Fluke Tightens AirMagnet WLAN Protection

With almost 10,000 customers, including three-quarters of the Fortune 100, Fluke Networks' AirMagnet is releasing the latest version (9.0) of AirMagnet Enterprise, its wireless intrusion prevention system (WIPS) for managing and securing enterprise WLANs. Wireless communications is exploding, and security is a huge and growing problem. The company says that by the end of the year, 70 percent of all new worldwide voice and data client-to-LAN connections will be wireless, with 802.11n becoming the de facto standard (with 50 percent of unit shipment in 2011, 63 percent in 2012 and 75 percent by 2014, according to Infonetics).

Richard Stiennon, chief research analyst, IT-Harvest, says that Wi-Fi is becoming a required service for owners of retail and public places to attract customers. "It is becoming the primary way to offer guest access in offices and hotels. Along with ubiquity comes threats as attackers target individuals--think FireSheep--and networks over Wi-Fi."

The main enhancement to version 9.0 is automated threat protection technology that enables organizations to dynamically update and defend the network when new threats emerge, says Fluke. No other independent or integrated WIPS platform supports such an automated process with immediate deployment and threat database update (DTU) capabilities, according to the company. The capabilities are made possible by a new, extensible security event detection definition engine that enables rapid development and modification of new threat detection signatures.

In addition, AirMagnet Enterprise's policy signature database is now separately loadable and no longer embedded in the server software. DTU also allows zero-day protection from new threats via immediate and automatic installation of new signatures when available.

Other 9.0 changes include: enhanced rogue-on-wire detection that adds two new methods to increase detection accuracy of rogue access points and speed, as well as reduces configuration complexity; increased accuracy of device location and more flexible sensor density deployment with Cisco AP data; PostgreSQL open-source database support; and expanded Microsoft server/database version support.Set for availability on Feb. 7, a complete bundle, including sensors, server and console software starts at $10,000. The AirMagnet Enterprise Server base license lists for $5,995, while the AirMagnet Enterprise Sensor, 802.11n and dedicated Spectrum Analysis radio lists for $1,395. The software upgrade is free to existing customers under contract.

Stiennon sees the two biggest strengths of AirMagnet 9.0 as the incremental updates that decouple the WIPS engine from signatures and the enhanced sensing of rogue access points over the wired network. "This (update) avoids downtime as new configurations are loaded to block new attacks, very similar to the way AV and IPS for wired networks work." As for the enhanced sensing of rogue access points, any sensor on a LAN segment can pick up the telltale signatures that an unauthorized Wi-Fi access point exhibits.

The competitive landscape is of course dominated by Cisco, with Air Defense/Motorola being another stand-alone WIPS, says Stiennon. "Airmagnet continues to offer the differentiating spectrum analysis capability in addition to these new features. Spectrum analysis is a great debugging tool for sensor and access point placement, as well as detection of other strange radio-wave activity such as 3G."

See more on this topic by subscribing to Network Computing Pro Reports Research: Wireless Nation 2011