Rise of the (network) guardians
As the margins in AV continue to fall, networking is cementing itself as the future of the home automation industry. Adelle King reports.
The number of networkable devices is growing, with some estimates claiming there will be approximately 80 billion devices connected to the internet globally by 2025. According to CISCO, this will be accompanied by an increase in global spending on Internet of Things (IoT) devices and services from $US656bn ($A856bn) in 2014 to $US1.7 trillion ($A2.2 trillion) in 2020.
Networking is becoming a service that everyone relies on and as a result, network security is also growing in importance.
Already, rising network complexities and growing security needs for the IoT have seen cyber and information security solutions in Australia experience a 15% growth rate in 2016, according to the Australian Security Market Review 2017 report.
Additionally, a report from market research company Markets and Markets, found the global security system integrators market is expected to grow from $US9.76bn ($A12.69bn) in 2017 to $US14.72bn ($A19.14bn) in 2022, driven by network security concerns.
These concerns stem from the growing incidents of high-profile hacking, with Yahoo, Equifax and the UK National Health Service all targeted last year.
Since many hacking incidents now happen behind the firewall, with every connected device serving as a potential entry point, there is a need for home network security solutions that watch what’s happening inside the network, as well as outside for known threats.
As a result, a number of savvy suppliers have started releasing network ‘guardians’ specifically designed for the needs of the custom installation market. These devices monitor and react to threats in real time, allowing integrators to spot potential attacks earlier and take corrective action sooner.
Custom Integration Solutions
Founded by former integrator Rudy Kern, Canadian company Custom Integration Solutions (CIS) has developed a fully configured network security solution that is designed to bring network security to the consumer through their custom integrator.
As a former integrator who ran an integration company for 10 years, Rudy understands how important it is to ensure the security of the eco-system when integrating different cloud-platforms and different end user applications.
“Our company was built on a security-first approach and network security is a fundamental part of our business model. It’s vital that integrators are informed about the dangers of systems that have little or no encryption,” says Rudy.
“CIS provides a fully-configured solution that has been designed for integrators, rather than just a piece of hardware. We offer a scalable model that the integrator can adopt and repeat, and which includes provisioning equipment for secure access.”
The company’s network routers implement L2TP/IPsec VPNs for remote access to automation systems rather than the Universal Plug and Play (UPnP) that comes enabled by default on many new routers.
“We realise today that the majority of smart home installations employ port forwarding via UPnP as a fast and convenient way for the end user to gain remote access to their automation systems. However, because UPnP assumes local programs are trustworthy, it allows devices within the local area network to automatically open ports without any authentication from the user,” says Rudy.
“This essentially opens a point of entry to the network or equipment from outside the network, enabling malware to abuse UPnP. We view this as a significant vulnerability.
“That’s why we implement L2TP/IPsec VPNs for remote access to automation systems. This highly secure encrypted access has no known major vulnerabilities and is supported on all current devices without the aid of third-party apps. In addition to automation systems, this grants the end user access to file sharing and remote desktop applications without sacrificing security.”
CIS has deployed a small number of devices in Australia and Rudy says as the company continues to grow, the Australian market is of significant interest.
CUJO AI is an artificial intelligence (AI) company that offers a multi-solution, AI-driven software platform. It provides network security, advanced device identification and parental controls.
CUJO AI started by selling a CUJO AI Internet Security Firewall directly to home users but is now focused on providing services for network operators.
“The explosion of IoT devices on the market is creating a vast security risk for consumers. Just covering PCs, Macs and Android devices is not enough in today’s connected world,” says CUJO AI chief executive Einaras Gravrock.
“CUJO AI uses technology previously only available to enterprises to develop solutions that offer business-level network security, device identification and parental controls for connected homes.”
CUJO AI technology uses machine learning to secure every device connected to the WiFi network as part of its complete home security package. It continuously adapts to block new threats, providing protection from remote access, encrypted network access without deep packet inspection and behavioural analysis of all smart devices. In addition to security features, including safe browsing, antivirus and antimalware, the solution can automatically identify devices, recognise the device by type, brand and model, and provide access controls by device.
“CUJO AI analyses local network traffic data locally and in real time. It then sends statistics on that data to the cloud for further analysis. If a threat or suspicious activity is detected, CUJO AI will tell the cloud what it has blocked and a notification on the app will confirm it,” says Einaras.
