As enterprise wireless networks have matured, effective threat detection and prevention have grown indispensable. But wireless networks are constantly changing in composition and location, requiring nimble defences that can rapidly recognise and prevent emerging threats.
Stefan Pracht, Area Vice President of Product Management, NETSCOUT, says, “Dynamic security updates have long been best practice in wired networks. To enable mission-critical wireless deployments while maintaining acceptable security posture, wireless intrusion prevention systems (WIPS) must follow suit, delivering a fast, flexible response to zero-day threats, without business disruption."
Pracht notes the differences between wired and wireless networks. He says, "Unlike their wired counterparts, wireless networks are highly dynamic, continually changing in client composition and location. A moving target such as this requires a nimble defence that can rapidly recognise and prevent new threats. But a static and increasingly stale Intrusion Prevention System (IPS) could leave an otherwise secure WLAN vulnerable to emerging attacks and exploits for quite a long time.”
Contemporary enterprise WLANs bear little resemblance to their predecessors. The days when wireless was a casual amenity in isolated areas such as conference rooms, or a point-solution used in warehouses or stores by purpose-built devices are long gone. Instead, wireless has become the dominant method of network access, expected to reliably and securely connect a plethora of business and consumer electronic devices, no matter who owns them or where they might roam throughout any kind of workplace.
Stefan Pracht adds, “This evolution from limited, casual use to mission-critical, ubiquitous adoption has raised the stakes with respect to performance, availability, and security. But other changes have made securing WLANs more difficult, including the consumerisation of IT."
As a result, Pracht says the “emerging wireless threats are more likely to focus on new devices, naïve users, and related mistakes, popping up when and where you least expect, at an ever-faster pace.”
To combat this, intrusion prevention is widely-recognised as an essential best practice for any business network, and each product employs unique methods. But, for any IPS, signatures are important for efficient, accurate operation. Signature detection is a first line of defence, reliably filtering out many recognised threats so that other methods can better focus on what's left.
However, without proper maintenance, this foundation can grow weak. Frequent, non-disruptive signature updates are required for an IPS to recognise new threats, variants, and exploits. This is why every wired IPS product has long-supported this capability.
Stefan Pracht says, “Surprisingly, the same cannot be said for wireless IPS. Historically, every WIPS has relied on static signatures, embedded in detection engines, updated by installing new software. With WIPS releases coming up to a year apart, Wi-Fi threat detection now lags behind protocol advances, threat research, and attack tools. To be truly effective against rapidly-evolving wireless threats, WIPS must become more agile. "
Pracht recommends that organisations look at solutions with Dynamic Threat Update (DTU) for complete detection and prevention of wireless threats, enforcing no-wireless zones and proving compliance.