Archive

Archive for the ‘Compliance’ Category

Distributed Healthcare Needs Wi-Fi That Works at Scale

February 18th, 2014

The growth and adoption of mobile technologies is impacting businesses in multiple industries, and we can see strong evidence of this by looking at the healthcare industry. I just returned from the WLAN Professionals Conference in Austin, TX where I heard first-hand evidence of this in a presentation on Continuous Wireless for Medical Devices. A strong emphasis was placed on improving patient safety through the use of mobile technologies that enabled doctors, nurses, and assistants to effectively handle their ever-increasing workload.

A reliable, stable, cost-effective, and simple to manage WLAN is required that enables healthcare professionals without causing undue distraction from their primary objective to provide high-quality patient care. The question then becomes, “how can WLANs provide these qualities for distributed healthcare organizations?”

Cloud Architecture

Network stability and availability is of primary importance for healthcare professionals relying on mobile devices to provide patient care. What’s more, this network stability must be provided in a cost-effective and simple to manage manner. Rather than relying on expensive wireless LAN controllers that are complex to manage and represent a large risk to the organization as a single point of failure, AirTight has developed a mature cloud architecture over the past 7 years that simplifies the network and is resilient to outages – the network continues to function even if cloud access is disrupted.

AirTight's datacenter locations

AirTight’s datacenter locations

Centralized Management

Distributed healthcare organizations have hundreds or thousands of locations that all require Wi-Fi access. With traditional Wi-Fi solutions, this represents a massive amount of effort to stage, configure, deploy, and manage each site individually. Even with centralized management, most Wi-Fi solutions still fail to effectively deliver simplified network management for a large number of locations.

AirTight solves this problem with hierarchical location-based administration. This allows administrators to configure one policy that is inherited across all locations. If a subset of locations require a deviation from the central policy, it is simple to override the inheritance for only the settings that deviate while still adopting the remainder of the policy. Inheritance and configuration policy can be applied at any level of the location hierarchy, thus providing both the simplified management of a large number of locations while allowing for variations.

Automatic and Reliable Security

The increase of digital information requires solutions that secure patient data and privacy. Most Wi-Fi security solutions focus solely on protecting only the infrastructure, require tedious manual configuration and tuning, and result in error-prone detection and alarming that swamp the user with false alerts.

hipaa

AirTight solves these challenges with integrated wireless intrusion prevention (WIPS) that secures both the infrastructure and mobile devices from attack. Our industry leading wireless intrusion prevention system addresses the physical and technical safeguards defined for protecting Electronic Protected Health Information (EPHI), preventing unauthorized wireless access to online medical records as well as securing the network from wireless security breaches. AirTight wireless security solutions stop wireless threats in their tracks, protect patient privacy and ease the IT burden for maintaining a robust wireless network. AirTight automatically detects, classifies, and remediates wireless threats to protect patient confidentiality, ensuring a robust wireless infrastructure that is performing well and meets HIPAA compliance. (See also our earlier post: Wi-Fi and HIPAA – A Tricky Combination).

Healthcare organizations require a WLAN that enables staff to provide high-quality patient care in a cost-effective, scalable, and highly secure manner. Be sure to visit the AirTight booth at HIMSS to find out more about our solutions for distributed healthcare.

Compliance, Healthcare, WiFi Access ,

Healthcare, Wi-Fi and HIPAA – A Tricky Combination

February 12th, 2014

What a great start to year on the industry events front – we started with NRF in January, looking forward to HIMSS and our ACTS event in February, and MURTEC in March. In NRF, high points of discussion were around Social Wi-Fi and analytics. That said, topics of security and PCI compliance were also high on the agenda prompted by the Target credit card breach that occurred just before NRF. I expect to there will be a lot of security discussions at HIMSS too.

Healthcare, Wi-Fi and HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996. It is enforced by the Department of Health and Human Services (HHS), and implemented by regulations of 45 CFR. Among other provisions it has rules mandating that healthcare organizations safeguard the privacy and security of patient health information. These privacy rules apply to patient information in all forms and the security rules apply to patient information in electronic form called as Electronic Protected Health Information (EPHI). EPHI is any patient information transmitted over a network and stored on a computer.

