Meru Security: Multiple Lines of Defense Against Wireless Threats

Perimeter Threat Defense

Some of the most intrusive and damaging attacks publicly known to have been perpetrated against wireless networks have not come from inside the building, but from outside: in the parking lot. The transition to wireless local area networks of mission-critical information – from billions of dollars of transactions daily to emergency room medical information to credit card and Social Security numbers – has attracted a new breed of attacker. "Wardrivers" snoop around the perimeter of the buildings of vulnerable organizations, looking for open or incompletely secured networks. Originally done for sport, or by people desperate for internet access, wardriving has been adopted by criminals and identity thieves to mount "parking lot attacks" against unwitting enterprises. Major retailers have already been subject to these attacks. Even large technology firms have not been able to avoid being targeted.

Meru Networks provides zero-day protection against these passive outdoor attacks through its unique RF physical security technology. By preventing wireless traffic from crossing the secure perimeter, it limits an attacker's ability to record data and analyze wireless networks. Protection is provided for legacy networks, clear or captive portal networks, secure networks using public credential passing and networks with undetected or unknown vulnerabilities.

Solution: RF Barrier™

Connection Threat Defense

Attackers must connect to the network if they want to go beyond passive listening. This is where protection of the connection comes in: preventing unwanted users from getting on to the network at all. Constant security scanning is required to detect illicit users and other threats. "Evil twins" masquerade as enterprise-sanctioned access points, attempting to trick unsuspecting users into connecting and exposing critical information. Rogue access points allow unauthorized connections into the heart of the corporate network.

Meru Networks provides a comprehensive solution for securing the connection from rogues, evil twins and takeover attempts. It supports industry-standard encryption and security technologies, including NIST-approved wireless security algorithms. Meru's wireless IPS and rogue prevention features lead the industry, with unique AirFirewall technology that can make unwanted networks disappear.

Solution: AirFirewall™ | Rogue Prevention | FIPS 140-2 Specified Encryption (AES) | Wireless Intrusion Prevention

Network Threat Defense

Once users have connected to a wireless network, the network must be able to protect itself against threats from insiders and outsiders alike. Policy enforcement must be integrated tightly into strong authentication and role-based partitioning of services. Without it, the network is unprotected from wayward users, as well as from theft of credentials or inadvertent exposure by unauthorized applications or malware.

Meru defends the network with a powerful array of role-based and application-based protection, all driven by central policy enforcement. This helps to avoid the threat of blended attacks, blocking or rate-limiting unwanted types of traffic even when encrypted..

Solution: Strong RADIUS Authentication | Per-User Policies and Role-based Access Control | Application and Signature Firewall

Remote Threat Defense

The greatest benefit of wireless access is mobility, but this can become its greatest risk once users stray beyond the enterprise boundaries. Away from the secure enterprise network, staff may be forced to connect though unknown hotel connections or using insecure home access points. Even if an employee's home network is thought to be secure, configuring clients to connect through multiple SSIDs consumes support time and increases the chance of accidental connections to an insecure network. Software VPNs are one solution, but they also increase the support burden while doing nothing for Wi-Fi phones and other devices.

Meru Networks eliminates the need for remote staff to use consumer-grade access points with inadequate security or insecure hotel Wi-Fi links.  Its Telecommuter AP acts just like an extension of the enterprise LAN, offering remote users all the same services and resources available within the office while allowing security managers to configure and enforce enterprise wide security policies centrally.  Instead of a disconnected island, the remote user is truly part of the enterprise network.

Solution: Telecommuter AP