Wireless intrusion prevention systems: A buyer's guide
A collection of articles that takes you from defining technology needs to purchasing options
Mojo Networks' AirTight WIPS is an enterprise wireless intrusion prevention system product that monitors network activity involving wireless local area networks. The AirTight WIPS looks for any WLAN-based attacks, rogue wireless access points and other violations of the organization's WLAN and security policies. A WIPS not only can detect inappropriate activity, but it can also stop it from negatively affecting the organization's WLAN infrastructure, client devices and users -- thus preventing successful compromises and unauthorized access to the organization's sensitive data. Here is a closer look at the features and functionality of Mojo Networks' AirTight WIPS.
The Mojo AirTight WIPS uses a management server and physical sensors model. The management server is available through several means:
- Public cloud-based service
- Private cloud-based service
- In-house hardware appliance
- In-house virtualized appliance
In terms of physical sensors, Mojo Networks, which was formerly known as AirTight Networks, offers several wireless access points that come with built-in WIPS capabilities.
Attack discovery capabilities
The most basic WIPS attack discovery capabilities involve detecting rogue APs and rogue connections, including those from unauthorized WLAN client devices, and AirTight WIPS provides these capabilities. AirTight WIPS can also map the physical locations of WLAN devices, including rogue APs and client devices, to aid in pinpointing the location of attacks.
It is unclear, however, what other types of attacks AirTight WIPS can defend against. The information publicly available about AirTight WIPS does not state whether or not the product can detect denial-of-service attacks, man-in-the-middle and client impersonation attacks, and active authentication and encryption cracking attempts. Organizations interested in evaluating AirTight WIPS should check with AirTight Networks to get more information on its attack discovery capabilities.
Data collection and reporting capabilities
Mojo AirTight WIPS records basic information on WLAN events that it observes, and it can also log all the actions that the WIPS itself performs. However, no information is available as to whether or not the AirTight WIPS offers packet capture capabilities, which can be much more helpful than just logging simple event information when it comes to analyzing an attack session.
Going hand in hand with data collection capabilities is reporting on the collected data and the analysis of that data. Little information is available on AirTight WIPS' reporting capabilities; in fact, it is the only major WIPS product that does not promote its built-in support of reporting for at least one major regulatory compliance initiative. Organizations considering AirTight WIPS for their WIPS needs should carefully evaluate its reporting capabilities, particularly if the organization is subject to one or more compliance efforts.
Because Mojo AirTight WIPS' management capabilities are available through four different models (i.e., public cloud, private cloud, hardware appliance and virtual appliance) its licensing and costs will vary widely depending on the chosen model. In terms of its sensors, AirTight WIPS provides an "all inclusive" sensor pricing model. When a sensor is purchased, that price includes all the features that the sensors can provide. Through its cloud-based management models, Mojo Networks offers a no obligation 14-day trail of the AirTight WIPS capabilities.
The Mojo AirTight WIPS product offers basic WIPS capabilities for enterprises and is suitable for use by a wide variety of organizations. It has highly flexible management options, ranging from public and private cloud-based services to on-premises hardware and virtualized appliances, as well as several different sensor architectures.
Unfortunately, Mojo AirTight Networks does not provide a great deal of information about the features of its product, including its attack discovery, data collection and reporting capabilities. No WIPS product should be acquired without first gathering the full details of these capabilities, as well as a product's other characteristics. Organizations that are considering acquisition of the Mojo AirTight WIPS should seek out additional details from Mojo Networks, as well as perform their own evaluation of the product through the 14-day trial.
Part one of this series looks at wireless intrusion prevention systems in the enterprise
Part two of this series offers six enterprise use cases for WIPS
Part three of this series examines seven criteria for purchasing WIPS products
Part four of this series compares the best WIPS products in the market