HIPAA states privacy and security guidelines at high level. They do not require specific technology solutions, but are clear that reasonable and appropriate security measures must be implemented. For example, Section 164.312 has clauses requiring technical policies and procedures to allow access to EPHI only to authorized persons or software programs, to prevent improper alteration or destruction of EPHI and to protect health information transmitted over electronic communication network. Section 164.308 requires among other things identifying, responding, mitigating and documenting suspected or known security incidents.

AirTight WIPS

Protection from vulnerabilities for wireless access layer

What does all this mean to Wi-Fi? Today, healthcare is seeing a flood of wireless enabled devices in day to day operation.  Hospitals are increasingly providing Wi-Fi for doctors to access medical records and VoIP for staff communication. Healthcare facilities are increasingly using Wi-Fi-enabled medical devices. This makes Wi-Fi a dominant EPHI access layer in the healthcare environment. Hence, Wi-Fi security controls built into access points (APs) and covered by intrusion prevention system (WIPS) become relevant to satisfy HIPAA security rules as applied to the access to EPHI over Wi-Fi. For example, just as it is important to enforce strong authentication and encryption on managed APs and to control BYOD, it is important to ensure that unmanaged rogue APs do not open holes into healthcare networks that store and transmit EPHI or to ensure that doctors’ tablets do not connect to Evil Twins or neighborhood APs. Comprehensive reporting and forensic capabilities are also required to satisfy the auditing requirements of HIPAA.

How our customers are addressing security and compliance for EPHI

Over last many years, we have worked with several healthcare organizations to satisfy HIPAA requirements pertaining to Wi-Fi using AirTight’s overlay WIPS and using AirTight’s software configured access point/WIPS combos. Below are some examples.

  • Overlay WIPS in large hospital complex – Maine Medical Center (MMC) is 10-building, 68-floor, 2-million square feet healthcare complex in Portland, Maine. As an early adopter of Wi-Fi technology in healthcare information systems, the MMC has large deployment of Cisco WLC Wi-Fi. However, MMC is also security conscious and performed deep down analysis of security offered by various wireless security solutions. MMC chose to overlay AirTight WIPS on top of Cisco WLC.

AirTight has integration APIs for an easy overlay on Cisco WLC Wi-Fi. Moreover, AirTight WIPS comes out to be more cost efficient from both Capex (as it does not require controllers and MSE) and Opex perspective (due to freedom from false alarms and configuration overhead) than Cisco wireless security.

  • Access Points/WIPS for distributed clinics – CHS Health Services operates onsite clinics delivering full-service solutions for a broad spectrum of industries. Due to highly distributed nature, CHS is concerned about security as well as management of it Wi-Fi infrastructure. Faced with those challenges, AirTight cloud managed Wi-Fi which has WIPS built into it at no extra cost fit the bill. In addition, AirTight’s software configurable dual radio APs provide CHS the flexibility of choosing the right balance of access and security scanning radios to fit nature of each facility.

Overall, Wi-Fi can contribute greatly to enhance the quality of healthcare by providing easy access to information and mobility of healthcare staff. With Wi-Fi however comes risk of new and evolving security threats and compliance violations. As a result, choosing right security solution becomes imperative to be able to reap full benefits of Wi-Fi for the betterment of patient care! Visit AirTight booth at HIMSS to find out more.

Compliance, Healthcare, WiFi Access

Will Target Breach Prompt Retailers to Raise the Security Bar?

January 8th, 2014

Did 2013 have to end with the somber news of a big credit card security breach? But it did! It is reported that 40 million credit cards were compromised in the security breach in stores of a major U.S. retailer Target. This is only a shade second to the earlier TJX breach in which 45 million credit cards were compromised. (After this blog was published, it was reported that the number of affected accounts in the Target breach is as high as 110 million, which would make it more that double the TJX breach!)

After any breach, and surely after the breach of such dimension, discussion on the data security issues at the retailers escalates. Earlier, the TJX breach resulted in stricter wireless PCI (Payment Card Industry) compliance requirements. The current Target breach can also trigger tightening of the compliance requirements. This breach may also prompt IT, security and compliance managers at major retailers to take a hard look at the information security aspects of the various technologies that they have deployed. Add to it the fact that retailers are aggressively deploying mobile and wireless technologies like POS, kiosks and tablets in stores. What are some of the core issues they should be looking at?

