They are all doing it now, Bitdefender has been peddling it's "Box" for quite some time now.
Bit Defender had box, then Box 2.0. But certainly wasn't the first. The distinction for the first home UTM goes to ITUS.
iGuardian - The Home Internet Security System
Basically the IGuardian was a pre-configured PfSense w/Snort, ClamAV, and Squidguard.
The funniest thing is that the masses buy into this crap and people are paying exorbitant yearly subscriptions for these things
Actually 'the masses' haven't bought into them yet. Sales of UTM/UTM-Like solutions aren't that stellar right now. ASUS with their routers having AiProtection leads the way because it's by default in them now. (for free) ALL Netgear routers will have them by default by the end of the year because Bit Defender partnered with them after Box is basically a failure. Many don't have subscriptions by the way..
when the fact of the matter is a well configured router with the latest firmware updates and a GOOD password will do the job
It depends on what 'job' you want to do. A simple L2 router isn't really going to do anything for you except provide DHCP and DNS forwarder services and router patches from your local ARP out to the WAN with NAT traversal. What's that? Nothing really. It has no awareness of any packets coming or going, as such, it provides no security and safety whatsoever. It would be like me saying a pedal operated car will get me to work so it will 'do the job', I'd sound stupid saying that..
What these newer devices do - often without a subscription (like Gryphon) is they provide in some cases application level inspection and protection on your network. These are important things. This is why enterprise/corporate networks ALL use these devices. They're very protective, informative, and usually fairly well hardened from attackers. More critically, they tend to protect your internal IoT from a wide variety of compromises and intrusions. As homes get more and more IoT inside of them this kind of thing will actually be a necessity. This is just a runoff from the corporate world where these rigs have been used as a necessary protection layer.
he AV companies spend a lot of time and money making everyone believe there is an unmarked truck parked outside your house just waiting for the first opportunity to hack into your system !
No offense but this tells me you don't know what is really going on. Most 'hacking' is quite automated these days. Recently we knocked hackers off a network that were performing 32,000 password attempts a day. There wasn't some dude sitting somewhere typing 32K passwords in a day. It was an automated system attempting SSH ingress over Root/Admin/Administrator type of combinations. I wish I had accurate figures of the sheer numbers of these we see a day, all over the world, but it's pretty exorbitant.
But the reality is, these UTM/UTM-Like devices are not only for protecting you from hackers, but for handy things like application control within your network, parental control, URL filtration, IPS/IDS, Wireless Intrusion Protection, ARP validation and an assorted variety of really cool things that come in very handy. Naturally corporate networks have at times a HUGE threat surface, with all of those open ports, servers, and other things - so they're required. But as the home users adds more gear, more computers, more tablets/phones and more IoT their threat surface is becoming very substantial.