it (they haven’t). Below is a screenshot from my Bitdefender Central account Web interface.
“Dangerous URL” Blocked: Netflix
Below are screenshots from my Bitdefender Central account (Web interface). The culprit? It seems the “Dangerous URL” belongs to the Netflix channel on my Roku 2 which I had to suss out on my own since the BOX appears unable to resolve an IP to a domain name.
It’s good to know the BOX can monitor what individual Roku channels are doing, and is another example of a problem I would have never known about were it not for the BOX. I have for the time being chosen to keep the block in place.
Main Notifications list (left); details of Roku notification (right):
A Note About ‘Nest’
I have several Nest Protect smoke and carbon monoxide alarms installed. By design they only connect to the home network once per day for a few seconds as part of their diagnostic tests, otherwise Nest uses its own proprietary wireless protocol to communicate with other Nest devices. Although the alarms appear in my Central account their status is “Disconnected” despite being “on” and operating normally. I was confused by this so I contacted Bitdefender support.
Bitdefender remotely ran a diagnostic test on my BOX (with my permission) and confirmed it can only detect the Nest during the very brief daily alarm tests. It seems Nest is able to hide its network footprint most of the time, even from the BOX. I suppose this could be interpreted as slightly good-ish news. If Nest can hide from the BOX then perhaps it can also hide from prying eyes. The alarms are still protected by the built-in Nest security, though I have no idea how good it is, and they are also checked for vulnerabilities by the BOX, albeit only once per day instead of 24/7 monitoring which is clearly less than ideal. Bitdefender has informed me that they will order a Nest Protect to test in-house so I will update this section if and/or when necessary.
Given the sheer number of IoT devices it seems likely there will be other peculiar connection issues so always verify each device has “Protected” status.
Bitdefender appears to be on top of their game as they consistently score very well according to the AV-Test Institute. But of more importance to me were the several issues it found on my devices which I was unaware of. In fact, I receive alerts on blocked phishing and malware attempts almost weekly so clearly the software is doing its job.
But new threats can pop-up with little warning so it’s unrealistic to think any cybersecurity device will be 100% secure against 100% of threats 100% of the time. Fortunately virus definition updates are a daily occurrence and the Central mobile app also receives regular, if less frequent updates, and the BOX receives firmware updates a couple times per year. Nevertheless, the customer must place a lot of trust in Bitdefender that they can stay ahead of the threat curve.
Virtual Private Network
On April 18, 2018 Bitdefender added an optional VPN service to their Total Security subscription (included with the BOX) that is powered by Hotspot Shield. The free plan allows up to 200 Mb per day or you can pay $40/yr. for unlimited data.
Considering that privacy, security and trust is at the core of these types of services I find it curious Bitdefender chose to partner with a company who in 2017 was accused of violating its own privacy policies by the Center for Democracy & Technology (CDT), a nonprofit advocacy group for consumer privacy rights. At best the optics don’t look great. In fairness to Hotspot Shield — aside from the privacy issues — the service gets decent reviews. Whether that’s enough to compensate for the negatives is for you to decide. While I applaud the addition of a VPN I question the choice of provider which is why I will stay with my current service.
Internet of Things (IoT)
A big selling point of the BOX lies in its ability to secure IoT devices against external attacks. But what exactly is an IoT (Internet of Things) device? Or as Infosec (Information Security) professionals would probably call it, the Internet of Shit. That somewhat unfortunate yet not entirely inaccurate definition aside, it’s a parent term referring to any type of non-computer home appliance that connects to the Internet and/or communicates with other devices via a network. They are also commonly referred to as “smart” devices. A few examples include:
- Lightbulb; doorbell
- Smoke/Carbon Monoxide alarm; thermostat
- Appliances (washer/dryer, refrigerator, oven, toaster etc.)
- Security camera
- Lifestyle hub (Apple HomePod, Amazon Echo, Google Home etc.)
The type and number of IoT devices is enormous and growing everyday. What’s also growing are security concerns which is why it’s important to consider these devices into your broader network security strategy.
However, (IoT) privacy is trickier to protect because simply by using these devices you are effectively giving the manufacturer the ability to collect your personal data. Your control over its collection and use can vary greatly but ultimately you are at the mercy of the manufacturer, and that, unfortunately, is not something the BOX (or any security hub) can protect against. As it stands these devices already exist in millions of homes across the planet with no sign of slowing down as society moves inexorably towards “smart” homes and cities. According to research firm International Data Corp the IoT market will be “surpassing the $1 trillion mark in 2020 and reaching $1.1 trillion in 2021”.
