Aerohive Networks has detailed its IoT security solution for Wi-Fi and wired networks. Built on Aerohive’s Software Defined LAN (SD-LAN), Aerohive’s solution helps protect networks from attacks, such as the October 16th Mirai botnet DDoS attack, which recruited over a half-million devices in a coordinated strike that brought down a large swath of popular internet services, including Twitter, Spotify, Airbnb, Netflix and Reddit. Aerohive will be discussing Wi-Fi security on Facebook Live on November 3, 2016.
Aerohive’s SD-LAN addresses recent IoT attack vulnerabilities by putting security aprotection right at the point where IoT traffic first touches the network. This provides a first line of defense for businesses against IoT malware. Key capabilities of the solution include protecting wireless access networks with next-generation Software Defined Private Pre-Shared Key (PPSK) that restrict network access to specific known and authenticated devices, application visibility and control to evaluate what is really happening on the network, firewall enforcement based on deep packet inspection to strictly enforce traffic policies, and cloud management to enable immediate identification and response to an issue anywhere in the network.
The growth of IoT and proliferation of connected “things” offers exciting new opportunities. By 2020 there will be over 25 billion IoT devices accessing networks, with the vast majority leveraging wireless connectivity. This creates a new set of security risks at unprecedented scale. IoT devices connected to the network originate from thousands of manufacturers, typically with limited sophistication and little-to-no UI, making them harder to trust and secure. Compromised IoT devices, as demonstrated by the Mirai attack, can cripple even giant enterprises if breached. As IoT devices proliferate on business networks, Wi-Fi networks that they access can offer a first line of defense. Often static, with nobody to watch over them, the network must protect the IoT assets, and be protected from them at the same time. Organizations can use an adaptable, flexible and secure SD-LAN for increased access layer network security.
Aerohive’s Software Defined Security is part of the SD-LAN architecture, offering enhanced access network visibility and control, centralized policy management, and increased protection, while reducing operational complexity:
- Secure IoT Authentication and Encryption – Each IoT device can now effectively have a unique password, allowing it to be uniquely identified and secured on the network. Aerohive accomplishes this using Software Defined Private Pre-Shared Key that unlocks the benefits of 802.1X secured networks, without the drawbacks of certificate overhead or specialized client configuration. Software Defined Private Pre-Shared Keys can be used for IoT devices that typically don’t even support 802.1X. Customers can create (and revoke) tens of thousands of unique keys for individual or groups of devices on the same SSID that can be managed and distributed via the cloud, mobile applications, or user self-registration.
- Granular Visibility and Control – Our deep packet inspection firewall at the access layer enables the upstream and downstream prioritization and isolation of IoT devices and applications as required, ensuring that compromised devices divulge no exposure into the wider network. It can also throttle the bandwidth of IoT applications, detect and block DDoS floods, quarantine threatening activity, and limit IoT device access.
- Context-Based Policies – Secure context-based access policies define which users, devices, and things can enter the network, then granularly controls what they can do once connected through role-based profiles and time-of-day and location-based access limits, VLAN containment, application rights, and bandwidth management.
- Centrally Managed Policy Enforcement – Create, deploy, and monitor secure access policies from any location with public and private cloud networking. SD-LAN’s cloud architecture reduces the complexity of managing and operating secure wired and wireless access networks. Cloud networking sets the balance between secure and simplified network access.
“IoT, with the proliferation of billions of relatively low-sophistication devices, increases the attack surface of the LAN like never before,” said Zeus Kerravala, principal analyst, ZK Research. “This requires strengthened network access controls, including real-time application control and visibility, IoT-supported, secure-authentication methods such as PPSK, granular device policy enforcement at the edge, and centralized reporting and monitoring tools. This should all be accomplished without introducing additional complexity for IT administrators.”
“Organizations need an IoT-security solution before their Wi-Fi-connected water cooler or some other thing calls Moscow,” said David Greene, chief marketing officer, Aerohive Networks. “Most networks are too brittle to deal with the exponential growth of IoT. Aerohive’s SD-LAN solution brings adaptability and security to the network, building on our Wi-Fi access points, switches, and cloud management that is designed to protect the network from the inside and out.”
For more information please visit ir.aerohive.com.