The router manufacturers have been offering advanced security features either as built-in software or as add-on packages for a while now and, since I have already had a look at the Asus AiProtection, it was time to check out if the Netgear Armor is actually worth it. If you were using the Netgear R7000 or the R7800 and decided to switch to a newer model, from the the WiFi 6 series, then you undoubtedly know that the manufacturer has partnered with Bitdefender to create the Armor suite of security features. And that’s because Netgear is pretty much bombarding your Nighthawk app with ads about the Netgear Armor and the Advanced Parental Controls subscription plans.
Of course, I understand their business model, even though the Netgear routers aren’t really the cheapest on the market, but, considering that Asus offers its AiProtection features for free (well, included into the price of the router), why would you bother with the Netgear Armor?
Netgear Armor vs Asus AiProtection
The Netgear Armor was first introduced in 2018 with the release of the Nighthawk R7000p (which was supposed to bring the glory days of the R7000 back and I tested it a few years ago), as well as for the Orbi line.
And it’s a year after TrendMicro started the partnership with Asus – after it also started working with TP-Link, a free option for 2 years after which they with a paid subscription model powered by Avira. So, let’s have a brief look at the main differences between the two services.
| Netgear Armor | Asus AiProtection | |
| • Network vulnerability reports | Yes | Yes |
| • Intrusion Prevention System (IPS) | Yes | Yes |
| • Detect and block infected devices in your network | Yes | Yes |
| • Web Protection | Yes | Yes |
| • Firerwall | Yes | Yes |
| • Anti-theft Protection | Yes | No |
| • Content Filtering | No | Yes |
| • Built-in VPN | Yes | No |
| • URL Filtering | Yes | Yes |
| • Scheduled Block Time | No | Yes |
How does the Netgear Armor work?
I have recently tested the Netgear RAX43 and after installing the Netgear Armor (it pretty much does it automatically), the trial version, I noticed that there are a few areas of interest in the app. Upmost, there’s a score to let you know how much you can improve to ensure the security of your network and there is a guide with the best practices on how to improve this score. Then, there’s the ‘Devices Eligible for Bitdefender Security’ area and it’s an interesting aspect that I have not seen on the TrendMicro’s platform for routers. You essentially get to install the Bitdefender Security on an unlimited amount of devices (that are eligible), pretty much extending the capabilities of the Netgear Armor.
Why would you need that when you have the router? Because it’s going to continue to work when you’re out of the home network, so it’s a very nice feature to have on your Windows, macOS, iOS and Android machines. To be honest, that’s one of the major pros that makes using the Netgear Armor worth it. Returning to the app, we see that there are three additional tabs, one for showing the number of Devices that have been Scanned, The Threats detected and Blocked, as well as whether it has Found any Vulnerabilities. How does it manage to do that? It’s simple, they’re scanning your data. Metadata, to be more exact.
Just like the AiProtection, the Netgear Armor uses an IPS (Intrusion Prevention System) to check if the data that’s flowing in and out of your network matches any signature threats that are in the Bitdefender database. Before you panic, Netgear has mentioned that only the metadata is being send and scanned, so no info about you is truly being exposed. Of course, nothing is truly 100% secure nowadays, even if the companies have the best of intentions, but that’s the tradeoff to keep your devices a bit more secure.
Furthermore, the data analysis doesn’t really go as deep as a system such as Suricata would be able to and that’s because the routers are too under-powered for a task like this. So yes, the data needs to be sent to the Cloud servers to be analyzed – the previously mentioned data collection.
Does Netgear Armor have an impact on the router performance?
This ties in with the previous section. That’s because analyzing an intense flow of data requires a lot of resources, so the CPU load is usually more elevated when these security features are enabled. For example, the AiProtection can cut about 10 percent of throughput when it’s enabled on older routers, although the newer (and more expensive ones) handle the overhead much better. So, will the Netgear Armor really have an impact on the network performance?
Yes, if you’re using an older router and not so much with the newer ones. Notice the pattern? Indeed, the older Netgear routers were not build with an IPS system in mind, even if it’s mostly on the Cloud, so it will slow down a bit when the scanning is running. I do think that you should use Netgear Armor only with the newer devices (preferably WiFi 6), unless you don’t mind a cut in the throughput (you could also just use Pi-Hole for some network protection when using old routers).
Do you actually need the Netgear Armor?
You shouldn’t truly need this type of software at router-level since all your devices should have a proper firewall in place. But, while Windows machines, MacOS laptops, smartphones and Linux distros are quite decent at keeping malware and other outside threats at bay, the IoT market is a mess. Yes, even now, things aren’t better than a few years ago. Most manufacturers don’t care at all about creating secure devices and, after connecting a no-name smart bulb to your network, it’s not impossible to have it infect all your devices.
So, a router-level protection, such as Netgear Armor could detect it in time and isolate it from the rest of your devices. Also, while I don’t doubt that you are careful on what you click on (or what you visit) while online, your kids are not.
I am sure that most parents can attest that after checking the logs of either AiProtection or Netgear Armor, the devices that are used by their kids has the highest hits. So, it’s not bad to have such a system in place.
Alternatives to Netgear Armor?
I have already mentioned the Asus AiProtection as a viable alternative where you don’t have to worry about a subscription and you also get Parental Controls included. There’s also TP-Link with its HomeShield which is very similar to the Netgear Armor. But there are a few open-source options as well and most do prefer Suricata, although there’s also the popular SNORT. Just be aware that it needs a more potent type of hardware than what your router has to offer – I don’t mean some expensive computer, since even a better-equipped Raspberry Pi will do the trick.
Why not Pi-Hole?
Why not indeed. If you don’t want to go the Suricata/SNORT + Raspberry Pi route, you can always just get a Pi Zero and install Pi-Hole to block some malicious websites. Just be aware that it’s not really a replacement to the Netgear Armor, more like a complementary system to block annoying ads, websites, services and apps. And it’s very good at it.
I use Safing’s Portmaster on my computers as a user-friendly per device privacy tool. It’s extremely powerful and effective which can either work alongside Pi-Hole or act as a per-device replacement if configured correctly. It’s free and open source though you can subscribe to their SPN service if you require such a tool.
The biggest difference is that it’s a tool that needs to be configured on each individual device rather than something that can be deployed across a network. Their website does have instructions on how to install it on a server so it can be used to protect an entire network but I’m unsure how effective or how easy this is to accomplish but it’s something to be explored.
Avoidthehack has a decent writeup on the basics of this tool here https://avoidthehack.com/safing-portmaster