Don’t be content with “compliance”, demand “security”!

Retailers in these types of breaches often pass the security audits like PCI with flying colors. That exposes the harsh reality that security is distinct from compliance. 2014 is the year of the world cup soccer (football). So let us use soccer analogy to understand this distinction.

Compliance vs security, wireless PCIWhen you are defending a free kick in soccer, you make a wall and your goalkeeper is on alert to block the ball that could go through or around the wall. No soccer team would be comfortable with a sole reliance on the wall and allowing the goalkeeper a break during the free kick. The wall is like “compliance” – it’s one line of defense.

Retailers work hard to get check marks from auditors on their PCI compliance. Vendor marketing does a good job of selling features that help get those coveted check marks. Compliance does help improve the security posture, but is it adequate? Every now and then, this line of defense is breached and if the goalkeeper isn’t standing behind the wall, you are toast! However, if you demand security in addition to the compliance check marks, you can build that inner line of defense.

How will you know if you have the inner line of defense or not?

That is a hard question. One way to answer it is that whether you have it or not depends on the compliance solution you have chosen. If you are using a solution which has compliance reporting bolted on to meet the compliance standard in letter, you probably lack the inner line of defense. On the other hand, if your solution offers PCI compliance as a natural outcome of the strong security fundamentals, you automatically get the inner line of defense.

I can testify to this dichotomy from my experiences with the wireless PCI compliance standard and solutions that are touted to facilitate meeting that standard. Many Wi-Fi vendors have come up with bolt-on WIPS (Wireless Intrusion Prevention System) features with check mark PCI reporting. The real question to ask is: While these systems generate PCI reports in letter and may please your auditor, will they pass the security scrutiny in spirit? So, what are some of the questions you should be asking when scrutinizing the wireless PCI solution to ensure that you are getting the security in addition to the compliance?

  • How much of the security information that the PCI report contains is based on actual scanning of the environment? I have seen many PCI reports based mostly or even entirely on the Q&A type documentation or PASS/FAIL check marks merely based on what feature configuration in enabled in the system. That is fail on security.
  • Is threat scanning 24×7 or is it only occasional spot scanning? PCI does not require 24×7 scanning. It only requires quarterly scanning, but didn’t we just say that we are not interested in mere PCI check marks, we want security. Notably, entire Target breach occurred only over 3 weeks – that is much smaller period than a quarter!
  • Does the scan merely throw raw data at you or does it filter out genuine threats so you can actually act to mitigate them? All too often, I have seen wireless PCI reports simply document all APs seen across all locations to satisfy the so called rogue AP scanning requirement. So, if the report shows 10,000 APs found in of the scan of 100 remote retail locations or 100,000 APs found across 1000 remote retail locations, how in the world are you going to distinguish threat posing APs from this list? If you can’t, this report will meet the PCI clause in letter, but fail miserably on improving the security posture.
  • Is the solution capable of detecting all types of vulnerabilities? For example, can it identify various types of rogue APs? If it only can identify a few types of rogues (such as rogues with correlation between their wired and wireless MAC addresses – so called MAC adjacency), how can you trust that report since there could be unidentified rogue APs connected to your CDE (Cardholder Data Environment) among the large number of APs detected during the scan?
  • Is the solution capable of automatically containing the identified vulnerabilities? Although automatic mitigation is not a PCI requirement, in large nationwide deployments, automatic containment is a requirement for security. Automatic containment reduces the window of vulnerability. Moreover, automatic containment has to occur without  false alarms which can disrupt your  and neighbors’ legitimate operations.
  • Is the solution certified against security standards other than PCI? Again, this is not a PCI requirement, but it meets the litmus test of strong security fundamentals of the solution.
  • Is the solution capable of full security operation at the store level without critical dependence on WAN links?

Does security have to cost more than compliance?

