Spotting Wireless Intruders: Vigilar

By Lisa Phifer

October 28, 2003

Vigilar offers a complete portfolio of security services to companies of all sizes.

Vigilar is an Atlanta-based, three-year-old InfoSec firm that offers security training, value-added reselling, and professional services, including managed firewall, VPN, vulnerability assessment, and IDS. According to CTO Joseph Dell, Vigilar added managed Wireless IDS to its lineup in January 2003.

Vigilar offers a number of WLAN services, ranging from site surveys and secure WLAN design to security assessment, penetration testing, and managed WIDS. To add WIDS, Vigilar leveraged its reseller relationship with AirDefense, its existing customer base, and its SOC, staffed by experts with (on average) 12 years of security experience.

"Our staff was designed to handle small to mid-tier companies already, so adding WIDS was minimal overhead," said Dell. "It is much less of a headache that wired IDS. WIDS is much more finitethere's clear beginning and ending to wireless."

"We deploy AirDefense sensors at each customer site; they report back to a centralized management station," said Dell. "That gives us all of the logs, alerts, and information needed to tune the service." Vigilar runs an AirDefense server at customer sites, with a secondary server at its SOC for disaster recovery. Remote servers are configured and managed over secure SSL tunnels.

According to Dell, the most challenging part of IDS (wired or wireless) is base-lining. "For the first two weeks of service, we will not respond to live alerts. During this tuning phase, we interact with the customer, interview key people on their staff, and try to figure out who should be using wireless and where. We'll sit down with the customer and say 'This is what we've seenis this what should be happening?'"

"Once we establish a legitimate baseline, we work with customer to get a response plan in place," said Dell. Thereafter, whenever an attack occurs, Vigilar initiates the defined incident response plan. According to Dell, "Our reporting is based on high/medium/low severity, where high means immediate notification, medium means next business day notification, and low means included in the monthly report only."

Vigilar customers manage their own incident response. "We do offer an Incident Response service, where we go onsite and assist them," said Dell. "But this tends to not be as cost-effective as them having them manage their own response, so we encourage our customers to do that." To facilitate this, Vigilar gives its WIDS customers full access to all AirDefense logs and alerts, plus Vigilar's monthly reports.

Dell finds that WIDS customers fall roughly into one of two categories. "First is the small to midsize business that either doesn't have wireless at all or has a small amount of wireless," explained Dell. "They primarily want rogue detection, but don't have the skills or time to do this themselves."

"The second type of customer is looking for attack violations, policy violations, rogue detectionthey want it all," said Dell. "[These] customers are likely to be sending critical data over wireless. For example, financial institutions are extremely cautious yet want to be the first to market with wireless devices."

To satisfy the diverse customer needs, Vigilar offers different levels of service and pricing. "We've priced our WIDS such that the cost one would pay Vigilar for a managed service is roughly the amount you'd pay to purchase the hardware and software yourself over a period of two years," said Dell. Pricing is based on many factors, including criticality of data, response time, SLA , and coverage.

According to Dell, "Every deal has had its own intricacies. Some customers are more concerned with access time, some with quantity of data." Pricing starts at $499 per month, plus an implementation fee equal to the first two months of service. "Instead of having somebody pay us separate fees for hardware, software, maintenance, and installation, we encompass all those costs together as one lump sum. You just pay for your first two months up front, like you do with a lease."

Although Dell believes that all customers can benefit from outsourcing security services, Vigilar's "sweet spot" is the small to midsize business with up to 500 employees. "They usually have less than five security experts and don't have the time to get up to speed in the wireless space and don't have the time to walk around finding rogues," said Dell. "For most of these customers, security is an afterthought. Wireless has often been installed without IT knowledge or approval." Deploying WIDS can help these companies bring unmanaged, unsecured WLANs back under IT control.

Reprinted from ISP Planet.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.