Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Avira
Avira SafeThings WiFi Router
Message
<blockquote data-quote="AndreiP" data-source="post: 813660" data-attributes="member: 79748"><p>Definitely.</p><p></p><p>Re CPU comparison - we chose to go for more cores vs high frequency because we profit more from parallelisation rather than high computing power. We deemed it's best to distribute tasks like L3 routing and acceleration, networking ancillary services (DHCP, DNS proxying, mesh etc), packet sniffing / inspection, and additional services (VPN server, smart home services, plus more additional features to come) over separate cores.</p><p>We did a lot of benchmarking at the beginning and this architecture was a winner.</p><p></p><p>Re malware protection - we are not doing DPI, but rather a shallow inspection of packages in the sense that we are not analysing the payloads that are being trafficked across the network (with a few exceptions that are required for device ID). Since SafeThings was built to secure connected devices other than the traditional ones (Windows, MacOS, Android, iOS), we rely most of out anomaly detection engines on regression / machine learning algorithms that continuously baseline the *network behaviour* of the IP connected devices.</p><p>Some examples: a connected light bulb should not employ FTP connections, a thermostat from the same vendor/same model in the same geography should have a similar network behaviour to other similar deployments - and if it starts connecting to a strange DNS/IP then the anomaly sensing starts and actions are enforced. All that ML logic happens in the cloud.</p><p>Malware protection at the edge, on traditional devices, can be complemented with Avira AV endpoint protection.</p><p></p><p>Re IPS - on top of the anomaly detection engines, we're also checking all the incoming connections (against blacklists & behaviour-wise), as well as the connections between the LAN devices to sense botnet CNC activity or devices with dodgy behaviour (ip cam doing port scanning, smart tv maintaining an always-on connection with a cloud service, failed login attempts over ssh/httpbauth etc.).</p></blockquote><p></p>
[QUOTE="AndreiP, post: 813660, member: 79748"] Definitely. Re CPU comparison - we chose to go for more cores vs high frequency because we profit more from parallelisation rather than high computing power. We deemed it's best to distribute tasks like L3 routing and acceleration, networking ancillary services (DHCP, DNS proxying, mesh etc), packet sniffing / inspection, and additional services (VPN server, smart home services, plus more additional features to come) over separate cores. We did a lot of benchmarking at the beginning and this architecture was a winner. Re malware protection - we are not doing DPI, but rather a shallow inspection of packages in the sense that we are not analysing the payloads that are being trafficked across the network (with a few exceptions that are required for device ID). Since SafeThings was built to secure connected devices other than the traditional ones (Windows, MacOS, Android, iOS), we rely most of out anomaly detection engines on regression / machine learning algorithms that continuously baseline the *network behaviour* of the IP connected devices. Some examples: a connected light bulb should not employ FTP connections, a thermostat from the same vendor/same model in the same geography should have a similar network behaviour to other similar deployments - and if it starts connecting to a strange DNS/IP then the anomaly sensing starts and actions are enforced. All that ML logic happens in the cloud. Malware protection at the edge, on traditional devices, can be complemented with Avira AV endpoint protection. Re IPS - on top of the anomaly detection engines, we're also checking all the incoming connections (against blacklists & behaviour-wise), as well as the connections between the LAN devices to sense botnet CNC activity or devices with dodgy behaviour (ip cam doing port scanning, smart tv maintaining an always-on connection with a cloud service, failed login attempts over ssh/httpbauth etc.). [/QUOTE]
Insert quotes…
Verification
Post reply
Top