Again, the answer depends on the compliance solution you have chosen. If the solution has PCI compliance reporting bolted on to check against clauses in the standard, you will probably have to add security on top of it, paying considerably more from a total cost of ownership perspective or continue to carry the risk of a breach. On the other hand, if the solution offers PCI compliance as a natural outcome of the strong security fundamentals, you can get security without the extra effort or cost.

With Airtight, there isn’t a chasm between compliance and security

AirTight provides a wireless PCI compliance solution that also meets the critical security criteria. Central to AirTight’s solution is its best in class wireless intrusion prevention engine, the only one today to earn the highest industry ranking. It excels both in the depth of security and the ease of use at the same time – due to core innovations and patented technology. So with this PCI solution, retailers can enjoy the same level of security that financials, governments and defense organizations demand without the additional complexity and cost.

In order to simplify the deployment and management across 100’s or across 100’000’s locations, AirTight provides cloud managed PCI solution with its plug & play APs/scanners in stores and centralized management console in the cloud. In fact, it was the first to launch such a solution when wireless scanning was added in the PCI standard after the TJX breach in the past.

24×7 wireless PCI scanning and WIPS are an intrinsic part of AirTight’s Secure Wi-Fi offering and is provided at no extra licensing cost. It also offers pure OPEX pricing model for its solution to further alleviate the cost burden. Moreover, retailers can also leverage AirTight’s social Wi-Fi and business analytics built into its retail Wi-Fi offering to increase brand following, recruit into brand loyalty programs and offer secure guest Wi-Fi services in stores. It can’t get better than that!

Wishing you a happy and SECURE 2014!

Upcoming events

Meet AirTight at NRF14 on Jan 13-14 and at ACTS event on Jan 15.

Tune in to AirTight’s technology sessions at WFD6.

 

Best practices, Compliance, PCI, Retail, Wireless security , , , , , , , ,

Going Beyond the Checkmark: All Things PCI

June 27th, 2013

Airtight automated PCI compliance reporting

|

AirTight’s compliance with the PCI Data Security Standards (DSS) continues to be at the heart of our initiatives to secure the retail environment. We remain focused on enhancing and going beyond the standards, which has been our mission since day one.

Lately we’ve been upping our PCI activities. Check out our latest thinking and developments now and upcoming :

 

Resources:

|

8 Steps to Secure Retail Wi-Fi | AirTight INFOGRAPHIC
8 Steps to Secure Retail Wi-Fi | AirTight INFOGRAPHIC

AirTightPCI Infographic

|

Get a quick snapshot of the 8 critical factors that must be addressed to secure, scale and manage your retail Wi-Fi locations.  View the AirTightPCI Infographic.

|

AirTightPCI Audio ebook

Listen to AirTightPCI ebook

Listen to AirTightPCI ebook

|

Satisfying your PCI compliance and data security requirements is complex enough, but adding wireless vulnerability scanning and remediation shouldn’t add any more effort or expense. Here are 8 considerations for choosing your wireless PCI compliance solution.

|

Listen to the AirTightPCI audio ebook - the companion piece to the  infogrpahic.

|

AirTight PCI Customer Success Stories

|

Read PCI customer success stories:  Pinkberry, Garden Fresh and Noodles & Company

|

July 2nd 2013: PCI London

|

PCILondon mapAirTight is proud to be a Networking Sponsor at this year’s PCI London event on July 2, 2013.  The agenda is to provide strategic and technical advice regarding PCI implementation and examples of best practices and practical case studies. Attendees will include key stakeholders and decision makers who are responsible for securing payments systems, protecting cardholder data and meeting PCI DSS compliance requirements within merchants, acquiring banks and payments service providers.

|

Simon Hollister ( @SimonLHollister ) will be on hand at the show with our UK partner Selcoms. You can set up time to meet with Simon beforehand: Simon.Hollister@airtightnetworks.com

 

Follow us on Twitter  @AirTight  #PCILondon

|

September 24-26, 2013:  PCI North American Community Meeting

|

PCI Security Standards Council September 24-26, 2013

Mandalay Bay Convention Center

Las Vegas, Nevada

 

2013 is a release year

2013 is a release year

|

The PCI Council, formed in September, 2006 to manage the evolution of the PCI Data Security Standard, will be holding its Annual Community Meeting in Las Vegas from 24-26, September. The meeting will focus on updates to the core PCI Standards, PCI DSS and PTS – DSS.

