On our home network, we've got over 4 or 5 dozen IoT devices, including Nest cams, Rings, air and environmental sensors (like Awair), smart speakers Microsoft, Amazon, Google), gaming devices, Electric Vehicles, smart lights and switches virtual machines running servers, etc and I've noticed that we're getting alerts that would be better managed if a traffic profile were already created for them (perhaps not to the extent that Palo Alto Networks has with AppID, but something similar that covers most of the well known and deployed IoT devices). Sometimes I find myself adding a single destination IP address into the whitelist which won't work for long, since they're emphemeral (they change) - the goal is to have a stable baseline so that we're not alarming for known good devices to known destinations (this is important). On my first evening the system learned over 60 devices, and produced about 50 alarms.
I'm also thinking about what we might be able to do with our children's devices - to keep them monitored - it would be nice to be able to roll them into the monitoring if they: a) move out of network, b) shutdown their WiFi and go on LTE/Mobile networks. I like the family focused parts of the App, and think that it can be made quite powerful and would help with the uptake of the product.
In the next week or so I planned on doing a bit of performance testing - I think that 500Mb/sec of imix traffic is probably OK for the short term, but in the coming year we're going to need more powerful hardware. We're already running 880Mb/1Gb here over FIOS and I suspect this will be more common.
Otherwise, a very nice little device - I love the open nature and size.
Please sign in to leave a comment.