A first look at the second generation Bitdefender BOX security hub and router.

Profession: Designer/Developer/Artist
Specialties: Front-end dev.; hand-drawing
Years’ Experience: 15
Employer: Self-employed
Review Details
Product: Bitdefender BOX
Version or Edition: 2
Product Use or Book Subject: Network security monitoring
Manufacturer or Author: Website
Price: $249.99 (BOX) + $99/yr. Total Security subscription - 30-day return
Tags: network, security, IoT
Memo +

I’m not an expert at measuring network performance so the included measurements should only be viewed as a reasonably accurate representation of the BOX’s performance in my home.

This is a member-contributed review. If possible, contact the author with questions or comments.

Bitdefender BOX Security Hub

Cybersecurity expert Bitdefender started the home security hub market in 2015 with the BOX. It was an interesting and generally well-received device that gave birth to a new product category. But are such devices necessary? I kept asking myself: Why do I need a home security hub when my router has a firewall?  Turns out there’s good reason (several, actually) to have one.

Yes, every router has a firewall. Yes, it’s always “on”. But typical router security is passive, meaning it’s not actively monitoring the network and assessing the behavior of connected devices. Besides, what good is a firewall, or any security, if it can’t alert you to a problem? It’s the equivalent of a smoke detector with no alarm.

The passive network firewall is no longer enough. Online threats have evolved to become more sophsticated, powerful and smarter. Home network security needs to evolve too.

A New Breed of… ?

The line between router and security hub is blurring. I’m seeing more routers — especially mesh devices — with enhanced security features.

Network devices like the BOX, and even routers, have begun taking on the responsibility of providing an efficient all-encompassing protective umbrella for every connected device. Not only can a computer benefit from virus and malware security, now those protections and much more are available to all the devices on your network. Features like parental controls and a virtual private network (VPN) are now commonplace.

Enter, the BOX

The original BOX was a very small “puck”, similar in size to the older Apple TV or Roku with decent but not impressive hardware specs. Based on reviews it performed well as a security device but the router section lacked strength and speed and was generally underwhelming. Plus it had a miniscule 64 Mb of storage capacity.

Bitdefender BOX version 1
Original BOX (2015) | Photo courtesy of Bitdefender

Now in its second generation (released Dec. 2017) the new Bitdefender BOX has upped the ante both in terms of its award-winning security software and considerably more robust hardware. By comparison the BOX 2 has more of everything.

Despite its router functionality Bitdefender makes very clear the BOX is first and foremost a security device, its router being a peripheral feature. It certainly could be used as a standalone router but it’s not designed to compete on that level. For example, the Norton Core uses more potent router hardware than the BOX, but it still can’t touch the performance or features of a dedicated high-end router.

Neither can the BOX (or Core) match a mesh system for blanket coverage. For example, in addition to its good coverage and speed the TP-Link Deco M5 offers impressive built-in security features which might negate the need for a dedicated security device, but it also lacks the BOX’s more sophisticated features.

As you’ll see below the BOX’s router is a modest but respectable performer. But here’s the thing: If you want the best possible network coverage, speed and security then use a dedicated router (or mesh) and let the BOX do what it does best, monitor and protect your network.

Watch and Learn

Of all the features the one I was most curious about is what Bitdfender calls “Anomaly Detection” or machine learning. The BOX “learns” how each connected device behaves under normal operating conditions so any deviation, e.g. someone hacking a “smart” security camera — something which might otherwise go unnoticed — triggers a block which is especially important with IoT devices. It will even protect you from inadvertently sending sensitive personal or financial information over an unencrypted connection. In short, the BOX goes far beyond the passive security of a typical router.

Finally, to tie it together all devices and alerts are centrally managed from Bitdefender Central (mobile app and Web-based) which might also be one of the more important and overlooked selling points.

The Other Players

As of this writing there are only a handful of similar products currently available that I’m aware of, but not all offer the same level or type of security features, nor do they all function as a router. Here are a few, though there will certainly be more.

I haven’t tried any of these so I can’t say how they compare to the BOX but here’s a feature comparison table for the BOX, Cujo and Norton Core from the Bitdefender website.

