December 01, 2003
One WLAN security vendor is giving network administrators more control over monitoring internal policy violations.
SAN JOSE, CALIF. -- Each network is unique, so it only makes sense that administrators should be able to tailor their monitoring software to meet their specific needs.
That's the idea behind Network Chemistry's Wireless Intrusion Protection System, which the company plans to roll out this week here at the Wi-Fi Planet Conference and Expo. The system includes a feature called "Custom Protect," which allows network administrators to write custom rules to detect security policy violations.
An effective wireless security system monitors both external attacks and internal policy violation, said Rob Markovich, president of Network Chemistry. "There are a number of policies that an enterprise needs to put in place for best practices so that they can close up the most basic security holes and at least provide a first level of detection for thwarting attackers. We're giving our customers the ability to write their own policies; no one else has this ability."
For example, if administrators wanted to ensure that workers used only certain Wi-Fi cards in company-owned laptops, they could write a rule that instructs the system to send an alert if any employee client is using anything other than the approved cards. Or, they could write a rule that alerts them if there is any Wi-Fi use during certain hours.
The feature can also be used for non-security issues, as well, Markovich noted. Administrators can write rules to monitor for use of non-business, bandwidth-intensive applications such as Kazaa, or to capture traffic in order to troubleshoot network problems.
Rules are created using the Policy Editor within the bundled Windows desktop application, and then loaded into the system's correlation engine. Markovich said the Policy Editor uses a simple expression language to construct the rules. "It's basically Boolean expressions," he said.
Eventually, he said, Network Chemistry plans to launch an extranet on its Web site where customers can post and share the rules they've created.
The system also includes updated surveillance sensors. The original sensors, known as Neutrino, supported only 802.11b. They can now scan all three standards -- a, b, and g -- simultaneously.
In addition, the sensors now support Power-over-Ethernet so they can be installed even if a power outlet is not nearby.
Network Chemistry has deployed more than 600 sensors to 40 customers since the limited release of the system at the 802.11 Planet show in June, Markovich said. He believes the key to the company's success thus far is what he calls its "disruptive pricing."
The company is offering two "pilot packages" for companies who want to try the system. A single-sensor package is $495; a four-sensor package is $1995. Markovich said that's roughly half the cost of alternatives from competitors such as AirMagnet and AirDefense, and allows customers to create a "dense fabric" of security for their network.
"Security is critical and everybody needs it, but it's like insurance," he said. "When it's too expensive, people start to rationalize, for right or for wrong. With more expensive systems, customers have to determine where are the most critical, vulnerable spots in network, and deploy there. With [our] system, they ... dont have to make that decision. They can put sensors everywhere and ... do it at a fraction of the price."
Markovich said Network Chemistry is able to offer its system at a significantly lower price than its competitors because it's devised a way to run its sensor agent on consumer-grade access points. "We don't require a Linux general purpose processor to run our sensor agent like the other guys. We've managed a way to run an enterprise-class surveillance agent on essentially the lowest-cost hardware appliance out there."