AUTOMATIC ROGUE DETECTION
AND ELIMINATION


Rogue devices are a serious threat to enterprise security. A single rogue access point can allow an attacker to gain full access to the internal network, bypassing traditional wired network security controls.

The WLAN Defence Services Platform identifies any rogue device and can automatically remove it from the network. By analysing wireless traffic, the system can automatically determine the level of threat that a potential rogue poses to the organisation, allowing administrators to place a higher priority on the rogues that present a more serious threat to the network.

Accuracy is essential, as less sophisticated Wireless IPS systems can easily disable a neighbouring access point by mistake opening the organisation to unwanted risk and liability.

Detect Rogue Devices Assess Threat Level
  • APs, laptops & specialty devices
  • Ad-hoc networks & accidental associations
  • Search wired networks for rogues
  • Prioritise based on threat level
  • Identify rogues connected to the network
  • Ignore neighbouring networks
Analyse Connections Eliminate Rogue Threat
  • In-depth analysis of rogue activity
  • Who was connected to the rogue
  • How much data transmitted
  • Automated & manual termination
  • Wireless or wired termination
  • Locate rogue devices in real-time

 

slide

COMPREHENSIVE INTRUSION PREVENTION


The WLAN Defence Services Platform provides the most comprehensive detection and prevention of wireless intrusion attempts. By analysing existing and day-zero threats in real-time against historical data, the system is able to accurately detect all wireless attacks and anomalous behaviour. With context-aware detection, correlation and multi-dimensional detection engines, the platform detects only meaningful security events and maintains the lowest rate of false positive alarms. This next-generation wireless protection solution offers the industry's most extensive event library ,with more than 200 security and performance events.

Wireless vulnerabilities detected include reconnaissance (ad hoc stations, rogue APs, open/misconfigured APs), sniffing (dictionary attacks, leaky APs, WEP/WPA/LEAP cracking), masquerade (MAC spoofing, evil twin attacks/Wi-Phishing attacks), insertion (man-in-the-middle attack, multicast/broadcast injection) and denial-of-service attacks (disassociation, duration field spoofing, RF jamming).comprehensive

The WLAN Air Defence Services Platform responds automatically to wireless threats by stopping the device involved before it is able to cause damage to the network. By responding on both the wireless and wired networks, the WLAN Defence Services Platform is the industry's most secure wireless intrusion prevention solution. The WLAN Defence Services Platform performs targeted terminations ensuring that only the correct intruders and rogue devices are disconnected. The system maintains a record of termination actions to allow for a reliable audit trail. The WLAN Defence Services Platform also complies with FCC regulations and eliminates the liability that could be associated with stopping a device wirelessly.

Wireless Termination

Air Defence can mitigate wireless threats via the air by disabling wireless connections between intruders and authorized devices. AirTermination is extremely precise ensuring that only the offending device is prohibited from operating.

Wired Post Supression

Air Defence identifies the switch port to which offending devices are connected and turns it off thus preventing the rogue device from accessing the network.

FORENSIC ANALYSIS FOR SECURITY


The WLAN Defence Services Platform provides forensic data that allows you to retrace any one device's steps down to the minute. With forensic research, investigating an event takes minutes instead of potentially hours. Cases that normally would have required administrators to physically visit sites can now be investigated remotely. Administrators can rewind and review minute-by-minute records of connectivity and communication with the network. By storing more than 325 data points per wireless device, per connection, per minute, the WLAN Defence Services Platform allows organisations to view months of historical data on a wireless device that was recently discovered to be suspicious.

The WLAN Defence Services Platform stores important information such as channel activity, signal characteristics, device activity and traffic flow. It can display:

  • Time of attack/breach
  • Entry point used
  • Length of exposure
  • Transfers of data
  • Systems compromised