UnBOXing First Impressions

The BOX comes in a sturdy and very nice-looking, uh... box. I've bought some high-end stereo gear that wasn’t packaged this nicely so I was pleasantly surprised to see such consideration given to the packaging of a network device. It looks like something Apple would have designed.

The first thing you notice when you remove the BOX from its packaging is how light it is given its size. By comparison my old AirPort Extreme has the heft of a brick. You would be forgiven for thinking it was empty but a look through the top grate reveals a single circuit board. Given its impressive feature-set I expected it to be stuffed to the gills with hardware. I admit I’m someone who foolishly equates solid and heavy with quality but make no mistake, despite being featherlight the BOX is all business. The A9 processor runs slightly warm so the empty space is necessary for cooling in the absence of a fan, which also means it’s dead quiet.

BOX 2 (2017) | Photo courtesy of Bitdefender

The BOX has a clean aesthetic as a 7.5" x 4" x 4" rounded triangle with three shiny cream-colored panels attached to a matte black (or dark gray) central structure. There’s a bluish-green “ring” status light that glows from behind the front panel and (cooling) perforations running down the triangle’s “points” and top and bottom plates and three rubber feet. Though not small or discrete it is to my eye a reasonably attractive and understated piece of kit, more so than the Norton Core’s geodesic design.

Guests sometimes mistake the BOX for a smart home hub (e.g. Amazon Echo etc.). So if someone speaks to it and it responds, be afraid. Be very afraid.

Software Subscription

The BOX includes a one-year subscription to the Bitdefender Total Security software suite. There are desktop and mobile apps for macOS, Windows, iOS and Android which complement and extend the BOX’s security features to provide virus and malware protection (and much more) on individual computers and mobile devices whether you’re at home or out in the world and no longer connected to the BOX network. Even better, the apps can be installed on an unlimited number of devices.

After the first year Total Security costs $99US per year. Strictly speaking you don’t need to buy the security software to use the BOX but it’s kind of pointless if you don’t. When you consider the quality of protection and the unlimited devices it covers the cost is extremely reasonable at ~$1.90/week.

Personal Privacy

The BOX maintains an encrypted connection to the Bitdefender servers which allows you to conveniently manage your connected devices via Bitdefender Central and also keep virus definitions up-to-date.

Since the service requires the use of Bitdefender’s mobile app(s) or website to manage devices you might wonder how much access, if any, Bitdefender has to the devices connected to the BOX network.

I contacted Support with that very question and here’s their response:

Bitdefender does not have access to the devices that you will connect to the BOX network. In fact, our department uses Team Viewer to remotely connect to customers in order to troubleshoot, therefore, we ask for consent and we have limited access. We do see in our database a list of the names of the devices in your network and if the BOX is active or not, the same information that is displayed on your end.

The only device that we can virtually access, is the Bitdefender BOX itself, but that is only in certain circumstances and under one form:

  • We only connect to the BOX when troubleshooting is necessary and we ask for permission from the customer to gather the latest logs from the BOX itself.
  • We can only access the Bitdefender BOX from our end with your consent, and the only visible information on our end regarding the BOX would be the logs, in form of text.

I also suggest reading Bitdefender’s reasonably brief Privacy Policy to learn what personal information is collected and how it’s used.

Bitdefender Central

Setup instructions and videos can be found on the Bitdefender website but at this time only the Central mobile app can be used for the initial configuration. See below for more details. There are 3 configuration options available depending on whether you use:

Setup Requirements
Broadband Internet Connection (Cable/DSL/UTP)
Bitdefender Central Mobile App (iOS and Android)
A mobile device with:
4G/3G data connection
iOS 9 or higher
Android 4.4 or higher

Once setup, you can use the mobile app or Web interface to (partial list):

  • Add new users
  • Assign a specific device to a specific user
  • View bandwidth usage by the hour
  • View threats for the past 7 days
  • Manage detected threats per device (block/unblock)
  • Manually run a Protection and/or Vulnerability scan on a device-by-device basis
  • Edit the device name and icon
  • Configure the parental controls
  • Pause Internet on a device-by-device basis
  • Port-forwarding for individual devices

The Bitdefender Central Web interface (below) was a little buggy for me initially but it’s working nicely now and offers basic management features, though the mobile apps have a few more options. The Web interface lacks any router settings with the mobile apps only offering access to network name, password and port-forwarding. Neither can the Web UI be used for the initial setup.

