After emailing John Wu here is the latest:
As far as the annual fee after the first year, it will be $99/year ($8.25 a month for the entire house) which includes:
Malware/ransomware protection
Intelligent intrusion detection
Network vulnerability scanning
Mobile device management with Homebound
VPN privacy
Extended hardware warranty.

ESET has created a special feed for them, but I think they leverage the same feed that they use for their malware products.
VPN privacy is something they are working on with NORD VPN. It would essentially include a VPN tunnel that you can turn on using the Gryphon app and it would run on the Gryphon router to bypass the ISP, so they are not collecting your browsing history. You can check out at www.nordvpn.com.

Homebound™ is something they are working on. One of the problems is that kids are increasingly using mobile devices away from the home. This would be an app that would tunnel back to Gryphon and essentially allow parents to see the mobile device like they are on the home network.

I also asked if they could create a NETSEND ability in the app to message any endpoint from the app. i.e.. kids on an Xbox on the other side of the house. His dev team is looking into it. No promises.

Looks like they are really building out the capabilities of the device.
 
Reactions: simmerskool

Slyguy

Level 40
Good stuff. They have big plans for it without a doubt. Also they are working on a SOHO/SMB version with much more granular controls and other functionality, like the ability to have a local DNS server.

Gryphon doesn't offer enough flexibility for prosumers IMO. For me, I like to see what is going on with my network more than the Gryphon allows. But for the average joe it's a no brainer and easily the best solution out there. I recommend it all of the time to everyone from soccer moms to grandparents and it serves them all very well so far.

$8.25 a month is nothing really, especially since that also warranties the hardware. ASUS's lame AiProtection is pretty crap, and you give up immense privacy to closed source DD-WRT aspects of it that Trend won't disclose AND it slows connections. Sure, it's free, but it's basically crap.
 

Kubla

Level 6
After emailing John Wu here is the latest:
As far as the annual fee after the first year, it will be $99/year ($8.25 a month for the entire house) which includes:
Malware/ransomware protection
Intelligent intrusion detection
Network vulnerability scanning
Mobile device management with Homebound
VPN privacy
Extended hardware warranty.

ESET has created a special feed for them, but I think they leverage the same feed that they use for their malware products.
VPN privacy is something they are working on with NORD VPN. It would essentially include a VPN tunnel that you can turn on using the Gryphon app and it would run on the Gryphon router to bypass the ISP, so they are not collecting your browsing history. You can check out at www.nordvpn.com.

Homebound™ is something they are working on. One of the problems is that kids are increasingly using mobile devices away from the home. This would be an app that would tunnel back to Gryphon and essentially allow parents to see the mobile device like they are on the home network.

I also asked if they could create a NETSEND ability in the app to message any endpoint from the app. i.e.. kids on an Xbox on the other side of the house. His dev team is looking into it. No promises.

Looks like they are really building out the capabilities of the device.
What happens if you don't want to pay that subscription fee?
 
Reactions: ng4ever

Solarquest

Moderator
Staff member
Malware Hunter
Verified
Very interesting, thank you for the information and the updates.
How easy is the installation and the setup process?
How does the anti- malware protection work and how good is it (e.g does it scan inside compressed files)?
Where is the device manufactured?

Thank you
 

Slyguy

Level 40
So you lose your protections and it reverts to a normal router?
'Normal' is a misnomer. Even as a flat NAT/SPI Router/Firewall, it's still potent with a Quad Core 1.2Ghz ARM, lots of ram, and a REALLY GOOD antenna spread. But yes, you lose the malware features if you don't pay but it still functions in every other way including the parental controls.
 
Reactions: simmerskool

notabot

Level 7
How does it do Layer 7 inspection? Does it intercept tls and ask you to install its own certificates on client machines ?

I’d never do that ( plant a faux certificate) and there’s no other way to really inspect https ( unless it just inspects destination’s IP)
 

Slyguy

Level 40
I don't actually know the guts of the device on operation, largely because it's hardened from intrusion so I cannot SSH into it and poke around. But given you can control applications, that tells me it uses some method of application level awareness/filtration. How that's accomplished I do not know but there isn't an MiTM certificate inserted, that much I do know.

Remember, Fortinet, Untangle and others don't inject RCA's into systems to do Application Layer filtration either. I suppose the web filtration aspect uses SNI and Host Name Identifiers to handle that, like most UTM appliances that do it without insertion of RCA's on local devices.

Either way it works, and is impressive. Having ESET on the gateway gives a pretty nice sense of security.
 

notabot

Level 7
With no ports open how can it be configured? Does it phone home? If so how does it authenticate with home ? Does it connect via TLS? If so does each device have its own SSL certs ?

Too many unknowns at this point
 

esoteric24

Level 1
With no ports open how can it be configured? Does it phone home? If so how does it authenticate with home ? Does it connect via TLS? If so does each device have its own SSL certs ?

Too many unknowns at this point
You use an app on your phone to make configuration changes to the router. The app uses encryption to ensure secure communication between your phone and the router.

