Aruba AirWave Rapids Features
AirWave RAPIDS automatically detects and locates unauthorized access points (APs) through a patented combination of wireless and wired network scans.
AirWave™ RAPIDS™ uses existing, authorized APs to scan the RF environment for any unauthorized devices in range. It also monitors your wired network to determine if the wirelessly detected rogues are physically connected to the local network, and scans for additional unauthorized devices in areas without wireless coverage. In addition, RAPIDS captures and manages IDS events detected by wireless LAN controllers. RAPIDS then correlates all of this data and uses a set of customizable rules to highlight those devices that are truly a threat to the organization, greatly reducing false-positives and allowing you to work more efficiently.
Enabled in RAPIDS works in conjunction with the Aruba controller WIP module to offer customers a comprehensive Wireless Intrusion Protection Solution (WIPS), with either a “hybrid” architecture where Aruba APs serve as both APs and sensors or an overlay architecture. The solution improves network security, manages compliance requirements, and reduces the cost of manual security efforts.
What’s Unique About RAPIDS?
- Patented combination of wireless and wired network scans
- Ability to leverage existing infrastructure for detection reduces capital and operating expenses
- Visibility into network management system prevents authorized APs from being classified as rogues
- Tracking and correlation of IDS events provides a full picture of network security
- Rules-based threat classification reduces false-positives and lets your security team focus on the most significant threats first
- Pre-defined, customizable reports address common security and compliance information needs, such as rogue device tracking and PCI compliance
- Automated and manual containment reduces security risks
Aruba AirWave Rapids Specifications
WIRED NETWORK SCANS AND AP IDENTIFICATION
• Uses SNMP, HTTP and other methods to identify rogue devices on your wired network by comparing scanned information to a database of known “fingerprints” to determine rogue devices
• Examines the MAC address of each device discovered by polling routers and switches and compares it to RAPIDS’ database of 12,000+ known MAC address ranges to identify likely rogue devices
• Uses RAPIDS’ database of 1,700+ OS types to identify the device operating system to help you eliminate false-positive results
WIRELESS NETWORK SCANS
• Instructs authorized access points to scan the air for other wireless APs
• Automatically builds a list of authorized APs to prevent them from being classified as rogues
• Allows you to distinguish between “true rogues” and “neighbor APs” that are in RF range but do not pose a threat to your network
SCAN THE AIRSPACE OUTSIDE THE COVERAGE OF YOUR WIRELESS
NETWORK
• Turns your existing wireless-enabled Windows devices into additional RF sensors with the optional AirWave Management Client™ (AMC) software
INTRUSION DETECTION SYSTEM (IDS) EVENTS
• Aggregates, correlates, alerts and logs wireless attacks that have been reported by your
infrastructure, providing a full picture of your network security
COMPREHENSIVE RESULT CORRELATION
• Correlates information from wired and wireless scans, including SSID, RF channel, security method, radio MAC address or BSSID, network type, LAN MAC address, IP address and operating system
• Compares wired and wireless scans to eliminate duplicates and refine threat assessment
RULES-BASED THREAT CLASSIFICATION
• Classifies potential threats based on rules you customize to define what a rogue device is
• Reduces false-positives and lets your security team focus on the most significant threats
first
AUTOMATED ALERTS AND REPORTS
• Assigns proper alert priority to each discovered AP depending on its classification
• Generates automated email alerts, syslog alerts, or SNMP traps containing all known
information about rogue devices, including:
- Radio MAC address
- Channel
- LAN MAC address
- Security settings
- Discovery method
- Switch port
- SSID
- IP address
• Graphical dashboard displays real-time information on all suspected rogues
• Pre-defined, customizable reports address common security and compliance information needs, such as rogue device tracking and PCI compliance
VISUALIZATION
• Integrates with AirWave VisualRF™ to display the likely location of each rogue device on a building floor plan
AUTOMATIC AND MANUAL CONTAINMENT
• Performs manual or automated rogue AP containment with Aruba and Cisco controllers
• Uses your customized rules-based classification scheme to determine when to automatically contain devices
• Can disable wired switch ports with rogue APs attached