Bitdefender Central Dashboard
Device Dashboard (Web interface)

Protection and Vulnerability Scanning

Depending on the type of device that connects (computer or non-computer) the BOX will automatically run a protection or vulnerability scan, or both. A notification will appear in Bitdefender Central to let you know a device has connected and the result of the scan, good or bad. In the case of a problem the alert will contain a very brief description of the threat or vulnerability. Whether it’s something you can resolve from your end will depend on the type of problem detected. For example, a weak username/password is easily fixed but a software defect in a connected device is not (see below).

Threats are blocked by default though you can always override it with an “Allow” option. Devices can also be blocked and sites and urls whitelisted. My question is: How do you know when it’s safe to “Allow” a detected threat or device? That’s where the BOX alerts come into play.

BOX Alerts

As is so often the case with any kind of technical alert, warning etc. the trick is making the technical details easy to understand for the non-technical user.

Some will find the alerts too vague, and others too technical. Oddly I’ve found they can sometimes be both depending on the type of problem detected. My problem is that it’s not easy to determine the severity of a threat. The alert “Info” section (see below), although brief, does contain useful information, but I question how much value it is to the average non-technical user. If like most people you’re not familiar with threat types and terminology you’ll probably be scratching your head as often as not. Albeit happy the BOX spotted a problem, but with little or no context as to its severity.

It would be helpful if Bitdefender could “grade” or “rate” threats for those whose eyes gloss over at the first sign of technical jargon. And let’s face it, that’s most people. One possible way this could be accomplished is by automatically assigning a scale-based number, color, or icon to quickly and visually indicate to the user the threat severity.

Manual Scanning

Different types and levels of manual protection and vulnerability scans can be performed on a device-by-device basis at any time. Again, depending on the type of device (computer, mobile, or non-computer/IoT) there will be different available options. Not surprisingly computers and mobile devices have the most thorough scanning options (below):

  • Network Vulnerability Scan
  • Quick Scan
  • System Scan.

Below are two examples of actual threats the BOX caught on my personal devices.

Denial of Service: Canon

When I connected a Canon printer I was immediately alerted to a very serious Denial of Service (DoS) vulnerability in the Canon software but I was assured the printer was protected while on the BOX network. Although the BOX can’t fix software issues in other products I contacted Canon support and provided a screenshot of the alert in the hope they might take action to resolve it.

“Dangerous URL” Blocked: Netflix

Below are screenshots from my Bitdefender Central account (Web interface). The culprit? It seems the “Dangerous URL” belongs to the Netflix channel on my Roku 2 which I had to suss out on my own since the BOX appears unable to resolve an IP to a domain name.

I’m uncertain as to how important this alert is or if the BOX is being overly cautious. After all it’s Netflix, how dangerous could it be? This is where an alert rating or grading system would be useful. It’s good to know the BOX can monitor what individual Roku channels are doing, and is an example of a problem I would have never known about were it not for the BOX. I have for the time being chosen to keep the block in place.

Main Notifications list (left); details of Roku notification (right):

Bitdefender Central alertBitdefender Central alert

A Note About ‘Nest’

I have several Nest Protect smoke and CO alarms installed. By design they only connect to the home network once per day for a few seconds as part of their diagnostic tests, otherwise Nest uses its own proprietary wireless protocol to communicate with other Nest devices. Although the alarms appear in my Central account their status is “Disconnected” despite being “on” and operating normally. I was confused by this so I contacted Bitdefender support.

Given the variety of IoT devices and their different network and security functionality it seems likely there will be other peculiar connection issues, so always verify each device has “Protected” status.

Bitdefender remotely ran a diagnostic test on my BOX (with my permission) and confirmed it can only detect the Nest during the very brief daily alarm tests. It seems Nest is able to “hide” its network footprint most of the time, even from the BOX. The alarms are still protected by the built-in Nest security (though I have no idea how good it is) and also checked for vulnerabilities by the BOX, albeit only once per day instead of 24/7 monitoring which is clearly less than ideal. Bitdefender has informed me that they will order a Nest Protect to test in-house so I will update this section if and/or when necessary.