I'm an ESET employee that just recently found out about this router. My views/opinions/posts do not reflect those of ESET and are just my personal views.

i contacted Gryphon with some additional questions I had, and thought I'd share them.

1. ESET's enterprise ML and Live grid (cloud based reputation system) is installed on the router. The router doesn't inspect any network packets that come through, rather they check the domains in DNS call in conjunction with Virus signature database and reputation from live grid when determining malicious files and websites.

2. If you already have ESET installed, your basically getting the same protection. The business grade of ESET offers a couple more functionalities that the consumer grade does not. The key here is that the gryphon router w/ ESET will protect your IOT devices and non-protected devices against malware and hacking (guest computers, mobile devices, printers, etc).

3. The malware and Machine learning (ML is part of IDS) is part of the ESET subscription. Again, if you already have AV, you are protected, but there is nothing wrong with multiple layers of defense. And, again, you'll be protecting your IOT devices and devices that are not protected w/ any AV. For me, this would be important, as my house is pretty IOT heavy.

One issue that I will encounter is with my ISP, ATT. I have ATT fiber coming in, and there is no true bridge mode. I'd have to use IP pass through, but I'm finding that with IP pass through, I'd still have to use ATT's DNS servers. I'd rather use CF's DNS servers. I contacted ATT support to find out how I can bypass the Arris modem and put the gryphon router right after the fiber modem. They escalated me to another team, and i was given the option of a one time $50 charge, or $15/month for a year, for them to put Fiber modem in "bridge" mode to eliminate the Arris modem.

If anyone has any other suggestions, it'd greatly be appreciated.
 

notabot

Level 7
You use an app on your phone to make configuration changes to the router. The app uses encryption to ensure secure communication between your phone and the router.

I'm an ESET employee that just recently found out about this router. My views/opinions/posts do not reflect those of ESET and are just my personal views.

i contacted Gryphon with some additional questions I had, and thought I'd share them.

1. ESET's enterprise ML and Live grid (cloud based reputation system) is installed on the router. The router doesn't inspect any network packets that come through, rather they check the domains in DNS call in conjunction with Virus signature database and reputation from live grid when determining malicious files and websites.

2. If you already have ESET installed, your basically getting the same protection. The business grade of ESET offers a couple more functionalities that the consumer grade does not. The key here is that the gryphon router w/ ESET will protect your IOT devices and non-protected devices against malware and hacking (guest computers, mobile devices, printers, etc).

3. The malware and Machine learning (ML is part of IDS) is part of the ESET subscription. Again, if you already have AV, you are protected, but there is nothing wrong with multiple layers of defense. And, again, you'll be protecting your IOT devices and devices that are not protected w/ any AV. For me, this would be important, as my house is pretty IOT heavy.

One issue that I will encounter is with my ISP, ATT. I have ATT fiber coming in, and there is no true bridge mode. I'd have to use IP pass through, but I'm finding that with IP pass through, I'd still have to use ATT's DNS servers. I'd rather use CF's DNS servers. I contacted ATT support to find out how I can bypass the Arris modem and put the gryphon router right after the fiber modem. They escalated me to another team, and i was given the option of a one time $50 charge, or $15/month for a year, for them to put Fiber modem in "bridge" mode to eliminate the Arris modem.

If anyone has any other suggestions, it'd greatly be appreciated.
Thanks a lot for the thoroughness !

“app uses encryption to ensure secure communication between your phone and the router.” —> how does the app authenticate with the router for administration though ? And how does the router authenticate with the app? Is the router’s certificate unique per device or all gryphon devices use the same? Is the certificate self signed etc
 
E

Eddie Morra

2. If you already have ESET installed, your basically getting the same protection. The business grade of ESET offers a couple more functionalities that the consumer grade does not. The key here is that the gryphon router w/ ESET will protect your IOT devices and non-protected devices against malware and hacking (guest computers, mobile devices, printers, etc)
Three additions to the good points you've already noted.

Enhanced security

The Gryphon router will be lesser-known compared to common routers from popular ISP's and likely is built securely... it is probably regularly updated (firmware/software) when updates are necessary for things like patches. Since it will be lesser-known, there'll be less threat actors out there resourceful on how it works for defeating it, too.

Furthermore, attacking the Gryphon router to overrule its protection will be more complicated, unlike with an AV on the environment which is already compromised.

It goes without saying that Gryphon not being on your actual environments for network filtering means less threat surface for local/remote exploitation when the machine becomes compromised by traditional malware. There won't be any software from Gryphon on the local system to be exploited.

Performance.

The Gryphon router will be responsible for carrying out filtering, easing off system resources for your systems connected to the Gryphon router. Therefore, you save more system resources for other things, instead of your own system resources being used for things like network filtering and scan operations.

Stability and compatibility

If the Gryphon router stops working suddenly, it isn't going to take down your own computer systems with it... you'll just not be able to use the Gryphon router for internet access until it starts working again. This can be vital in situations where you're yet to backup work (e.g. if backups are done at specific times in the day but important work has been created prior to the backup time).

