Department Store WiFi Threats Case Study | NETSCOUT

Case Study: Major Department Store Chain Uses AirMagnet Enterprise to Find Wi-Fi Threats “Hiding in Plain Sight”

At a Glance:


Fashion apparel, cosmetics and home furnishing retailer


United States


This major department store chain was fearless with its use of wireless for business critical operations like credit card processing and managing inventory at distribution centers. Leadership was confident that their wireless intrusion detection and protection system (WIDS/WIPS) was protecting data shared across the 34 Wi-Fi channels available for use in the U.S., until they realized they lacked visibility into 180 additional unused channels on the network. This meant that unauthorized devices, whether malicious or not, could be hiding, undetected, on these additional channels, and could pose serious security risks to the organization and its customers.


NETSCOUT's AirMagnet Enterprise

"Despite our robust wireless security, we became aware that our existing system did not allow us to see beyond the 34 channels used here in the U.S. This created a huge security loophole, as employees or customers roaming our stores could use devices on there maining 180 channels and hide in plain sight. This is not an acceptable approach on the wired side, and we realized it was not acceptable for our wireless network either. We deployed AirMagnet Enterprise because simply put, it gives us complete visibility into the WLAN regardless of channel usage. No other infrastructure vendor does that without dramatic costs and design implications. Now it doesn't matter if an unauthorized devices comes onto the network, or if we rollout new 11n technology…we can see it, act and ensure security and performance for our business and customers."

– Senior Vice President, major department store chain in the United States


The department store selected NETSCOUT'S AirMagnet Enterprise for its unique ability to simultaneously monitor all activity and devices on all 214 Wi-Fi channels. This means that even channels that are not actively being used by the organization (outside of the 34 acceptable channels) can be monitored for rogue activity, and the IT team can be in a position to immediately take action to remove or reassign a device that could pose a threat. The company can also proactively troubleshoot performance problems, guarantee point-of-sale wireless transactions, meet PCI compliance guidelines to protect customers and the brand's equity, and reduce mean time to repair through the AirMagnet Enterprise's remote troubleshooting features.


This major U.S. department store chain has been serving the Midwest and Southeast region of the nation since the 1930's. The company has nearly 300 stores in 29 states and 14 distribution centers operating under one of the largest names in fashion retailing.


The department store chain was an early adopter of WIDS/WIPS. But as wireless activities such as credit card transactions became standard in the retail space, the company needed to upgrade its infrastructure and security to meet today's industry standards of high availability, strong security, and peak performance. They deployed a major WIDS/WIPS solution from an infrastructure vendor, but soon realized that it lacked necessary security, performance monitoring, and remote troubleshooting capabilities. Specifically, it did not allow the retail chain to monitor all 214 wireless channels on the network simultaneously. It only provided insight into the 34 commonly used U.S. channels. This left the company with a big security gap, as devices could be hiding on other channels, outside of the IT teams' monitoring view.

"Not having insight into all the channels posed a huge security risk for our organization and was keeping us from meeting compliance guidelines," said a senior vice president of the department store chain. "The solution proposed by the infrastructure vendor was to deploy hundreds of additional APs. But the cost, complexity and lack of flexibility that presented for our organization just wasn't realistic. We quickly realized we needed to invest in a sensor-based overlay WIDS/WIPS solution that could monitor all 214 channels at the same time and give us the complete visibility we needed."

Meeting PCI DSS credit card compliance was one of the largest challenges for the department store chain. To meet these standards, the department store needed full visibility and security against unauthorized devices attempting to connect to the network on any channel. If connected to the WLAN, these devices could access customer data, resulting in fines of up to $100,000 per breached transaction and $1,000 in retribution to each customer to help restore their credit.

"One big security breach caused by a malicious, unauthorized device on the network could mean customers leaving in droves to competitors. We needed a solution that could centralize the process of monitoring the network 24x7, 365 days a year, and find every single device that attempts to connect to our network regardless of the channel or band," said a senior vice president of the department store chain.


The department store chain chose to deploy NETSCOUT'S AirMagnet Enterprise, a dedicated wireless intrusion prevention system. It allows the team to see all device activity, regardless of channel, simultaneously, so problems or threats have no place to hide.

"We had a major problem: we couldn't see all the activity on our wireless network. On the wired side, this would never be an acceptable approach, and we realized it shouldn't be acceptable on the wireless side either. We looked at other solutions in the market but AirMagnet Enterprise was the only overlay solution we could find that gave us the level of visibility needed to see all 200 channels simultaneously," said the senior vice president. "With the transition to 11n, the future of 11ac coming into play, or unauthorized devices being able to run on any channel, we needed to see it, no excuses."


The department store upgraded to the latest version of AirMagnet Enterprise, deploying more than 1,500 802.11n sensors across all of its stores, clearance centers, and warehouses nationwide. Upon deploying the latest version and sensors, the company was immediately able to identify unauthorized devices across 214 Wi-Fi channels simultaneously – including Bluetooth devices – take steps to remove them from the network, and relieve concerns about breaching customer data and facing PCI DSS penalties.

"Department stores are filled with customers that have smartphones and tablets in hand. While most are not malicious, you never know who is trying to connect to the network for connectivity and who is trying to break the law. Unfortunately, we didn't have any insight to what devices were present before because we could only monitor some channels. We couldn't even tell what the problem might be because we just couldn't see it. Deploying AirMagnet Enterprise instantly gave us the insight we need to see these devices and address the bring your own device phenomenon so we can proactively protect the network," said the senior vice president.

By deploying AirMagnet Enterprise, the department store's IT team can also breathe a sigh of relief, knowing that the Automated Health Check feature automatically scans the wireless network for any security or performance problems. This allows the IT team to proactively address problems before they impact critical wireless activities, such as frustrating, sluggish customer transactions or slowed order processing in the warehouse.

"The Automated Health Check feature helps the company stay ahead of vulnerabilities and performance problems. It allows us to fix problems before they impact the business or the customer. Having performance issues proactively monitored means we can focus more of our resources on adopting new technologies to remain competitive," explained the senior vice president.

By using AirMagnet Enterprise's unique intelligent sensor technology, IT can also capture a complete packet or RF forensic record of any network event at any time, from any of their locations. The system also advises topical problem remediation and enables remote tools to troubleshoot issues. All of these features allow the department store chain's IT team to quickly identify when and how a wireless problem happened and escalate to a solution, vastly reducing time-tofix.

"We deployed AirMagnet Enterprise because simply put, it gives us complete visibility into the WLAN regardless of channel usage at a price point significantly lower than the competition. No other infrastructure vendor does that without dramatic costs and design implications. Now it doesn't matter if an unauthorized devices comes onto the network, or if we rollout new 11n technology…we can see it, act and ensure the security and performance for our business and customers," concluded the senior VP.