Slyguy

Level 40
Interesting.. I see mid-stream they changed from Kaspersky Gateway Security to ESET.

I'll probably reach out to them to find out more information, such as what layer this operates at. I may even order one to test. I'd guess they aren't inspecting SSL traffic for malware and it's relegated to malware domains with SNI identification and non-encrypted (80) inspection of malware.

The IPS certainly would inspect all traffic, and apparently it's AI/Machine Learning IPS that looks for anomalies that may indicate a compromise as of yet unseen. This is something firms like Fortinet are years away from developing and they still use static IPS signatures with a fabric combination analysis. It's certainly NOT heuristic in that way, but utilizes the entire fabric to determine the situation. But ultimately, IPS is all going to ML/AI, it's just a matter of time.

Upfront cost isn't cheap - about as much as a low end enterprise UTM. $10 a month for the service isn't cheap, but is cheaper than most SMB UTM's. The really cool parts here are parental control, active allow/deny on connections in real-time, browsing history storage, crowdsource intelligence and Internet Pause. FAQ states this develops a 'fingerprint' of each device, and deviations from that will trigger alerts. This is basically device whitelisting/locking, another thing most UTM firms haven't really invested in yet.

Best Parental Control WiFi Router; Most Powerful Secure WiFi Router

1609d7469e68fef9a4a7d49696718ff0_original.png
 

Slyguy

Level 40
I don't think any WPA 3 router is available right now for consumer.
Exactly. Neither of those technologies have any purpose at this point and will take years to fully roll out and be usable. Not only do the chipsets have to be widely available for routers, but end user devices must also all be purchased new to support it.

We just got everyone on AC, and started to push Wave 2 AC, and then they toss that out and tell everyone AX.. It's certainly going to be awhile, you'll be lucky to get AX in the Galaxy s10 series coming in February, Samsung doesn't even have AX and WPA3 compliant chips in the production queue for availability.

People can wait to upgrade their routers/devices but that wait might be 2, even 3-4 years down the road.
 

Slyguy

Level 40
I picked one of these up this week and have been testing it. I'm absolutely impressed with this device. It's easily the most powerful home router I have tested to date. It's every bit as powerful, albeit with less configurability than most SMB UTM's costing hundreds more. For the sake of simplicity I will refer to this as a 'router', although it is much more.

I intend to write a full reviews of it soon. Here's the bullet points;

1) Setup is ONLY through the app (iOS or Android). John Wu tells me this was done intentionally to close off all potential exploits via admin consoles, HTTP/HTTPS management, web portals, SSH, etc.
2) Setup is fast and easy. Plug the router. Install the app, create an account, then scan the QR code on the bottom of the router to pair it with your account. Presto, it's ready to go. Note, this pairing is encrypted and the tunnel between the app and your Gryphon is fully encrypted.
3) Once that is done you can start configuring the router from the app. All of the normal settings are here you'd expect. DNS, Wireless, Port Forwarding, etc. Keeping in mind it's configuration options are limited at first glance, but very powerful once you dig it. The main thing you will notice here is there are configuration options for Malware Protection.
4) Malware Protection is a simple 3 option layout - Essential (Only confirmed dangerous threats), Recommend (Moderate threats), Extreme (All threats, small or large, including PUPS/PUA/Adware)


Once this is all setup, and your wireless networks are operational devices will start popping into the Gryphon app as DHCP is assigned. At this point you 'label' devices, then if necessary assign them to use profiles. Here's where this device becomes quite profound. When you assign devices to labels, such as cameras labeled as cameras, or thermostats labeled as thermostats, this actives the Artificial Intelligence for THAT CATEGORY of devices, which immediately sets forth detection of anomalies based on accepted operational conditions of that category of devices. On the backend inside of the Gryphon, it's 'watching' each category of devices for variances that could signal a compromise, malware, or hack. Fantastic!

If a hack or malware or potential compromise is detected you will be notified in the app and presented with options, including to 'Quarantine' the device, or you can WHITELIST the threat. Quarantine removes the device from your network, isolates it, and pauses all internet activity for it.

