AirMagnet Enterprise | NETSCOUT

AirMagnet Enterprise

The most comprehensive 24x7 Performance Monitoring & Wireless Intrusion Detection System (WIDS) / Prevention System (WIPS) that enables organizations to meet security, performance and compliance demands of today’s mobile workforce.
  • Complete Insight into Wi-Fi network Performance & Security status to proactively achieve the best quality of end-user experience
  • SmartEdge Wi-Fi (802.11n and 802.11ac) & Wi-Fi/Cellular Spectrum sensors
  • Automated Health Check for the WLAN AP Infrastructure pinpoints and diagnoses problems impacting Wi-Fi connectivity, performance, and WLAN network security
  • Centralized WIPS solution with comprehensive threat detection, threat location & remediation vs unauthorized rogue devices or any internal/external policy violator
  • Dynamic Threat Update technology for immediate wireless intrusion prevention of new threats
  • Forensic analysis and event triangulation for rapid response
  • Auditor-ready regulatory compliance reporting
Demo
Datasheet
How to Buy
Contact Us
 

Overview

Vendor Agnostic Enterprise-wide Performance & Security Monitoring

AirMagnet Enterprise is vendor agnostic and provides an independent view into the Security & Performance status of the wireless AP infrastructure (controller and cloud-based).

Find Outages and Emerging Performance & Connectivity Problems Before Users are Affected

AirMagnet Enterprise Automated Health Check (AHC) technology actively tests and verifies complete wireless LAN connectivity from the wireless link all the way through to application servers or the Internet, automatically detecting critical outages or network degradation while pinpointing the exact source of trouble. Sensors running AHC tests provide a true client perspective to:

  • Fully authenticate to the network and proactively probe for problem related to WLAN security issues or other network resources
  • Provides network staff with immediate and specific information on the root cause, so they can respond often before users and business critical applications are impacted
  • Perform Captive Portal to verify guess wireless network
Industry Leading Wireless Intrusion Prevention System (WIPS) and Wireless Intrusion Detection System (WIDS)

AirMagnet Enterprise protects against every wireless network (WLAN) security threat by combining the industry’s most thorough wireless intrusion prevention system (WIPS) and wireless network security monitoring with leading research, analysis and security threat remediation. This includes a fool-proof rogue device and policy-violator management, including detection, location and comprehensive remediation.

AirMagnet’s Rapid Detection capabilities and its effective response is the new prevention. In many situations the organization can no longer prevent networks from being attacked, but you can prevent infections or attacks from growing and evolving to become damaging breaches.

The AirMagnet Intrusion Research Team constantly investigates the latest hacking techniques, trends and potential wireless network security vulnerabilities to keep organizations ahead of evolving wireless network security threats.

Dynamic Threat Update technology speeds the creation, automation and immediate deployment of new security threat signatures.

As soon as any new wireless network security threat definition is ready, it can be deployed with no impact to system operation, providing a unique framework for maintaining the most up-to-date wireless network security posture for the organizations.

Provides significant security protection over existing AP infrastructure

Security is not the APs primary focus, thus APs typically miss many security threats. AirMagnet Enterprise dedicated Wireless Intrusion Detection System and Wireless Intrusion Prevention System (WIDS/WIPS) solution provides peace of mind and assurance that your critical wireless network is protected full time, not part of the time like with APs.

  • Part time scanning by built-in security solutions miss attacks
  • AP is likely too slow and resource constrained to do the job right
  • AP's Integrated WIPS cover far fewer threats (usually <20% of threats) and require slow firmware upgrade to respond to new threats
  • AP hardware can be limited by regulatory and configuration issues
  • If the AP is attacked, who monitors then?
 

Features

Massive Scalability & System Resiliency

AirMagnet Enterprise offers the only WIPS and WIDS solution in the industry to meet the established standards of a mission critical security application. It is the only WIPS and WIDS solution to build fault-tolerance into each component, with fail-over boot images in every sensor and automatic server fail-over licenses that come standard with the system. Additionally, AirMagnet Enterprise SmartEdge sensors can operate as fully independent WIDS/WIPS nodes detecting and remediating threats without losing information, even if the network connection to the server is lost for days.

With intelligent sensors that locally analyze Wi-Fi and RF conditions, up to 1,000 sensors can be supported through single centralized server in the data center, requiring minimal network bandwidth.

