Aruba Networks is building new capabilities into its Wireless Intrusion Prevention System software that allows users to create their own detection signatures to improve security against zero-day attacks.
The user-defined signatures are meant to address security vulnerabilities quickly, as opposed to waiting for a vendor to provide updates when a new attack has developed. The technology is part of the latest version of RFprotect, software Aruba bought from Network Chemistry last year. Aruba just recently integrated RFprotect into its platform.
The signature-making process, announced April 21, uses a free, embeddable scripting language called Lua and does not include script automation, said Mike Tennefoss, head of strategic marketing at Aruba.
“It does require some expertise, and there are IT and security pros who do have that expertise,” Tennefoss said. “If they don’t have this expertise, they can discuss vulnerabilities and obtain signatures developed by Aruba and other users by turning to [the Wireless Vulnerabilities and Exploits database] or The Edge, run by Aruba’s Office of the CTO, respectively.”
The company also provides a feature called Expert Builder, which allows the user to identify programming conventions in a GUI that will generate signatures, he said.
It is important to keep the time between the detection of a security threat and its mitigation as short as possible to minimize the window of opportunity for attackers, Burton Group analyst Paul DeBeasi said in a statement.
“Collaboratively developing, testing, and disseminating security features, including user-defined signatures, can minimize the vulnerability more rapidly than relying on a single vendor for periodic updates,” DeBeasi said. “This method has been used effectively in areas such as virus detection, and is an innovative way to enhance WIPS security.”
In addition to RFprotect, the company announced plans for new Mobile RAP (Remote Access Point) software and announced a new line of 802.11a/b/g access points that can be upgraded over the network to enable 802.11n dual-radio operation. Mobile RAP provides role-based user-access controls, a full stateful firewall and split-tunnel routing, company officials said.
The software and access points are all slated to be available early this summer, they said.