This week, AirTight Networks released a new version of SpectraGuard Enterprise, adding several features to facilitate large-scale WIPS deployment. As WLANs become mission critical and pervasive, enterprises still see security as their biggest challenge. “Version 5.5 improves threat detection while reducing cost and simplifying administration,” said Mike Baglietto, Director of Product Marketing.
Leveraging WLAN investment
For the 70 to 80 percent of AirTight’s direct customers that use Cisco Wireless LAN Controllers, SpectraGuard 5.5 offers to cut WIPS capital investment and on-going costs up to 30 percent. Savings are achieved through tight integration with Cisco WLAN infrastructure to import device inventories and perform background RF scans.
According to Jatin Parekh, Director of Product Management, SpectraGuard 5.5 can send periodic SNMP GET requests to Cisco WLC to obtain lists of managed APs, managed clients, visible external APs, and visible external clients. By automatically classifying WLC-managed devices as Authorized, SpectraGuard can focus its own classification efforts on external devices.SpectraGuard can also use Received Signal Strength Indicator (RSSI) values reported by WLC to improve the accuracy of real-time maps. Because APs are more densely-deployed than SpectraGuard sensors, AP readings can result in more precise location tracking.
But, Cisco APs are still not dedicated to threat detection and remediation like SpectraGuard sensors. By offloading location tracking onto Cisco APs, the total number of SpectraGuard sensors may be reduced by as much as one-third. Enough sensors must remain to monitor the air full-time and take preventative action when needed.
Customers without Cisco APs – including those using gear from AirTight partners 3COM, Colubris, Extreme, Siemens, Extricom, and Ruckus – do not yet benefit from WLC integration. However, Baglietto expects to see integration with at least some of these other-vendor APs in future releases.
Facilitating WLAN growth
Earlier SpectraGuard releases applied a single WIPS policy to the entire WLAN. In SpectraGuard 5.5, an upgrade license lets administrators create policies per region, site, or floor.
Chris Roberts, network and security operations manager at ADESA Inc., spends 90 percent of his time managing 10 percent of his WLAN. “If I can have regional managers helping with [those exceptions] my total cost of ownership goes down,” said Roberts. “It spreads the workload and lets [regional managers] be accountable for their areas.”
According to Parekh, administrators will still import floor plans and position sensors on them. However, when location-based policies are used, each map is linked to a custom policy and set of authorized administrators. Each policy inherits from higher levels, but can reflect local differences – for example, treating a visitor’s center differently than a secure facility.
Furthermore, administrators will only see the locations, alerts, and reports within their own realm of responsibility. This can cut a large distributed WLAN into workable pieces, and help distribute the effort required for threat surveillance and incident response.
Improving WLAN security
Finally, SpectraGuard 5.5 includes updates intended to strengthen threat detection and remediation.
- 5.5 sensors use new prevention techniques to defeat Multipots – coordinated attacks involving more than one spoofed AP. According to Baglietto, older sensors tried to block spoofed APs using Deauthenticates, but simply could not keep up with Multipots. New sensors make clients think they are still associated, thereby stopping them from hopping to yet another spoofed AP.
- 5.5 sensors can also detect 802.11n APs, including consumer pre-n routers and draft 802.11n APs. RF fingerprinting identifies and classifies 802.11n devices, helping businesses neutralize rogues that might fly under the radar. However, 5.5 sensors still use a/b/g radios and can only detect 802.11n devices that use the a/b/g-compatible Mixed mode. In other words, 5.5 sensors might miss an 802.11n AP operating in Greenfield mode.
- Finally, this release includes a bundle of anti-WEP-cracking features. Dubbed WEPGuard, those features are aimed at customers that still use WEP, helping them to quantify their risk and deter active WEP cracking.
Expanding client base
These new features – especially localized policy administration – will help SpectraGuard tap new markets. “The benefit extends not only to the enterprise, but also to Managed Service Providers who need to manage multiple customers with a single enterprise server but isolate the deployments and policy for each customer with an individualized policy,” said CTO Pravin Bhagwat.
SpectraGuard Enterprise 5.5 upgrades are available at no charge to customers with a valid support contract/warranty. New customers can purchase a 5.5 Starter Kit, including a server and two sensors, for $9,995. Location-based policy management requires a separate $4,995 upgrade license, available at half-price through the end of 2007.