Internet of Things (IoT)

So what exactly is an Internet of Things or “IoT” device? It’s a parent term referring to any type of non-computer home appliance that communicates wirelessly to the Internet or other devices via a network. They are also commonly referred to as “smart” devices. A few examples include:

  • Lightbulb; doorbell
  • Smoke/CO2 alarm; thermostat
  • Appliances (washer/dryer, refrigerator, oven, toaster etc.)
  • Security camera
  • Lifestyle hub (Apple HomePod, Amazon Echo, Google Home etc.)
  • Child and adult toys

The type and number of IoT devices is enormous and growing everday. What’s also growing are IoT security vulnerabilities which is why it’s important to consider these devices into your broader network security strategy.

Fortunately a big selling point of the BOX lies in its ability to secure IoT devices. Despite being a relatively new category these devices already exist in tens-of-millions of homes across the planet with no sign of slowing down as society moves inexorably towards “smart” homes and cities. According to research firm International Data Corp the IoT market will be “surpassing the $1 trillion mark in 2020 and reaching $1.1 trillion in 2021”.

Then there’s this pearl:

IoT hardware will be the largest technology category in 2018 with $239 billion going largely toward modules and sensors along with some spending on infrastructure and security.

Did you catch that? Some spending on security. Pretty much sums up the problem, huh?

IoT: An Inconvenient Truth

A lot of IoT devices are little more than novelty gadgets while others are practical, even life-saving. But they all suffer from the same fatal flaw to one degree or another: They have very little or no security features, nor can security software be installed on an IoT device like it can on a computer so you’re at the mercy of whatever built-in safeguards the manufacture includes, if any.

What’s more, since IoT devices are controlled with software, usually a mobile app, not only is the hardware (device) vulnerable to attack, so is the management software. Even if it were possible to install IoT security software on a device-by-device basis (which it’s not) who would do it? Who would want to? It would quickly become a management nightmare. Most people barely think of their computer’s security as it is, who would think about or bother with a “smart” toy or toaster?

According to some estimates at least 70% of IoT devices have critical vulnerabilities. Even if that number seems high it’s fair to say that as a category they are sorely, even dangerously lacking in safeguards. They present gaping holes through which someone could, with minimal effort, gain access to your entire network and every connected device. It’s like locking the doors of your home but leaving the windows wide open.

The question is, How secure is secure enough for an IoT device? There are practical considerations like cost and feasibility, and without an established standard it’s unrealistic to expect every manufacturer to view IoT security in the same light, much less invest the necessary resources. The reality is IoT devices are and will continue to be a network’s Achilles’ heel. The upshot is the BOX has you covered.

Router Specs

As mentioned the BOX is equipped with a router so let’s take a closer look at its specs and performance.

Dual Core Cortex A9 @1.2 Ghz
1 GB of DDR3 memory
4 GB internal storage
Concurrent Dual band Wireless 2.4 Ghz & 5 Ghz
MU-MIMO 3x3 antenna configuration
IEEE 802.11a/b/g/n/ac
Wave-2 @ AC1900
1 x WAN port - 10/100/1000BASE-T Ethernet
1 x LAN port - 10/100/1000BASE-T Ethernet

Around back is the A/C jack, reset button and two ethernet ports. Sorry, no USB. The lack of multiple LAN ports will be a problem for some but it doesn’t have to be. High-quality plug-n-play network switches like the TP-Link 8-Port Gigabit Desktop Switch TL-SG1008D can be found for ~$20 and less. Quite frankly switches are an (almost) obligatory device for any network, so just get one and don’t worry about the lack of ports.

Bitdefender BOX back view
Rear Detail | Photo courtesy of Bitdefender

Based on the marketing material it seems Bitdefender prefer the BOX be integrated into an existing network rather than used as a standalone router which begs the question: Why include a modest but capable router then downplay that feature?

My guess is that it (most likely) has less to do with the hardware and more to do with the almost complete lack of configuration options found on even the most basic routers, beyond network name, password and port-forwarding.

Of course this has absolutely no bearing on its usefulness as a security device, but I can see how it could limit its appeal for those who expect such things. I would hope this is something Bitdefender could “turn on” at some point via a firmware update but I don’t know if that’s even possible. Whatever the reasoning it’s a glaring and disappointing omission for what is otherwise a well-performing router.

