1SYMBOL CORPORATE PRESENTATION Wireless IPS 2.0 Comprehensive Protection for WLAN Networks.

1SYMBOL CORPORATE PRESENTATION

Wireless IPS 2.0Comprehensive Protection for WLAN Networks


Corporate Network

Barcode Scanner

Parking LotBEACONS

PROBES

PROBES

Accidental Association

Malicious Association

Intruder

Confidential Data

Soft AP

Neighboring WLAN

Rogue Devices signals bleed around physical walls and firewalls

Threats from Wireless Devices

Hardware AP

Wireless Laptop

Ad-Hoc

RogueAccess Point

Intruders or hackers can launch attacks (DoS, Identity Theft) Associations accidental, malicious; peer-to-peer/ad hoc. VPN & Authentication don’t help

Bridging wireless laptops: opens back doors and exposes wired network Wireless Phishing: can hijack users at hotspots (AirSnarf, Hotspotter, Evil Twin)


Symbol Wireless IPS Solution

Real-time MonitoringMultiple Correlation,

Analysis & IDS EnginesIntegrated Reporting

CentralizedServer

AP300Sensor

AP300

Wireless Stations

Hacker

Rogue Access Point

Remote,Secure Browser

AP300Sensor

Scanning 802.11 a/b/gSelective Processing,

Encryption

Centralized Management

Designed for Enterprise Scalability & Central Management

AP300

AP300


Using AP300s as Sensors

• Symbol ships AP300 as a single SKU

• AP300 can be converted to a Sensor (and back to AP)

• Enterprise Class 802.11 a/b/g hardware

• Sensors are independent of wireless switch

• Sensor firmware in flash

• Sensor is IP addressable – can be used across LAN

• 2-radio design allows for better scanning, or scan while terminate

• Coverage for multiple APs

• Monitors all devices in 40,000 – 60,000 square feet (~3700 – 5600 square meters) range

• Typically one deployed for every 4 AP’s

AP300: 802.11a/b/g


Functionality

Most comprehensive wireless intrusionprevention functionality

Automated threat & rogue mitigation

Centralized policy definition, monitoring & enforcement

Industry regulation compliance monitoring

Enterprise-ready solution

Secure & hardened server

Centrally-Managed

Remote troubleshooting of WLANs

Detailed reporting

RogueManagement

RogueManagement

AdvancedDetectionAdvancedDetection

AutomatedDefenses

AutomatedDefenses

ForensicAnalysisForensicAnalysisAnywhere ProtectionAnywhere Protection


Automated DefensesAutomated, policy-basedActive DefensesWireless or wired-side mitigation

3

Total Wireless Intrusion Protection

Threat-based Rogue ManagementAnalyze real rogue threats (vs. long list of rogues)Pinpoint Rogue on my NetworkLocate, Terminate

1

Attack/ Threat Detection

Most accurate & comprehensive detectionKnown & day zero attacks

2

5

Forensic Analysis

Incident analysisWhat, when, how, who?

Anywhere ProtectionThreats to mobile usersNotify, enforce policy Enterprise Integration

4

Rogue ThreatManagement

AdvancedDetection

AutomatedDefenses

ForensicAnalysis

AnywhereProtection


Threat-based Rogue Management

Detect Rogue Devices / Associations Hardware APs, Soft APs Wireless ready laptops Specialty Devices (barcode scanners) Ad-hoc networks Accidental/ Malicious Associations

1

Calculate Threat Index Threat-based Management Partitioning of Friendly Neighboring

Networks till they get malicious2

Analyze Rogue Connections In-depth analysis of the activity

level of each rogue How long it existed Who was connected to the rogue What and how much data transmitted

3Locate Rogue Devices

Real-time accurate location tracking of all devices (release 2)

No client software required

4

Terminate Rogue Devices Policy-based & manual termination Via air – AirLockdown Wired port suppression (release 2)

5

Highest Risk

Innocent Neighbor AP

Least Risk

Connection to Neighbor AP

Rogue AP inmy building

Connection toRogue AP &

transferring data

Rogue APon My

Network


Accurate Detection of Threats & Attacks

Correlation Across Sensors

Stateful Analysis

Sta

tist

ical

Bas

e-lin

ing

an

d A

gg

reg

atio

n

AnomalousBehavior

ProtocolAbuse

SignatureAnalysis

PolicyManager

Co

rrel

atio

n

Goal: Detect all known and day zero threat and attacks reliably

Challenge: It is a race with hackers. New threats are evolving rapidly

Simple threats & issues can be detected at the

sensorACCURATE

ALARMSThreatIndex

Multiple Detection Technologies are required for accurate & comprehensive detection

Many threats require correlation across sensors

(certain identity theft)

Day Zero attacks require anomalous behavior analysis

Correlation across multiple detection engines reduces false positives

Focus on threat index by location or sensor rather than individual alarms


Ensures Policy Compliance

Adopt security policies and procedures to address the security weaknesses of the wireless environment

DODDHS

SOX HIPAAGLBAFDIC OCC

Symbol Enables Compliance with

Monitor for Compliance Compliance with Corporate,

regulatory requirements? Network performing

correctly?