The compatibility point stems from Gryphon not being present on your actual environments, so there's less conflict potential with other services you're using (unless of course Gryphon arbitrarily doesn't like the service's network activity or you have a configuration which causes issues). That, and the fact that it'll work with other OS's other than Windows like Mac OS X and Linux (as far as I know) since it isn't dependent on any of them specifically for supporting them (e.g. because it's a router not software for a particular OS relying on the OS's APIs).

Just some things I thought of, I do not use Gryphon so if I have made a mistake then please correct, but I know a few who do and are happy with it and I used to consider getting one myself because it looks pretty neat. I also like how they are using ESET technology alongside their own now... good work.
 

Slyguy

Level 40
Thanks a lot for the thoroughness !

“app uses encryption to ensure secure communication between your phone and the router.” —> how does the app authenticate with the router for administration though ? And how does the router authenticate with the app? Is the router’s certificate unique per device or all gryphon devices use the same? Is the certificate self signed etc
From what I understand about how it works (roughly): Authentication to the router is done via a long 'key' that is randomized and assigned to reach router. When you install the app on your phone/tablet you are required to setup an account. Once the account is setup you are required to scan the QR-Code on the router which has the authentication key on it. Once that is accomplished the authenticated router is keyed to THAT INSTALL of the application on the phone.

Let's consider some worst case scenarios - let's say your Gryphon account has a bad password/username and someone installs the application on their phone. They won't be able to authenticate it because it's been paired with that install on that device. They'd need physical access to the LOCAL Gryphon to re-key/pair it to their install on that particular phone/tablet. So that's a secondary layer of protection.

Gryphon ONLY stores logs on the device itself. The only way to get the logs off the device are from within the app and manually pushing them to support which also pushes them to your registered account email address. From what I can discern logs are very limited, short term, and seem to cycle out VERY quickly. So if someone was doing some deep interception of your traffic they are not going to find useful data or detailed logging, period.. Also I found inadvertently, that restarting the device seems to also wipe the logs. I have NOT found any websites visited or other information in the logs.

Gryphon does all of the heavy lifting. Some basic stuff appears to be handled on the secured AWS bucket, such as firmware pushes, and other things. Some things I can say for sure - there aren't ANY open ports on the Gryphon, not even SSH. If you hit the gateway of the router on the local network you get a generic device page that allows you to request URL access to a blocked website to whomever has the app installed and is functioning as admin.

Since there is no Port 80/443 Admin Access there is nothing to compromise. Since there are no available telnet, ssh you can't putty or telnet into it and hack it. Since there is no default password/login credentials you can't compromise default credentials. Since there are no configuration aside from the app you can't modify configuration. Since you can't install the app and pair it without holding the router in your hand you can't take control even if you steal the app credentials. It's pretty easy to see why this is a hardened device with one of the lowest threat surfaces available for a home.

Gryphon11111.png
 
Last edited:

Slyguy

Level 40
In terms of ESET, I view Gryphon is an integral part of layered security. Either run it with ESET to provide a layered ESET solution - or Gryphon already provides that to every device in the home and use something like Bit Defender, Emsisoft, Norton, Kaspersky, F-Secure or whatever which would provide you with a blended security profile - much harder to bypass something because the attacker has to factor multiple solutions/layered protection. Keeping in mind this ALSO protects devices that can't have ESET physically installed on them - like your SmartTV or DVR..

I've talked to Gryphon Engineers recently, and I am told the following features are in or nearly in the beta channel right now. They are working on a deal with NordVPN to provide full hardware VPN functionality to Gryphon. Where you can select devices to 'always use' Nord VPN at the hardware level - where Gryphon does the heavy lifting of the VPN rather than your device/s. The 'Homebound' feature is really something I want. Prior to using Gryphon I utilized FortiClient VPN to ensure ALL devices were sitting behind my secured network regardless of where they were in the world. I really want that functionality!

1-Ethernet backhaul – this is coming in the next release planned for this week. Now you can link the mesh with wired Ethernet. This would for homes with a lot of tough walls

2- Dual admin support – You can now have another admin account to manage the router.

3. Enhanced browsing history – improvements to browser history to make it more readable

4. WiFi power control, enable/disable – turning off wifi completely

5. Internet scheduling enhancement – set bedtimes/homework times differently for each day.

6. Internet usage overview – see all the activities and track amount of data usage

7. Homebound – App for routing traffic on mobile devices back to Gryphon to manage

8. VPN – VPN tunnel right on Gryphon for enhanced privacy
 

esoteric24

Level 1
Speaking of Gryphon, I just got a mass emailing from them saying Gryphon is on sale at Amazon for Black Friday for $198.00

https://www.amazon.com/gp/mpc/A1W5QR5S8AUXFO

The discount is applied at checkout, I picked up one for my inlaws to replace their stupid $19 Tenda Router.
Thanks @Slyguy. In for one. I should buy two because my house is pretty big (3800 sq ft), but my house is open are concept, so I'm hoping to set it up in an open area and it will suffice.

Funny the "support" guy that emailed me, is also one of the founders. I'm going to try to meet up with him and maybe the CEO at ESET offices in a couple weeks.
 

Similar Threads

Similar Threads