Copyright © 2002-2005 AirDefense Proprietary and Confidential.
NameTitleContact information WWW.AIRDEFENSE.NET
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
About AirDefense
Pioneers in Anywhere, Anytime Wireless Protection for large Enterprises and Government organizations
Quickly growing & clear market leader in space with over 80% market share
Deep intellectual property portfolio with 15 patents pending
Selected by over 350 customers including leaders in all major industries and government sectors
Partnerships with recognized industry leaders e.g. Cisco, IBM, CSC among others
Seasoned management team with history of building successful businesses
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
Are Wireless Network Risks Real?
http://www.airdefense.net/education/video/
A News Clip on Wireless LAN Security
Minneapolis TV Station
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
What Makes Wireless Risky?
CORPORATE NETWORK
Server Server
1. We don’t control the medium (AIR)...
NEIGHBOR A
PARKING LOT
PROBES
PR
OB
ES
PROBESAccidental
Association
Malicious Association
Ad Hoc Network
2. We don’t control who we connect to
Intruder
Confidential Data
3. WLANs can be an easy launch pad to the network
Soft AP
Wired Network is Protected by Physical and Logical Barriers
Wireless Eliminates Traditional Security Barriers and Introduces New Challenges - Signal Bleeding
outside the Four Walls and the Firewall
Most Critical WLAN Risks • Rogue Devices & Associations• Documented & Day Zero Intrusions• Exposure to WIRED Network• Device Misconfigurations • Policy & Regulatory Compliance• Hot Spot Protection
Rogue Connected to Network
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
Risk Validation – Hacked Organizations
A California Public School District
School district’s unprotected WLAN allowed full unauthorized
access to sensitive files & enabled hackers to upload their
own files into servers
A County Court in TexasComputer security analyst accessed information filed by the clerk of
courts by using only a laptop computer and wireless card
A North Carolina Medical Consulting FirmBroke into the computer system of a local medical consulting firm & illegally accessed information of hundreds of patients, including checks and insurance forms
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
The AirDefense Product Family
AirDefense Sensor Smart Sensors scanning
802.11 a/ b/ g Selective processing,
Secured Communication
AirDefense Enterprise Server Real-time Monitoring Multiple Correlation, Analysis & IDS
Engines Integrated Reporting
Remote Secure Browser
Centralized Mgmt
AirDefense Mobile Real-time snapshot of
wireless infrastructure Vulnerability Assessment
Tool
AirDefense BlueWatch
Monitors air space for Bluetooth security vulnerabilities
AirDefense Personal
Personal agent monitoring for policy compliance & security risks & notifies user & enterprise
AirDefense provides a complete suite of products to secure your enterprise and all personnel, 24x7, anytime, anywhere
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
BRAZIL
ARGENTINA
IRELAND
MEXICO
JAPAN
HONG KONG
SOUTHAFRICA
HEADQUARTERS, USA
Example AirDefense Enterprise Deployment
26-STORY
20-STORY
11-STORY
22,000 sq. ft. per floor, 4 floors176 Devices (16 APs, 160 Stations)
Sensors = 2
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
AirDefense Technologies: A True IDS System
Accurate Detection, Proactive Protection & Actionable Intelligence = A System You Can Trust
Correlatio
n
Across
Sensors
AD SERVER APPLIANCE
AnomalousBehavior
Notification Engine
Active Defenses
Reporting & Analysis
Forensics
Cisco WLSECisco Switch
AD Sensors
Other Sensors
Compliance
AD Mobile
AD Personal
AccurateDetection
Protocol
Abuse
Policy
Manager
Co
rrel
atio
nA
cro
ss I
DS
Signature Analysis
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
Self-managing, Anywhere, Anytime Wireless Protection
Active Defenses
Protection Anywhere
Advanced Rogue
Management
Self-Managing Platform
Comprehensive IntrusionDetection
Forensic & IncidentAnalysis
Policy Compliance
NEW!NEW!
NEW!NEW!
NEW!NEW!NEW!NEW!
NEW!NEW!
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
Anywhere Protection – AirDefense Personal
AirDefense Personal
Policy Profiles
1. Policy Profiles are centrally defined & automatically downloaded each mobile user
2. Alert Logs automatically uploaded to AirDefense Enterprise and central reporting & notification
3. Policy Enforcement (automatic turn-off radio)
A small software agent that runs on Windows PCs and monitors for wireless exposures and threats, and notifies the user and AirDefense Enterprise.
