The 3 bedrocks of the Island experience are speed, security, and simplicity. The Island name was chosen to embody security, privacy, and peace of mind. Given that there is no product that can guarantee 100% security, the Island strategy is to provide the most robust security possible, focusing on the measures that have the most impact toward preventing the majority of cyberattacks, without imposing the complication of onerous configurations or compromising performance.

A 2024 study by Stanford Research shows that 88% of breaches involve human error, with phishing being the #1 attack vector—91% of attacks begin with a phishing email. So, to start with, we advise that home and small business owners train their users to:
• Create strong pins and passwords
• Recognize phishing tactics and avoid opening attachments or links from unknown sources

Island’s security features fall into three categories: 1) those associated with next-generation firewalls, 2) additional features that are expected of secure networks but not necessarily unique, and 3) features that are unique to Island.

Island Next-Generation Firewall Features
• A stateful firewall, plus advanced firewall features.
• Deep packet inspection (DPI): Island analyzes the content of packets at a deeper level.
• Application-level control: Island can identify and control applications running on the network, and provide access by device, user, or group.
• Intrusion prevention system (IPS): Island blocks all unauthorized incoming access, and blocks outgoing access to command-and-control servers and attempts to download malware. Bear in mind that a great many of the exploits that used to be handled by an IPS can no longer be detected within encrypted traffic.
• External threat intelligence and reporting: Island includes URL filtering with a continuously updated threat database from Webroot, and reports aggregate blocked threat attempts on a per device basis.
• Traffic analysis and Insights: The Island logs network usage by device, user, and group for up to 3 years, and dynamically displays the past 7-day window. Custom alerts can be set to notify if a device exceeds an average volume over a specified time, providing the tools for identifying and reporting unusual behavior by any device.
Not Included:
• Encrypted Traffic (SSL/TLS) Inspection: Island does not support this feature because of the complicated requirements imposed, such as the installation and maintenance of safety certificates on devices, the high penalty to performance, and the compliance and privacy concerns of users.
• Sandbox Analysis: Island does not flag and isolate potentially malicious files, usually email attachments, to test run in a separate environment for several reasons: sandbox set-up is complicated, further analysis (decryption, inspection, and re-encryption) takes time and delays message deliveries, false positives occur, and some malware code detects if it has not landed at its intended target, avoiding sandbox detection altogether.

Additional Island Security Features
• Network Segmentation: Island supports up to 1000 separate LANs and VLANs, to effectively isolate guest, IoT, kids’, or departmental devices from one another.
• Unobservable DNS: Island offers several options for DNS, but by default, provides DNS over HTTPS (DoH).  It provides a wholistic DNS for the entire network that cannot be bypassed, regardless of the configuration of individual devices.  Importantly, it covers non-browsing, IoT devices (such as cameras, baby monitors, and thermostats) as well.  Island’s DNS ensures privacy and protection from snooping and “man-in-the-middle” attacks that is not guaranteed when using other traditional DNS services, such as those of Google or of one’s ISP.
• Private NAT: Island enables the use of private IP addresses that are fundamentally invisible and unreachable from outside the network.
• New Device Notification and Quarantine:  Island sends an alert when an unidentified device connects to the network; optionally the device can be placed in quarantine or a state of restricted access until identified.
• Out-of-the-Cloud Database: Island maintains all data pertaining to your network activity in local memory. Inventories of devices, user profiles, filters, network set-ups, and traffic and browsing histories live on your Island, both for performance and security reasons. Absolutely no one can access this data but you. And It’s always easier to protect your network data if it’s not traversing the Internet or living on a server in the cloud. 
• Customizable, Two-level Alerts: Island automatically sends a “red flag” alert to the app upon an attempt by any device to connect to a site considered unsafe: botnets, keyloggers, malware, ransomware, and the like. With one tap, you can pause its access to the Internet. In addition, you can set up alerts based on URL visits, time on the Internet, volume of data used, or simply whether a device comes online/goes offline. So, each customer can decide what constitutes a security or privacy breach in their own network and be alerted accordingly.
• Integrated VPN: Island builds in VPN access to the entire network on a per-device basis without the burden of client software. VPN access is granted to any user or device only on a permission basis.
• Scheduled VPN or Internet Access:  Once again on a per-device basis, VPN access or Internet availability in general can be scheduled by time, day of week, or start/end dates. During time periods of known or desired inactivity, this feature can preclude access altogether.

 Security Features Unique to Island:
• Totally Automated: Security features are integrated and enabled automatically at boot-up, without configuration.
• No Performance Penalties: Security features, including filtering and VPN, occur at wire speed and impose no speed penalties.
• Island Proprietary Software: While Island does use minimal open-source components, most of its software is proprietary and much harder to penetrate than open source code, which anyone can study to find entry points.
• Modular Architecture: Island’s code is unusually modular, creating natural impediments for malware to travel throughout the network.
• Isolated Kernel Stack Interface (Patent-pending): In a typical router architecture, the operating system and its many services, including TCP/IP stack, routing functions, NAT, and firewall, are all contained in a semi-monolithic kernel. Not only does a fault in any part of the kernel crash the entire system, but the kernel TCP/IP stack has complete access to all of the internal and external networks that are attached. In contrast, Island's operating system kernel, along with its TCP/IP stack, has no direct access to any network interface. Internally, the kernel is treated as a separate, virtual network and runs on its own private IP address. In this way, the dedicated packet processor is modularized and protected, where faults can be isolated and restarted gracefully.
• Automated, Non-disruptive Updates: Island’s modular architecture not only enhances security, but also enables modular firmware updates that normally produce no disruption at all; or, if needed, the packet processing engine can be upgraded with less than five seconds of down time.
• Designed and Assembled in the USA: Primarily non-intelligent components, such as the internal power supply, are sourced offshore for use in Island. All software is loaded onto Island routers only in-house in the U.S., removing opportunities for tampering.Item description