AirMagnet Inc. is hoping new interoperability with Cisco access points will be a key selling point for its updated...
Wi-Fi security product.
Tomorrow the Sunnyvale, Calif.-based vendor will roll out version 6.0 of its wireless LAN intrusion detection and prevention offering, AirMagnet Enterprise.
The product combines software with radio-frequency sensors to detect and thwart threats to 802.11a/b/g networks. It's a third-party product for companies using Wi-Fi hardware from Cisco, Trapeze Networks, Aruba Wireless Networks and others.
Highlighting the release is the new integration with Cisco products. AirMagnet Enterprise can now exchange information with Cisco's Wireless LAN Solution Engine (WLSE), which manages Cisco Wi-Fi gear.
Cisco opens up
Rich Mironov, AirMagnet's vice president of marketing, said not only does that integration enable customers to use Cisco APs as dedicated AirMagnet scanners, it also allows them to import Cisco access control lists so that WLSE-managed devices are automatically considered trusted devices.
"Cisco finally opened up an API to let us do that [integration]," Mironov. "There are some customers that want all Cisco hardware instead of our gear, and that's fine with us."
William Terrill, senior analyst with Midvale, Utah-based research firm Burton Group, said AirMagnet has made a good decision by moving toward a software-centric product that incorporates hardware from various vendors, including Colubris Networks and Xirrus Inc.
"You're not going to convince a lot of companies to implement third-party scanners from a small vendor, not when they're spending thousands of dollars or more on access points," Terrill said. "Now when a user buys access points, they just need to buy a few more to use as scanners."
Other new features include integrated compliance reporting tools, simultaneous threat blocking and scanning, easier-to-deploy sensors that don't require preconfiguration, and "zero-day" alarms that spot unusual threat patterns that may not yet be associated with a known virus signature or exploit.
Staying dry during a 'phlood'
Perhaps AirMagnet Enterprise 6.0's most unique feature is a defense mechanism for a budding type of Wi-Fi attack that AirMagnet refers to as "phlooding."
Phlooding, Mironov said, is an attempt to overwhelm a central authentication or Lightweight Directory Access Protocol (LDAP) server with invalid logon requests, preventing legitimate users from logging onto the wireless network.
"If I had people in five cities doing this, that central login server gets incredibly busy," Mironov said. "In effect it becomes a denial-of-service attack against logging into the system."
Mironov added that while phlooding is not a common Wi-Fi attack method today, data from his company's product analysis efforts suggests that it's becoming more common. He added, "One of our developers wrote about it in a thesis three years ago, but we didn't have any reason to believe it existed until now."
Terrill said phlooding could only affect enterprises lacking multiple access servers. "For true enterprise access, you have to have redundancy," he said, "or you don't worry about it because it's not critical."
Beginning tomorrow, AirMagnet Enterprise will be available starting at $8,995. That starting price includes server and console software, integrated reporter and four AirMagnet sensors. Licenses for interoperability with Cisco gear come with an additional fee.
Overall, Terrill said AirMagnet has made a name for itself -- along with Fortress Technologies -- as one of the top companies for enterprise Wi-Fi security. Plus its software isn't as awkward as similar security systems from Cisco and other hardware vendors.
Plus, he said, using third-party Wi-Fi security adds an extra level of security.
"If you use one vendor's equipment and another's security," Terrill said, "hackers don't have just one point of entry."