As well as instant threat notification, the app allows integrators to control and monitor all devices on the network, control internet access for selected devices and manually override any blocks automated by CUJO AI. Plus, because it’s built with 1GB Ethernet, the technology will not slow down the network.
Last year, CUJO AI started to offer a software as a service (SaaS) platform for LAN, core and end-points for network operators. Today this technology is the core of the business.
According to the company, in an average CUJO AI household there are 15 devices protected by the Internet Security Firewall and 50 daily threats thwarted.
“This is why we created CUJO AI platform for network operators. We see the need and the value our service brings to millions of home users. We strive to make the CUJO AI technology available for home protection worldwide. Currently, our main focus regions are the US, Canada, Europe and Australia,” says Einaras.
Taiwanese company Synology, which specialises in network-attached storage (NAS) appliances, has released its Synology Router Manager (SRM), an operating system that runs on all Synology Router products. SRM features powerful reporting features to regularly give integrators clean, detailed reports and comes with an Intrusion Prevention System (IPS) that automatically scans all incoming and outgoing traffic for malicious packets in real time. It can then drop these if necessary to secure the entire network from external attacks.
“Unlike some networking products, SRM is not a cloud-based platform. It does not rely on a vendor’s server to function but rather an on-premises system that comes built-in with Synology Router,” says Synology product marketing manager Sabrina Chen.
“Users have full control over who has access to all the traffic data stored on it but they can still enable remote management and access the router via a web browser or the mobile app (DS router) anywhere. This is also useful for integrators to conduct remote trouble-shooting.”
Sabrina says Synology is moving from reactive to proactive network security with the inclusion of IPS, providing a set-and-forget way to secure the perimeter. Integrators simply enable the system and set the signature database to automatically update itself, with all suspicious events logged, analysed and dropped if necessary.
“Combined with features such as internet schedules, SRM can be used to enforce network-wide or device-based internet usage policy,” says Sabrina.
“It offers an extremely intuitive, desktop-like interface so all the important network information is visualised in a clearly structured manner, accessible in just a few clicks. The low learning curve doesn’t just save time for integrators, it also allows their clients to take care of some of the basic day-to-day administration or monitoring.”
Synology constantly updates SRM to meet and manage emerging threats, with an average of 1.4 updates per month and an average of 5.1 features per update.
“Devices such as IP cameras, alarm systems and voice assistants in smart homes and offices are different from traditional computers as you cannot run anti-virus software on them, yet they are still vulnerable to attacks as long as they are connected to a network. The most effective way to safeguard them is to make sure that the front door is locked – that the network is secure,” says Sabrina.
“This means it’s essential that networking products stay up-to-date. New vulnerabilities and security threats are discovered daily, in which cases old firmware simply cannot cope. In the NAS world, Synology has a track record of continuing to provide updates, sometimes years after a product’s warranty has expired. We hope to offer the same to router users and integrators so they no longer have to worry about a product being maintained after a short period of time.”
Araknis by SnapAV, which is distributed in Australia by Westan, has developed a network security solution designed to support a wide variety of networking needs for professional integrators. All products in Araknis’ network ecosystem are designed to work together with ease, making for a fast and reliable network that is easy to install and update.
“Network security is the next frontier for services. In the era of digital consumption, protecting the user’s digital assets is as important as protecting the physical ones,” says SnapAV director of product management Ayham Ereksousi.
“This presents a great opportunity for integrators to step in and provide a solution they can stand behind. At Araknis Networks we are working towards this vision to arm integrators with a full end-to-end solution for network security.”
Araknis uses OvrC and OvrC Home as the user interface. OvrC is a professional cloud-based solution that helps integrators monitor user devices in the field and provide focused customer care. It also allows integrators to restrict access to certain categories of content from inside the network via DNS resolution, which blocks such access on the server side.
“In order to install the solution, integrators get an Araknis router and claim it on the OvrC cloud platform. If the integrator wants to provide WiFi access management to their clients, they can use Araknis wireless access points. This means that the integrator can set-up user profiles and control access to WiFi within certain times of the day,” says Ayham.
Every access point, switch and router undergoes testing in the Araknis lab, including temperature testing in a thermal chamber and full bandwidth and surge testing. Every product is also on the Control4-approved list.
“To be successful in custom integration it is crucial to set up a reliable network that can meet the performance demands of the modern, connected world,” says Ayham.
“Our current offering is the first step towards a great vision that will empower integrators to be network security experts.”