alt text here
alt text here

Branch Gaterway

Extreme AirDefense

A Comprehensive Wireless Intrusion Prevention System

Product Highlights

  • Industry leading threat detection library
  • Centralized aggregation and correlation of sensor data; minimizing false positives
  • Centralized management
  • Real-time detection of rogue devices with automatic rogue termination
  • Locate rogue devices on a floorplan
  • Policy enforcement with instant notification and response based on policy violations
  • Advanced Forensics providing increased visibility to forensic investigations, including location forensics; determine where the device has been
  • Anomalous behavior detection monitors wireless traffic to serve as an early warning indicator
  • Liveview provides 25+ summary graphical visualizations, packet capture and decode for analysis of the live network and real-time traffic
  • Wireless Vulnerability Assessment to remotely test for vulnerabilities from the perspective of a wireless hacker
  • Bluetooth Monitoring to detect presence of unexpected BT 2.0 devices to identify potential phishing attacks based on BLE 4.0 tags
  • Enhanced detection of devices with WPA3 security using Secure Authentication of Equals (SAE)
  • Detection of devices using Opportunistic Wireless Encryption (OWE)

Wireless connectivity provides unique opportunities to communicate in new and powerful ways, but it also brings its own set of vulnerabilities, complexities and management challenges. To get the best out of your wireless network without risking security of your users and business, you need the right set of tools.

Extreme AirDefense simplifies the protection, monitoring and compliance of your Wireless LAN networks. Extreme AirDefense continuously safeguards the network from external threats 24x7x365 and notifies IT staff when attacks occur, enabling an immediate response. It also enables compliance with regulations such as PCI-DSS, Sarbanes-Oxley, HIPAA, and GLBA.


Wireless communication is designed for mobility. Unfortunately,the very feature that makes it so attractive also makes it incredibly challenging to troubleshoot. Users come and go, devices join and leave, interference sources are here one minute and gone the next. Keeping track of the myriad factors impacting network connectivity, utilization and availability is a challenging task. The historical data that kept by the forensics module provides a tool for troubleshooting incidents reported in the past that may not even be active any longer. The system gathers 300+ data points per minute for each identified wireless device including channel activity, signal characteristics, deviceactivity, and traffic flow. This dynamic database can be used to chart network usage trends, identify anomalies and support capacity planning.

Note: This module requires the Advanced Forensics License.

Extreme AirDefense can perform active monitoring of Bluetooth devices. This feature requires an access point model with built-in Bluetooth hardware. This functionality is useful for detecting bluetooth skimmers that attempt to open up a hole in the network potentially allowing unauthorized access using the Bluetooth protocol. Additionally, Extreme AirDefense can also listen to URL/ UUID advertisements in Google Eddystone or Apple iBeacon enabled tags using the BLE 4.0 protocol. This helps detect tags that can advertise unauthorized URLs opening up an avenue for launching a phishing attack. A white list can be configured to filter allowed URLs (e.g., containing the organization's own domain name), while triggering alerts for potential unauthorized ones. AirDefense offers multipleBLE classification signatures to view, identify, act, and immediately locate unsanctioned and rogue Bluetooth devices that may pose a threat.

Note: This feature is included with the WIP license.

With Advanced Forensics, administrators can focus on theactivity of a suspect device over a period of months and even drill down to review minute-by-minute details of wireless activity. Every minute, the system stores 300+ data points for each identified wireless device, providing extensive data for analysis at a later time. The high level of granular information available for analysis marks the difference between a forensics capability that allows an administrator to detect and resolve a pattern of attack occurring over an extended period versus responding to repeated attacks from the same source as separate and isolated incidents. Such a powerful forensic function enhances your business operation by supporting more efficient network management, improving compliance and overall security posture.

An AirDefense appliance centralizes management acrossseveral thousands of sensors — including sensor configuration and sensor firmware management. While the software architecture on the appliance utilizes multiple engines that are distributed across multiple cores, a central UI interface provides a single pane of glass, hiding the internal distributed nature of the system from the administrator.