Next up - USER PROFILES. This is absolutely incredible in all of my experience with parental and user control. The flexibility here is quite amazing, you can set 'ranges' for ages, restrict searches to safe search, set bedtime hours, homework hours, allow/disallow proxy/vpn bypasses, even store browsing history for you to view later on this particular user. You can also restrict access to certain specific applications, indicating this device is a Layer 7 Application Layer inspection UTM! It was pretty cool being able to watch my daughters browsing in near realtime on my phone.

Screenshot_201g1.png Screenshot_2d06_Gryphon.png Screens4_Gryphon.png

It certainly didn't take Gryphon long to start chiming away about some piece of adware on my sons phone sending out crap to a bad URL (and block it, after notification, as seen above). So that was a good test of it's URL blocking capabilities.
 

Slyguy

Level 40
The 3 wireless radios are very strong, and work every bit as well as Gryphon claims. My home is 3,200 sq feet, and prior to this I would require 3 FortiAP or 2 Unifi AC-HD modems to cover the full house. A single Gryphon fully covers the home with maximum bars. I've never seen a single wireless device cover this much square footage. Even an ASUS RT-AC3200 wouldn't cover more than 75% of my home without serious dropouts.

Hardware wise, this is a beast. Far above the most powerful consumer routers.

Gryphon has a Quad Core Arm Cortex A7 processor with 4GB of RAM
802.11bgn
802.11AC
3000Mbps throughput
3 Radios (2.4 and 2 5.0)
4x4 MU-MIMO
Beamforming and WiFi Priority
Mesh (instant)
Six Antennas
DFS Bands

Other features of it;
Speed testing of your connection.
Up/Down Status of your WAN
Anti-Spoofing (MAC/ARP)
Rogue AP Detection
Vulnerability Scans
Prioritized Devices

The vulnerability scanning is very good, it detected every open port on all of my devices, notified me, and recommended corrective actions. I was shocked to find my printer was pretty wide open to intrusion...

print1.png
 

yitworths

Level 10
Verified
@Slyguy you may test it with DoS attack, if possible set up yourself or ask any good pentester to do a well organized DoS attack along with blacklisting. How much resistance it may pose against denial of service has greater importance in terms of security... Cookie hijacking is old school & almost impossible nowadays unless tunneling can be leveraged. Anyway, it seems you are much impressed by this router(y). When I try to think of your rig, it always comes to me as a citadel:emoji_cold_sweat::emoji_fearful::emoji_sob:. If I would have been close to your house, I would try every now & then to crack your security:devil:...so much layering:geek:...
 

Spawn

Administrator
Staff member
Verified
After the first year, it's $9.99 per month for the network protection services (malware, ransomware and intrusions). Is that not considered expensive?

Two other questions;
  1. Hardware-wise - How does it compare to other Mesh networking solutions (ie. Google Home, Netgear Orbi and more)?
  2. Security-wise; Comparison to Norton Core, Bitdefender BOX and F-Secure SENSE?
What's an alternative to Mesh networking solutions?
 

Slyguy

Level 40
After the first year, it's $9.99 per month for the network protection services (malware, ransomware and intrusions). Is that not considered expensive?

Two other questions;
  1. Hardware-wise - How does it compare to other Mesh networking solutions (ie. Google Home, Netgear Orbi and more)?
  2. Security-wise; Comparison to Norton Core, Bitdefender BOX and F-Secure SENSE?
What's an alternative to Mesh networking solutions?
Hardware wise, it destroys every other MESH I have tested (basically all of them), even Unifi with AC-HD Pro's, which I also have. Gryphon with it's quad core A7 Arm, can handle 1000/1000 wire speed on the wan. Range is so far beyond Velop/Orbi/Google its not even funny. Ideally, most homes, unless you are well over 3,000sq feet will only need 1 Gryphon IMO.

Gryphon is so secure, I consider it out of the box, the most secure router in the world. For a few reasons.. There isn't any admin management access from WAN or LAN, it's all done through the encrypted app after pairing, and creating a master password. With all of the common things disabled, with all of the ports stealthed by default, with no default/generic logins or passwords, out of the box it's going to be more secure thank most consumer routers. That's before you apply any additional protections such as limited permissions to devices, guest restrictions, turning ESET up to maximum, and assigning the machine learning/AI to devices and lastly creating security profiles for granular control.