Then there’s this pearl:
IoT hardware will be the largest technology category in 2018 with $239 billion going largely toward modules and sensors along with some spending on infrastructure and security.
Did you catch that?
Some spending on security. Pretty much sums up the problem, huh?
IoT: An Inconvenient Truth
A lot of IoT devices are little more than novelty gadgets while others are practical (e.g., smoke/carbon monoxide detectors). But they all suffer from the same fatal flaw to one degree or another: They have very little or no security features. Nor can security software be installed on an IoT device like it can on a computer so you’re at the mercy of whatever built-in safeguards the manufacturer includes, if any.
What’s more, since IoT devices are controlled with software, usually a mobile app, not only is the hardware (device) vulnerable to attack, so is the management software. Even if it were possible to install IoT security software on a device-by-device basis (which it’s not) who would do it? Who would want to? It would quickly become a management nightmare. Most people barely think of their computer’s security as it is, who would think about or bother with a smart toy or toaster?
According to some estimates at least 70% of IoT devices have critical vulnerabilities. Even if that number seems high it’s fair to say that as a category they are sorely, even dangerously lacking in safeguards. They present gaping holes through which someone could, with minimal effort, gain access to your entire network and every connected device. It’s like locking the doors of your home but leaving the windows wide open.
The question is, “How secure is secure enough for an IoT device?” There are practical considerations like cost and feasibility, and without an established standard it’s unrealistic to expect every manufacturer to view IoT security in the same light, much less invest the necessary resources. The reality is IoT devices are and will continue to be a network’s Achilles’ heel. And that’s not including the privacy concerns. We’re paying a price for the I-don’t-want-to-live-without-it-convenience of IoT devices which seem to permeate every corner of our “connected” lives.
— Updated June 27, 2019
The bottom line is simply this: If you have an IoT device (or 20) in your home then you need to factor it into your network security plan. Period. Fortunately the BOX makes it an exceedingly simple thing to do.
As mentioned the BOX is equipped with a router so let’s take a closer look at its specs and performance.
- Dual Core Cortex A9 @1.2 Ghz
- 1 GB of DDR3 memory
- 4 GB internal storage
- Concurrent Dual band Wireless 2.4 Ghz & 5 Ghz
- MU-MIMO 3x3 antenna configuration
- IEEE 802.11a/b/g/n/ac
- Wave-2 @ AC1900
- 1 x WAN port - 10/100/1000BASE-T Ethernet
- 1 x LAN port - 10/100/1000BASE-T Ethernet
Around back is the A/C jack, reset button and two ethernet ports. Sorry, no USB. The lack of additional LAN ports will be a problem for some but it doesn’t have to be. High-quality plug-n-play network switches like the TP-Link 8-Port Gigabit Desktop Switch TL-SG1008D can be found for ~$20 and less. Quite frankly switches are an (almost) obligatory device for any network, so just get one and don’t worry about the BOX’s lack of ports.
Based on Bitdefender’s marketing material and the fact that the BOX is primarily a security device it seems they really prefer the BOX be integrated into an existing network rather than used as a standalone router which begs the question: Why include a modest but capable router then downplay that feature?
My guess is that it (most likely) has less to do with the hardware and more to do with the limited configuration options. Of course this has absolutely no bearing on its usefulness as a security device, but I can see how it could limit its appeal for those who expect such things. I would hope this is something Bitdefender could flesh out at some point via a firmware update.
My (non-BOX) Network Kit
To improve speed, stability and security I recently switched from an all wireless network to a pseudo wired one. Nearly all of my devices (desktop computers and peripherals) are now wired to the network via a switch and/or powerline adapter. Wireless usage (laptop, phone and tablet) is usually within 10 ft. of an access point so signal strength is not an issue. My network kit includes:
- Two (2) Ignition Design Labs Portal routers operating as a mesh.
- Six (6) TP-Link AV2000 Powerline Adapters where there is no in-wall ethernet.
- Two (2) Netgear Nighthawk Switches.
- One (1) TP-Link Network Smart Switch.
- Motorola 24x8 cable modem.
- In-wall Cat7 ethernet throughout half the house.
BOX Configuration Options
As mentioned above there are three configuration options depending on whether you’re using:
- An ISP provided modem/router. *The BOX’s Wi-Fi will be disabled.
- Your personal modem/router. *The BOX’s Wi-Fi will be disabled.
- The BOX as a standalone router. *The BOX will broadcast its Wi-Fi.
