Software Defined LAN Helps Stop Attacks at First Point of Contact
Aerohive Networks has detailed its Internet of Things (IoT) security solution for Wi-Fi and wired networks. Built on Aerohive’s Software Defined LAN (SD-LAN), Aerohive’s solution helps protect networks from attacks, such as the October 16th Mirai botnet DDoS attack, which recruited over a half-million devices in a coordinated strike that brought down a large swath of popular internet services, including Twitter, Spotify, Airbnb, Netflix and Reddit. Aerohive will be discussing Wi-Fi security on Facebook Live on November 3, 2016.
Aerohive’s SD-LAN addresses recent IoT attack vulnerabilities by putting security protection right at the point where IoT traffic first touches the network. This provides a first line of defense for businesses against IoT malware. Key capabilities of the solution include protecting wireless access networks with next-generation Software Defined Private Pre-Shared Key (PPSK) that restrict network access to specific known and authenticated devices, application visibility and control to evaluate what is really happening on the network, firewall enforcement based on deep packet inspection to strictly enforce traffic policies, and cloud management to enable immediate identification and response to an issue anywhere in the network.
News Facts
- The growth of IoT and proliferation of connected “things” offers exciting new opportunities. By 2020 there will be over 25 billion IoT devices accessing networks, with the vast majority leveraging wireless connectivity. This creates a new set of security risks at unprecedented scale. IoT devices connected to the network originate from thousands of manufacturers, typically with limited sophistication and little-to-no UI, making them harder to trust and secure. Compromised IoT devices, as demonstrated by the Mirai attack, can cripple even giant enterprises if breached. As IoT devices proliferate on business networks, Wi-Fi networks that they access can offer a first line of defense. Often static, with nobody to watch over them, the network must protect the IoT assets, and be protected from them at the same time. Organizations can use an adaptable, flexible and secure SD-LAN for increased access layer network security.
- Aerohive’s Software Defined Security is part of the SD-LAN architecture, offering enhanced access network visibility and control, centralized policy management, and increased protection, while reducing operational complexity:
- Secure IoT Authentication and Encryption – Each IoT device can now effectively have a unique password, allowing it to be uniquely identified and secured on the network. Aerohive accomplishes this using Software Defined Private Pre-Shared Key that unlocks the benefits of 802.1X secured networks, without the drawbacks of certificate overhead or specialized client configuration. Software Defined Private Pre-Shared Keys can be used for IoT devices that typically don’t even support 802.1X. Customers can create (and revoke) tens of thousands of unique keys for individual or groups of devices on the same SSID that can be managed and distributed via the cloud, mobile applications, or user self-registration.
- Granular Visibility and Control – Our deep packet inspection firewall at the access layer enables the upstream and downstream prioritization and isolation of IoT devices and applications as required, ensuring that compromised devices divulge no exposure into the wider network. It can also throttle the bandwidth of IoT applications, detect and block DDoS floods, quarantine threatening activity, and limit IoT device access.
- Context-Based Policies – Secure context-based access policies define which users, devices, and things can enter the network, then granularly controls what they can do once connected through role-based profiles and time-of-day and location-based access limits, VLAN containment, application rights, and bandwidth management.
- Centrally Managed Policy Enforcement – Create, deploy, and monitor secure access policies from any location with public and private cloud networking. SD-LAN’s cloud architecture reduces the complexity of managing and operating secure wired and wireless access networks. Cloud networking sets the balance between secure and simplified network access.
- “Like” the Aerohive Facebook page to join the upcoming Facebook live interactive event on Thursday, November 3rd at 9:30 a.m. PST, which will cover how Aerohive’s Software Defined security, part of the SD-LAN architecture, enables organizations to focus on the opportunity of IoT, while the network takes care of the threat.
Resources
- Aerohive’s Private Pre-Shared Key (PPSK)
- Aerohive’s Secure Mobility
- Most-Adaptable Wi-Fi for Connected Enterprises
- SD-LAN Solution
- IoT – Rise Against the Machines infographic
- Take back control of your network with SD-LAN infographic
- Wi-Fi Security: More Control, Less Complexity whitepaper
- Demo: How Aerohive Private Pre-Shared Key (PPSK) works
- RHA Health Services case study
- Prince George’s County Department of Parks and Recreation case study
- The College of Idaho case study
- Great Clips case study
Comments
“Utilizing Aerohive’s Software Defined PPSK technology for secure access by devices that do not have AD accounts has helped us tremendously in keeping our network secure,” said BJ Stahlin, senior WAN administrator, Ingram Entertainment Inc. “In contrast with WPA2/PSK, where a single password is shared by many devices on the same SSID, Aerohive’s PPSK can enable granular authentication with a unique password for each device.”
“IoT, with the proliferation of billions of relatively low-sophistication devices, increases the attack surface of the LAN like never before,” said Zeus Kerravala, principal analyst, ZK Research. “This requires strengthened network access controls, including real-time application control and visibility, IoT-supported, secure-authentication methods such as PPSK, granular device policy enforcement at the edge, and centralized reporting and monitoring tools. This should all be accomplished without introducing additional complexity for IT administrators.”
“Organizations need an IoT-security solution before their Wi-Fi-connected water cooler or some other thing calls Moscow,” said David Greene, chief marketing officer, Aerohive Networks. “Most networks today are too brittle to deal with the exponential growth of IoT. Aerohive’s SD-LAN solution brings adaptability and security to the network, building on our Wi-Fi access points, switches, and cloud management that is designed to protect the network from the inside and out.”
Safe Harbor Statement
This press release contains forward-looking statements, including statements regarding new Aerohive product and service offerings and statements regarding their expected performance, market receptiveness and competitive advantage. These forward-looking statements are based on current expectations and are subject to inherent uncertainties, risks and changes in circumstances that are difficult or impossible to predict. The actual outcomes and results may differ materially from those contemplated by these forward-looking statements as a result of these uncertainties, risk and changes in circumstances, including, but not limited to, risks and uncertainties related to: our ability to continue to attract, integrate, retain and train skilled personnel, general demand for wireless networking in the industry verticals targeted or demand for Aerohive products in particular, unpredictable and changing market conditions, risks associated with the deployment, performance and adoption of new products and services, risks associated with our growth, competitive pressures from existing and new companies, technological change, product development delays, our inability to protect Aerohive intellectual property or to predict or limit exposure to third party claims relating to its or Aerohive’s intellectual property, and general market, political, regulatory, economic and business conditions in the United States and internationally.
Additional risks and uncertainties that could affect Aerohive’s financial and operating results are included under the captions “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” in the Company’s recent annual report on Form 10-K and quarterly report on Form 10-Q. Aerohive’s SEC filings are available on the Investor Relations section of the Company’s website at http://ir.aerohive.com and on the SEC’s website at www.sec.gov. All forward-looking statements in this press release are based on information available to the Company as of the date hereof, and Aerohive Networks disclaims any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made, except as required by law.
About Aerohive Networks
Aerohive enables our customers to simply and confidently connect to the information, applications, and insights they need to thrive. Our simple, scalable, and secure platform delivers mobility without limitations. For our customers worldwide, every access point is a starting point. Aerohive was founded in 2006 and is headquartered in Milpitas, CA. For more information, please visit www.aerohive.com, call us at 408-510-6100, follow us on Twitter @Aerohive, subscribe to our blog http://boundless.aerohive.com/, or become a fan on our Facebook page.