How Amazon and Eero could bring enterprise-grade threat management to the masses

What if every Amazon customer could benefit from the power of AWS and machine learning to thwart malware and other security threats?

Enhancing IoT device security ZDNet's Tonya Hall talks with Mitchell Klein, executive director at Z-Wave Alliance, about new ways individuals are able to enhance their IoT device security.

This week, Amazon bought Eero, a maker of mesh Wi-Fi devices for consumers and small businesses, for an undisclosed sum. 

The initial response to this has been mixed, some industry commentators have even called this acquisition "scary", fearing that the Seattle-based internet retailer and public cloud provider will use Eero's devices as a way of hoovering more and more information from its customers, with the intention of selling them more of its products.

There's no question that Amazon will find interesting ways of monetizing these devices, perhaps even integrating the functionality of Alexa and the Echo connected speakers into a single device running on a mesh network. In fact, I would bet money that's exactly what Amazon intends to do with Eero. And I am sure it will consider integrating other functionality, such as parental network controls, like the kind used in the Circle product, which Amazon sells quite a bit of.

But rather than applying "Black Mirror" scenarios for Eero now that it is owned by Amazon, I believe that Jeff Bezos and his merry crew can be a significant force for good.

How so? Amazon can leverage the power of its commercial cloud, AWS, and its advanced Machine Learning capabilities to provide a true Unified Threat Management (UTM) solution as a managed service for consumers and small businesses, at a price anyone can afford.

What's UTM? To use Kaspersky's description: 

Unified threat management, commonly abbreviated as UTM, is an information security term that refers to a single security solution, and usually a single security appliance, that provides multiple security functions at a single point on the network. A UTM appliance will usually include functions such as: antivirus, anti-spyware, anti-spam, network firewalling, intrusion detection and prevention, content filtering and leak prevention. Some units also provide services such as remote routing, network address translation (NAT), and virtual private network (VPN) support.

More specifically a UTM performs deep packet inspection (DPI), which is low level analysis at the packet level, versus firewalls that perform at a stateful level, or SPI, which is how most traditional firewalls in consumer router products and desktop operating systems work. 

It's a much more compute-intensive way of performing network security, so traditionally UTM appliances have been fairly expensive, and also, there's significant network overhead for doing it. You can perform UTM at wire-line speeds, but these products are usually fairly expensive, starting in the thousands of dollars, with yearly subscriptions also potentially costing thousands of dollars as well, depending on number of concurrent users, as they are geared towards large enterprises. It's really more of the software and licensing that makes this expensive than the hardware itself.

Also: Develop a comprehensive network security plan (PDF) TechRepublic

Nine years ago, I made the case that in order to provide the most robust level of consumer malware protection, UTM would have to be part of an overall solution that also included virtualization-based security on the desktop. Back in 2010, we were really at the beginning of the mobile computing revolution with iOS and Android -- the iPad had just launched and we were just at the start of the mobile app development craze. 

Most computing then focused on the desktop, and the idea of using hypervisors on a PC let alone a Mac as default OS behavior was admittedly a bit crazy because the hardware requirements were significant. But times have progressed. Microsoft is now moving towards a virtualization-based security model on Windows 10, and modern x86 processors on the desktop are more than capable of running Windows as well as the Mac in a virtualized mode all the time, even for consumer-class machines. So are mobile processors, too, and containerization on those platforms makes this even more doable, because it has significantly less overhead.

Microsoft is positioning this technology, Device Guard and Advanced Threat Protection, as more of an enterprise computing feature currently, but sooner than not it will make it to consumer class systems.

But we have moved far beyond desktops in the consumer space in nine years. We have homes with dozens of IoT devices, with smart televisions, set-top streaming devices, smart speakers, home automation technology, you name it. My home alone has a good 40 or so devices attached to Wi-Fi at any time, not counting the various test smartphones and tablets and laptops I have running for various purposes.

Also: What is the IoT? Everything you need to know about the Internet of Things right now 

All of these mobile devices and IoTs are going to require much more sophisticated levels of protection on home broadband, particularly as technologies like 5G become more and more ubiquitous.

It would behoove broadband internet providers like AT&T, Comcast, and Verizon to supply neighborhoods with UTM as a value-added service or even part of the basic subscriber service. But this is not something they even offer today.

So what if Amazon, with its Eero purchase, decided to leverage AWS as a way of providing UTM to Amazon Eero customers? The compute requirements for UTM are now considerably cheaper than they used to be, and the appropriate network acceleration hardware can easily be built into a system on a chip so that wireline DPI performance doesn't have to suffer if the Eero is the primary interface to the broadband connection. 

In fact, I am sure companies like Qualcomm, Marvell, and Broadcom have perfectly good SoCs for this purpose already off the shelf. And there are Open Source UTM stacks that already exist that Amazon can also leverage -- but it's not like they can't just go and buy a UTM company tomorrow and use that IP either if they need it. I can think of a dozen enterprise UTMs Amazon can buy for a few hundred million dollars or less if it were so inclined.

Also: What is machine learning? Everything you need to know 

But the real value of this Eero purchase would not so much be integration with Amazon Alexa and potentially UTM for consumers. It would be how AWS could be used to crowdsource end-user behavior on broadband connections via pattern analysis in order to better understand how malware and other security threats occur on consumer home networks. That's where AWS Machine Learning comes in.

By having real-time information on the network security of hundreds of thousands or even millions of residences, Amazon could build a highly sophisticated profile of how large scale malware and human factor-centered threats occur, which in turn would allow major security vendors to build better models on how to actually combat them, provided that Amazon could sell this appropriately-cleansed data to vendors for analysis and integration into other security products.

Personally, I'm looking forward to seeing what Amazon actually does with Eero and what sort of cloud integration it brings into the picture. Talk Back and Let Me Know.