Bitdefender BOX Security Hub
Cybersecurity expert Bitdefender started the home security hub market in 2015 with the BOX. It was an interesting and generally well-received device that gave birth to a new product category. But are such devices necessary? I kept asking myself, Why do I need a home security hub when my router has a firewall? Turns out there’s good reason (several, actually) to have one.
Yes, every router has a firewall. Yes, it’s always “on”. But typical router security is passive, meaning it’s not actively monitoring the network and assessing the behavior of connected devices. Besides, what good is a firewall, or any security, if it can’t alert you when there’s a problem? It’s the equivalent of a smoke detector with no alarm.
If you think of router security as a digital door then there are two ways to approach it: You either assume (and hope) the door is locked and strong then quickly forget about it, which is what most of us do, or you use proactive software that goes looking for problems by assessing all data that passes through it while ensuring every connected device, from a laptop to a phone to a “smart” lightbulb, is scanned for vulnerabilities and behaving normally.
A New Breed of… ?
The line between router and security is blurring. I’m seeing more routers — especially mesh devices — take a proactive approach to security. And of course the number of standalone security hubs like the BOX is increasing. Though previously the domain of computer software, virus, malware, IoT, parental, VPN etc. protection is now being built-in to network devices. The goal being to create an efficient all-encompassing protective umbrella for any connected device.
The original BOX was a very small “puck”, similar in size to the older Apple TV or Roku with decent but not impressive hardware specs. Based on reviews it performed well as a security device but the router section lacked strength and speed and was generally underwhelming. Plus it had a miniscule 64 Mb of storage capacity.
Now in its second generation (released Dec. 2017) the new Bitdefender BOX has upped the ante both in terms of its award-winning security software and considerably more robust hardware. By comparison the BOX 2 has more of everything.
First off, Bitdefender markets the BOX as a security device, not a router (though its Wi-Fi can be disabled). It certainly could be used as a standalone router but it’s not designed to compete on that level. For example, the Norton Core uses more potent router hard- and software than the BOX, but it still can’t touch the performance or features of a dedicated high-end router.
Neither can the BOX (or Core) match a mesh system for blanket coverage. For example, the TP-Link Deco M5 sports impressive (built-in) security features which might negate the need for a separate security device. But it lacks the sophisticated features of the BOX.
The BOX’s router is a nice perk that will prove useful to those with modest needs. But if you want the best possible network performance and security then use a dedicated router (or mesh) and let the BOX do what it does best, protect your network.
Watch and Learn
Of all the features the one I was most curious about is what Bitdfender calls “Anomaly Detection” or machine learning. The BOX “learns” how each connected device behaves under normal operating conditions so any deviation, e.g. someone hacking a “smart” security camera — something which might otherwise go unnoticed — triggers a block which is especially important with IoT devices. It will even protect you from inadvertently sending sensitive personal or financial information over an unencrypted connection. As you’ll see the BOX goes far beyond the passive security of a typical router.
Finally, to tie it together all devices and alerts are centrally managed from Bitdefender Central (mobile app and Web-based) which offers a generally well designed and easy-to-use interface. It might also be one of the more important and overlooked selling points.
The Other Players
As of this writing there are only a handful of similar products currently available that I’m aware of, but not all offer the same level or type of security features, nor do they all function as a router. Here are a few, though there will certainly be more.
I haven’t tried any of these so I can’t say how they compare to the BOX but here’s a feature comparison table for the BOX, Cujo and Norton Core from the Bitdefender website.
UnBOXing First Impressions
The BOX comes in a sturdy and very nice-looking, uh... box. I've bought some high-end stereo gear that wasn’t packaged this nicely so I was pleasantly surprised to see such consideration given to the packaging of a network device. It looks like something Apple would have designed.
The first thing you notice when you remove the BOX from its packaging is how light it is given its size. By comparison my AirPort Extreme has the heft of a brick. You would be forgiven for thinking it was empty but a look through the top grate reveals a single circuit board. Given its impressive feature-set I expected it to be stuffed to the gills with hardware. I admit I’m someone who foolishly equates solid and heavy with quality but make no mistake, despite being featherlight the BOX is all business. The A9 processor runs slightly warm so the empty space is necessary for cooling in the absence of a fan, which also means it’s dead quiet.