More than 1200 participants are expected to attend.  The Keynote Address, The Struggle for Control of the Internet, by Misha Glenny, Journalist and Author, will include unique footage and recordings from inside the world of cybercrime as well as exclusive material from governments and intelligence agencies as to the real nature of the threats.

Jack Torgow, AirTight VP of Sales, and Anthony Paladino, AirTight VP of Product Management, will both be on hand to meet with customers and prospects. To set up time with either of them beforehand, you can reach them at:  Jack.Torgow@airtightnetworks.com  and anthony.paladino@airtightnetworks.com

 

|

Is Your Wireless Safe?  by AirTight CTO Pravin Bhagwat,  via QSRmagazine

|

AirTight Appoints Kevin S. McCauley Director, Retail Market Development

 

AirTight is thrilled to announce the hiring of Kevin S. McCauley as Director, Retail Market Development. McCauley joins AirTight from Yum! Brands, Inc. the world’s largest fast-food restaurant company, licensing and operating well-known global brands such as KFC™, Taco Bell®, and Pizza Hut®. As Manager of IT Infrastructure for restaurant network engineering and data center services and facilities, McCauley was responsible for more than 17,000 domestic store locations and led their Future Store Network Architecture and Platform initiative for eliminating network outages, increasing security, and adding new capabilities, such as guest Wi-Fi services at retail operations.

AirTight PCI = sleep assurance

AirTight PCI = sleep assurance

McCauley will use his deep knowledge of retail IT operations to help AirTight develop richer and broader relationships with its growing roster of retail market clients and the channel partners and network providers who serve them.

Along with his market development duties, McCauley will be helping AirTight scale its global operations as it prepares for growth. “I have often been asked, ‘how do you sleep at night knowing you have 17,000 locations to take care of,” reflected McCauley. “I figure if I can do a hundred, I can do a thousand. If I can do a thousand, I can do five thousand, and so on. It’s all about building repeatable processes and managing things to core accountabilities. So, from an ops standpoint, I guess you could say I have some experience in this area.”

McCauley reports to David King, Chairman and CEO of AirTight Networks.

|

 

Go beyond a “checkmark”

|

AirTight WIPS goes beyond the PCI compliance “checkmark” to ensure that your sensitive payment card data is secure from wireless secure breaches. AirTight automates PCI wireless compliance scanning and reporting of rogue APs and other wireless threats that can put your data at risk. Automated threat containment ensures your network and data are secure at all times.

AirTight’s PCI scanning and remediation services offer a radically less expensive alternative to any competitive solution available today. Walking around with a wireless analyzer for conducting scans is a time-consuming process, limited in scope, cannot scale for large premises and is costly if multiple sites have to be scanned.

AirTight Cloud Services is a convenient, comprehensive, and effective solution for protecting sensitive payment card data and maintaining a strong PCI compliance posture.

  • Automated 24×7 intrusion detection and rogue AP scanning
  • Ability to maintain an up-to-date wireless device inventory (recommended by the PCI SSC)
  • Automatic blocking of Rogue APs and other wireless threats or hack attacks
  • Wireless threat and compliance violation alerts via email
  • Location tracking capability to physically hunt down Rogue and other threat posing wireless devices
  • Scheduled and on-demand PCI report generation and delivery to your inbox

 

|

802.11n, Best practices, Compliance, PCI, WiFi Access

Customer Success Stories: Pinkberry, Garden Fresh and Noodles & Company

May 28th, 2013

How much should you care about the CMO? 

|

A lot according to IDC.  By 2016, 80% of new IT investments will directly involve line-of-business executives (Source: IDC Directions 2013).

Similarly, Gartner predicts that by 2017 the marketing arm of businesses will control more of the IT spend than IT organizations at those companies

We’ve certainly noticed this shift.  In this blog post, we highlight three customer success stories where this dynamic came into play and how we were able to effectively collaborate across the different lines-of-business.