AirDefense Enterprise Appliance
Alert Logs
Turn OFF Radio
Mobile workforce extending the edge of corporate network to a user’s laptop:• User laptop at airport/ hotel can be compromised and serve as a bridge to corporate backbone
• Via Accidental Association• Hard to determine if one is connected to a legitimate hotspot or diverted to a malicious counterfeit
• Identity-theft via Hot Spot phishing coming to mainstream e.g.: AirSnarf
Continuous anywhere monitoring for mobile users on the road or at their office Detects & notifies 50+ configuration, connectivity issues and attacks Protection by enforcing policy defined centrally at AirDefense Enterprise
NEW!NEW!
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
Most Advanced Rogue ManagementHundreds of neighboring wireless devices may bleed over in your premises especially in urban areas.
Finding risky rogues is like finding a needle in haystack. Enterprises either need to employ several “wireless rogue runners” to identify & chase each rogue or deploy an automated, & intelligent solution
from AirDefense
Detect Rogue Devices & Associations Hardware APs, Soft APs Wireless ready laptops Specialty Devices (barcode scanners) Ad-hoc networks, Accidental/ Malicious
Associations
Calculate Threat Index Smart Mgmt of Airwaves Partitioning of Friendly Neighboring Networks till they get malicious
Least Risk Highest Risk
Innocent Neighbor AP
Our Stn connected to neighbor AP
Rogue AP in my building
Our Stn connected to Rogue AP &
transferring data
Analyze Rogue Connections In-depth analysis of the activity level of each rogue
How long it existed Who was connected to the rogue What and how much data transmitted
Terminate Rogue Devices Terminates on-command and
automatically takes action to terminate connectivity
Wired and Wireless termination
1
2
3
4
Automated Rogue Mitigation
Locate Rogue Device
Rogue AP on my Network NEW!NEW!
NEW!NEW!
NEW!NEW!
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
Most Comprehensive & Accurate Intrusion DetectionWith new threats emerging everyday and hacking tools getting more sophisticated, comprehensive
intrusion detection requires advanced detection methods to detect these threats
Multiple Criteria & Correlation Engines ensure Accurate detection Minimum false positives
ACCURATE & RELIABLE DETECTION
200+ threats detected Documented threats (Signature-based) Day Zero threats (Anomalous Behavior) Wired-side vulnerabilities Sample Threats
Reconnaissance Activity Various DoS Attacks Identity Theft Accidental/Malicious Association Dictionary Attacks Security Policy Violations
MOST COMPREHENSIVE DETECTION
Most Advanced Wireless Intrusion Protection System 15 Patents Pending
Co
rre
lati
on
Co
rre
lati
on
Policy Engine
Sig
na
ture
B
as
ed
Pro
toc
ol
An
aly
sis
An
om
alo
us
B
eh
av
ior
Traffic
ACCURATE &
RELIABLE ALARMS
400 Alarms
FALSE POSITIVES
11,600 Alarms
NEW!NEW!
“First generation WLAN IDS solutions are often limited to signature-based detection. Just as
wired-side IDS could not reliably depend upon signatures, WLAN IDS will require multiple
detection technologies.”Gartner, July 2004
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
AirDefense Ensures Policy ComplianceAdopt proven security policies and procedures to address the security weaknesses of the wireless
environment
Monitor for Compliance
Compliance with Corporate, regulatory requirements?
Network performing correctly?
Enforce Turn off SSID broadcast Change channel of AP Terminate
Define Policy Security Configuration; VLANs Performance Vendor / Channel
Enterprise, Centralized, Template-based, Policy
Manager
DODDHS
SOX HIPAAGLBAFDIC OCC
AirDefense Enables Compliance with
Authentication Compliance
Daily: Policy Violations
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
Forensics & Incident AnalysisWLANs are Transient & Security Incidents happen often Important to collect critical device
communication & traffic information to analyze what went wrong
• Device Connectivity Logs• Device Activity Logs• Channel Activity Logs• Signal Strength• Data transferred by Direction
Min-by-Min Critical Data Store
• Were We Attacked?• What Entry Point was Used?• When Did the Breach Occur? • How Long Were We Exposed?• What Transfers Occurred?• Which Systems Were Compromised?
One-Click Investigation
Bytes per Minute
Large File downloaded
Min-by-Min View “Forensic analysis is critical to assess damage from a security breach
and take proactive steps for future.” – Meta Group
NEW!NEW!
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
Automated Active Defenses
X
Cisco WLSE
AirDefense Server
Switch
In addition to detection of threats, it is important to protect against intruders and rogues. Enterprise wireless networks need automated protection from security threats that can use multiple mitigation tactics
On-command Suppression Policy-Based Suppression Device Reconfiguration
Wired-side Mitigation
On-command Disconnect Policy-Based Disconnect Authorization Required Audit Trail Maintained Mitigation of the right target
due to accurate detection
Wireless Mitigation
Public AP
Laptop – Wired & Wireless Bridge
ALERT!Detected by AirDefense
Accidental Association
TERMINATED!By AirDefense
Accidental Association
ALERT!Detected by AirDefense
Rogue AP on Network
PORT SUPPRESSED!By Cisco WLSE
Rogue AP on Network
Accurate Detection and precise mitigation are very critical to ensure that only rogue devices, associations and intruders are terminated
NEW!NEW!