The BOX has a clean aesthetic as a 7.5" x 4" x 4" rounded triangle with three shiny cream-colored panels attached to a matte black (or dark gray) central structure. There’s a bluish-green “ring” status light that glows from behind the front panel and (cooling) perforations running down the triangle’s “points” and top and bottom plates. Oh, and it has three rubber feet. Though not small or discrete it is to my eye an attractive piece of kit, more so than the Norton Core’s geodesic design.
The BOX includes a one-year subscription to the Bitdefender Total Security (2018) software suite. There are desktop and mobile apps for macOS, Windows, iOS and Android which complement and extend the BOX’s security features to provide virus and malware protection (and much more) on individual computers and mobile devices whether you’re at home or out in the world and no longer connected to the BOX network. Even better, the apps can be installed on an unlimited number of devices.
After the first year Total Security costs $99US per year. Strictly speaking you don’t need to buy the security software to use the BOX but it’s kind of pointless if you don’t. When you consider the quality of protection and the unlimited devices it covers the cost is extremely reasonable at ~$1.90/week.
The BOX maintains an encrypted connection to the Bitdefender servers which allows you to conveniently manage your connected devices via Bitdefender Central and also keep virus definitions up-to-date.
Since the service requires the use of Bitdefender’s mobile app(s) or website to manage devices you might wonder how much access, if any, Bitdefender has to the devices connected to the BOX network.
I contacted Support with that very question and here’s their response:
Bitdefender does not have access to the devices that you will connect to the BOX network. In fact, our department uses Team Viewer to remotely connect to customers in order to troubleshoot, therefore, we ask for consent and we have limited access. We do see in our database a list of the names of the devices in your network and if the BOX is active or not, the same information that is displayed on your end.
The only device that we can virtually access, is the Bitdefender BOX itself, but that is only in certain circumstances and under one form:
- We only connect to the BOX when troubleshooting is necessary and we ask for permission from the customer to gather the latest logs from the BOX itself.
- We can only access the Bitdefender BOX from our end with your consent, and the only visible information on our end regarding the BOX would be the logs, in form of text.
Bitdefender Central App
Setup instructions and videos can be found on the Bitdefender website but at this time only the Central mobile app can be used for the initial configuration. See below for more details. There are 3 configuration options available depending on whether you use:
- The all-in-one modem/router provided by your ISP.
- Your personal modem and router (which is what I use).
- The BOX as a standalone router.
- Setup Requirements
- Broadband Internet Connection (Cable/DSL/UTP)
- Bitdefender Central Mobile App (iOS and Android)
- A mobile device with:
- 4G/3G data connection
- iOS 9 or higher
- Android 4.4 or higher
Once setup, you can use the mobile app or Web interface to (partial list):
- Add new users
- Assign a specific device to a specific user
- View bandwidth usage by the hour
- View threats for the past 7 days
- Manage detected threats per device (block/unblock)
- Manually run a Protection and/or Vulnerability scan on a device-by-device basis
- Edit the device name and icon
- Configure the parental controls
- Pause Internet on a device-by-device basis
- Port-forwarding for individual devices
The Bitdefender Central Web interface (below) was a little buggy for me initially but it’s working nicely now and offers most of the iOS app features. Like the iOS app the Web interface lacks router settings beyond network name, password and port-forwarding, but unlike the mobile app it can’t be used for the initial setup.
Protection and Vulnerability Scanning
Depending on the type of device that connects (computer or non-computer) an initial scan is performed for protection, vulnerability, or both. A notification is then sent to Bitdefender Central to let you know a device has connected and the result of the scan, good or bad. In the case of a problem the alert will contain a very brief description of the threat or vulnerability. Whether it’s something you can resolve from your end will depend on the type of problem detected. For example, a weak username/password is easily fixed but a software defect in a connected device is not (see below).