 

Pinkberry

|

The premium yogurt retailer headquartered in Los Angeles, CA.  With more than 225 stores worldwide, Pinkberry calls itself “the original brand that reinvented the frozen yogurt category with its tart, light and refreshing taste.”  Pinkberry is dedicated to allowing “people to experience new ways to enjoy yogurt in their daily routines by providing a place to refresh everyone with the goodness of yogurt – both a nutritious and delicious food that taste as good as it is for you.”  Stamped by The National Yogurt Association seal, Pinkberry froyo is OU Kosher certified and made with real milk and yogurt.

Pinkberry serves up WiFi guest services with a side of rewards

Pinkberry serves up WiFi guest services with a side of rewards

|

|Business Drivers

  • Pinkcard customer loyalty program and mobile app
  • Improve customer experience
  • Increase in repeat customer visits

 

 

Pinkberry Mobile App | Pinkcard loyalty program|

Challenges

|

Deploying Wi-Fi guest access in stores in a secure manner that satisfied Payment Card Industry (PCI) security standards, was affordable and required minimal operational effort. Driving the Wi-Fi deployment was the launch of The Pinkcard, Pinkberry’s new loyalty program and mobile app; as well as requests from store customers and owners for Wi-Fi access services.

|

Solution

AirTight Cloud Services™, which combine AirTight Wi-Fi™ for access with wireless intrusion prevention (WIPS) and PCI compliance scanning and reporting.

|

Benefits

  • Swift rollout of Wi-Fi without the need to add any IT staff
  • Success of the Pinkcard program beyond expectations
  • IT and Marketing collaborative effort
  • Built-in automated security simplified PCI compliance

|

Airtight automated PCI compliance reporting

|

|

“The PCI component was a serious consideration. We looked at several companies. A lot of them were pretty expensive solutions with only rudimentary security capabilities that didn’t guarantee PCI compliance beyond a checkmark,” explains Tony DiCenzo, senior vice president of IT at Pinkberry.

 

 

 

Read the Pinkberry case study

Find Pinkberry on the web, get rewards, and socialize on Twitter and Facebook

|

|

Garden Fresh Restaurant Corporation

|

Bundled AirTight Wi-Fi and WIPS solution opens the doors to new applications while allowing the restaurant chain to achieve Level-1 PCI compliance.

Bundled AirTight Wi-Fi and WIPS solution opens the doors to new applications while allowing the restaurant chain to achieve Level-1 PCI compliance.

|

Garden Fresh Restaurant Corp. owns and operates over 130 restaurants across 15 states, under five brands: Souplantation, Sweet Tomatoes, Souplantation Express, Sweet Tomatoes Express and the newly introduced Field Kitchen. Its restaurants are widely recognized for their made-from-scratch menu and a wide assortment of fresh salads, fruits, and bakery and more in its all-you-can-eat buffet. The company is headquartered in San Diego, CA.

|

|

Challenges

  • Reliable and secure in-store Wi-Fi access to improve employee work experience
  • Enable new applications for improved business efficiency
  • Automated wireless security across distributed locations for Level-1 PCI compliance
Fully Configurable HTML5 UI Meets Individual Business Needs from SMB to Large Enterprises and Carrier-scale Installations

Fully Configurable HTML5 UI Meets Individual Business Needs from SMB to Large Enterprises and Carrier-scale Installations

|

Solution

AirTight Cloud Services™, which combine AirTight Wi-Fi™ for access with wireless intrusion prevention (WIPS) and PCI compliance scanning.

|

Benefits

  • Store managers and district officers can work from anywhere in the store
  • Flexibility to implement new applications over Wi-Fi in the future
  • Built-in wireless security and reporting simplified PCI compliance

|

 

|

“The Web interface is so easy to set up and intuitive with very good descriptions on every screen. One can start to use it in 20 minutes. It’s powerful and simple!” explains Gerry Shukert, Director of IT Systems Development, Garden Fresh Restaurant Corp.

|

Read the Garden Fresh case study

Find Garden Fresh on the web, get rewards, and socialize on Twitter and Facebook

|

|

Noodles and Company

 

AirTight’s cloud-managed “3-in-1” solution brings dramatic cost-savings and reduction in IT support load.

