Cisco Bakes Intrusion Prevention Into WiFi Access Points
Retailers and financial services organizations will be able to secure, monitor wireless networks in real time to comply with credit card industry standards.
On Wednesday, Cisco announced a free software update for its 11n Wi-Fi access points that will enable them to run in a new mode, dubbed Enhanced Local Mode (ELM). Due to arrive in a March software update, ELM will enable the access points to feed information to Cisco's adaptive wireless intrusion prevention system (IPS).
More Security Insights
- Get Actionable Insight with Security Intelligence for Mainframe Environments
- Cloud Security: It’s Not Just for IT Anymore
White PapersMore >>
"With this new feature, retail businesses will be able to use the same access points they're already using for data, voice, and video to also monitor their radio frequency (RF) spectrum for unauthorized attacks over their wireless network," blogged Ben Stricker, Cisco's public relations manager for wireless networking. "Previously, these same retailers had to use a separate overlay network for data, voice, and video in addition to a network for intrusion prevention."
The move is pitched, in part, at helping organizations secure their wireless networks for compliance with the Payment Card Industry Data Security Standard (PCI DSS).
According to a December 2010, Cisco-commissioned survey of 500 IT professionals involved in PCI compliance, conducted by InsightExpress, more than one-third of retailers transmit cardholder data wirelessly, as do 35% of financial services organizations.
Currently, PCI requires organizations to assess the security of their wireless networks and ensure that no rogue devices are accessing those networks. Accordingly, Cisco is pitching its access point upgrade as a way to monitor security on a constant basis, versus performing quarterly scanning or physical inspection, which are approaches now used by about 50% of organizations that must comply with PCI.
Stricker said that reducing the need for two different access point networks -- one for data, the other for IPS -- "equals significant cost savings for the customer that can reach up to 50% [savings] for smaller network deployments." For example, he said, a 30,000-square-foot facility typically requires between five and 10 access points for handling wireless applications, plus two more access points for continuous IPS monitoring. The ELM upgrade, however, would enable the organization to eliminate the two access points being used solely for IPS purposes.
Get up to speed on IT innovations in cloud computing, virtualization, security, and more at Interop Las Vegas, May 8-12. Register now.