Threats are blocked by default though you can always override it with an “Allow” option. Devices can also be blocked and sites and urls whitelisted. Ultimately the question is how do you know when it’s safe to “Allow” a detected threat or device?
Generally I find the BOX alerts to be reasonably informative, but as is so often the case the trick is making the technical details easy to understand for the non-technical user.
Some will find the alerts too vague, and others too technical. Oddly I’ve found they can sometimes be both depending on the type of problem detected. Nor is it easy to determine the severity of a threat. The alert “Info” section (see below), although brief, does contain useful information, but I question how much value it will be to the average non-technical user. If like most people you’re not familiar with the various threat types and terminology you’ll probably be scratching your head as often as not. Albeit happy the BOX spotted a problem, but with little or no context as to its severity.
Not all threats are equal so it would be helpful if Bitdefender could “grade” or “rate” threats to assist people who don’t understand the sometimes confusing technical jargon. One possible way this could be accomplished is by automatically assigning a scale-based number, color, or icon to quickly and visually indicate to the user the threat severity.
After the initial scan different types and levels of manual scans can also be performed on a device-by-device basis at any time. Again, depending on the type of device there may be one or two available options. They include:
- Protection: Quick and Full (for computer and mobile devices)
- Vulnerability: (for computers, mobile, peripherals and IoT devices)
Below are two examples of actual threats the BOX caught on my personal devices.
Denial of Service: Canon
When I connected a Canon printer I was immediately alerted to a very serious Denial of Service (DoS) vulnerability in the Canon software but I was assured the printer was protected while on the BOX network. Although the BOX can’t fix software issues in other products I contacted Canon support and provided a screenshot of the alert in the hope they might take action to resolve it.
“Dangerous URL” Blocked: Netflix
Below are screenshots from my Bitdefender Central account (Web interface). The culprit? It seems the “Dangerous URL” belongs to the Netflix channel on my Roku 2 which I had to suss out on my own since the BOX appears unable to resolve an IP to a domain name.
I’m uncertain as to how important this alert is or if the BOX is being overly cautious. After all it’s Netflix, how dangerous could it be? This is where an alert rating or grading system would be useful. It’s good to know the BOX can monitor what individual Roku channels are doing. This is another example of a problem I would have never known about were it not for the BOX. I have for the time being chosen to keep the block in place.
Main Notifications list (left); details of Roku notification (right):
A Note About ‘Nest’
I have several Nest Protect smoke and CO alarms installed. By design they only connect to the home network once per day for a few seconds as part of their diagnostic tests, otherwise Nest uses its own proprietary wireless protocol to communicate with other Nest devices. Although the alarms appear in my Central account their status is “Disconnected” despite being “on” and operating normally. I was confused by this so I contacted Bitdefender support.
Bitdefender remotely ran a diagnostic test on my BOX (with my permission) and confirmed it can only detect the Nest during the very brief daily alarm tests. It seems Nest is able to “hide” its network footprint most of the time, even from the BOX. The alarms are still protected by the built-in Nest security (though I have no idea how good it is) and also checked for vulnerabilities by the BOX, albeit only once per day instead of the expected 24/7 which is clearly less than ideal. Bitdefender has informed me that they will order a Nest Protect to test in-house so I will update this section if and/or when necessary.
Internet of Things (IoT)
So what exactly is an Internet of Things or “IoT” device? It’s a parent term referring to any type of “smart” (non-computer) home appliance that communicates wirelessly to the Internet or other devices via a network. A few examples include:
- Lightbulb; doorbell
- Smoke/CO2 alarm; thermostat
- Appliances (washer/dryer, refrigerator, oven, toaster etc.)
- Security camera
- Lifestyle hub (Apple HomePod, Amazon Echo, Google Home etc.)
The type and number of IoT devices is enormous and growing everday. What’s also growing are security vulnerabilities which is why it’s important to consider these devices into your broader network security strategy.
Fortunately a big selling point of the BOX lies in its ability to secure IoT devices. Despite being a relatively new category these devices already exist in tens-of-millions of homes across the planet with no sign of slowing down as society and companies move inexorably towards “smart” cities and homes. According to research firm International Data Corp the IoT market will be “surpassing the $1 trillion mark in 2020 and reaching $1.1 trillion in 2021”.
