This article can also be found in the Premium Editorial Download "Information Security magazine: Security Products Readers' Choice Awards 2007."
Download it now to read this article plus other related content.
GOLD | Cisco Wireless LAN Security Solution for Large Enterprise
Price: Starts at $10,000
Cisco Systems is known as a networking giant because of its dominance in the enterprise networking equipment
That's because it dominated the wireless security category in our annual reader survey, courtesy of its Cisco Wireless LAN Security Solution for Large Enterprise, formerly known as Wireless Security Suite. The name refers to a comprehensive set of wireless network security features in its wireless access points, switches, routers, appliances and client devices, which Cisco has combined in order to convince many of its longtime wired customers to relinquish their wireless security fears and implement over-the-air network infrastructures.
"The solution takes an integrated approach to delivering unified wired and wireless IPS/IDS, wireless device posture assessment and remediation, wireless host intrusion prevention and policy, and a comprehensive management framework for analysis and reporting," says Chris Kozup, manager of mobility solutions at Cisco. "The Cisco Wireless Security Solution is comprised of the Cisco Unified Wireless Network, the Cisco NAC Appliance, the Cisco ASA Firewall with IPS, the Cisco Security Agent and an integrated authentication framework using the Cisco Secure ACS RADIUS server and the Cisco Secure Services Client."
At the top of its feature list is support for the 802.11i WiFi security standard, which shored up weaknesses in earlier standards largely through the use of the stringent Advanced Encryption Standard (AES) or Temporal Key Integrity Protocol (TKIP) methods of wireless data encryption. Its 802.11i support also includes reliance on 802.1X-based mutual authentication and dynamic encryption key management, aiming to ease the administrative struggles that often come with static encryption keys.
As is often the case with Cisco gear, perhaps the product's most impressive feature is its integration with other Cisco technologies, such as its wireless mesh networking capabilities for securing access point-centric outdoor networks, integration with Cisco's Self-Defending Network threat mitigation offerings and the Network Admission Control endpoint security technologies.
Readers gave the product high marks for quality and ROI; Cisco support was also lauded.
SILVER | Check Point VPN-1 Edge Wireless
Price: Starts at $600
Check Point Software Technologies' VPN-1 Edge Wireless appliance is designed to extend wireless threat management capabilities to enterprise branch offices while being easy to manage. Readers gave it the silver medal.
When enabled with wireless security features, as is the case with its NGX model, the product supports a number of security protocols, such as 802.1X, IPsec over WLAN, RADIUS, WPA2/802.11i and WEP authentication, in addition to MAC address filtering. A recently added option can require users to authenticate to a RADIUS server, aiding proper identity and access management. Its integrated unified threat management (UTM), firewall, VPN, IPS and antivirus offer comprehensive protection for 802.11b and 802.11g wireless devices.
BRONZE | AirDefense Enterprise
Price: Starts at $7,995
Readers noted the AirDefense Enterprise wireless intrusion prevention and monitoring product's ability to detect intruders and mitigate attacks, as well as its access control capabilities, earning the product the bronze medal. The platform consists of distributed smart sensors and server appliances. Using many context-aware detection schemes, correlation and multidimensional detection engines, the product is able to detect attacks and anomalies originating from within or beyond the network with a low rate of false positives. It includes policy enforcement and compliance management features and analysis and reporting, plus it is centrally managed, supporting scalability across a large geographic area or a distributed implementation at numerous locations.
This was first published in April 2007