The company is updating WIPS software to allow users to create their own attack-detection signatures to thwart zero-day threats.Aruba Networks is building new capabilities into its Wireless Intrusion
Prevention System software that allows users to create their own detection
signatures to improve security against zero-day attacks.
The user-defined signatures are meant to address security vulnerabilities
quickly, as opposed to waiting for a vendor to provide updates when a new
attack has developed. The technology is part of the latest version of
RFprotect, software Aruba bought from Network Chemistry
last year. Aruba just recently integrated RFprotect into
its platform.
The signature-making process, announced April 21, uses a free, embeddable
scripting language called Lua and does not include script automation, said Mike
Tennefoss, head of strategic marketing at Aruba.
“It does require some expertise, and there are IT and security pros who do
have that expertise,” Tennefoss said. "If they don’t have this expertise,
they can discuss vulnerabilities and obtain signatures developed by Aruba and
other users by turning to [the Wireless
Vulnerabilities and Exploits database] or The Edge, run by Aruba’s Office
of the CTO, respectively.”
The company also provides a feature called Expert Builder, which allows the
user to identify programming conventions in a GUI that will generate
signatures, he said.
It is important to keep the time between the detection of a security threat
and its mitigation as short as possible to minimize the window of opportunity
for attackers, Burton Group analyst Paul DeBeasi said in a statement.
“Collaboratively developing, testing, and disseminating security features,
including user-defined signatures, can minimize the vulnerability more rapidly
than relying on a single vendor for periodic updates,” DeBeasi said. “This
method has been used effectively in areas such as virus detection, and is an
innovative way to enhance WIPS security.”
In addition to RFprotect, the company announced plans for new Mobile RAP
(Remote Access Point) software and announced a new line of 802.11a/b/g access
points that can be upgraded over the network to enable 802.11n dual-radio
operation. Mobile RAP provides role-based user-access controls, a full stateful
firewall and split-tunnel routing, company officials said.
The software and access points are all slated to be available early this
summer, they said.
