AirMagnet Enterprise

24x7 WIDS/WIPS for proactive enterprise Wi-Fi network security.

AirMagnet Enterprise centralized wireless intrusion detection/prevention system (WIDS/WIPS) defends your wireless environment by automatically detecting, blocking, tracing and locating any threat on all Wi-Fi channels. It contains an unmatched suite of event alerting, escalation, remote troubleshooting, forensic analysis, network health check, and professional PCI and other policy compliance reporting. The end result is a unified system that scans your environment 100% of the time to ensure your WLAN is performing safely and securely and is meeting the needs of your users and applications.

In addition to rich security features, AirMagnet Enterprise constantly monitors the health and performance of the WLAN and RF environment to proactively detect evolving problems that can lead to network interruption. The system detects issues, gives users remediation advice and includes active remote tools to troubleshoot the issue. This allows staff to avoid network downtime and vastly reduces the time-to-fix for any outage, leading to greater uptime, better performance and overall higher end-user satisfaction.

Features

• BYOD Classification

The industry’s first over-the-air smart device detection and classification provides unprecedented level of visibility and gives IT professionals the ability to optimize the wireless networks for BYOD. This information enables an engineer to quickly troubleshoot and remediate any wireless network security or performance issues caused by these devices.

• Software Sensor Agent (SSA)

The industry’s first software-based sensor which runs on Windows PCs delivers basic wireless network security monitoring at a very low cost structure and enables true client based performance measurement. This new flexibility to combine SSA-based sensors with hardware sensors allows users to build the wireless network security monitoring solution which is best optimized for their requirements and budget.

• Automated Health Check (AHC)

Automated Health Check provides the fastest and most accurate way to detect and pinpoint the cause of problems which impact the productivity of WLAN users. Software or hardware sensors actively probe the wireless network from the wireless user’s perspective, to verify connectivity across the wireless link to critical network resources. AHC reduces the costs associated with user productivity loss and troubleshooting process caused by complex wireless problems. Supports Captive Portal verification to ensure performance and security of Guest network.

• 24x7 Cellular Spectrum Security

Activity by cellular devices like cell phones and jammers is tracked and reported. Cellular security events such as Mobile cellular events, Cellular interference events, and Base station cellular events are monitored and reported on. Associate carrier information with cellular event. Triangulate and locate non-compliant cellular event on floor plan for quick remediation.

• 24x7 Wireless Intrusion Detection and Prevention

AirMagnet Enterprise scans all possible 802.11 wireless network channels (including the 200 extended channels), ensuring there are no blind spots where rogue devices may be hiding. AirMagnet Enterprise goes beyond Wi-Fi analysis with optional spectrum analysis that detects and classifies RF jamming attacks, Bluetooth devices and many other non-802.11 transmitter types, such as unapproved wireless cameras.

The AirWISE engine constantly analyzes all wireless devices and traffic using a combination of frame inspection, stateful pattern analysis, statistical modeling, RF analysis and anomaly detection, enabling detection of hundreds of specific threats, attacks and vulnerabilities such as rogue devices, spoofed devices, DoS attacks, man-in-the-middle attacks, evil twins, as well as the most recent hacking tools and techniques such as MDK3, Karmetasploit and 802.11n DoS attacks.

• Dynamic Threat Protection Technology

Dynamic Threat Update technology speeds the creation, automation and immediate deployment of new security threat signatures through the AirMagnet AirWISE® engine. As soon as any new threat definition is ready, it can be deployed with no impact to system operation, providing a unique framework for maintaining the most up-to-date wireless network security posture for the enterprise. DTU signatures are separate from the firmware image to allow quick response to new threats. DTU signature updates are seamless with no downtime to ensure you are protected against latest security threats.

• Threat Tracing, Blocking & Mapping

Threat Tracing, Blocking & Mapping All devices are traced using a suite of wired and wireless tracing methods to quickly and reliably determine if a device is connected to the wired network. The system uses a newly enhanced set of sophisticated techniques, including use of SNMP, automated switch discovery, and hardware and traffic analysis, to ensure accurate, fast tracing in any network topology.

Threats can be manually or automatically remediated with a combination of both wired and wireless security threat suppression. Wireless blocking targets a threat at the source and specifically blocks the targeted wireless device from making any wireless connections. Wired blocking automatically closes the wired switch port where a threat has been traced.

All security threats and devices can be located on a map or floorplan and set to trigger rogue alarms based on the device’s location.

• Massive Scalability & System Resiliency

AirMagnet Enterprise offers the only WIPS and WIDS solution in the industry to meet the established standards of a mission critical security application. It is the only WIPS and WIDS solution to build fault-tolerance into each component, with fail-over boot images in every sensor and automatic server fail-over licenses that come standard with the system. Additionally, AirMagnet Enterprise sensors can operate as fully independent WIDS/WIPS nodes detecting and remediating threats without losing information, even if the network connection to the server is lost for days.

