The Atlanta, Georgia-based company, which claims a two-thirds share of the WLAN security market ahead of competitors AirMagnet and Network Chemistry, will unveil these new capabilities in the context of the next release (v7.0) of its flagship product based on sensors distributed around a corporate network, AirDefense Enterprise.
We’re adding more signatures for intrusion detection, plus more anomaly detection, began Anil Khatod, CEO of AirDefense. The system now collects five times more statistics.
That additional data capture obviously means a larger storage requirement, and while the server at the heart of Enterprise, referred to as the AirDefense Security Appliance, has always shipped with a hard disk drive, both the capacity and efficiency of how data is stored has been increased.
Indeed, the enhancement is such that the company has seen fit to give the storage, archiving and retrieval capability within Enterprise a name in its own right, calling it the IntelliCenter function.
And since the server software is also available as a platform customers can buy and blast onto a server of their choice, installing its own hardened Linux OS along with the app per se, AirDefense also has to spec a minimum HDD requirement in order to house the IntelliCenter capability.
Khatod said the company now recommends a minimum HDD size of 100GB, adding that, beyond that level, the system can also now offload to external storage in either a SAN or NAS configuration.
The scale of the increase can be measured both in number of devices monitored and volume of data stored. Earlier versions of Enterprise could have up to 50,000 devices in the database with up to 10,000 of them being monitored at any one time and tracking up to 50 key matrices on each, which translated into a storage capability for up to about seven days of data for an average network.
With v7.0, those figures grow to 300,000 devices on the database, 100,000 concurrently monitored, 250 matrices and 90 days of data. The increase was achieved both by building a larger HDD and by converting from a relational to a flat-file database.
Another new feature in v7.0 and something that is underpinned by IntelliCenter is RF Rewind, a capability whereby a company can access historical data on the fly, both for troubleshooting and compliance reporting. Enterprise already carries a number of canned report formats for regulations such as SOX, HIPAA, GLBH and DoD 8100.2 and we’re adding ones with a more European focus, such as Basel II, said Khatod.
The sensorless detection capability is relevant to around 25%-30% of AirDefense’s customers, who are companies with a no-wireless policy, Khatod explained.
Now we can sniff a wired network by putting our server onto the wired network to detect the presence of unauthorized APs, he said. The server can connect to the switches on the network and do SNMP probes to find wireless MAC addresses, which it can differentiate from wired ones.
Of course, a customer in this category can also deploy sensors, in which case the server correlates the data from them with its own data from the SNMP probes.
Another announcement today will be of the new release (v3.0) of the company’s product for the home/remote user, AirDefense Personal, which is designed to avoid attackers riding in on legitimate users’ remote connections to corporate networks (the expression being that the laptop is used as a bridge in), as well as to block them from accessing data on those users’ laptops.
Personal was launched in 2004 as a free downloadable agent to sit on the laptop and monitor connections and send alerts. The big news on the new release is the ability to integrate with Enterprise, such that it can be managed centrally for purposes of policy enforcement.
Enterprises can now tell a laptop, for instance, to shut down or enforce a particular corporate policy, such as the use of a VPN. Of course, this central management capability is charged for, the pricing being $15 per seat.
We’ve had around 20,000 downloads of Personal to date and we have orders for 250,000 of v3.0, said Khatod.