Cisco Blogs

Real Innovation in Wireless Security

September 12, 2012 - 0 Comments

A few weeks ago, Gartner released their MarketScope for Wireless LAN Intrusion Protection Systems. The paper is designed to provide an evaluation of the currently available WIPs solution and, as you might guess, Cisco is one of the featured vendors.1

I spent several weeks, working behind the scenes to provide customer references and content for Gartner. During that effort, I was struck by the level of innovation Cisco has introduced into wireless security. Real innovation that works in the real world. We not only offer two levels of wireless intrusion protection, we also deliver three ways to deploy those solutions.

Cisco’s backend intrusion detection and prevention is built into every Cisco wireless network deployment, providing always-on security and preventing wireless threats from connecting to the wired network. This level of security requires no licenses and no additional equipment. Pretty generous, I think and no doubt why more than 70 percent of Cisco WLAN customers use this WIPS capability.

Leveling up to Cisco Adaptive Wireless IPS provides security optimized for the wireless environment. Using the Cisco Mobility Services Engine, aWIPS is able to locate, identify, and mitigate over-the-air security threats—even if they’re only transmitting intermittently. Through the Mobility Services Engine’s location capabilities, aWIPS is able to discern whether intrusion signatures are multiple rogues or one rogue detected by multiple access points. That’ll eliminate a lot of nervous moments.

While these solutions provide a great range of capabilities, it’s the deployment models I really thought showed leadership.

The basic monitor mode uses one set of access points to provide wi-fi and a second set of access points to monitor for rogues and other threats. It’s a good solution for deployments that need full performance wi-fi and always-on, full-spectrum security. But, with twice the number of access points, this level of performance carries a price.

This is where most vendors stop. Not Cisco. We introduced an overlay technology called Enhanced Local Mode. In this deployment model, one set of access points provides wi-fi and security. Essentially, the access point toggles between the two functions. Wi-fi some times, security some times. This model is a great option if cost is the primary concern. Sure, you lose a little wi-fi and security performance but, for many applications, the result is more than enough. And the savings are worth it, especially if on-channel protection is the priority.

The third model—Shared Monitor Mode—uses our Aironet 3600 access points and a special, plug-in security module. Using this tandem, you can deploy a single set of access points and get full performance and security. No compromise in performance yet with half the access points—and their installation—of the monitor mode deployment.

Combine the two levels of security with the three deployment options and Cisco can provide the level of wireless security that fits any company’s performance and security needs, and budget. I think that’s the kind of innovation everyone likes. Innovation that works for them.

1              Access to the full report is available only to named Gartner seat-holders.  If you have a seat, you can download this report by entering G00226398 into the search field on the Gartner website.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.