Why AirTight WIPS?

Only WIPS Tested to the "IPS Protection Profile" for Common Criteria

NIAP has created a new Protection Profile (PP) to evaluate IPS systems.  This PP is distinctly different and more rigorous than the "WLAN PP".  Furthermore, the legacy and integrated WIDS/WIPS vendors  that claim Common Criteria certification do not make this distinction and have only been tested to the "WLAN PP", and not “WIPS PP

Off-Line Sensor Mode

The AirTight sensors included in our WIPS solution are "always on".  Even if the network connection is lost between the sensor and management appliance, the sensor will continue to enforce the last know policy and store event data indefinitely until the sensor connect is re-established.  Compare this to all other WIDS/WIPS products whose sensors will "sleep" after approximately 20 minutes of lost connection or when the buffers are full.  This is even more disturbing for the integrated AP/WIDS solutions because you can lose all event data showing the possible cause for the network failure.

Patented Marker Packet™ Technology

Our unique ability to create proof statements to verify access points are on your wired networks is the key to automated policy enforcement.  Various types of Marker Packets are sent across the network and our sensors can quickly and accurately identify what type of device, which VLAN it is connected to, and where it is located.   Unlike legacy WIPS who compare CAM table entries to MAC addresses seen in the air, the AirTight WIPS is not prone to false positives or false negatives.  These Marker Packets also allow AirTight WIPS to detect data leakage from bridging clients on the wired network.

Location Information from a Single Sensor

Our patented "Location Tracking Algorithm" provides the ability to obtain basic location information from a single sensor. This includes both access points and wireless client devices. Compare this to all other WIDS/WIPS vendors who require at least three sensors to detect a device before providing any location information. Our LT algorithm also provides the most accurate location tracking in the industry.

Geo-Fencing

AirTight WIPS can be used to define and protect geographic boundaries from wireless devices (SCIFs and other "No-Wi-Fi" environments). Sensors will trigger proximity alerts for Wi-Fi clients and access points that cross the configurable threshold. AirTight WIPS can re-classify and quarantine client devices and access points that trigger the alert.

Cellular Device Detection

This feature includes the capability to detect and report 3G, 4G LTE, GSM and CDMA voice and data communications activity. Applications include detection of network and printer eavesdropping devices that use cellular radios to transmit confidential information beyond the security perimeter and enforcing compliance with the Department of Defense and other Government agency "no-wireless" policies.

Live Packet Capture from any Sensor to the Admin Console

With just a few clicks of the mouse, the administrator can launch a full PCAP from any AirTight Sensor and stream it live to his/her console. The PCAP can be easily configured to capture just the data from the specific wireless device, or the channel, or rotate on all channels in a band, or all information available in both bands. The PCAP can be viewed, filtered and stored by WireShark or OmniPeak.

Sensor Cannot be Compromised and Repurposed as an Access Point

The AirTight C-10 sensor is a dedicated security device. It contains no ability to become an access point. If the sensor is physically compromised, it cannot become a Wi-Fi communications device. Compare this to all of the integrated solutions that use the same physical device for both AP and sensor functions. This is especially critical for "No-Wi-fi" environments where access points are not allowed.

Distributed Administration

The AirTight WIPS console provides the ability to designate specific location folders for specific administrators. This allows a local administrator to access information only in his/her area of operation (this includes alarms, alerts, and reports), while upper level administrators can access all locations as needed. There is no additional cost for multiple administrative accounts.

Enterprise Class WIPS

AirTight offers a Manager of Managers (MoM) solution for WIPS. The AirTight Manager will manage up to 25 WIPS appliance. This is available as an AirTight appliance and can manage up to 25,000 sensors from a single console.

Automated Policy Enforcement

The goal of AirTight WIPS is to enforce Wi-Fi and no-Wi-Fi policies without human action. This can only be achieved when the airspace around the protected area is understood. This means Wi-Fi devices are accurately detected and classified as authorized, guest, external or rogue devices. Once this is understood by the WIPS and policies are created, the WIPS can be configured to block any unauthorized associations, without harming neighboring networks.

Pre-defined DoD Compliance Report

AirTight WIPS provides a number of canned reports including compliance reports for various industries, including the DoD 8100.2. All reports can be scheduled and delivered as needed.

Enforcement of No-Wi-Fi Policies Across Large Enterprise Networks

Our patented Marker Packets allow AirTight WIPS to monitor up to 100 VLAN using a single sensor. This feature allows us to protect both authorized WLANs and the VLANS they are associated to, as well as the wired VLANS that need to remain "no-Wi-Fi". The WIPS actively protects these wired VLANS from rogue access points and bridging clients connected to these networks.

Integration with the Leading WLAN Vendors

AirTight WIPS integrates with the two largest WLAN vendors in the industry. AirTight WIPS pulls vital information from the WLAN controllers (authorized APs, 1x authenticated clients, and location tracking information) which allow AirTight to provide better security and more accurate location tracking than the integrated solution alone.

AirTight vs. Other WLAN/WIPS Solutions

Consider the following:

• Both the AirTight WIPS and legacy integrated solutions require a dedicated controller or management module
• For 24x7 monitoring, the integrated solutions must deploy dedicated sensors in addition to the access points required for WLAN capabilities
• AirTight WIPS is a dedicated enterprise security solution, while the integrated solutions offer security features as a subset to the WLAN product
• AirTight WIPS monitor and protects both the WLAN and wired enterprise network from wireless threats, while the integrated solutions focus mainly on protecting their WLANs. Their solution to protect the enterprise wired network is not emphasized and can be very costly.
• AirTight WIPS allows for WLAN flexibility and variety, while the integrated solution locks you into a WLAN solution. AirTight provides the ability for the security team to have a stable and secure solution regardless of which WLAN solution is selected by the networking team. AirTight WIPS can manage ANY and ALL types and brands of Access Points.
• AirTight WIPS provides accurate detection and classification, and automated and active policy enforcement, as compared to the integrated solutions that require human intervention to diagnose events and select a response.