Monitor for ComplianceMonitor for Compliance

Enforce• Turn off SSID broadcast• Change channel of AP• Terminate

Enforce

Define Policy

Security Configuration; VLANs Performance Vendor / Channel

Define Policy

Closed Loop Compliance

MonitorMonitor

EnforceEnforce

DefineDefine


Operational Support:Remote Troubleshooting

In widely distributed wireless deployments, remote troubleshooting tools are critical to ensure administrators are able to diagnose and correct end-user issues centrally.

Ongoing collection of performance statistics

Device connection history Built-in Channel reports for

troubleshooting RF problems

Historical Analysis

Real-time device analysis Real-time device tracking Real-time Layer 2 decoding Full, remote frame capture

Real-time AnalysisLive Real-time Analysis

Heavily Congested Channels

Network Utilization


Self-Managing Platform

High Performance Zero-Config Sensors

Secure Sensors SSL/Digital Certificates Hardened OS

WLAN Management Device/Security/DB Mgmt Tivoli, OpenView

Adjustable Views Notify by Role, Location

Accurate Termination Policy based Rules

Easy to Deploy & Manage

DEPLOYABLE

MANAGEABLE

Wireless IPS 2.0New Product Feature Set


Wireless IPS: New Features

• Enhanced GUI

• Location services

• Increased Visibility to Threats

• Improved Control and Response

• Increased Scalability and Depth of Forensic Analysis

• VISA CISP reporting


• Multiple Dashboards based on administrative roles

• Domain-based partitioning to allow full or partial access

• New advanced filtering options

• Easy recreation of events for on-going customer support

Enhanced GUI – An Intuitive Interface for Manageability

Manager Dashboard

Performance Dashboard

Role-based Dashboards


Sensor-less Rogue Detection and Correlation• Ability to detect rogue wireless devices in “No Wireless” environments through wired-

side rogue discovery

• Correlated rogue detection with sensors and wired rogue discovery for optimized security at lowest cost

Built-In Location Tracking• Network Map providing full connectivity information at a glance• Built-in RF triangulation based location tracking with advanced path loss algorithm• Architected for the future: integrate other best-in-class location engines

Network Mapping and Location

Signal Triangulation

Network Map

Location Tracking


• Tooled to Detect over 200 Events

• Enhanced event correlation and historical trending

• Adaptive learning based on statistical analysis of events over time

• Simultaneous adaptive scanning provides increased visibility across the wireless network

Increased Visibility to Threats

Rogue Device Analysis

Key Security Metrics including overall threat level; Rogue threats; Intrusion threats; Policy Compliance;Threats to wireless stations and List of Alarms.


• Enhanced Wireless or Wired-side termination methods–AirLockdown executed across multiple sensors

–Wired port suppression

• Continuous scanning of network during AirLockdown process provides uninterrupted protection from attack

• Simultaneous termination of multiple rogues

• Full auditability of the termination action

• Flexible notification options

Enhanced Control and Response

Threat Mitigation is automated, simple and

policy-driven


• Increased Scalability for Enterprise Deployments

• 100,000 concurret wireless devices

• 300 sensors/servers

• Low wide area network bandwidth utilization (3-5Kbps)

• RF Review with Forensic Analysis • More data collected and stored over a long period of time

• Adaptive learning system – even fewer false positives

• Ability to easily replay events

Increased System Scalability and Depth of Forensic Analysis


Expanded Compliance and Management Reporting

• Compliance reports include GLBA, HIPAA, DoD, Sarbanes Oxley, Visa-CISP, PCI

• Vulnerability Assessment

Platform Management and Reporting

Secure and Simplified Platform Management

• ‘Secure Platform’ available for selected hardware appliance

• Continued self-health monitoring for system integrity

• Fail safe architecture

Management Reporting


Service Features

Purchasing annual support for Wireless IPS entitles customers to:

• 24 x 7 Ready-Access to Technical Resources

• Telephone and e-mail support

• Problem isolation, analysis and resolution of software operational issues

• Product Updates

• Major and Minor releases of software and documentation

• Access to MySymbolCare

• Service website for electronic distribution of support information including support management tools, product and technical literature, and more.

NOTE: Wireless IPS Software Support does not include hardware repair or replacement coverage for the AP300 sensors. Any required hardware repair or replacement would be covered under the AP300


Wireless IPS Symbol Advantages

Comprehensive security coverage of in-building, perimeter, and parking lots• Utilizes “thin” sensor technology, AP300.

• Fast channel switching to avoid “RF blind-spots”

• Capture & Scanning simultaneously – (2 Radio Advantage)

High Availability System: • Server technology to recover from server and sensor network outages

• Real time vs. Off-line 802.11 protocol analysis – essential for proper troubleshooting

• Easily Scalable to over 100,000 MU’s

Accurate Reporting• Correlation of attacks over multiple sensors to avoid False Positives

• Configurable alarm thresholds and alerts

Scalability for distributed environments:• Low WAN bandwidth usage with Split-Analysis in the sensor

Low Cost of Maintenance• Easy, centralized updates

Low Cost of Installation• Uniform ceiling infrastructure (same AP300 SKU)

Added Flexibility• Sensor can be converted to Access Port in case of AP failure

uestions?

1SYMBOL CORPORATE PRESENTATION Wireless IPS 2.0 Comprehensive Protection for WLAN Networks.

Documents

Transcript of 1SYMBOL CORPORATE PRESENTATION Wireless IPS 2.0 Comprehensive Protection for WLAN Networks.