My (non-BOX) Network

To improve speed, stability and security I recently switched from an all wireless network (with two routers functioning as access points) to a pseudo wired one. Nearly all of my devices (desktop computers and peripherals) are now wired to the network via a switch and/or powerline adapter. Wireless usage (laptop, phone and tablet) is usually within 10 ft. of an access point so signal strength is not an issue. My network kit includes:

BOX Configuration Options

As mentioned above there are three configuration options depending on whether you’re using:

  • An ISP provided modem/router. *The BOX’s Wi-Fi will be disabled.
  • A personal modem and router. *The BOX’s Wi-Fi will be disabled.
  • The BOX as a standalone router. *The BOX will broadcast its Wi-Fi.

The BOX and a Personal Router

First I used the BOX alongside my personal (and separate) router and modem. Frustratingly I had to run through the setup a few times, resetting the BOX after each attempt before I finally figured out what I was doing wrong.

At varying stages of the setup process it requires the plugging, unplugging and reshuffling of modem, router and BOX cables and changing networks, so it’s easy to get ahead of yourself and move on to the next step before the router and/or modem (i.e., the network) has had sufficient time to reconnect/reset. Tip: Check the status lights! This was my problem. I wasn’t waiting long enough and the network wasn’t yet available so of course the setup failed. I kept looking for a problem that didn’t exist. Once I realized my mistake the setup worked perfectly.

As a Standalone Router

To backtrack a little… because of the Groundhog Day loop I found myself in (above) I took the opportunity to try the BOX on its own, the setup for which is so simple even I got it right on my first attempt. By necessity the BOX is installed in a less-than-optimal corner near a bank of windows (reflections) and a lot of electronics (interference) so I was impressed to find the BOX pumps out a better-than-expected signal, both in strength and coverage (see results below).

As a “Filler”

I stumbled upon this option early on, before I bought the Portals, back when I was still using two old Airport Extreme routers as access points. I setup the BOX as a standalone router (disconnecting the Airports) but using the same network name and password of my current network. Then I reconnected the routers, placed the primary in bridge mode, and moved it to another room, far away from the BOX. Though not ideal it wasn’t a bad setup since I got the benefit of the BOX’s superior hardware and signal while gaining a bit more coverage from the older Airport in a troublesome dead-spot on the second floor. Plus both routers were protected by the BOX’s security umbrella.

Configuration Summary

Each setup process is nicely illustrated via screenshots, video and within the Central app, and should be relatively easy to follow for non-techies. However, I found the process not as plug-n-play as I had hoped. There isn’t much in the way of troubleshooting tips should you run into problems but Bitdefender offers free and friendly phone, live chat and email support should you get stuck.

Speed... (Not The Movie) And Strength

A total of 24 wireless speed and 24 signal strength measurements were taken at the same six locations on each floor (6 measurements x 4 floors x 1 router) with results averaged by floor and type, respectively. All measurements are specific to the BOX functioning as a standalone router, the Portals were completely disconnected. I also use VyprVPN which I disabled for testing.

About the Structure

The house is a century old and overbuilt with two stories, a full attic and basement, solid plaster ceilings and walls, and a lot of signal-absorbing obstacles. In short, a challenge for 5 Ghz.

I pay for 60 Mbps download which is the baseline used for all speed tests.

Speed: Wired

Wired measurements taken with Speedtest on a MacBook Pro and the BOX’s LAN port with a 7' Cat. 7 ethernet cable.

I easily exceeded 60 Mbps with the BOX. In fact, speeds in the mid to high 70s were common with a high of 110 Mbps

Speed: Wireless

Wireless measurements taken with Speedtest on a MacBook Pro using the 5 Ghz band only. I was not able to get the MBP to connect on 2.4 Ghz.

First Floor
61 Mbps
Second Floor
52 Mbps
57 Mbps
41 Mbps

Speed Summary

Even after reinstalling the Portal routers into the BOX network there has been no noticeable or even measurable decrease in speed. Bitdefender claims the BOX should have very little or no impact on speed. Based on my tests and daily usage this seems to be an entirely accurate statement.

Signal Quality and Strength

Signal and strength measurements taken with WiFi Explorer which defines Quality as: Excellent, Good, Poor, Very Poor and Strength as a percentage (higher is better).

