Comprehensive Intrusion Detection
Extreme AirDefense provides the most comprehensive detection of wireless intrusion attempts. By analyzing existing and day-zero threats in real-time against historical data, Extreme AirDefense is able to accurately detect all wireless attacks and anomalous behavior. With context-aware detection, correlation and multi-dimensional detection engines, AirDefense detects only meaningful security events and maintains the lowest rate of false positive alarms. This next-generation wireless protection platform offers the industry’s most extensive event library, with more than 200 security and performance events.
Wireless vulnerabilities detected include reconnaissance (ad hoc stations, rogue APs, open/misconfigured APs), sniffing (dictionary attacks, leaky APs, WEP/WPA/LEAP cracking), masquerade (MAC spoofing, evil twin attacks/Wi-Phishing attacks), insertion (man-in-the-middle attack, multicast/broadcast injection) and denial-of-service attacks (disassociation, duration field spoofing, RF jamming).
Extreme AirDefense allows administrators to easily distribute and process alarms in enterprise deployments:
- Customized alarm views, notifications and priorities
- Flexible querying and filtering
- Third-party integration
AirDefense responds automatically to wireless threats by stopping the device involved before it is able to cause damage to the network. By responding on both the wireless and wired networks, AirDefense is the industry’s most secure wireless intrusion prevention solution. AirDefense performs targeted terminations ensuring that only the correct intruders and rogue devices are disconnected. The system maintains a record of termination actions to allow for a reliable audit trail. AirDefense also complies with FCC regulations and eliminates the liability that could be associated with stopping a device wirelessly.
AirDefense can mitigate wireless threats via the air by disabling wireless connections between intruders and authorized devices. AirTermination is extremely precise ensuring that only the offending device is prohibited from operating.
AirDefense identifies the switch port to which offending devices are connected and turns it off thus preventing the rogue device from accessing the network.
Eliminate Rogues Connected to the Network
Rogue devices are a serious threat to enterprise security. A single rogue access point can allow an attacker to gain full access to the internal network. AirDefense can identify any rogue device and disable it automatically. Extreme Networks AirDefense identifies rogue devices and determines if they are connected to your internal network. By analyzing wireless traffic, AirDefense can determine the level of threat that a potential rogue poses to your organization. This allows administrators to ignore neighboring devices and focus only on the rogues that present a serious threat. This advanced analysis also ensures that neighboring wireless devices are not misclassified as a rogue. Accuracy is essential as less sophisticated Wireless IPS systems can easily disable a neighboring access point by mistake opening your organization to unwanted liability.
|Detect Rogue Devices|
• APs, laptops & specialty devices
• Ad-hoc networks & accidental associations
• Search wired networks for rogues
|Assess Threat Level|
• Prioritize based on threat level
• Identify rogues connected to the network
• Ignore neighboring networks
• In-depth analysis of rogue activity
• Who was connected to the rogue
• How much data transmitted
|Eliminate Rogue Threat|
• Automated & manual termination
• Wireless or wired termination
• Stop devices even when they roam
• Locate rogue devices in real time