Processing at the sensor level means that each sensor continues to enforce the security policy even if connection to the server is lost. Hot standby server software (included) enables fully redundant data center operations for maximum wireless security protection.

24x7 Wireless Intrusion Detection and Prevention

AirMagnet Enterprise scans all possible 802.11 wireless network channels (including the 200 extended channels for certain sensor models), ensuring there are no blind spots where rogue devices may be hiding. AirMagnet Enterprise goes beyond Wi-Fi analysis with optional spectrum analysis that detects and classifies RF jamming attacks, Bluetooth devices and many other non-802.11 transmitter types, such as unapproved wireless cameras.

rogue devices

The AirWISE engine constantly analyzes all wireless devices and traffic using a combination of frame inspection, stateful pattern analysis, statistical modeling, RF analysis and anomaly detection, enabling detection of hundreds of specific threats, attacks and vulnerabilities such as rogue devices, spoofed devices, DoS attacks, man-in-the-middle attacks, evil twins, as well as the most recent hacking tools and techniques such as MDK3, Karmetasploit and 802.11n DoS attacks.

wifi hacking attempt

wireless intrusion detection and prevention

Performance Monitoring and Remote Troubleshooting

In addition to rich WIPS and WIDS features, AirMagnet Enterprise constantly monitors the health of the wireless LAN and RF environment to proactively detect evolving problems that can lead to an interruption to the network. The system detects these issues, gives engineers topical remediation advise and includes active remote tools to troubleshoot the issue. This allows staff to avoid network downtime and vastly reduce the time-to-fix for any outage, leading to more uptime, improved user satisfaction and a higher performing network. The remote troubleshooting capability saves truck rolls and it is like having a spectrum and Wi-Fi network analyzer everywhere.

packet errors

wifi channel analysis

Automated Health Check (AHC)

Automated Health Check provides the fastest and most accurate way to proactively detect and pinpoint the presence and cause of problems that could impact the productivity of WLAN users, before those users report it. Software or hardware sensors actively probe the wireless network from the wireless user’s perspective, to verify connectivity across the wireless link to critical network resources. AHC reduces the costs associated with user productivity loss and troubleshooting process caused by complex wireless problems. Supports Captive Portal verification to ensure performance and security of Guest network.

automated health check

Dynamic Threat Protection Technology

Dynamic Threat Update technology speeds the creation, automation and immediate deployment of new threat signatures through the AirMagnet AirWISE® engine. As soon as any new threat definition is ready, it can be deployed with no impact to system operation, providing a unique framework for maintaining the most up-to-date wireless network security posture for the enterprise. DTU signatures are separate from the firmware image to allow quick response to new threats. DTU signature updates are seamless with no downtime to ensure you are protected against latest security threats.

dynamic threat protection

Threat Tracing, Blocking & Mapping

All devices are traced using a suite of wired and wireless tracing methods to quickly and reliably determine if a device is connected to the wired network. The system uses a newly enhanced set of sophisticated techniques, including use of SNMP, automated switch discovery, and hardware and traffic analysis, to ensure accurate, fast tracing in any network topology.

Threats can be manually or automatically remediated with a combination of both wired and wireless security threat suppression. Wireless blocking targets a threat at the source and specifically blocks the targeted wireless device from making any wireless connections. Wired blocking automatically closes the wired switch port where a threat has been traced.

All security threats and devices can be located on a map or floorplan and set to trigger rogue alarms based on the device’s location.

rogue devices

Event Forensics

AirMagnet Enterprise can capture a complete packet or RF forensic record of any network event, allowing appropriate staff to investigate the issue in depth, at any time. By leveraging its unique intelligent sensors, AirMagnet Enterprise provides the only WIPS and WIDS solution in the industry to automatically capture forensic information from before, during and after the event.

event forensics

Integrated Spectrum Intelligence

Interference is one of the leading cause for poor connectivity and performance problems in the network. This interference can be from other Wi-Fi devices due to poor channel planning (adjacent or co-channel interference) or could be from non-Wi-Fi interference sources. AirMagnet lists the overall interference status for each Wi-Fi channel, calculated based on the Wi-Fi interference score for the devices contributing to the interference; a list of hidden nodes and non-Wi-Fi devices operating in the channel. AirMagnet Enterprise also automatically classifies the interference sources such as Bluetooth, wireless video cameras, zigbee, microwave ovens, RF jammers, etc. This enables users to not only easily plan future Wi-Fi deployments, but also get the root cause of lowered network performance.

