A look at CyberSecurity by Proofpoint and Cloudflare for UniFi network gear

Well, that's a mouthful - the CyberSecurity by Proofpoint and Cloudflare for UniFi network gear is an add-on security capability that you can purchase per site to protect and secure your network.

I've had UniFi network gear for quite some time now, and most of my home lab runs on their gateway, switches, and Wi-Fi access points. They are pretty great - affordable, close to enterprise-ready, yet still easy to configure and manage. I'm saying close to enterprise-ready, as I feel they might lack some of the more esoteric enterprise features that you would need in larger deployments.

The CyberSecurity add-on, which you can purchase per physical site, is an annual subscription that provides you with the following:

• Enhanced intrusion detection and prevention
• Enhanced content filtering (powered by Cloudflare)

The cost is based on your particular UniFi network gear. I've got the UniFi Dream Machine Pro (UDM-Pro), which is a rack-mountable firewall, gateway, and switch. I purchased this in 2021, and you can read my initial review of the device here.

For me, the cost was 89 € for a year. That's less than Netflix or F1 TV, and if it provides added security for my home network and services, it's probably worth it.

You can purchase the service via the UniFi portal, and once activated, you can configure it via Configuration > CyberSecure:

The two main capabilities are Region Blocking and Content Filtering. For region blocking, you can block both incoming and outgoing traffic, per geo:

I've added - primarily based on intuition - a bunch of goes I'm not expecting any traffic from. I realize it's not exact science, but it's better than nothing, or better than trying to guess IP networks or domains. Initially, this felt a bit crude - "Can I block all of China?" Well, sure - I don't have any services someone from China should access, particularly not myself.

Should I then block everything outside Finland (and Åland Islands)? Perhaps, as I never access anything at home without a VPN tunnel anyway. However, I have a few services - including this blog - that I want to be able to provide to people outside Finland.

For content filtering, it's sourced from Cloudflare and looks very familiar:

I've opted not to block anything (yet), but once I've some time, I'll start enabling these. My concern here is mainly that I need to access random sites for work - "oh, someone wrote about this on Reddit" - and if I've blocked "shady sites and then some others", I suppose I'm also blocked from accessing that nice thread on Reddit, too.

Looking at Traffic flows, I can now verify what's happening with my initial IDS blocks:

This refers to the past month, and I can see that there has been some concerning traffic, which was detected and prevented. They are all pointing to one of the publicly exposed services, so it makes sense that it will also receive shady traffic.

I can also see an overview of CyberSecure activity for the past month:

Pretty nice! Region blocking is certainly doing wonders here.

In closing

At about 7.5 € per month, it's not free, but not too expensive, either. My home network has approximately 60 active devices and services that receive an IP address from DHCP, and only a few of them are exposed externally. In that sense, I could just lock everything down and not need any of this. Yet, at the same time, I love self-hosting stuff for myself, which, at times, requires public endpoints. For this, I feel CyberSecure is worth it.