Introduction
Over the last couple years network security products have started to take off in the consumer space after being strictly a business to business market previously. Home & Home Office haven’t really been on the table for IDS/IPS (Intrusion Dectection System, Intrusion Prevention System) solutions since they are traditionally very expensive, prohibitively so for SOHO customers. Only large businesses enjoyed the sort of protection these systems could afford a network. Now the hardware power/cost ratio is down and cloud infrastructure is there for the heavy duty machine learning, everyone is coming out with a product to protect home devices from malicious threats, just in time, as Internet of Things device adoption rates explode, and we keep learning IoT companies keep treating security as an afterthought. The Cujo Firewall is cujoAI’s first product into the market, and is something of a trend setter.
The market is looking for a solution to help mitigate the risk of adopting new technologies that might not be as secure as advertised. Everyone wants Alexa enabled stuff, they often don’t think “Hmmm.. I wonder how well this company does security” when they buy a smart bulb or thermostat.
Cujo’s Product Pitch:
I was tempted to start into a technical summary about how the CUJO device works specifically, but I figure most people aren’t here for that. They are here to know about the benefits and/or drawbacks of having one from someone with experience. Basically CUJO gets in between your devices and your ISP connection and uses behavior analysis and metadata, as well as threat’s logged with it’s cloud system, like a traditional AV does to 1 PC, only for the whole network.
I have deployed several of them to clients, usually in homes that also value having an easy method to deprive kids of the internet at the flip of a switch on an app, or enforce site specific policies. One client specifically said “You convinced me for the security aspect, but I love being able to shut the kids down. I would buy it again just for that.”
Two Types of Configuration
Cujo can be setup in two ways, Bridged or DHCP server mode.
While CUJO claims it is a painless setup, that isn’t the case if you want to set it up in DHCP mode, which is how most people will actually end up using it, despite the networking issues associated, since they won’t have taken the time to build a real network the Cujo can be inserted into in bridge mode.
Bridged Mode
This is the best mode, and when Cujo says “painless setup” at trade shows, this is what they mean. It literally is plug and play. Cujo detects the two ports as active and does it’s thing as if by magic. It also offers the best performance of the two configurations, owing to not passing in and out traffic over the same interface, as well as avoiding a double NAT problem. Every network I setup this way works perfectly out of the box.
DHCP Mode
This is mode most people use, despite it not being ideal. Both networks I have setup this way ultimately required a call to support to get working right. Support by the way, I believe is Eastern European, who speak fantastic English, and both guys I talked to knew their networking. One even knew of the Awesome Latvian Routers I deployed before Ubiquiti started offering decent routers and was the subject of both calls. I can’t say enough good things about the support. As a professional though, I didn’t like having to resort to making a call and getting them to push configurations. For the average person though, you call once and they walk you through the process, and you are done.
If you just have a consumer router or ISP Gateway though, I doubt it’s hard to get work by yourself, even if you end up with double NAT issues, but I have never configured one with just a consumer router myself, since I stopped deploying them for customers a decade ago, favoring more reliable and flexible business equipment. Ironically the flexibility is a drawback in Cujo’s DHCP mode.
Management of the Cujo Firewall
I hope you like phone apps, because that’s the only option.
All of the management is done through The Cujo app, which is available for IOS and Android. After you go through the initial setup, by default everything is protected from threats, but there is actually a lot more you can do in the app, including looking at stats, seeing every device on the network, getting alerts as needed, or managing parental controls and content blocking.
It’s easy to use and put devices into separate groups to control and set settings of. It’s even very intuitive. I typically set up a grouping for each kid so they can be controlled individually, a grouping for parents devices, and leave all the home devices in the general group. From there you can filter ads, types of content (XXX or drugs for example) in each grouping.
Unfortunately there is no web dashboard version of the app, which would be my preferred method of management as an IT professional, but the average home user probably prefers the app. I would hesitate to deploy it in small business customers though, since without browser access, it would be hard to remote manage. Having to visit a site if there is ever a problem with it is a dealbreaker in a business support setting.
Conclusion
I really like the Cujo Smart Firewall as an IoT security solution and second layer defense for your other security products like antivirus. Especially if you are also looking for some whole network ad-blocking or Parental Controls, including the ability to lock a kid out of the internet with a toggle switch or by policy. My only complaints stem from a more business-class approach to all networking projects I do. The lack of a web app makes me sad, but probably doesn’t matter so much for the average homeowner and parent.
I also like that it’s dedicated hardware instead of a router itself. I prefer to separate out as many network functions as possible so each has one job to do.