wifi spectrum intelligence

24x7 Cellular Spectrum Security

The AirMagnet Cellular Spectrum sensor supports multiple technologies like GSM, CDMA, UMTS and LTE and scans frequencies between 698 MHz and 2690 MHz and detects cellular data/voice events and duty cycle to highlight the utilization in the cellular bands. It also offers the industry’s only real-time detection and identification of interference sources that lower the performance of these licensed networks. Powered by a default classification database that can automatically detect and classify interference sources such as RF jammers and CW transmitters, users are provided detailed information about the interference source, the frequencies it impacts, peak/average power levels and the status of the source. Users can also triangulate and locate non-compliant cellular events on a floor plan for quick remediation.

wifi spectrum security
Automated Business and Regulatory Compliance Reporting

AirMagnet Enterprise provides automated auditor-ready compliance reporting for major network regulations including PCI, HIPAA, Sarbanes-Oxley, GLBA, ISO and more. Reports provide instant visibility into issues that may need to be addressed for compliance and exactly what needs to be fixed. Reports can be scheduled to run and delivered automatically, ensuring a complete library of regulatory reports in the case of an audit.

automated health check

Software Sensor Agent (SSA)

The software-based sensor which runs on Windows PCs delivers basic wireless network security monitoring at a very low cost structure and enables true client based performance measurement. This new flexibility to combine SSA-based sensors with hardware sensors allows users to build the wireless network security monitoring solution which is best optimized for their requirements and budget.

 

Models & Accessories

 
Models
Model Number/Name Description
AM/A5301G
AirMagnet Enterprise Server LIC For SSA (10 QTY)
AM/A5505G-ENT
AirMagnet Enterprise Server Plus Add-On License, No Sensors Included, SW
SENSOR6-R1S0W1-E
802.11AC SmartEdge Sensor, 1 x 11AC Wi-Fi Radio and Cellular, External Ant. [802.11ac sensor]
SENSOR6-R2S1-E
802.11AC SmartEdge Sensor, 2 X 11AC Wi-Fi Radio With Spectrum, External Ant. [802.11ac sensor]
SENSOR6-R2S1-I
802.11AC SmartEdge Sensor, 2 X 11AC Wi-Fi Radio With Spectrum, Internal Ant. [802.11ac sensor]
AM/A5311G
AirMagnet Enterprise Server License for Software Sensor Agent (100 QTY)
SENSOR4-R2S1-I
802.11N AirMagnet Spectrum, 4th Gen, 2 X 11n Radio, Internal Ant. [802.11n sensor]
SENSOR4-R2S1-E
802.11N AirMagnet Spectrum, 4th Gen, 2 X 11n Radio, External Ant. [802.11n sensor]
SENSOR4-R1S1W1-E
802.11N AirMagnet Sensor, cellular spectrum, 4th Gen, 1 X 11n Radio, External Ant [802.11n sensor]
 
Accessories
Model Number/Name Description
AM/A5032
Power Injector for AirMagnet Sensors
CABLEKIT-SENSOR4
Console Cable Kit for Sensor 4 Series
 

Documents

Data Sheets

Title/Description Download  
AirMagnet Enterprise Datasheet
Download

Manuals

Title/Description Download  
AirMagnet Enterprise User Guide
Download
24.41 MB
AirMagnet Enterprise v11 Release Notes
Download
311.08 KB
AirMagnet Sensor6 User Guide
Download
1.01 MB

White Papers

Title/Description Download  
Bringing BYODs into the fold
Employees want to bring their own Wi-Fi enabled smart devices into the workplace, and businesses have much to gain by embracing the BYOD trend.
Download
2.13 MB
BYOD: Meeting the Network Challenge
This white paper explores the in-depth security challenges, regulatory changes, network stresses, device management, signal interference, new work cultures, and more, and explains why it is essential that IT professionals lead digital transformation from the front.
Download
2.01 MB
Implementing 802.11ac – Revolution Or Evolution?
As you develop your wireless network to handle increasing user demands, have you considered the new 802.11ac standard? It’s due to be ratified early 2014, and products supporting it are already available.
Download
738 KB
VOIP And The Move Towards Unified Communications
This White Paper looks at the move to VoIP and unified communications and how to address the resulting performance issues in wired and wireless networks for an increasingly mobile workforce, as well as the potential benefits of the 802.11ac standard.
Download
992.48 KB
Next-generation Wi-Fi: enterprise prince or bandwidth frog?
In this research paper we look at the current state of wireless networking in the enterprise from satisfaction and investment levels to common pain points when it comes to keeping the Wi-Fi lights on.
Download
328.13 KB
 