With intelligent sensors that locally analyze Wi-Fi and RF conditions, more than 1,000 sensors can be supported through single centralized server in the data center, requiring minimal network bandwidth.

Processing at the sensor level means that each sensor continues to enforce the security policy even if connection to the server is lost for more than 24 hours. Hot standby server software (included) enables fully redundant data center operations for maximum wireless security protection.

• Event Forensics

AirMagnet Enterprise can capture a complete packet or RF forensic record of any network event, allowing appropriate staff to investigate the issue in depth, at any time. By leveraging its unique intelligent sensors, AirMagnet Enterprise provides the only WIPS and WIDS solution in the industry to automatically capture forensic information from before, during and after the event.

• Performance Monitoring and Remote Troubleshooting

In addition to rich WIPS and WIDS features, AirMagnet Enterprise constantly monitors the health of the wireless LAN and RF environment to proactively detect evolving problems that can lead to an interruption to the network. The wireless network security system detects these issues, gives engineers topical remediation advise and includes active remote tools to troubleshoot the issue. This allows staff to avoid network downtime and vastly reduce the time-to-fix for any outage, leading to more uptime, improved user satisfaction and a higher performing network.

• Integrated 802.11n and Spectrum Intelligence

The AirMagnet Enterprise system can monitor the RF Spectrum and 802.11n traffic. AirMagnet Enterprise performs a complete interference analysis of the air. This includes co-channel interference from Wi-Fi devices, as well as optional spectrum analysis of non-Wi-Fi devices, such as microwave ovens, cordless phones or legacy wireless equipment.

AirMagnet Enterprise goes beyond simple 802.11n support to provide managers with hands-on 802.11n optimization tools and intelligence focused on real-world performance and network throughput. Tools include live diagnostics of any 802.11n connection that automatically highlights and explains how performance can be improved.

• Automated Business and Regulatory Compliance Reporting

AirMagnet Enterprise provides automated compliance reporting for all major network regulations including PCI, HIPAA, Sarbanes-Oxley, GLBA and more. Reports provide instant visibility into issues that may need to be addressed for compliance and exactly what needs to be fixed. Reports can be scheduled to run and delivered automatically, ensuring a complete library of regulatory reports in the case of an audit.

• 802.11ac Detection, Rogue Device Blocking, and Location

AirMagnet Enterprise v10.9 provides 802.11ac analysis capabilities utilizing existing SmartEdge Series4 sensors to provide:

• Detection and location of 802.11ac Access Points (AP) and Stations (STA)
• Blocking of rogue 802.11ac devices
• Wireless and wire-side tracing of 802.11ac rogue devices
• User Wi-Fi Remote UI to view 802.11ac frames.
• When using the Decodes feature of the Remote Wi-Fi Analyzer, provides frame-level visibility into - AP: Beacon, Probe Response, STA Probe Request, Policy Management of 802.11ac – create policies around 802.11ac management
• View 802.11ac devices in AME Reports
• Remote Spectrum Analyzer support for all 802.11ac channels

Dynamic threat update ×

Dynamic threat update

AirMagnet Enterprise — Complete Cellular and Wi-Fi Security

AirMagnet Enterprise protects against every wireless threat by combining the industry's most thorough wireless monitoring with leading research, analysis and threat remediation.

Full Visibility
Unlike Access Poins (AP), AirMagnet Enterprise scans all possible 802.11 channels (including the 200 extended channels), and cellular spectrum channels ensuring there are no blind spots where rogue or interfering devices may be hiding. AirMagnet Enterprise also provides cellular spectrum analysis that detects and classifies RF jamming attacks, Bluetooth devices and many other non 802.11 transmitter types, such as wireless cameras and cell phones.

Industry Leading Threat Detection
The AirMagnet Security Research Team constantly investigates the latest hacking techniques, trends and potential vulnerabilities to keep organizations ahead of evolving threats. Our Dynamic Threat Update (DTU)technology speeds the creation, automation and immediate deployment of new threat signatures New DTU signatures can be deployed immediately with no impact to system operation, providing a unique framework for maintaining the most up-to-date WLAN security posture for over 230 threats.

The AME AirWISE® engine constantly analyzes all wireless devices and traffic using a combination of frame inspection, stateful pattern analysis, statistical modeling, RF analysis and anomaly detection.
 

Rogue management ×	Rogue device detected and traced ×
Rogue management	Rogue device detected and traced
Locate rogue device on a floor map ×
Locate rogue device on a floor map

Automated Response and Network Protection
AirMagnet Enterprise provides a full arsenal of remediation and investigation options that can be triggered by policy to ensure that WLAN problems are quickly and accurately detected and that appropriate automated protection mechanisms are activated.

Threat Tracing, Blocking/Suppression and Mapping
All devices are traced using a suite of wired and wireless tracing methods to quickly and reliably determine if a device is connected to the network. The system uses a newly enhanced set of sophisticated techniques, including use of SNMP, automated switch discovery, and hardware and traffic analysis, to ensure accurate, fast tracing in any network topology.