At the outset, after initial testing, this would give most SMB UTM's a run for their money. As for consumer routers, so far it feels incredibly superior to them. I guess $9.99 is or isn't expensive is relative.. I spent that on coffee this morning. Most ISP's charge something around that for their junk router/modem combos so... For some, it might be. But security at what cost? Drop this on your network and you are basically locking it down - hard - and putting a shield around all of your IoT. Not to mention my continued harping on the fact that every home/business really needs Zvelo scanning (which this uses for web filtration).

I'm impressed so far and have hammered it in the last 24 hours, and spoken directly with John Wu, the CEO numerous times. Interestingly, once you own one, you can share a gift code with anyone and they get $50 off it. Since it's not any kind of kickback or affiliate crap, I will share the code here;

Buy Now Complete Network Security
 

Slyguy

Level 40
Personally, I think Gryphon is a game changer in the home market because it's so secure out of the box.

But also, and more importantly, it doesn't compromise your security by using compromising methods. No ARP interception/poisoning like a lot of devices. No proxying of connection to cause slowdowns. No MiTM performed which can obviously create more vulnerabilities.

In researching the history/evolution of it; It started as a Kickstarter and Indiegogo -
Gryphon: Smart WiFi Router to Protect the Connected Family

Most powerful WiFi system to protect your home

Which provided R&D and basic seed funding, then progressed to a million bucks in Seedinvest.
Gryphon

March 2018 was the official release time frame. Sometime over development they switched from Kaspersky to Eset. I assume largely because of potential of a Kaspersky embargo and the prevailing anti-Russian winds.. Not a bad thing, Eset uses Zvelo, which is exceptional anyway.

Gryphon Brings ESET Enterprise Network Protection to Homes and Small Businesses
 

Slyguy

Level 40
Gryphon is invulnerable to DNS Rebind attacks, and anything behind it will be protected from rebinding.

DNS rebinding attack puts half a billion IoT devices at risk

The reason is, Gryphon enforces it's DNS as a post resolver and anything on the subnet can't enforce itself as a primary DNS resolver. For example if you attempted to create a rebind-like scenario, putting a spoofed DNS server on a local network it would not work because Gryphon doesn't accept Port 53 direction from an internal subnet. (I tried, even trying to set primary DNS on gryphon manually to a local spoofed DNS server and it rejected it) Port 53 (DNS) has to come from the Gryphon itself. Normal routers are vulnerable because they accept DNS authority from anything on the subnet and don't inspect or block DNS on the subnet.

I've tried to 'break' Gryphon and have had a bear of a time finding anything to expose on it.
 

Slyguy

Level 40
In that case wouldn't it mean a device like Pi-Hole on the internal network wouldn't work with Gryphon?
Gryphon protects from local DNS rebinds and hijacks, so an internal DNS on the subnet will not resolve. You can designate an external DNS (such as Adguard) and it will work fine because the DNS isn't pointing back to an internet subnet. It makes sense from a security perspective to do this as DNS hijacking and rebinds are a huge problem and Gryphon is billed as a highly secure appliance.

I've done some limited pentesting on Gryphon, it's hardened as heck. No telnet, SSH, HTTP, nothing is open from ingress from the lan. The only way to actually login to configure it is through the encrypted app, paired to the device via master key, then with your account credentials. There are no 'default' logins, there isn't any way to break into it aside from the App+Pairing+Account so there isn't anything to hack from that perspective.
 

Slyguy

Level 40
John Wu, CEO of Gryphon informed me today they are rolling out WPA3 capabilities with a software upgrade to all Gryphon's soon. They are being granted certification to do this via software since Gryphon already has a chipset that can handle it without any problem. Interestingly, most hardware vendors we be using WPA3 as a marketing too to sell more hardware, when in fact their existing equipment can in some cases, handle it. In other cases, such as many major manufacturers, they use anemic chips in their routers.

What Is WPA3, and When Will I Get It On My Wi-Fi?
We don’t expect that many devices will receive software or firmware updates to support WPA3. Device manufacturers could theoretically create software updates that add these features to existing routers and other Wi-Fi devices, but they’d have to go through the trouble of applying for and receiving WPA3 certification for their existing hardware before rolling out the update. Most manufacturers will likely spend their resources on developing new hardware devices instead.
 

motox781

Level 7
Verified
@Slyguy

I watch your posts closely as you seem very knowledgeable. I'm interested in buying one of these units.