AirTight’s cloud-managed “3-in-1” solution brings dramatic cost-savings and reduction in IT support load.

|

|

A chain of over 300 fast casual restaurants across the US specializing in healthy, fresh and flavorful food from around the world served conveniently fast. The company is headquartered in Broomfield, CO.

|

|

|

Challenges

Reliable Wi-Fi access combined with thorough and automated wireless monitoring and security for PCI compliance were the incumbent needs. The solution had to simplify centralized management of distributed locations and provide the flexibility to expand Wi-Fi access to more stores or to support more applications in the future in a cost-effective manner.

|

Solution

AirTight Cloud Services™, which combine AirTight Wi-Fi™ for access with wireless intrusion prevention (WIPS) and PCI compliance scanning.

 

Airtight = drop ship plug and playBenefits

  • Significant cost savings
  • Reliable Wi-Fi performance
  • Easy to manage hundreds of sites with scarce IT staff
  • Integrated WIPS capability and simplified PCI compliance

 

|

“I’m a fan of a situation where I don’t like to negotiate with a vendor over and over. Our process with AirTight was very straightforward and quick. We did not have to negotiate and I was extremely happy with the features and functionality of AirTight at that price point. It was a win-win situation.”

“Even with the internal antennas, the signal coverage is great throughout the restaurant, all the way from across the manager’s desk through the kitchen all the way to the front parking lot.”

– Corey Kline, Director of IT, Noodles & Company

 

Read the Noodles and Company case study

Find Noodles and Company on the web, get rewards, and socialize on Twitter and Facebook

 

Additional information

 

802.11ac, 802.11n, Compliance, mobile device management, PCI, WiFi Access, Wireless security , , , , , , ,

Don’t let BYOD turn into “BYOR” in your network

February 27th, 2012

BYOD (Bring Your Own Device) seems to be the dominant theme for 2012 in the Wi-Fi infrastructure and security space. As people increasingly bring in personal smartphone devices on the enterprise premises, the network/security administrators are grappling with the security implications. Given how engaging the new smartphone and tablet apps are, conflict arises between the users’ desire and the network/security administrators’ intentions. You need to ensure that this conflict does not turn BYOD into BYOR (Bring Your Own Rogue AP)! Read more…

802.11n, Best practices, Compliance, smartphones, Wireless gadgets, Wireless security , , , ,

AirTight SpectraGuard Products Achieve FIPS 140-2 and DISA UC APL Certification

December 16th, 2011

This month, AirTight Networks’ flagship product, SpectraGuard® Enterprise, achieved FIPS 140-2 validation from the National Institute of Standards and Technology (NIST) of the United States and the Communications Security Establishment of Canada (CSEC).

 These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use government-wide. NIST develops FIPS when there are compelling Federal government requirements such as for security and interoperability and there are no acceptable industry standards or solutions. See background information for more details.

Simultaneously, AirTight’s SpectraGuard Server passed TIC tests for inclusion on the DISA UC APL. The DISA UC APL is the single consolidate list of products that have completed interoperability (IO) and information assurance (IA) certification. Use of the DoD UC APL allows DoD Components to purchase and operate UC systems over all DoD network infrastructures.

AirTight’s products are deployed worldwide in many of the most security sensitive United States government and defense organizations to assure security and compliance with requirements such as DoD 8420.01, FISMA and guidelines from the National Institute of Standards and Technology (NIST). Because AirTight products are always kept up-to-date with certifications such as FIPS 140-2, Common Criteria and DISA; government and defense agencies can take advantage of the powerful wireless security technology provided by AirTight.

802.11n, Compliance, DISA UC APL, Federal Government, FIPS 140-2, Wireless security, WLAN networks , , , , ,

Aberdeen Wireless LAN Report Tracks Impact of Smart Devices

May 20th, 2011

A special Aberdeen Group report titled, “Wireless LAN 2011: Readying the Invisible Network for the Smart Revolution is the first industry study to track the impact of the rapid rise of smart devices on the WLAN.

The proliferation of embedded WiFi devices – smartphones, tablets, and Machine-to-Machine sensors (M2M) – and the explosion of wireless activity in and around the enterprise make maintaining a good security posture and meeting regulatory compliance requirements more challenging than ever.

