implementing enterprise wireless security policy in the byod era
DESCRIPTION
BYOD opens your network to new risks and vulnerabilities. Tools to understand what is happening in your network, combined with the necessary actions to prevent misuse become a real MUST HAVE.Kappa Data is proud to announce its cooperation with Airtight Networks, one of Juniper Networks Technology Partners, today one of the only companies in the world that can definitively stop unapproved smartphones and tablets bypassing your security.TRANSCRIPT
IMPLEMENTING ENTERPRISE WIRELESS SECURITY POLICY IN THE “BRING YOUR OWN DEVICE” ERA
David KingChairman & CEO
© 2
012
AirT
ight
Net
wor
ks. A
ll rig
hts
rese
rved
.
Typical enterprise wireless security template
1. Secure enterprise WLAN• Authenticate users• Encrypt over-the-air data
2. Isolate Guest Wi-Fi
3. Wi-Fi endpoints• Secure remote enterprise access
4. Secure the enterprise airspace from unmanaged Wi-Fi
5. Manage risks from Bring Your Own Device (BYOD)
Featured case study
BYOD
Adapted from: Presentation by Billy Crowley and Kaustubh Phanse, RSA Europe 2010
Lesson #1: What does not work?
“Unapproved Wi-Fi devices not allowed” policy without enforcement
67 M
95 M
140 M
2010 Smartphones
2011 Smartphones
2011 Smartphones + Tablets
Source: Gartner
25%
61%
14%
38%
49%
10%
3%
AirTight Networks’ BYOD Survey Results
Source: 316 respondents, April 2012
How pervasive do you think is the use of personal smart devices in your enterprise?
How do you view the BYOD trend for your enterprise?
Lesson #2: WPA2/802.1x cannot stop BYOD
Lesson #3: Wireless security is more about managing the “unmanaged”
AirTight Networks’ BYOD Survey Results
11%
20%
69%16%
34%
50%
Do you see an increasing trend of employees bringing Rogue Wi-Fi APs?
Are you concerned about employees using mobile hotspots to bypass corporate policies?
Source: 316 respondents, April 2012
Lesson #4: Need an automated way to pinpoint the needle in the haystack
What are your choices?
• Mobile device management (MDM)• Network access control (NAC)• Wireless intrusion prevention system (WIPS)
MDM ≠ Network Security
What is the incentive to install MDM agents on personal devices?
Scope limited to “managed” devices that run MDM agent
No visibility into Rogue APs, Soft Rogues, Mobile Wi-Fi Hotspots
NAC ≠ Wireless Security
Cannot block Rogue APs, Soft Rogues, Mobile Wi-Fi Hotspots
Scope limited to BYOD on “managed” WLAN
Suffers from “blind spots” – unauthorized Wi-Fi devices connecting via authorized devices
Wireless intrusion prevention system (WIPS) provides 24/7 visibility and protection
AirTight’s patented automatic device classification and WIPS policy enforcement
With this in place, your network is protected from all types of wireless threats, vulnerabilities and attack tools!
External APs
Rogue APs (On Network)
Authorized APs
AP Classification
STOP
Client ClassificationPolicyMis-config
GO
STOP
IGNORE
DoS
External Clients
Authorized Clients
Rogue Clients
AUTOMATICALLY DETECT AND BLOCK RED PATHS!
AirTight’s patented WIPS engine provides most comprehensive protection from BYOD
Authorized APs
STOP
Authorized ClientsUsers
Block unapproved
devices!
GO
External APs
Mobile Hotspots
STOP
Lesson #5: Not all WIPS are created equal
Consult third-party experts and see for yourself
“…AirTight's methodology for classifying events avoids false alarms when identifying rogues.”
“AirTight is appropriate for buyers that are looking for an easy-to-deploy solution with minimal training/skill…”
“AirTight's drop-in SaaS package is affordable and was well-timed to PCI law fortifications that became important in 2009.”
First and only!
Visit Us !
www.airtightnetworks.com
The only WIPS solution rated Strong Positive by Gartner
BYOD-proof Secure Wi-Fi Managed from the Cloud
© 2012 AirTight Networks. All rights reserved.
IMPLEMENTING ENTERPRISE WIRELESS SECURITY POLICY IN THE “BRING YOUR OWN DEVICE” ERA
David KingChairman & CEO
© 2
012
AirT
ight
Net
wor
ks. A
ll rig
hts
rese
rved
.