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
Self-Managing PlatformSource: AirDefense – Over 4000 WLANs analyzed
4. Active Troubleshooting Real-time device analysis & tracking Remote packet capture / sniffer capabilities Notification of lost devices Network Availability & Failure history Network Usage & Performance
5. Notification & Alarm Management Adjustable alarm priorities and views Flexible querying and filtering system Multiple notification options (email, pager, SMS,
SNMP, Syslog) Notifications by role, location, severity, frequency
of alarmSIG. STR. = 0
3. One-Click Analysis With a single click,
investigate security incidents across the enterprise
Analyze device connectivity and activity as the device roams through the network
View communication history to diagnose security or operational issues
2. Integration with Infrastructure
Instant network device synchronization
Integrated & automated security management
Integrated database management
Integrated data backup
1. Secure Platform Sensors
Plug-and-go sensors Firewalls on wireless &
wired interfaces for protection
Appliance Customized hardened OS
Communication SSL and digital certs Mutual authentication CiscoWorks
WLSE
NEW!NEW!
NEW!NEW!
NEW!NEW!
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
Remote Troubleshooting
Feature AD
Ongoing collection of performance statistics
Yes
Device connection history Yes
Built-in Channel reports for troubleshooting RF problems
Yes
Historical Reporting Real-time Analysis
In widely distributed wireless deployments, remote troubleshooting tools are critical to ensure administrators are able to diagnose and correct end-user issues centrally.
Feature AD
Real-time device analysis Yes
Real-time device tracking Yes
Real-time Layer 2 decoding Yes
Full, remote frame capture Yes
Network Utilization
Heavily Congested Channels Live Real-time Analysis
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
AirDefense Mobile
Device Count
Signal Strength by Channel
Frames & Bytes Transferred
Top Devices & Channels
Device Tree
NEW 2.0!NEW 2.0!
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
AirDefense BlueWatch
Identifies different types of Bluetooth devices, including laptops, PDAs, keyboards and cell phones
Provides key attributes, including device class, manufacturer and signal strength
Illustrates communication or connectivity among various devices
Identifies services available on each device, including network access, fax and audio gateway
Services by TypeDevice by Type
Detailed Device Info
NEW
PDA Version!NEW
PDA Version!
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
Customer Testimonials & Videos
“…only product that meets stringent HIPAA requirements”
“… exhaustive search…the only enterprise-class solution"
“… the only solution that met all our requirements.”
“… meets both these needs.”
“… provides the peace of mind .”
“…the clear market leader and the only viable choice”
“…maximize our wireless LAN's return on investment.”
University of UtahHealth Sciences Center
“…put security safeguards”
For Video Testimonials, click:
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
Expert Opinion on Wireless Monitoring
“Unmanaged WLANs can jeopardize entire enterprise network,
data and operations”
“New sophisticated security risks continue to emerge as wireless
matures”
“Wireless devices create backdoors for hackers and can
render millions of dollars invested in firewalls, IDS and VPNs
useless.”
“Through 2006, 70 % of successful WLAN attacks will be because of the misconfiguration
of APs or client software.”
“Incorrectly set-up WLANs put the wired LAN as risk as well”
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
SummarySummary
Detect Rogues,Associations &
Intrusions
AutomatedDefense,
Forensics
Health, Troubleshoot,Performance
Locate,Prioritize,
Notify
Anywhere, Anytime Wireless Protection Policy Compliance Protect Reputation & Information
1
2
3
4
Cisco Systems & AirDefense Partnership
Integrated Wireless Protection
November 2004
252525© 2004 Cisco Systems, Inc. All rights reserved.
Wireless IDS and Current Cisco Support
• Cisco and Cisco Compatible Clients
Terminated Rogue AP
Cisco Aironet AP
Network
Cisco Aironet AP in Sensor Mode gathers data
• Cisco SWAN detects, locates and mitigates against rogue APs.
Cisco Aironet AP
CiscoWorks WLSE
• Cisco also detects clients in ad hoc mode.
• In the future, CiscoWorks WLSE will detect, locate and mitigate against intruders and network attacks.