The BOX + Personal Router
First I used the BOX alongside my personal router (Ignition Design Labs Portal) which requires setting it in AP/Bridge mode. Frustratingly I had to run through the setup a few times, resetting the BOX after each attempt before I finally figured out what I was doing wrong.
The setup process requires the plugging, unplugging and reshuffling of modem, router and BOX cables along with changing networks. None of it is difficult but it’s very easy to get ahead of yourself and move on to the next step before the router and/or modem has had sufficient time to reestablish a connection to the network.
- After unplugging/plugging the BOX or modem always ensure they have (re)connected to the network before proceeding to the next step.
- When you reach the step where you need to place the router in AP/Bridge mode it's quicker and easier (but not necessary) to use a different device (laptop or mobile) to access the router settings.
This was my problem. After disconnecting/reconnecting cables I wasn’t waiting long enough for the network to become available so of course when I moved to the next step the setup failed. Once I realized my mistake the setup worked perfectly.
As a Standalone Router
This setup was so simple even I got it right the first time. It’s worth noting that by necessity the BOX was installed in a less-than-optimal corner near a bank of windows (reflections) and a lot of electronics (interference) so I was impressed to find the BOX pumps out a better-than-expected signal, both in strength and coverage (see results below). Just to be sure it wasn’t a fluke I streamed two simultaneous 4K movies to two devices on different floors over Wi-Fi only and I’m happy to say it was free of buffering or any other issues.
The BOX + ISP Provided Router
I don’t have an ISP-provided router so I wasn’t able to test this setup. I suspect it’s fairly similar the “personal router” option.
Each setup process is nicely illustrated via screenshots, video and within the Central app, and should be relatively easy to follow for non-techies. However, I found the process not as plug-n-play as I had hoped when using the BOX with a personal router. There isn’t much in the way of troubleshooting tips should you run into problems but Bitdefender offers free and friendly phone, live chat and email support should you get stuck.
Speed... (Not The Movie) And Strength
A total of 24 wireless speed and 24 signal strength measurements were taken at the same six locations on each floor (6 measurements x 4 floors x 1 router) with results averaged by floor and type, respectively. All measurements are specific to the BOX functioning as a standalone router, the Portal routers were completely disconnected. I also use a VPN which I disabled for testing.
About the Structure
The house is a century old and overbuilt with two stories, a finished attic and a basement, plaster walls, and a lot of signal-absorbing obstacles. In short, a challenge for 5 Ghz. The BOX was located on the first floor for all tests.
I pay for 100 Mbps download which is the minimum baseline used for all speed tests. In use my download speed averages 102 to 118 Mbps and will sometimes briefly reach 160 Mbps during low traffic times. For all tests the BOX was placed on the first floor.
Speed: Wired Baseline
Wired measurements taken with Speedtest on a MacBook Pro connected to the BOX’s LAN port with a 7' Cat. 7 ethernet cable.
I easily exceeded 100 Mbps with the BOX on a wired connection. Speeds in the mid 120s were not uncommon with a high of ~160 Mbps.
Wireless measurements taken with Speedtest on a MacBook Pro using the 5 Ghz band only. I was not able to get the MBP to connect on 2.4 Ghz.
- First Floor
- 116 Mbps
- Second Floor
- 92 Mbps
- 97 Mbps
- 81 Mbps
Bitdefender claims the BOX should have very little or no impact on speed and based on my tests it seems to be an accurate claim.
Signal Quality and Strength
Signal and strength measurements taken with WiFi Explorer which defines Quality as: Excellent, Good, Poor, Very Poor and Strength as a percentage (higher is better).
- First Floor
- 2.4 Ghz: Excellent; 93%
- 5 Ghz: Excellent; 82%
- Second Floor
- 2.4 Ghz: Good; 73%
- 5 Ghz: Poor; 54%
- 2.4 Ghz: Good; 76%
- 5 Ghz: Good; 71%
- 2.4 Ghz: Good; 83%
- 5 Ghz: Good; 69%
Quality and Strength Summary
Not surprisingly the 2.4 Ghz band had great range across the house. However, 5 Ghz is less impressive on the second floor which isn’t surprising considering it’s a perfect storm of obstructions and dead-spots. Overall performance, while not stellar, is better than expected, and I suspect with a little fine-tuning the second floor could be noticeably improved.
Should you use the BOX as a standalone router? As a simple plug-n-play router it performed surprisingly well in my multi-level signal-absorbing home, even with multiple 4K streaming. For the average user with a small to medium space to fill it should work quite nicely. Just don’t expect bells-n-whistles.
