Nextworks Logo
Back to Nextworks  

Comcast Business SecurityEdge™

Examination
   

AN MSP'S PERSPECTIVE

February 2022 | Nextworks


What is it?

Comcast SecurityEdge is a relatively new Comcast Business product that is designed to help block threats like malware, ransomware, phishing and other attacks. Comcast partnered with Akamai to develop the product and has since been heavily pushing SecurityEdge into every new Internet services contract as part of a product “bundle”.

SecurityEdge often isn’t mentioned (and never explained that we have seen) when you go about adding new service or renewing an existing contract. If you are the .1% that already know that you don’t want it, then you can of course request to have it omitted. However, this unbundles the bundle, so be prepared to pay more.


Why it’s good for some, and bad for others.

If your business or organization has a rather simple network and you do not use your own Internet firewall, and you are not using in-house servers, then Nextworks sees no reason to avoid SecurityEdge. It does have security benefits and can lower your cost. SecurityEdge will help prevent you and your staff from falling victim to Internet scams and provides you with a monthly report of protection activity.

Be aware that as your business grows, your network can also grow. It may expand in capability and complexity. It can then collide with SecurityEge. You may then discover that you are contractually married to it.

Here is another common and unfortunate scenario. Your network is plugging along year after year performing its functions admirably. Then once day you discover that your neighbor in the suite next door is getting faster Internet at a lower cost. So, you pick up the phone and call Comcast Business. You are then offered to renew your contract for another three years and get double the speed while saving $50 - $100 per month. Great you say. You sign Docusign and upwards and onwards. Then in 1-2 days your Internet completely breaks. Uh-oh.

Nextworks doesn’t blame the Comcast sales representatives. We have always found them to be responsive, available, and friendly. About 9 out of 10 merely don’t know how SecurityEdge works exactly. They don’t realize how destructive it can be to some networks.


Can you reverse the damage?

The biggest complaint among both Nextworks and the greater IT community is not so much the product itself. It’s that you can’t easily turn the dang thing OFF. You are stuck with it for 6 months. Under a new Comcast Business contract, services cannot be removed or downgraded for 6 months. While you CAN remove it, it breaks the bundle, breaks the contract, and you will be charged early termination fees.

You can call Comcast and ask the agent to disable it. (Or you can do so on your customer portal.) What around 50% of the agents don’t know, or don’t think to mention, is that the next time your Comcast equipment power cycles, or receives an update, it will turn itself back on. Ouch. Then you must again turn it back off with Comcast.

Depending on your network design there are other work arounds that can be done. These do often conflict with IT best practices though. But sometimes you must do what you must to do.


How to avoid SecurityEdge.

For new service, you can insist on not getting it. Nextworks has found that this will mean paying a fair amount more and with less speed. All the high-speed plans require the bundle. (Comcast Business Fiber does make it easier to avoid including it though.)

If you are renewing an existing contract, you can also get lucky and exclude it, get more speed, and reduce you bill. It depends on which agent you talk to. Some seem to be more capable at doing this than others. Nextworks has been successful with this.


So why all this headache?

We don’t know. The IT community is abuzz with questions and gripes. Otherwise, Comcast Business is a rather good service providing a reliable product at a good price. We hope that someday it will be easier to just say “No thank you.” instead of “Thank you sir. May I have another!”


How SecurityEdge can interfere. (This section is for the techies.)

From any computer on a network behind SecurityEdge, try the following.

> nslookup google.com 33.13.8.51    Note: this is a random IP address. It’s not a name server!
Server: 33.13.8.51
Address: 33.13.8.51#53

Non-authoritative answer:
Name: google.com
Address: 172.217.6.46

Hmm, how did that resolve?!?! Comcast hijacked the DNS. So good luck using your own DNS from your firewall.

What we should see it this:

> nslookup google.com 33.13.8.51
;; connection timed out; no servers could be reached


September 2022 Update

Comcast is supposedly able to permanently disable SecurityEdge now. However, we found that it can often still be problematic keeping this service in a disabled state.

Need help working with Comcast and SecurityEge? Contact Nextworks today.


[ Return to News & Commentary home. ]

[ Return to Nextworks IT home. ]

Celebrating our 11th Year Anniversary!