Case Studies

Memorial Hermann AirMagnet Enterprise Case Study

Leading Healthcare Provider, Memorial Hermann Health System, Remotely Diagnoses and Troubleshoots Wireless Network Problems With AirMagnet Enterprise

Challenge:
 
Memorial Hermann Health System is the largest not-for-profit health system in Texas, with 12 hospitals — including one of the nation’s busiest Level 1 trauma centers — and 200 doctors’ offices, clinics, and professional buildings spread across the greater Houston metroplex. Both patient care and record keeping are highly dependent on having reliable and secure wireless network access. With facilities that can be 50-75 miles apart and a team of just 3 engineers, Memorial Hermann Health System needed a solution for remotely diagnosing and troubleshooting wireless network problems that would reduce the need for travel and shorten the time from problem identification to resolution.

Results:
NETSCOUT’ AirMagnet Enterprise allowed Memorial Hermann Health System network engineers to reduce their travel time between facilities by 70 percent, and overall troubleshooting time is down by 50 percent. Memorial Hermann Health System now has deeper insight into the devices that are on its wireless network, with proactive alerts for suspect or rogue devices.

Read full story ...

Department Store Case Study

Major Department Store Chain Uses AirMagnet Enterprise to Find Wi-Fi Threats “Hiding in Plain Sight”

Challenge:
This major department store chain was fearless with its use of wireless for business critical operations like credit card processing and managing inventory at distribution centers. Leadership was confident that their wireless intrusion detection and protection system (WIDS/WIPS) was protecting data shared across the 34 Wi-Fi channels available for use in the U.S., until they realized they lacked visibility into 180 additional unused channels on the network. This meant that unauthorized devices, whether malicious or not, could be hiding, undetected, on these additional channels, and could pose serious security risks to the organization and its customers.

Results:
The department store selected NETSCOUT'S AirMagnet Enterprise for its unique ability to simultaneously monitor all activity and devices on all 214 Wi-Fi channels. This means that even channels that are not actively being used by the organization (outside of the 34 acceptable channels) can be monitored for rogue activity, and the IT team can be in a position to immediately take action to remove or reassign a device that could pose a threat. The company can also proactively troubleshoot performance problems, guarantee point-of-sale wireless transactions, meet PCI compliance guidelines to protect customers and the brand's equity, and reduce mean time to repair through the AirMagnet Enterprise's remote troubleshooting features.

Read full story ...

Nipissing University Case Study

Case Study: Nipissing University Ensures Wireless and Smart Device Connectivity and Security for Students and Faculty with NETSCOUT’ AirMagnet Enterprise

Click to View

Challenge:
Nipissing University's wireless network spans three campus locations and supports more than 4,500 students and more than 300 faculty and staff. It gives end-users Wi-Fi access to critical applications such as email, Internet and online curriculum materials in the classrooms and residence halls. As wireless expectations have grown and the network has been flooded with new smart devices and other wireless technology, the university's IT department has struggled to keep pace. The team constantly faces challenges around unpredictable access point traffic, rogue devices, interference, competing channel usage, the threat of malicious attacks, and even PCI compliance.

Results:
Nipissing University selected NETSCOUT'S AirMagnet Enterprise to help manage and optimize wireless network performance and proactively protect against possible security vulnerabilities. The system allows the IT department to monitor performance in real-time to identify possible bottlenecks, ensure smart device connectivity, easily troubleshoot interference issues (including channel usage from other Wi-Fi networks), meet PCI compliance guidelines, quickly track rogue devices, and protect the network against possible attacks or misuse in the future.

Read full story ...

