Product of the month: Extreme AirDefense

Let’s establish a simple truth: it’s very hard to prevent something you can’t see. Imagine that your next door neighbor, this fine young gentleman who is always oh so well-behaved and courteous… is secretly trying to steal your credit card information with a Man-in-the-Middle attack! All he has to do is simply create the same service set identifier name as the one you are using and wait for you take the bait. Now, you can easily be tricked by this and accidentally connect to the phony SSID, meaning that from that point on, all your data is passing through your neighbor’s malicious device.

And that’s just one example of attacks, there are hundreds of other types like rogue APs connecting to your wired network, showing fascinating examples of human ingenuity… used for all the wrong reasons. The lesson? Not “never trust your neighbor”, far from it. More like “first step towards wireless security is Detection”. And that’s where Extreme AirDefense can really spread its wings.

Extreme AirDefense, our comprehensive Wireless Intrusion Prevention System, can identify an attack and differentiate it from a harmless, next door traffic in an automated fashion. Because you wouldn’t want to mess with your neighbors legitimate networks and risk a diplomatic crisis in your block while protecting your own network, right? That’s why accurate and false-positive free detection and proper classification of all wireless devices are so important.

Now, we have to be really careful here, as it is not legal to suppress any wireless transmission that your APs can hear in your air space. Like, for example, the local coffee shop around next corner. Unless there is a real threat coming from the Access Point or client connected in the coffee shop, you cannot do anything about it, therefore those devices need to be classified as neighboring devices. Neighboring devices will not be in the primary “Radar” of ADSP, but of course they can turn into an ‘Unsanctioned device’ anytime, simply by connecting to your wired network in an unauthorized way.

Using sensed data and extensive correlation, the system identifies true rogues that are connected to the wired network, separating them from neighboring access points and minimizing false positives.

Now that we can detect potential risks and can separate an attack from an innocent neighbor device, what about actually… preventing the threat? Well, Extreme AirDefense also provides several ways to terminate the attacks:

Once a rogue is identified, the system can employ various techniques to perform rogue containment including air-termination, locating and disabling the port on the access Ethernet switch to which the rogue is connected or using an ACL for the same. Extreme AirDefense also supports the termination of rogue clients operating in PMF environment.

Not only is the AirDefense *extremely* accurate and efficient. We are also providing the flexibility for our customers who would like to secure their wireless infrastructure with several different deployment options, depending on their use-case and requirements:

Speaking shortly: AirDefense Services Platform (ADSP) is our flagship, full-feature Wireless IDS/IPS solution. An extensive threat library and customizable policy settings that come with it let the system respond automatically to approximately 200 wireless threats, reducing the chances of damage to your network. It always feels good to know that the largest threat detection library in the entire industry has your back, right?

But there’s more to it. Standalone, on-premises ADSP has several additional modules such as Advanced Forensics, Wireless Vulnerability Assessment, Liveview or AP Test. How can you benefit from them?

Thanks to the 4^th generation of Cloud Networking and containerization, Extreme is now consolidating its best of breed and mature on-premises technologies into the ExtremeCloud IQ – the industry's first end-to-end, ML and AI driven cloud management platform, that simplifies onboarding, configuration, monitoring, managing, troubleshooting, alerting, and reporting for wired and wireless network infrastructure devices. Air Defense Essentials is the first application available globally and three more are coming soon: Location Essentials, Guest Essentials and IoT Essentials!

And you know what’s great? Customers with ExtremeCloud IQ Pilot subscription can use the Essential Applications without any additional cost! And if you are using both solutions and would like to get use of the additional modules available in the on-premises ADSP, you can easily tie them together. As of AirDefense version 10.4, ExtremeCloud IQ AP 410C is now supported in AirDefense solution! The rest of 11ax Cloud APs should follow it soon, so stay tuned! :)

We haven’t forgotten about the customers who are not yet ready to adapt their operating model to the Cloud. If you’re using our on-premises Extreme Campus Controller and would still very much like to gain access to the benefits of ADSP, AirDefense Base will be right up your alley! This more lightweight solution offers a small subset of the capabilities provided in ADSP “standalone” solution and can be installed as a docker in Extreme Campus Controller to provide basic WIDS/WIPS functionality - without any additional cost or license!

As you can see, there's quite a few options to take advantage of Extreme AirDefense. And take advantage you should, because bad guys don’t have to follow rules and can be pretty creative when they set their eyes on your network and business-critical data. Luckily for everyone, we’ve got something to keep them at bay.