Extreme Networks Wireless Security Jewel - AirDefense

I joined Extreme Networks in August 2019 during the acquisition of Aerohive, and I quickly discovered that there was a hidden jewel in the Extreme product portfolio. While digging for treasure, I was thrilled to be reminded about Extreme AirDefense, the premiere wireless intrusion prevention system (WIPS) of the Wi-Fi industry, for over 15 years. I had the pleasure of working with the AirDefense WIPS solution when the AirDefense company was a small startup based in my hometown of Atlanta, GA. Although they had competitors, AirDefense was always the superior solution, and once again, I am excited that AirDefense is a vital component of the Extreme Networks product portfolio.

Consumerization of IT is a phrase used to describe a shift in information technology (IT) that begins in the consumer market and moves into business and government facilities. It has become commonplace for employees to introduce consumer market devices into the workplace after already embracing this new technology at home. In the early days of Wi-Fi, most businesses did not provide wireless network access to the corporate network. Due to the limited wireless security options available at that time, along with a general mistrust of the unknown, it was common for companies to avoid implementing Wi-Fi. However, because employees enjoyed the flexibility of Wi-Fi at home, they began to bring small office/ home office (SOHO) wireless routers into the office and install them, despite the objections of the IT department. Not realizing the consequences of their actions, the employees were effectively installing rogue access points, which can be defined as any unauthorized Wi-Fi device that is not under the management of the proper network administrators. These actions gave birth to an immediate need for wireless security monitoring.

The big buzz-phrase in Wi-Fi security has always been the rogue access point: a potential open and unsecured gateway straight into the wired infrastructure that the company wants to protect. 15 years ago, most businesses did not use a wired 802.1X or MACSec solution for wired port control. Therefore, a WLAN monitoring solution known as a wireless intrusion prevention system (WIPS) was needed to detect and mitigate potential rogue devices. Because of this risk, many companies—such as banks, other financial institutions, and hospitals—choose to install a WIPS before deploying an authorized Wi-Fi network for employee access.

Wi-Fi security had a bad reputation in its early years—and deservedly so. The legacy security mechanisms initially defined by the IEEE did not provide adequate authentication and data privacy that was needed in a mobility environment. In 2005, the Wi-Fi Alliance’s Wi-Fi Protected Access 2 (WPA2) certification addressed most of these concerns, and slowly Wi-Fi in the enterprise gained acceptance. Eventually, businesses and government agencies realized that they needed to deploy Wi-Fi to take advantage of the technology as well as manage the technology. However, WIPS solutions were still needed because of the other numerous attacks against Wi-Fi, such as denial-of-service (DoS), hijacking, and more.

The problem with buried treasure is that sometimes pirates might forget where they stashed their precious jewels. I believe that WIPS solutions, in general, have become forgotten or, at the very least, taken for granted. As various WLAN architectures have evolved over the years, and WIPS solutions became integrated into WLAN controllers, many vendors provided the bare minimum of WIPS capabilities. Very often, the WLAN vendors’ WIPS solution was just enough to “check-a-box” in a request-for-proposal (RFP). Sadly, in many cases, WIPS security is now just an after-thought.

Furthermore, WIPS has been taken for granted because Wi-Fi security has been enhanced. That being said, all the old wireless attacks still exist, and new attacks always debut. We should always remember that Wi-Fi and wireless is an “Access” technology for end-users to gain entry into the corporate network. Wi-Fi pirates and other bad guys will try to find holes in the access layer security. Although WIPS has been taken for granted in recent years, the emergence of IoT re-enforces the need to puts WIPS back at the forefront of any enterprise security solution. The vast majority of the 11 million new devices introduced to the Internet each day are wireless. WIPS is now more essential than ever

I co-authored an entire book about Wi-Fi security, and we dedicated four chapters to wireless attacks and WIPS. Moving forward, I truly believe that as an industry, we need cutting-edge WIPS technology as new wireless security risks and attacks emerge. And that is where the AirDefense jewel shines bright. It is my pleasure to reintroduce everyone to Extreme AirDefense, a time-tested distributed WIPS solution that simplifies the protection, monitoring, and compliance of your WLAN networks. AirDefense continuously safeguards the network from external threats 24x7x365 and automates action (mitigation, notification & information gathering) when attacks occur, enabling an immediate response. It also enables compliance with regulations such as PCI-DSS, Sarbanes-Oxley, HIPAA, and GLBA. AirDefense continues to lead the industry with a library of over 230 threat detection signatures. Wireless events are, by their nature, transient. This presents an enormous problem for administrators researching security and performance issues. Without granular historical records of activity, research is virtually impossible. AirDefense Forensic Analysis provides administrators with the ability to rewind and review detailed records of wireless activity that can assist in forensic investigations or network performance troubleshooting. Administrators can view the activity of a suspect device for a period of months in minute-by-minute detail if needed. The number of device statistics stored for each wireless device is over 300 data points per connection per device per minute. Automated forensic analysis of these data points provides visibility into devices and a more accurate assessment of wireless threats, including anomalies and day-zero attacks.

Air Defense has also been a leader in behavioral analysis to recognize any patterns that deviate from regular WLAN activity. Behavioral analysis identifies abnormal network behavior based on historical metrics. Anomalies are found, even though other intrusion detection techniques would not necessarily discover them. In 2019, we added support for 802.11ax and WPA3 related security signatures.

In 2020, a lot is happening with Extreme AirDefense including:

• Enhanced multi-core design for rapid response time and scalability
• Revamped and simplified UI experience
• Rogue containment capabilities in protected management frame (PMF) environments
• Cellphone hotspot detection

And this hidden security gem has a journey towards integration with our 4th generation cloud solution – ExtremeCloud™ IQ.

Extreme Networks is already a leader with ExtremeCloud™ IQ as the entire industry moves towards cloud-driven networking. I am incredibly excited about the prospect of the cloudification of AirDefense in the very near future. I challenge everyone to re-educate themselves about WIPS security. This blog is the first in a series of blogs and webinars about WIPS and AirDefense. Now that our wireless security treasure box has been rediscovered, please join me in future blogs and discussions about Extreme AirDefense.