AirDefense redesigns wireless intrusion software

Software updated with large enterprise wireless LANs in mind
  • John Cox (Network World)
  • 28 February, 2007 12:09

A new release of AirDefense's wireless intrusion prevention and detection software features a major user-interface redesign, big boost in speed, and greatly expanded reporting tool.

The changes in AirDefense Enterprise 7.2 were made with large enterprise wireless LANs in mind, according to executives at the Atlanta-based software company. With the new version, network administrators can better exploit data collected by the application to identify events, patterns and trends in wireless use.

"It's the biggest change I've seen made to the GUI and to [the application's] functionality," says Brian Brindle, senior network engineer at U.S.-based Carilion Clinic. The clinic uses AirDefense to monitor over 350 access points and 1,250 wireless users. "The first thing I noticed with the 7.2 release is its speed," Brindle says.

The software works with the AirDefense IDS/IPS appliance and radio frequency sensors, which let enterprises blanket a location with continuous RF monitoring.

A new Java-based GUI runs on Windows and Linux computers, in addition to AirDefense's previous Web interface. Also new is a System Setup Wizard that lets new administrators configure the IDS appliance with the most popular settings and options in just a few minutes, says David Thomas, AirDefense vice president of product strategy.

Carilion's Brindle says he worried that tying the GUI to a computer would be less convenient than the freedom of Web browser access. "However, after seeing the client in action, and how fast the screen populated, I was hooked," he says.

That new speediness is probably vital to making use of the expanded reporting features. Previously the software offered only a limited set of built-in, preformatted reports. Now, using a new report engine, network administrators can design and build their own reports, as well as modify preformatted ones. Users can work with about 300 data elements, select how they're filtered and sorted, and arrange tables and columns to display the results.

Brindle is already a fan, calling the new report builder "probably the best feature yet." He says the report builder lets him glean information about how wireless clients are behaving on the network, and then create new intrusion prevention rules based on that knowledge. "Information is power and we've got access to everything AirDefense knows about its monitored network," he says. What the software knows is collected in a proprietary flat file data store for optimal speed. The database can store 90 to 120 days of data on about 2,500 wireless devices, according to the vendor.

Other changes in the 7.2 release include:

* New algorithms and rules that automatically handle a variety of daily wireless activities; the software on its own can classify a new wireless device automatically, ignoring a distant access point in a neighbouring building, for example, while authorizing access to a device associating via 802.1x.

* New code to improve threat assessment by focusing on current, high-priority threats for immediate response, either at a given location or across the entire enterprise.

* An optional module, called AirDefense LiveRF Module, based on software licensed from Motorola's Wireless Valley acquisition and now integrated with AirDefense sensors; LiveRF lets administrators see and troubleshoot wireless connectivity and performance issues centrally.

AirDefense 7.2 is available now. Pricing is unchanged, starting at US$7,995 for software, appliance and five sensors, which is often enough to cover one building. The LiveRF module is priced at US$200 per sensor.