Threats can be manually or automatically remediated with a combination of both wired and wireless threat suppression. Wireless blocking targets a threat at the source and specifically blocks the targeted wireless device from making any wireless connections. Wired blocking automatically closes the wired switch port where a threat has been traced.

All threats and devices can be located on a map or floor plan and set to trigger rogue alarms based on the device's location.

Event Forensics
AirMagnet Enterprise captures a complete packet or RF forensic record of any network event, allowing appropriate staff to investigate the issue in depth, at any time.

Notification and Integration
Managers have access to more than a dozen notification and escalation mechanisms, making it easy to alert specific staff members of issues or integrate wireless event data into larger enterprise management systems and operations.

Flexible Sensor Architecture
The SmartEdge Sensor, Series 4, supports a tri-radio design, including two 802.11n 3x3 MIMO Wi-Fi radios and dedicated Wi-Fi or cellular spectrum analysis. This design enables a wireless connection from the sensor, eliminating the need for costly Ethernet cabling, or simultaneous security monitoring and performance testing.
 

Notification options ×

Notification options

AirMagnet Sensor ×

AirMagnet Sensor

Automated Health Check performance test results ×	Cellular Location monitor ×
Automated Health Check performance test results	Cellular Location monitor

Performance Optimization and Troubleshooting
Performance and reliability of a WLAN are often directly tied to the value a wireless network delivers to an organization. AirMagnet Enterprise technology has consistently been at the forefront of innovation, developing into wireless network monitoring solutions that help IT professionals identify and mitigate WLAN problems before they impact users. By digging into the root-cause of any issue and arming users with the critical tools needed to resolve problems when they happen, AirMagnet Enterprise ensures wireless networks can reliably support business critical applications.

AirMagnet Enterprise provides a 24x7 spectrum security solution empowering customers to enforce unified no wireless (cellular and Wi-Fi) zones. It offers detection, monitoring, and remediation of spectrum activity in a broad frequency range that includes 3G, 4G LTE, and CDMA. Activity by cellular devices like cell phones and jammers is tracked and reported. Further AirMagnet Enterprise monitors and reports on 4 types of cellular security violation events:

• Mobile cellular events, e.g., calls made from a specific cellular network
• Cellular interference events, e.g., cellular jammers
• Non-cellular energy events, e.g., events taking place outside of the country's allocated cellular bandwidth
• Base station cellular events, e.g., base station beacons
• Location of cellular event
• Provide Cellular Operator information

For further analysis, users can access sensor's built-in cellular spectrum analyzer. This avoids costly truck-rolls and reduce time to resolution.
 

AirWISE alarm with cellular security events ×	Cellular spectrum analyzer with security events ×
AirWISE alarm with cellular security events	Cellular spectrum analyzer with security events

Find Outages and Emerging Problems Before Users are Affected
Powered by the Automated Health Check (AHC), AirMagnet Enterprise sensors and Software Sensor Agents actively test and verify complete WLAN connectivity from the wireless link all the way through to application servers or the Internet, automatically detecting critical outages or network degradation while pinpointing the exact source of trouble. Sensors running AHC tests provide a true client perspective, as they fully authenticate to the network and proactively probe for problems, which can be related to WLAN issues or other network resources. This provides network staff with immediate and specific information on the root cause, so they can respond often before users are impacted.

Comprehensive Wireless Analysis
AirMagnet Enterprise identifies and generates AirWISE alarms for performance issues such as traffic congestion, overloaded devices and channels, device misconfigurations, collisions, roaming problems, QoS issues, as well as complications between 802.11a/b/g/n devices. Tools for 802.11n optimization enable network staff to ensure that their WLAN investment is delivering the expected real world performance to users.

Extensive RF Interference Analysis
AirMagnet Enterprise is the only WLAN monitoring system supporting dedicated spectrum analysis hardware in the sensor for the most accurate and complete RF interference detection and remote real-time analysis. The environment is scanned 100 percent of the time over both 2.4 GHz and 5 GHz Wi-Fi bands, and specifically classifies interference sources like video cameras, cordless phones and microwave ovens which can seriously impact the performance of the WLAN.

Real-time Remote Troubleshooting
AirMagnet Enterprise allows IT professionals to troubleshoot wireless problems remotely to fix problems faster and without costly "truck rolls". AirMagnet Enterprise sensors contain a real-time analysis interface based on AirMagnet Wi-Fi Analyzer and Spectrum XT, enabling staff to track utilization and bandwidth, view real-time decodes, troubleshoot user connectivity and RF interference problems without leaving their desks.

802.11ac Analysis
AirMagnet Enterprise provides 802.11ac analysis capabilities utilizing existing SmartEdge Series 4 sensors. AirMagnet Enterprise integrates with 802.11ac capable AccessPoints to provide:

• Detection of 802.11ac AccessPoints
• 802.11ac Frame Analysis
• Rogue 802.11ac device detection and blocking