First Floor
2.4 Ghz: Excellent; 93%
5 Ghz: Excellent; 82%
Second Floor
2.4 Ghz: Good; 73%
5 Ghz: Poor; 54%
2.4 Ghz: Good; 76%
5 Ghz: Good; 71%
2.4 Ghz: Good; 83%
5 Ghz: Good; 69%

Quality and Strength Summary

Not surprisingly the 2.4 Ghz band had great range across the house, easily penetrating all obstacles. However, on the second floor 5 Ghz is less impressive which isn’t surprising considering it’s a perfect storm of obstructions, corners and dead-spots, yet the attic 5 Ghz is considerably better. Overall, performance is better than expected.

Router Summary

Should you use the BOX as a standalone router? Sure, if it suits your needs. As a simple plug-n-play router it performed remarkably well in my multi-level signal-absorbing home, even with multiple 4K streaming. Just don’t expect advanced (or basic) configuration options.

A Quick VPN Note
On April 18, 2018 Bitdefender added a VPN service to their Total Security subscription (included with the BOX). The free plan allows up to 200 Mb per day with a $50/yr. plan for unlimited data.

To BOX or Not

“Smart” technology is probably the future of home network security. The “simple days” of router security are behind us, now it seems nearly everything in our home makes for a target-rich environment. Still, it’s easy to dismiss products like the BOX as the domain of obsessive and paranoid “security types”.

Most of us will never have an IoT device targeted by a hacker despite the apparent ease with which it could be done. The probability of a child’s smart toy, lightbulb, or security camera etc. being used to invade our home is statistically slim in my opinion. And yet it probably happens to someone every-single-day.

In an age where society is always online it’s fair to say most of us are guilty of the occasional lapse of online judgement, having visited a sketchy website, clicked a questionable email link, or downloaded an infected file. All of which makes computers and mobile devices more likely entry points for phishing, ransomware, malware, viruses, trojans etc. which are arguably more common daily threats to the average person than someone hacking our toaster. Such is the reality of a “connected” life. So why risk it?


As a security hub the BOX has what I consider the most comprehensive feature-set among the current crop of devices. Make no mistake, combined with Bitdefender’s well-established cybersecurity track record the BOX is a formidable, all-encompassing security package. But perhaps the most important and overlooked feature is the deep integration of Bitdefender Central which the competition simply does not have (yet). Also, the alerts could use some refinement to improve their usefulness to non-technical users by making it quicker and simpler to identify and understand a threat’s severity.

The Elephant in the Room (Part Deux)

Advanced (“smart”) security features are slowly making their way into dedicated routers. If like most people you have a typical static (or dumb) “firewall only” router then the BOX is relatively easy to justify. But if you own or plan to upgrade to a new security-centric “smart” router then the BOX starts to look redundant despite its arguably superior feature-set.

The BOX as a Router

My guess is most people will use their existing router or mesh network to handle wireless duties making the BOX’s router redundant, though you’re still paying for it. In fact, it’s probably safe to assume the typical BOX user has zero need or interest in router settings and simply wants a powerful and effective security hub, so perhaps it’s unfair to focus too heavily on the lack of configuration settings. But therein lies the rub.

If Bitdefender felt it important enough to warrant the inclusion of a modest router then it’s also reasonable to expect more than a handful of settings. It’s as though a piece of the puzzle is missing. Are advanced router settings necessary on a security hub? Probably not. But neither is a router, and having one without the other seems fundamentally... wrong.

Still, whatever limitations the BOX may have when compared to a dedicated wireless router it performed well in both speed and coverage and should work nicely on its own for those with modest needs and a small to medium space, or if your network would benefit from a little extra “filler” coverage.

Final Thought

The BOX checks a lot of, uh... boxes. Bitdefender provides what is arguably the best cybersecurity software currently available for consumers... anywhere. Period. That is the BOX’s greatest strength. The Total Security antivirus software, mobile apps, virus definitions, and firmware receive frequent updates and devices are conveniently managed via Bitdefender Central. That it also comes with a very capable router is a bonus. The only aspect holding it back from a higher rating is the lack of router configuration.

Expensive But Worth Every Penny