Motorola AirDefense - Security and Compliance Solutions
AUTOMATED ROGUE DETECTION & ELIMINATION
Rogue devices are a serious threat to enterprise security. A single rogue access point can allow an attacker to gain full access to the internal network, bypassing traditional wired network security controls. The AirDefense Services Platform identifies any rogue device and can automatically remove it from the network. By analyzing wireless traffic, the system can automatically determine the level of threat that a potential rogue poses to the organization, allowing administrators to place a higher priority on the rogues that present a more serious threat to the network. Accuracy is essential, as less sophisticated Wireless IPS systems can easily disable a neighboring access point by mistake opening the organization to unwanted liability.
Detect Rogue Devices
• APs, laptops & specialty devices
• Ad-hoc networks & accidental associations
• Search wired networks for rogues
Assess Threat Level
• Prioritize based on threat level
• Identify rogues connected to the network
• Ignore neighboring networks
• In-depth analysis of rogue activity
• Who was connected to the rogue
• How much data transmitted
Eliminate Rogue Threat
• Automated & manual termination
• Wireless or wired termination
• Locate rogue devices in real-time
COMPREHENSIVE INTRUSION PREVENTION
The AirDefense Services Platform provides the most comprehensive detection and prevention of wireless intrusion attempts. By analyzing existing and day-zero threats in real-time against historical data, the system is able to accurately detect all wireless attacks and anomalous behavior. With context-aware detection, correlation and multi-dimensional detection engines, the platform detects only meaningful security events and maintains the lowest rate of false positive alarms. This next-generation wireless protection solution offers the industry’s most extensive event library ,with more than 200 security and performance events.
Wireless vulnerabilities detected include reconnaissance (ad hoc stations, rogue APs, open/misconfigured APs), sniffing (dictionary attacks, leaky APs, WEP/WPA/LEAP cracking), masquerade (MAC spoofing, evil twin attacks/Wi-Phishing attacks), insertion (man-in-the-middle attack, multicast/broadcast injection) and denial-of-service attacks (disassociation, duration field spoofing, RF jamming).
The AirDefense Services Platform
responds automatically to wireless threats by stopping the device involved before it is able to cause damage to the network. By responding on both the wireless and wired networks, the AirDefense Services Platform is the industry’s most secure wireless intrusion prevention solution. the AirDefense Services Platform performs targeted terminations ensuring that only the correct intruders and rogue devices are disconnected. The system maintains a record of termination actions to allow for a reliable audit trail. The AirDefense Services Platform also complies with FCC regulations and eliminates the liability that could be associated with stopping a device wirelessly.
Motorola can mitigate wireless threats via the air by disabling wireless connections between intruders and authorized devices. AirTermination is extremely precise ensuring that only the offending device is prohibited from operating.
Wired Port Suppression
Motorola identifies the switch port to which offending devices are connected and turns it off thus preventing the rogue device from accessing the network.
FORENSIC ANALYSIS FOR SECURITY
The AirDefense Services Platform provides forensic data that allows you to retrace any one device’s steps down to the minute. With forensic research, investigating an event takes minutes instead of potentially hours. Cases that normally would have required administrators to physically visit sites can now be investigated remotely. Administrators can rewind and review minute-by-minute records of connectivity and communication with the network. By storing more than 325 data points per wireless device, per connection, per minute, the AirDefense Services Platform allows organizations to view months of historical data on a wireless device that was recently discovered to be suspicious.
The AirDefense Services Platform stores important information such as channel activity, signal characteristics, device activity and traffic flow. It can display:
- Time of attack/breach
- Entry point used
- Length of exposure
- Transfers of data
- Systems compromised
Click here for more information on Advanced Forensics.