Published: 09 Feb 2005
Price: Starts at $7,500
AirTight Networks' SpectraGuard is the first out-of-the-box wireless security solution to offer live RF coverage mapping and auto-classification of detected devices.
Gone are the days when security managers had to war-drive their own enterprise networks for rogue and misconfigured wireless access points or promiscuous clients. AirTight Networks' SpectraGuard has staked out a prominent place among wireless intrusion detection and prevention products, and is the first we've seen to offer live RF coverage mapping, a great feature for managing and monitoring WLANs and planning wireless deployments.
The power of SpectraGuard comes in its ability to detect and classify devices as authorized, external or rogue based on highly configurable, detailed security policies rather than the detection and blocking of specific attacks. The granularity and accuracy of its classification sharply reduces the number of false positives--the bane of IDSes, wired and wireless alike. The only gap is SpectraGuard's inability to classify APs using NAT, which must be manually configured.
- Highly granular device classification
- Impressive RF coverage
- Easy configuration/management
- Excellent planning tool
- Limited scalabilty
- No auto-generated reporting
SpectraGuard quarantines unauthorized clients and APs, but removal is manual. External devices that don't attempt to associate with your WLAN are detected but ignored. Network policy settings include authorized MACs, channels, SSIDs, encryption, protocols and even vendors. Creating and editing policies are simple; access point and client quarantine policies can be set globally or individually.
One sensor can monitor an office or small building, but multiple sensors are required for triangulating an offending device within a few yards. Each WLAN subnet requires a server, which limits scalability.
A well-designed Java console is the central setup and administration point for SpectraGuard. It features a wizard for the policy creation and sensor placement process. The interface features a comprehensive dashboard displaying all active wireless devices detected, administration functions and system events. Its inability to sort specific items is a bit irritating, though.
SpectraGuard's detailed reports cover the system, events, devices and location, and provide an overall system security scorecard. Reports can be accessed in HTML or exported as XML. SpectraGuard lacks automatic report generation and delivery--something that larger enterprises will miss.
SpectraGuard's well-designed RF propagation and planning tool gives it an edge over products that only offer a circular radius for determining coverage; this tool alone is worth the price. Its real-time RF coverage display shows dead spots using state-of-the-art RF propagation modeling. With either the location settings or the SpectraPlan plug-in (which costs an additional $2,500), users can import either .jpg or .gif layouts of the business' campus or floor plan to determine sensor placement for maximum protection. SpectraPlan's additional planning capabilities include RF sensor simulation prior to deployment--a big time-saver.
Though improved scalability and automated reporting would raise it to true large-enterprise caliber, SpectraGuard's powerful intrusion detection model, ease of management and striking RF coverage make it a genuine WLAN security competitor.
--Sandra Kay Miller