If you’re a hardcore router geek who wants to tweak their router to within an inch of its life with advanced configuration options you may be disappointed. But for the average user there are just enough settings without being overwhelmed by them. This relative simplicity may be an intentional selling point on the part of Bitdefender to attract the non-technical user.
To BOX or Not
So-called smart technology is the future, for better (convenience) and worse (privacy and security), so you can appreciate the irony that the BOX is itself a smart device. Albeit one that might actually deserve the moniker “smart”.
Now that every connected device in our home makes for a target-rich environment it seems inevitable that the traditional (dumb) static firewall is evolving. Still, it’s easy to dismiss products like the BOX as the domain of obsessive and paranoid “security types” because let’s face it, odds are most of us will never have an IoT device targeted by a hacker despite the apparent ease with which it could be done. The probability of a smart toy, lightbulb, or security camera etc. being used to invade our home is statistically slim in my opinion, and yet it probably happens to someone every-single-day.
In an age where society is always online it’s fair to say most of us are guilty of the occasional lapse of online judgement, having visited a sketchy website, clicked a questionable email link, or downloaded an infected file. All of which makes computers and mobile devices more likely entry points for threats to the average person than someone hacking a washer/dryer. Such is the reality of a “connected” life. Fortunately the BOX can protect it all in one fell swoop.
Perhaps the most important and overlooked feature is the deep integration and convenience of Bitdefender Central which makes device management easy for anyone. On the downside I suspect some may find the alerts a bit cryptic but that’s more a nit-pick than a deal-breaker. The Central app is quite simply the glue that holds everything together and is probably the one to beat in terms of usability and features.
Security and The Elephant in the Room (Part Deux)
As a security hub the BOX has what might be the most comprehensive feature-set among the current crop (so far). At least on paper. Based on my experience the BOX appears to be a formidable, all-encompassing security package. It has already spotted several issues on my devices of which I was completely unaware, though I was unable to assess its effectiveness against a brute-force attack.
If you currently rely on a (dumb) static firewall then the BOX is easy to justify as it laughably outperforms such security. But if you already own or plan to upgrade to one of the newer security-centric “smart” routers (they are quickly becoming commonplace) then the path might be less clear as there will inevitably be some overlap of features and functionality. Though it’s important to remember that software more than hardware will determine which devices are effective at identifying and stopping threats.
With that in mind not all security software is created equal and Bitdefender consistently ranks very (very) high on the list of cybersecurity companies. Not to mention other routers (probably) don’t offer integrated desktop and mobile apps to protect you when away from home, or the device management capabilities of the Central app, all of which is a big negative in my opinion. I’m not a fan of subscription software but in this case I have no problem with the $99/yr. Total Security fee which is very reasonable for what’s offered.
The BOX as a Router
As I stated at the beginning, when viewed strictly in terms of router features and performance (not security) there are better options for less money. That’s not to say the BOX performs poorly as a router, it doesn’t. It did well in both speed and coverage and should work quite nicely for those with modest needs and a small to medium space to fill that just want a set-and-forget router. It’s a solid performer, just not a remarkable one.
Maybe I’m wrong but I suspect most people will use their existing router to handle networking duties making the BOX’s router redundant. Fortunately Bitdefender has provided a way to disable it during the initial setup so as to not get in the way. So perhaps it’s unfair to focus too heavily on the limited router settings, but therein lies the rub.
Other than to increase the BOX’s perceived value I don’t really know why Bitdefender chose to include a wireless router but they did, so it seems reasonable to expect more than a handful of settings. It’s as though a piece of the puzzle is missing. Are advanced router settings necessary on a security hub? Probably not. But neither is a router, and having one without the other seems fundamentally... wrong. Granted, the average non-technical user might view the limited router settings as a positive, but considering that the BOX is an advanced security device I kind of expected the router section to be equally impressive.
The BOX checks a lot of, uh... boxes. The router industry as a whole seems to be (finally) upping their cybersecurity game by including comprehensive proactive features. It’s a much needed step in the right direction but there’s still a lot of room for improvement. Bitdefender provides what is arguably some of the most effective and comprehensive cybersecurity software currently available for consumers. Period. That is the BOX’s greatest strength. Sure, I prefer the router be dropped but I also realize I may be in the minority on that point. Overall I found little to dislike about the BOX’s features and performance.
No, it’s not inexpensive and yes there is the ongoing expense of the $99/yr. subscription. Like so many things its value is subjective and depends on your needs and priorities. For myself, as I add more security compromised IoT devices to my network the added peace of mind is worth the expense. As I mentioned earlier I advocate using the right tool for the job, and for myself the BOX has been that tool. No question about it.