Then there’s this pearl:
IoT hardware will be the largest technology category in 2018 with $239 billion going largely toward modules and sensors along with some spending on infrastructure and security.
Did you catch that?
Some spending on security. Pretty much sums up the problem, huh?
IoT: An Inconvenient Truth
A lot of IoT devices are little more than novelty gadgets while others are practical, even life-saving. But they all suffer from the same fatal flaw to one degree or another: They have very little or no security features, nor can security software be installed on an IoT device like it can on a computer so you’re at the mercy of whatever built-in safeguards the manufacture includes, if any.
What’s more, since IoT devices are controlled with software, usually a mobile app, not only is the hardware (device) vulnerable to attack, so is the management software. Even if it were possible to install IoT security software on a device-by-device basis (which it’s not) who would do it? Who would want to? It would quickly become a management nightmare. Most people barely think of their computer’s security as it is, who would think about or bother with a “smart” toy or toaster?
According to some estimates at least 70% of IoT devices have critical vulnerabilities. Even if that number seems high it’s fair to say that as a category they are sorely, even dangerously lacking in safeguards. Convenience aside, they present gaping holes through which someone could, with minimal effort, gain access to your entire network and every connected device. It’s like locking the doors of your home but leaving all the windows wide open.
The question is, How secure is secure enough for an IoT device? There are practical considerations like cost and feasibility, and without an established standard it’s unrealistic to expect every manufacturer to view IoT security in the same light, much less invest resources. In the meantime we potentially expose our lives for the sake of convenience.
As mentioned the BOX is equipped with a router so let’s take a closer look at its specs and performance.
- Dual Core Cortex A9 @1.2 Ghz
- 1 GB of DDR3 memory
- 4 GB internal storage
- Concurrent Dual band Wireless 2.4 Ghz & 5 Ghz
- MU-MIMO 3x3 antenna configuration
- IEEE 802.11a/b/g/n/ac
- Wave-2 @ AC1900
- 1 x WAN port - 10/100/1000BASE-T Ethernet
- 1 x LAN port - 10/100/1000BASE-T Ethernet
Around back is the A/C jack, reset button and two ethernet ports. Sorry, no USB. The lack of multiple LAN ports will be a problem for some but it doesn’t have to be. High-quality plug-n-play network switches like the TP-Link 8-Port Gigabit Desktop Switch TL-SG1008D can be found for ~$20 and less. Quite frankly switches are an (almost) obligatory device for any network, so just get one and don’t worry about the lack of ports.
Based on the marketing material it seems Bitdefender prefer the BOX be integrated into an existing network rather than used as a standalone router which begs the question: Why include a modest but capable router then downplay that feature?
My guess is that it (most likely) has less to do with the hardware and more to do with the almost complete lack of configuration options found on even the most basic routers, beyond network name, password and port-forwarding.
Of course this has absolutely no bearing on its usefulness as a security device, but I can see how it could limit its appeal for those who expect such things. I would hope this is something Bitdefender could “turn on” at some point via a firmware update but I don’t know if that’s even possible. Whatever the reasoning it’s a glaring and disappointing omission for what is otherwise a well-performing router.
My (non-BOX) Network
To improve speed, stability and security I recently switched from an all wireless network to a (pseudo) wired one with my AirPorts now functioning as access points (AP). Nearly all of my devices (desktop computers and peripherals) are now wired to the network via a switch and/or powerline adapter. Wireless usage (laptop, phone and tablet) is usually within 10 ft. of an access point so signal strength is not an issue. My network kit includes:
- Two (2) Apple AirPort Extremes (5th and 4th gen.) located on the first and second floors.
- Six (6) TP-Link AV2000 Powerline Adapters.
- Three (3) TP-Link Network Smart Switches.
- ARRIS Surfboard modem located on the first floor.
- Category 7 ethernet throughout.
BOX Configuration Options
Depending on whether you need the BOX to operate as a wireless router in addition to a security hub you have three options.
