AirDefense's latest wireless LAN protection software will be fighting on two fronts: one, against upcoming products from Wibhu and Highwall; and secondly against threats to the network, which it is designed counterattack.
The new version, AirDefense Enterprise 6.0, first discussed by Techworld last month, adds the ability to block or disconnect WLAN threats, such as wireless intrusions, rogue access points and denial-of-service attacks. The well-established product (an earlier version is reviewed here) consists of radio sensors to monitor WLAN transmissions, and server software to track, record and counter an array of threats.
Other WLAN security vendors, are not standing still though, with new products from Wibhu and Highwall promising the same active approach to network protection. Start-up Wibhu will launch a product broadly similar to AirDefense 6.0 at the end of this month that includes sensors to pick up and monitor radio signals, and software to locate the signals, identify an array of threats, and, most importantly, take automatic action against them.
Highwall is also planning a new release this month of its Highwall Enterprise WLAN monitoring software, which will let network administrators enforce wireless security policies automatically on a WLAN that can now span several locations. Highwall is another established player in a burgeoning wireless security market.
Other vendors in the space include Aruba, a switch vendor that has been dropping hints lately about a security product. "We have customers that have no access points or RF monitors at all," Aruba CEO Don LeBeau told Techworld recently (read the interview here).
AirDefense claims its new system can measure the risk of a rogue, determining whether it is connected to the LAN. At least one user likes this feature: "It's one thing for an (intrusion-detection system) to say 'here's a rogue'," says Frederick Nwokobia, a senior engineer at New York brokerage, Lehman Brothers Holdings. "But AirDefense 6.0 now says, 'here's a rogue that's connected to your network'."
Lehman Brothers has only a small Cisco WLAN, but it uses AirDefense to monitor activity on it. Like many other users (see our roundup), the company has found that wireless management requires tools from specialist vendors alongside the big vendors.
Version 6.0 of AirDefense lets network managers immediately and remotely disable a rogue device with a single keystroke, and includes an optional agent, AirDefense Personal, that runs on a Windows laptop PC, and watches for about 50 problematic activities. One example is connecting to an access point that appears to be a public WLAN but is actually a username/password trap using Airsnarf. When the agent detects this problem, it can shut off the client's WLAN adapter card, and send a report to the AirDefense server. Such automated responses are a key part of Version 6.0, although users can opt to manually trigger these actions from a central console.
The AirDefense release includes more than 100 new threat-detection patterns, taking the total to 200, for which the software continuously monitors. Another change is that AirDefense can pull user and device configuration data from Lightweight Directory Access Protocol (LDAP) directories without having to re-enter all this data manually.
Version 6.0 of AirDefense is scheduled to ship next month. Pricing is unchanged, starting at about $7,000 for four sensors and the server software.