Extreme AirDefense

Wireless communication is designed for mobility. Unfortunately,the very feature that makes it so attractive also makes it incredibly challenging to troubleshoot. Users come and go, devices join and leave, interference sources are here one minute and gone the next. Keeping track of the myriad factors impacting network connectivity, utilization and availability is a challenging task. The historical data that kept by the forensics module provides a tool for troubleshooting incidents reported in the past that may not even be active any longer. The system gathers 300+ data points per minute for each identified wireless device including channel activity, signal characteristics, deviceactivity, and traffic flow. This dynamic database can be used to chart network usage trends, identify anomalies and support capacity planning.

Note: This module requires the Advanced Forensics License.

Extreme AirDefense can perform active monitoring of Bluetooth devices. This feature requires an access point model with built-in Bluetooth hardware. This functionality is useful for detecting bluetooth skimmers that attempt to open up a hole in the network potentially allowing unauthorized access using the Bluetooth protocol. Additionally, Extreme AirDefense can also listen to URL/ UUID advertisements in Google Eddystone or Apple iBeacon enabled tags using the BLE 4.0 protocol. This helps detect tags that can advertise unauthorized URLs opening up an avenue for launching a phishing attack. A white list can be configured to filter allowed URLs (e.g., containing the organization's own domain name), while triggering alerts for potential unauthorized ones. AirDefense offers multipleBLE classification signatures to view, identify, act, and immediately locate unsanctioned and rogue Bluetooth devices that may pose a threat.

Note: This feature is included with the WIP license.

With Advanced Forensics, administrators can focus on theactivity of a suspect device over a period of months and even drill down to review minute-by-minute details of wireless activity. Every minute, the system stores 300+ data points for each identified wireless device, providing extensive data for analysis at a later time. The high level of granular information available for analysis marks the difference between a forensics capability that allows an administrator to detect and resolve a pattern of attack occurring over an extended period versus responding to repeated attacks from the same source as separate and isolated incidents. Such a powerful forensic function enhances your business operation by supporting more efficient network management, improving compliance and overall security posture.

An AirDefense appliance centralizes management acrossseveral thousands of sensors — including sensor configuration and sensor firmware management. While the software architecture on the appliance utilizes multiple engines that are distributed across multiple cores, a central UI interface provides a single pane of glass, hiding the internal distributed nature of the system from the administrator.

For large deployments that need more than one appliance, the AirDefense Centralized Management Console (CMC) module provides aggregated views of the data on multiple appliances and a single point for configuration changes. CMC streamlines the monitoring of security events, automates management, and speeds time-to-resolution of network issues, thereby improving productivity.

Note: This module requires the CMC license for multi-appliance deployments.

The Extreme AirDefense system is deployed as a set of access points serving as sensors to monitor the airwaves together with a security appliance. The appliance can be deployed either as a hardware appliance or a virtual appliance. Sensors can be deployed as either dedicated sensors or in radio-share mode. Dedicated sensors offer higher security through increased visibility. There are two deployment options for dedicated sensing (1) the entire access point can be dedicated as a sensor or (2) In a dual radio or tri-radio access point, one radio of the access point can be dedicated as a sensor, with the remaining radios serving user data traffic. In radio-share mode, the access point allocates a time slice for sensing function while utilizing the remaining time for serving data traffic. Extreme access points operating as sensors support 802.11a/b/g/n/ac/ax standards to scan both the 2.4GHz and 5GHz bands and are capable of listening to multiple MIMO streams.

AirDefense sensors can locate rogue access points and clientsand indicate their location on a floor plan. This assists IT staff in finding and disconnecting them.

AirDefense was designed for ease of use with true plug- and-play operation: traffic can be monitored within minutes of installation, complete with the tools to quickly interpret information for fast response to Wireless LAN threats.

AirDefense has extensive reporting capabilities in the areas of network security and policy compliance. AirDefense has several built-in reports in the areas of security, infrastructure, inventory, compliance etc. Additionally, it also has a report builder that allows the administrator to create custom reports by choosing fields available in the AirDefense database. The custom report can then be used in the future like a pre-defined report.

This module requires the WIP License.

AirDefense allows the administrator to define security policiesthat need to be enforced in the network. When the system detects a policy violation, an alarm is generated. The system features an alarm action manager that can be configured to trigger specified actions based on the alarm including sending an email to an administrator, generating a syslog or snmp trap, initiating an automatic remote packet capture, launching spectrum analysis etc.

The AirDefense Advanced Forensics module maintains the highly accurate historical data required by many regulationssuch as HIPAA, GLBA, Sarbanes-Oxley (SOX), Payment Card Industry (PCI) data security standards such as VISA CISP and the Department of Defense. So your organization’s compliance — and proof of compliance — becomes automatic and routine.

Capabilities include:

• Historical Association Analysis
• Historical Traffic Analysis
• Historical Channel Analysis
• Historical Location Tracking and Roam Trajectories

The AirDefense Wireless Vulnerability Assessment module uses a patented technology to remotely test wireless security. It allows administrators to automatically log on to an access point and test for vulnerabilities from the perspective of a wireless hacker. Extreme sensors conduct wireless penetration testing, proactively identifying vulnerabilities before they can be exploited, so you can better manage threats and keep your systems secure.