- Option 1: The BOX operates in bridge mode (no Wi-Fi) and your personal router(s) provide wireless coverage as normal. — If you already use a mesh network or simply have good coverage this is probably the option you want.
- Option 2: The BOX broadcasts its Wi-Fi and your router(s) operate in bridge mode, acting as either an access point or extender depending on your configuration. — This is the option I use in my wired network. Since I do not have a mesh network and do have coverage issues this has the potential to provide broader coverage than Option 1.
- Option 3: The BOX operates as a standalone router broadcasting its Wi-Fi. — If you have a small to medium sized space or want to replace an aging router (or both) this might be all you need.
Which one is “best” depends on your coverage needs, and/or what type of router configuration options you require. Remember, more isn’t always better. Too much signal overlap can create its own set of problems.
The BOX as a Wireless Router with Bridged AirPort Extremes
First I used the BOX alongside my AirPorts. The setup was going fine until I reached the point where I needed to set the AirPorts to bridge mode, something I’ve done before, however it wasn't cooperating this time so I was unable to hook the BOX into the network. After several failed attempts I spent about 30 minutes on the phone with Bitdefender support trying to sort it out to no avail.
As it turns out I stumbled upon a quick and easy solution: First configure the BOX as a standalone router using the same name and password as my existing network. Once completed I simply reconnected the AirPort Extreme to the network after which I was able to set it in bridge mode. Both AirPorts were immediately recognized by the BOX, as was everything else on the network. Easy-peasy-lemon-squeezy.
As a Standalone Router
To backtrack a little… because of the minor setup glitch above I took the opportunity to try the BOX on its own. Due to the location of the modem the BOX is by necessity installed in a less-than-optimal corner on the first floor near a bank of windows (reflections) and a lot of electronics (interference). Overall I was impressed with the BOX’s speed and coverage (see below) and considered stopping here and ditching the AirPorts, but the nearly complete lack of configuration options is a non-starter for me.
Bridge issue aside, the setup process was straightforward and should be easy to follow for non-techies. There isn’t much in the way of troubleshooting tips should you run into problems but Bitdefender offers free phone support, live chat and email.
Speed... (Not The Movie) And Strength
A total of 24 wireless speed and 24 signal strength measurements were taken at the same six locations on each floor (6 measurements x 4 floors x 1 router) with results averaged by floor and type, respectively. All measurements are specific to the BOX, the AirPort Extremes were disconnected. I also use VyprVPN which I disabled for testing.
About the Structure
The house is a century old and overbuilt with two stories, a full attic and basement, solid plaster ceilings and walls, and a lot of signal-absorbing obstacles. In short, a challenge for 5 Ghz.
Wired measurements taken with Speedtest on a MacBook Pro and the BOX’s LAN port with a 7' Cat. 7 ethernet cable.
I easily exceeded 60 Mbps with the BOX. In fact, speeds in the mid to high 70s were common with a high of 110 Mbps
Wireless measurements taken with Speedtest on a MacBook Pro using the 5 Ghz band only. I was not able to get the MBP to connect on 2.4 Ghz.
- First Floor
- 61 Mbps
- Second Floor
- 52 Mbps
- 57 Mbps
- 41 Mbps
Previously, when I was using an all wireless network (same AirPort routers but no BOX, switches or powerline adapters), I was lucky to hit 30 Mbps (average was 25 - 27 Mbps) which is waaay less than what I'm getting now on wireless with the BOX installed. Bitdefender claims the BOX should have very little or no impact on speed which based on my tests seems accurate.
Signal Quality and Strength
Signal and strength measurements taken with WiFi Explorer which defines Quality as: Excellent, Good, Poor, Very Poor and Strength as a percentage (higher is better).