For large deployments that need more than one appliance, the AirDefense Centralized Management Console (CMC) module provides aggregated views of the data on multiple appliances and a single point for configuration changes. CMC streamlines the monitoring of security events, automates management, and speeds time-to-resolution of network issues, thereby improving productivity.

Note: This module requires the CMC license for multi-appliance deployments.

The Extreme AirDefense system is deployed as a set of access points serving as sensors to monitor the airwaves together with a security appliance. The appliance can be deployed either as a hardware appliance or a virtual appliance. Sensors can be deployed as either dedicated sensors or in radio-share mode. Dedicated sensors offer higher security through increased visibility. There are two deployment options for dedicated sensing (1) the entire access point can be dedicated as a sensor or (2) In a dual radio or tri-radio access point, one radio of the access point can be dedicated as a sensor, with the remaining radios serving user data traffic. In radio-share mode, the access point allocates a time slice for sensing function while utilizing the remaining time for serving data traffic. Extreme access points operating as sensors support 802.11a/b/g/n/ac/ax standards to scan both the 2.4GHz and 5GHz bands and are capable of listening to multiple MIMO streams.

AirDefense sensors can locate rogue access points and clientsand indicate their location on a floor plan. This assists IT staff in finding and disconnecting them.

AirDefense was designed for ease of use with true plug- and-play operation: traffic can be monitored within minutes of installation, complete with the tools to quickly interpret information for fast response to Wireless LAN threats.

AirDefense has extensive reporting capabilities in the areas of network security and policy compliance. AirDefense has several built-in reports in the areas of security, infrastructure, inventory, compliance etc. Additionally, it also has a report builder that allows the administrator to create custom reports by choosing fields available in the AirDefense database. The custom report can then be used in the future like a pre-defined report.

This module requires the WIP License.

AirDefense allows the administrator to define security policiesthat need to be enforced in the network. When the system detects a policy violation, an alarm is generated. The system features an alarm action manager that can be configured to trigger specified actions based on the alarm including sending an email to an administrator, generating a syslog or snmp trap, initiating an automatic remote packet capture, launching spectrum analysis etc.

The AirDefense Advanced Forensics module maintains the highly accurate historical data required by many regulationssuch as HIPAA, GLBA, Sarbanes-Oxley (SOX), Payment Card Industry (PCI) data security standards such as VISA CISP and the Department of Defense. So your organization’s compliance — and proof of compliance — becomes automatic and routine.

Capabilities include:

  • Historical Association Analysis
  • Historical Traffic Analysis
  • Historical Channel Analysis
  • Historical Location Tracking and Roam Trajectories

The AirDefense Wireless Vulnerability Assessment module uses a patented technology to remotely test wireless security. It allows administrators to automatically log on to an access point and test for vulnerabilities from the perspective of a wireless hacker. Extreme sensors conduct wireless penetration testing, proactively identifying vulnerabilities before they can be exploited, so you can better manage threats and keep your systems secure.

Remote and Automatic

Current practice involves administrators using a combination of traditional vulnerability assessment tools and occasional on-site wireless assessments to identify vulnerabilities. Because of the time and expense associated with manual testing, most organizations usually scan only a small sample of their network locations, potentially missing vulnerabilities. The remote testing capability of the AirDefense Wireless Vulnerability Assessment module eliminates the need for and expense associated with manual testing and on-site visits. Scans can be configured to run either automatically or on demand, allowing you to meet compliance requirements for regulations like PCI DSS while also maintaining a strong network security posture.

Extensive scanning permits validation of firewall and wireless switch policies, while also letting you identify and control potential paths of entry to assets on the wired side of your system. Customizable blacklists even let you target specific networks and devices that should or should not be accessible from your wireless network allowing you to ensure protection of sensitive data.

Note: Requires the Wireless Vulnerability Assessment (WVA) license.