I’ve recently purchased Glasswire and love the application, not only is the GUI Pretty and full of information, but the tools are also very powerful. The Evil twin feature is one of my favourites.
From unpacking the application and exploring its functionality, I think it would be a great addition if this app could be installed to monitor all LAN activity rather than installing this on each individual box, for example, you could spin up a Docker container on the network you could run this to monitor the network for threats and anomalies in behaviour. this might have already been suggested but I think this would be an amazing feature/product you could introduce into the Glasswire application.
We’d like to do this some day. What do you think is the most reliable and available way to monitor an entire network without slowing it down? What would the container run on?
Thanks for coming back to me, it really depends what it is you’re wanting to monitor if it was Hardware usage I would suggest using either SMTP or WMI polling, however, if it was to capture and inspect network traffic you’d have to look more towards solutions like Darktrace which sit on the network and mimic all traffic passing through the core switch (Most probably the router in most home environments). the other solution you could look at would be putting agents on each device and then use an inline inspection (Similar to CASB Solutions like Netskope) to actively track any requests and allow/block from configured settings.
Agents are brilliant when they work, however when they dont they cause a massive headache.
Hopefully this makes sense lol.
The container would run on any platform it is developed for. Pi-Hole is a beautiful of a Network wide docker container that stops all Ads on a network.
Great info, thanks! I guess our concern is what kind of hardware would be required and what option would work for the largest audience who are not necessarily IT/Infosec experts.
Apologies on the delay I was away travelling with work and had limited spare time. I wouldn’t necessarily say you’d need to be an InfoSec/IT expert, just someone with knowledge/interest in these areas. I can’t imagine many non-techy people have installed Glasswire if I’m honest but it would be interesting to know if they do.
This feature could be an optional setting for Pro Users. Hardware in theory shouldn’t need to be anything mad as glasswire already does most of the hard work locally. This would just enable it to do it network-wide. even if it actively scanned the LAN for devices with known Vulnerabilities that would be cool.