I know your not a seller of this item, but I'm currently using GDATA. I like it. I also feel like installation of any type of AV software whether anti-exe, AV, etc software installed on a individual PC will become obsolete (archaic) and move to the router (point of entry for all devices).

My question to you:

Using this router with multiple Windows 10 PCs in the house (with built in defender/firewall), how does this add protection on top of that?

I guess what I am trying to ask is can it replace installed AV software at the router level for all PCs and if not, what are the advantages of installed solutions have over this (protection wise...ex: GDATA, Kapsersky, ESET, etc locally installed with a standard router)?

Thanks!
 
Last edited:
Reactions: AtlBo

Slyguy

Level 40
@SlyguyI know your not a seller of this item, but I'm currently using GDATA. I like it. I also feel like installation of any type of AV software whether anti-exe, AV, etc software installed on a individual PC will become obsolete (archaic) and move to the router (point of entry for all devices).
You are correct that at some point, endpoint protection itself may be obsolete when combined with adequate gateway protection. But more importantly, because of declining use of Windows based systems and the proliferation of more secure operating systems. The idea behind a UTM like Gryphon is that your IoT devices are already running things like AndroidOS, iOS, Debian, BSD and Ubuntu, and in many cases user space access for rampant infections is restricted. However those devices are often vulnerable to a variety of hacking methods, botnets, DNS rebinds, etc. That's where a UTM appliance comes in to provide a pretty big benefit.

One Achilles heel for UTM/NGFW is encryption. For a UTM to effectively inspect deep traffic it has to MiTM your traffic. This entails the UTM acting as a certificate authority. This is why encrypted (SSL/TLS) scanning is limited and often not utilized. So the protection on your endpoints still has to be there for encrypted channel delivery of malware files themselves. However a UTM like Gryphon can protect you from a huge variety of threats by virtue of the URL and TLD inspection, just not the encrypted traffic hitting the endpoints. Also a UTM isn't going to know if you unpacked a piece of malware and infected your windows machine UNLESS that malware starts dialing out, then it'll be quarantined.

My question to you:

Using this router with multiple Windows 10 PCs in the house (with built in defender/firewall), how does this add protection on top of that?
Consider this - a Win10 machine with Defender, and Gryphon on the gateway, you never need to pay for an AV or adjunct security product again. Gryphon will provide several layers of security over your network.. ML/AI IPS Inspection (intrusion protection). URL/Traffic Scanning (ESET->Zvelo) for malicious domains, exploits and redirects. Parental Control at the granular level on the gateway. Access protection/timed internet.

I guess what I am trying to ask is can it replace installed AV software at the router level for all PCs and if not, what are the advantages of installed solution have over this (protection wise...ex: GDATA, Kapsersky, ESET, etc locally installed with a standard router)? Thanks!
Consider Gryphon an important layer. It protects ALL devices (Microwave, Vacuum, TV, DVR's, mobile devices, Alexa/Dot, etc) from intrusion. By assigning a 'device type' in Gryphon it uses machine learning to 'study' how your network functions over a few days after it's installed. It also compares your device function with millions of variables. Any variance from norm it will trigger an anomaly warning and quarantine the device for your investigation and preventing it from contaminating. This feature works for endpoints - if your Windows 10 box suddenly starts sending out traffic over Port 6590, Grypon knows this is abnormal, and you'll get the quarantine notice on the app immediately.

Gryphon is hack resistant in many different ways as noted above.. Also you won't find things like WPS or unrestricted UPnP on it. You won't find default passwords. Firmware is updated automatically. Telemetry isn't sent (AT ALL). Logging is limited and local on device and can only be sent by you when requested by support. The list goes on and on really.

As you can tell, I am a huge fan of this router (UTM).. I don't work for Gryphon, I am not compensated by Gryphon whatsoever. I simply purchased it and tested it because it was new and I wanted to see if it lived up to it's billing. (it does)
 

Similar Threads

Similar Threads