AirMagnet Distributed 4.0 comprises a set of remote sensors throughout the customers network, along with a central server. The sensors perform virtually all of the analysis of the WLAN traffic they find, preventing unnecessary traffic on the corporate network. Other wireless security systems use the sensors simply as collectors that suck up packets and then send them across the wired network to a back-end server for analysis. AirMagnets sensors send only small amounts of trend and alarm data to the central server.
The biggest addition to the new version is the inclusion of rogue AP blocking.
Using a variety of identifying characteristics, including MAC address, SSID and the name of the APs manufacturer, AirMagnet Distributed is able to determine which APs are authorized to be on the network. When a rogue device is found, the software can trace the APs location through the wired network and block it or even disable it.
"We can even differentiate actual rogues from friendly devices that are just on neighboring networks or havent been authorized yet," said Dean Au, CEO of AirMagnet, based in Sunnyvale, Calif.
Version 4.0 also comes with an expanded set of security alarms that now includes problems such as the existence of soft APs—stations acting as APs— denial-of-service attacks, anomalous traffic patterns and other issues. And there is also a new security dashboard in the GUI, which enables administrators to take a closer look at any of the data collected by the sensors.
For example, users can view security data according to a specific policy or even by location. Administrators can micromanage those policies, to the point of being able to set different policies for specific SSID groups, geographic locations or business units.
The software has attracted the attention of some big-name customers, including the Naval Postgraduate School and Sempra Energy.
AirMagnet Distributed 4.0 is available now and starts at $7,995 for one server license and four sensors.