- First Floor
- 2.4 Ghz: Excellent; 93%
- 5 Ghz: Excellent; 82%
- Second Floor
- 2.4 Ghz: Good; 73%
- 5 Ghz: Poor; 54%
- 2.4 Ghz: Good; 76%
- 5 Ghz: Good; 71%
- 2.4 Ghz: Good; 83%
- 5 Ghz: Good; 69%
Quality and Strength Summary
Not surprisingly the 2.4 Ghz band had great range across the house, easily penetrating all obstacles. However, on the second floor 5 Ghz is less impressive which isn’t surprising considering it’s a perfect storm of obstructions, corners and dead-spots, yet the attic 5 Ghz is considerably better. Overall, performance is better than expected.
Should you use the BOX as a standalone router? Sure, if it suits your needs. As a simple plug-n-play router it performed remarkably well in my multi-level signal-absorbing home, even with multiple 4K streaming. Just don’t expect advanced (or basic) configuration options.
A Quick VPN Note
On April 18, 2018 Bitdefender added a VPN service to their Total Security subscription (included with the BOX). The included free plan allows up to 200 Mb per day with a $50/yr. plan for unlimited data.
VPNs are notorious for negatively impacting speed so it’ll be interesting to see how much of a performance hit their VPN imposes compared to others.
To BOX or Not
Smart security hubs and routers are probably the future of home network security. Given the explosion of IoT devices and their generally compromised security it seems nearly everything in our home makes for a target-rich environment. Still, it’s easy to dismiss products like the BOX as the province of obsessive and paranoid “security types”.
Odds are most of us will (probably) never have an IoT device targeted by a hacker despite the apparent ease with which it could be done. The probability of a child’s smart toy, lightbulb, or security camera etc. being used to breach our network and invade our privacy is statistically slim in my opinion. And yet it probably happens to someone every day.
In an age where society is always online it seems likely most of us have at some point visited a dangerous website or opened an infected file, email, and/or attachment. All of which makes computers and mobile devices easy entry points for phishing, ransomware, malware, viruses, trojans etc. which are arguably far more common daily occurences. Such is the reality of a “connected” life. So why risk it?
As a security hub the BOX has what I consider the most comprehensive feature-set among the current crop of devices. Bitdefender has the advantage with a proven software track record which can be centrally managed across unlimited devices. Throw in machine learning, vulnerability scanning, a focus on IoT devices along with every other type of peripheral out there, and you have a formidable, all-encompassing security package. But perhaps the most important and overlooked feature is the deep integration of Bitdefender Central which the competition simply does not have (yet), though it’s not perfect. The Web interface can’t be used to setup the BOX which is a mobile-only process. I also think the alerts could use some refinement to improve their value to non-technical users by making it quicker and simpler to identify and understand a threat’s severity.
The Elephant in the Room (Part Deux)
The fact that advanced security features are finding their way into dedicated routers, notably mesh systems, can’t be ignored. If like most people you still have a static “firewall only” router then the BOX’s cost is relatively easy to justify. But if you have or plan to upgrade to a new all-in-one security-centric “smart” router then the BOX starts to look redundant despite its superior feature-set.
The BOX as a Router
My guess is most people will disable the BOX’s Wi-Fi, allowing their existing router or mesh network to handle wireless duties. In fact, it’s probably safe to assume the typical BOX user has zero need or interest in router settings and simply wants a powerful and effective security hub, so perhaps it’s unfair to focus too heavily on the lack of configuration settings. But therein lies the rub.
If Bitdefender felt it important enough to warrant the inclusion of a modest router then it’s also reasonable to expect more than a handful of settings. It’s as though a piece of the puzzle is missing. Are advanced router settings necessary on a security hub? Probably not. But neither is a router, and having one without the other seems fundamentally... wrong. Still, whatever limitations the BOX may have when compared to a dedicated wireless router it performed well in both speed and coverage and should work nicely on its own for those with modest needs and a small to medium space to fill.
The BOX checks a lot of my, uh... boxes. Bitdefender provides what is arguably the best cybersecurity software currently available for consumers... anywhere. Period. That is the BOX’s greatest strength. The Total Security antivirus software receives daily updates and the mobile apps and firmware are also regularly updated, albeit less frequently, and devices are managed in an intuitive and user-friendly manner via the Central app(s). That it also comes with a very capable router is, well, icing. The only aspect holding it back from a higher rating is the lack of router configuration.