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
Cisco AirDefense Integration Background
Wireless is a transient medium and prone to attacks by rogues and hackers
Integrated WIDS offerings from wireless infrastructure providers do not have extensive capabilities to detect all rogues and intrusions
Signature-based detection is not enough
Need for Integrating
Best-in-Class Wireless and Wired Infrastructure management System Cisco with enterprise class wireless infrastructure, Wireless Mgmt System
Best-in-class Wireless Protection System Most Comprehensive and Accurate Detection; Active Defenses, Forensics &
Incident Analysis; Advanced Notification System
Multiple detection technologies and correlation engines eliminate false positives
Customers get the Best Wireless Infrastructure and Security
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
John Girard, Vice President , Gartner
Customer Drivers for Integration
"As a large customer of Cisco wireless infrastructure and AirDefense wireless IDS, we saw a
significant benefit in bringing together the two products to build a highly secure wireless
network.
The integration of these two major solutions should lower costs and improve security by
enabling flexible deployment of IDS capability and will reduce the cost of deployment and on-
going management as well as increase the level of security.”
JD Fluckiger, Computer Protection Program Manager, Pacific Northwest National Laboratory
"Enterprise-class wireless infrastructure must be properly configured and secured, and must
support strong encryption and authentication (802.11i recommended).
Wireless monitoring and IDS ensures that the infrastructure remains secure and in compliance
with corporate policy and regulatory requirements.
Integration of a comprehensive and reliable wireless IDS with a robust wireless infrastructure
provides customers the best of both worlds."
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
AirDefense/Cisco Integrated Wireless Protection
First Floor, 8 Cisco APs, 1 Sensor
Cisco AP in Sensor Mode
AirDefense Server Appliance
Switching Infrastructure
CiscoWorks WLSE
Integration Areas Integration of CiscoWorks WLSE & AirDefense Server Integration with Wired Side Infrastructure Cisco AP as a Sensor
Integ
rated W
ireless Pro
tection
BenefitsReduced Cost of Deployment & SupportComprehensive Detection & Effective Protection
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
1. Integrate CiscoWorks WLSE & AirDefense Server
Advanced Correlation for a Closed Loop System
CiscoWorks WLSE
AirDefense Server Appliance
AirDefense Draws Configuration and Policy Information from CiscoWorks WLSE CiscoWorks WLSE as a Correlation Source - Wired and Wireless information
Correlation Source of Information for AirDefense Detection Fault Database Used to Diagnose or Confirm Events
AirDefense Provides Alerts and Alarms to CiscoWorks WLSE Enables “Detect and Correct” functions
Reduce Administrative Overhead Synchronize Authorized APs and Stations Get Device Specifics Details e.g. DNS, IP Address, Wired MAC, Wireless Statistics
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
2. Integration with Wired Mgt. Infrastructure
Only effective and practical way for wired side protection!
AirDefense has multiple detection & correlation engines to accurately identify threatening APs or stations
Cisco dominates Ethernet switching infrastructure and is in the best position to locate and suppress the port a threatening device is connected to
To locate and block port of a threatening or rogue device: Using jointly developed APIs, AirDefense appliance
communicates several key parameters to CiscoWorks WLSE
CiscoWorks WLSE in turn works with Cisco switching infrastructure to locate it and block the device port
Found a rogue on my network? Can I do port suppression? It is easy to show a demo of port blocking but in the real-life it is a big challenge. Enterprises have hundreds of switches and thousands of Ethernet
ports across scores of locations that a rogue AP or station can connect to…
AirDefense Server Appliance
Switching Infrastructure
CiscoWorks WLSE
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
3. Cisco APs as Dedicated Sensors
Single Hardware Platform for Customers to Manage
AirDefense Server Appliance
Cisco AP as Dedicated Sensor
Cisco Sensor Feeds AirDefense Server Cisco AP Configured in Dedicated Sensor Mode Supports 802.11a/b/g Protocols Fully Configurable Operation for Channel Scanning and Locking
Supports all Detection and Alerts Leverages All AirDefense Centralized Intelligence Multi-Engine Detection & Correlation Provides Accurate Detection
Copyright © 2002-2005 AirDefense Proprietary and Confidential.
AirDefense & Cisco Integration Benefits
A complete, comprehensive and correlated view improves detection
Correlation of wireless data from AirDefense and
wired-side data from CiscoWorks WLSE Protection for the wireless and wired network
AirDefense detects the rogue/ malicious devices and passes on information to CiscoWorks WLSE which carries out port suppression and also locates the rogues
Reduced cost of deployment & ongoing maintenance of network
Authorized device info, policies etc can be synchronized and data exchange facilitated
For customers with no wireless LAN deployed yet
Deploy AirDefense first for rogue protection and then follow up deployment of wireless by deploying Cisco WLANs
"Through product development and partnership with industry leaders like Intel and AirDefense, Cisco is expanding the SWAN framework to deliver the security and capacity enterprise wireless LAN customers demand. We'll continue to innovate and expand these partnerships over time to further the leadership we've established with our integrated approach to wired and wireless connectivity.”
Bill Rossi, Vice President & General Manager, Wireless Networking
Business Unit, Cisco
Top Related