Startup builds intrusion prevention system for home networks

Attacks against routers and IoT devices will generate consumer demand for intrusion prevention systems, the company believes

At a time of growing concern about the security of interconnected devices in homes, a startup aims to provide consumers with a type of network security system traditionally used by businesses.

At the DefCon 22 security conference in Las Vegas last week, San Jose-based Itus Networks unveiled an intrusion prevention system that it claims can protect the increasing number of network-connected consumer devices from outside attacks.

The firm's iGuardian product, which the company hopes will be mass produced starting in February, is a small device that can be installed in front of a router to analyze incoming and outgoing network traffic for signs of malicious activity.

Network-based intrusion prevention systems (IPS) are security appliances typically used on business networks. Depending on the brand, specifications and amount of traffic they can inspect in real-time, their price varies from a few hundred dollars to thousands of dollars, making most of them too expensive for home use.

With an estimated price for the iGuardian of $179, Itus Networks founders Jock Breitwieser and Daniel Ayoub, who previously worked at Dell SonicWALL, hope that their product will change that without sacrificing technical capabilities.

The prototype has a dual-core 600Mhz Cavium Econa CNS3420 processor based on the ARM11 architecture, 512MB RAM and 2 Gigabit Ethernet interfaces. The final product, however, is expected to use a dual-core 1GHz Cavium Octeon III 7020 processor on the MIPS64 architecture that's more powerful than those found in some network security appliances from Juniper Networks, Dell SonicWall and Netgear. It will also have 1Gb DDR3 RAM and 3 GbE interfaces.

The iGuardian runs a popular open-source IPS software package called Snort on top of OpenWRT, a community-built Linux distribution for embedded systems. The device will get automatic updates for Snort community-developed rule sets -- definitions that are used to detect known attack patterns inside network traffic -- but users will also be able to subscribe to commercial Snort rule sets if they want to.

Long term, the plan is for Itus Networks to also research new threats and develop its own Snort rule sets for customers, the founders said.

The device will not only be able to block attacks from the Internet, but also malicious traffic originating inside the network. For example, if malware running on a local computer tries to contact a known bad server, the device could block that communication using IP address or URL blacklists, they said.

For now iGuardian supports a throughput of 50Mbps, which Breitwieser and Ayoub believe is suitable for most residential Internet subscribers in North America. However, the company plans to ship the device globally, so users in countries where ISPs offer higher speeds might experience traffic throttling when they deploy the device.

According to the founders, the current throughput is not a limitation of the hardware itself and they're confident that they can increase it three- or fourfold through firmware updates by optimizing the code to take full advantage of hardware acceleration.

The company needs to produce a minimum 800 initial devices to reduce production costs and reach its desired price point. To raise the necessary funds the company has launched a Kickstarter campaign that gives backers the opportunity to buy the device for $149 or less.

Though iGuardian falls in the price range of high-end SOHO routers, its creators believe there will be demand for it and that the market for consumer-grade IPS devices will only grow in the coming years. The device offers a level of protection against modern threats that antivirus products and routers don't currently provide, they said.

In fact, many home routers have vulnerabilities themselves and the number of attacks against them has increased considerably over the past twelve months.

In March, researchers found hundreds of thousands of home routers that had been compromised and had their DNS settings hijacked by attackers. In Poland a similar attack was used to hijack online banking connections. Also this year, researchers found a worm that infected Linksys routers, and attacks that installed cryptocurrency mining malware on network-attached storage systems.

Past security reviews of popular SOHO routers found many vulnerabilities and a router hacking contest at DefCon that was sponsored by Itus Networks resulted in 15 new flaws being reported.

Other talks at the Black Hat and DefCon conferences last week focused on vulnerabilities in network-connected devices that make up the so-called Internet of Things. There seems to be a consensus among security researchers that such devices are not being designed with security in mind, which can have serious consequences, from wireless alarm sensors being disabled to security cameras being hijacked.

Breitwieser and Ayoub believe the security of routers and other Internet of Things devices is not likely to improve anytime soon, which is why they think consumers will increasingly need the kind of protection offered by network-based intrusion prevention systems.

Join the CSO newsletter!

Error: Please check your email address.

Tags networking hardwareDetection / preventionintrusionNetworkingsecurityroutersItus Networks

More about DellDell SonicWALLIPSJuniperLinksysLinuxSonicWall

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place