 

System Requirements

AirMagnet Enterprise HARDWARE / VM SPECIFICATIONS

IMPORTANT NOTES

  • Deployments over 100 sensors require that the Enterprise server software and database are installed on separate physical machines
  • Drive partition for AirMagnet Enterprise server must have at least 50 GB free disk space
AirMagnet Enterprise STANDALONE HARDWARE SPECIFICATIONS

Recommended Hardware (Small - Support 1 to 100 Sensors)

AirMagnet Enterprise Primary / Failover Server AirMagnet Enterprise Database Server *
(1) 2.4 GHz, 4 core, 8 threads, 10M Cache (1) 2.4 GHz, 4 core, 8 threads, 10M Cache
16GB Memory RDIMM 16GB Memory RDIMM
(2) 200GB 10K Near Line SAS (Raid 1) (2) 200GB 10K Near Line SAS (Raid 1)
Microsoft® Windows Server 2012 R2 64bit Microsoft SQL Server 2012/2014 or PostgreSQL version 9.1.x **
1Gbps or faster Ethernet connection 1Gbps or faster Ethernet connection

Notes:

* Presumes DB Server is dedicated to AirMagnet Enterprise Services only

** AirMagnet Enterprise DB Instance can reside in existing MS-SQL or PostgreSQL farm

Recommended Hardware (Medium - Support 101 to 500 Sensors)

AirMagnet Enterprise Primary / Failover Server AirMagnet Enterprise Database Server *
(1) 2.4 GHz, 8 core, 16 threads, 20M Cache (1) 2.4 GHz, 8 core, 16 threads, 20M Cache
32GB Memory RDIMM 16GB Memory RDIMM
(2) 300GB 15K RPM SAS (Raid 1) (2) 300GB 15K RPM SAS (Raid 1)
Microsoft Windows Server 2012 R2 64bit Microsoft SQL Server 2012/2014 or PostgreSQL version 9.1.x **
1Gbps or faster Ethernet connection 1Gbps or faster Ethernet connection

Notes:

* Presumes DB Server is dedicated to AirMagnet Enterprise Services only

** AirMagnet Enterprise DB Instance can reside in existing MS-SQL or PostgreSQL farm

Recommended Hardware (Large - Support 501 to 1000 Sensors)

AirMagnet Enterprise Primary / Failover Server AirMagnet Enterprise Database Server *
(2) 2.4 GHz, 8 core, 16 threads, 20M Cache (2) 2.4 GHz, 8 core, 16 threads, 20M Cache
64GB Memory, RDIMM 32GB Memory, RDIMM
(2) 500GB 15K RPM SAS (Raid 1) (2) 500GB 15K RPM SAS (Raid 1)
Microsoft Windows Server 2012 R2 64bit Microsoft SQL Server 2012/2014 or PostgreSQL version 9.1.x **
1Gbps or faster Ethernet connection 1Gbps or faster Ethernet connection

Notes:

* Presumes DB Server is dedicated to AirMagnet Enterprise Services only

** AirMagnet Enterprise DB Instance can reside in existing MS-SQL or PostgreSQL farm

AirMagnet Enterprise VIRTUAL MACHINE SPECIFICATIONS

Recommended Configuration

RECOMMENDED AIRMAGNET ENTERPRISE VIRTUAL MACHINE SPECIFICATIONS
Deployment vCPUs Clock Speed (GHz) Memory Allocated Disk Space Sensor Limit* Database Size
Small 8 2.4 16 GB 200 GB 1 - 100 40
Medium 16 2.4 32 GB 300 GB 101 - 500 50

Notes:

* Dependent on WiFi and RF environment, number of WiFi devices monitored and policy complexity

Recommendation:

Operating System: Microsoft® Windows Server 2012 R2 64bit

Recommended Database software: Microsoft® SQL 2012/2014 or PostgreSQL 9.1.x

AirMagnet Enterprise Console

Recommended Configuration

Intel Core i5 or greater
Microsoft Windows 7 Enterprise/Professional (Service Pack 1) 64-bit
Microsoft Windows Pro/Enterprise 8.1 64-bit
8 GB RAM or greate
Ethernet connection
AirMagnet Software Sensor Agent

Recommended Configuration

Microsoft Windows 7 Enterprise/Professional (Service Pack 1) 64-bit
Enabled 802.11 a/b/g/n/ac wireless adapter
8 GB RAM or greate
Since SSA client is run as Window services, the user needs to have administrative rights
on the machine in order for the SSA client to be installed successfully
 

Product Reviews and Awards

Awards

Network Products Guide awarded NETSCOUT’ AirMagnet Enterprise v10 with SmartEdge Sensor Series 4 a Bronze winner of the 8th Annual 2013 Hot Companies and Best Products Awards in the Mobile and Wireless Solutions category. These awards are decided based on industry and peer recognition and voting by a broad group of information technology professionals.

*NETSCOUT had acquired the product shown on this page.