According to Andrew Borg, senior research analyst, Wireless & Mobility for Aberdeen, and the report’s author, “A network is suboptimal unless network performance and security are both addressed. It isn’t enterprise class if it isn’t secure. As a consequence top-performing organizations are consistent in considering network security a high priority.”

This report is available immediately at no cost, courtesy of AirTight Networks.

Best practices, Compliance, mobile device management, smartphones, Wireless scanning, Wireless security, WLAN networks

Are Smartphones the New Platform for “Mobile Hacktivism”

May 9th, 2011

There’s been a lot of news in recent weeks surrounding the Sony PlayStation Network breaches.  One of the questions that I have received multiple times since this started is whether or not this was a wireless breach or if wireless was  in any way part of the Sony vulnerability.

From what we understand, no.  It sounds like web servers were compromised.  But could these types of attacks happen over Wi-Fi?  You bet.

“Hacktivists” essentially volunteer to participate in these coordinated attacks. The tools used are often easy to use and freely available.  They just need people willing to join the cause to create the distributed denial of service.   Firewalls are supposed to keep the “bad guys” out, but there is nothing stopping anyone from putting these same tools on a smartphone and carrying out these same attacks from INSIDE an organization, not just remotely from the Internet.

These same techniques used against Sony, MasterCard, and Visa as well as the type of attack that breached TJX can now be launched from personal smart devices (Iphones, Ipads, Androids, etc.) inside your network.   In fact, Gopinath K.N., Director of Engineering at AirTight Networks has demonstrated just this type of scenario at various security conferences and on-line presentations.  See his demo here.

Additionally, smartphone malware can be distributed in the form of an application easily downloaded from the Internet (think of all the gaming and social media apps available for iPhones and Androids). Its really no different than how PCs become infected with worms, viruses and malware by visiting untrusted sites and downloading insecure applications.

Once the malware is installed, if that compromised smart device attaches to the corporate network, the malware can be used to launch a stealthy attack from inside the corporate network – with or without the knowledge or consent of the smart device owner .  Sensitive data could even be sent off-site via the device’s own Wi-Fi or 3G radio.

Considering that smart devices and tablets now outnumber PCs in new sales, this may not be so far fetched.  A major difference between PC security and smart devices is that the tools to detect and defend PCs from these vulnerabilities is significantly more mature and widely deployed then smartphone security in practice today.  Organizations need to determine whether or not unauthorized smartphones are allowed to attach to their Wi-Fi  networks (guest and corporate), and how they will enforce wireless security policies to keep themselves secure.

Best practices, Compliance, mobile device management, PCI, smartphones, Wireless security

SMBs, WEP still a target for War Drivers

May 9th, 2011

After the TJX breach, the PCI security council strengthened their wireless security standard in an attempt to prevent such catastrophic incidents from reoccurring.  While some of the largest retailers strengthened their wireless security, small and medium businesses need to take a look at their own security practices because they are just as susceptible, maybe more.  In its annual Data Breach Investigations Report earlier this week, Verizon said “criminals are increasingly hitting smaller businesses as it becomes harder to steal financial data from big companies.”

War-driving is still more common than most people probably think, but the number of incidents reported by small and medium businesses is very low.  In most cases, WEP encryption is still the target.  In a recent Network World article reported that Seattle police are investigating a group of criminals attacking local businesses via Wi-Fi access points encrypted with the flawed WEP protocol.  Does this appear to be an isolated incident? No.  According to the Seattle police, this group of criminals has been suspected of these types wireless attacks for as many as *5 years*.

What is troubling is the number of retailers that continue to opt for a “compensating control” to address their wireless security requirements.  Even PCI’s “approved” methods including quarterly wireless scans and visual inspections are insufficient to protect your business.   Wi-Fi is everywhere, its easy to find an unencrypted (or poorly encrypted) signal.

Until companies understand the risk of properly secured Wi-Fi, they will remain susceptible.    Just ask the guys in Seattle.

 

 

Best practices, Compliance, PCI, Wireless scanning, Wireless security