Aerohive Announces Security Solution To Protect Networks From IoT Attacks

Aerohive Networks recently detailed its Internet of Things (IoT) security solution for Wi-Fi and wired networks. Built on Aerohive’s Software Defined LAN (SD-LAN), Aerohive’s solution helps protect networks from attacks, such as the October 16th Mirai botnet DDoS attack, which recruited over a half-million devices in a coordinated strike that brought down a large swath of popular internet services, including Twitter, Spotify, Airbnb, Netflix and Reddit. Aerohive will be discussing Wi-Fi security on Facebook Live on November 3, 2016.

Aerohive’s SD-LAN addresses recent IoT attack vulnerabilities by putting security protection right at the point where IoT traffic first touches the network. This provides a first line of defense for businesses against IoT malware. Key capabilities of the solution include protecting wireless access networks with next-generation Software Defined Private Pre-Shared Key (PPSK) that restrict network access to specific known and authenticated devices, application visibility and control to evaluate what is really happening on the network, firewall enforcement based on deep packet inspection to strictly enforce traffic policies, and cloud management to enable immediate identification and response to an issue anywhere in the network.

News Facts

• The growth of IoT and proliferation of connected “things” offers exciting new opportunities. By 2020 there will be over 25 billion IoT devices accessing networks, with the vast majority leveraging wireless connectivity. This creates a new set of security risks at unprecedented scale. IoT devices connected to the network originate from thousands of manufacturers, typically with limited sophistication and little-to-no UI, making them harder to trust and secure. Compromised IoT devices, as demonstrated by the Mirai attack, can cripple even giant enterprises if breached. As IoT devices proliferate on business networks, Wi-Fi networks that they access can offer a first line of defense. Often static, with nobody to watch over them, the network must protect the IoT assets, and be protected from them at the same time. Organizations can use an adaptable, flexible and secure SD-LAN for increased access layer network security.
• Aerohive’s Software Defined Security is part of the SD-LAN architecture, offering enhanced access network visibility and control, centralized policy management, and increased protection, while reducing operational complexity:
  • Secure IoT Authentication and Encryption – Each IoT device can now effectively have a unique password, allowing it to be uniquely identified and secured on the network. Aerohive accomplishes this using Software DefinedPrivate Pre-Shared Keythat unlocks the benefits of 802.1X secured networks, without the drawbacks of certificate overhead or specialized client configuration. Software Defined Private Pre-Shared Keys can be used for IoT devices that typically don’t even support 802.1X. Customers can create (and revoke) tens of thousands of unique keys for individual or groups of devices on the same SSID that can be managed and distributed via the cloud, mobile applications, or user self-registration.
  • Granular Visibility and Control – Our deep packet inspection firewall at the access layer enables the upstream and downstream prioritization and isolation of IoT devices and applications as required, ensuring that compromised devices divulge no exposure into the wider network. It can also throttle the bandwidth of IoT applications, detect and block DDoS floods, quarantine threatening activity, and limit IoT device access.
  • Context-Based Policies – Secure context-based access policies define which users, devices, and things can enter the network, then granularly controls what they can do once connected through role-based profiles and time-of-day and location-based access limits, VLAN containment, application rights, and bandwidth management.
  • Centrally Managed Policy Enforcement – Create, deploy, and monitor secure access policies from any location with public and private cloud networking. SD-LAN’s cloud architecture reduces the complexity of managing and operating secure wired and wireless access networks. Cloud networking sets the balance between secure and simplified network access.
• “Like” the Aerohive Facebook page to join the upcoming Facebook live interactive event on Thursday, November 3rd at 9:30 a.m. PST, which will cover how Aerohive’s Software Defined security, part of the SD-LAN architecture, enables organizations to focus on the opportunity of IoT, while the network takes care of the threat.

Resources

• Aerohive’s Private Pre-Shared Key (PPSK)
• Aerohive’s Secure Mobility
• Most-Adaptable Wi-Fi for Connected Enterprises
• SD-LAN Solution
• IoT – Rise Against the Machines infographic
• Take back control of your network with SD-LAN infographic
• Wi-Fi Security: More Control, Less Complexity whitepaper
• Demo: How Aerohive Private Pre-Shared Key (PPSK) works
• RHA Health Services case study
• Prince George’s County Department of Parks and Recreation case study
• The College of Idaho case study
• Great Clips case study

Comments
“Utilizing Aerohive’s Software Defined PPSK technology for secure access by devices that do not have AD accounts has helped us tremendously in keeping our network secure,” said BJ Stahlin, senior WAN administrator, Ingram Entertainment Inc. “In contrast with WPA2/PSK, where a single password is shared by many devices on the same SSID, Aerohive’s PPSK can enable granular authentication with a unique password for each device.”

“IoT, with the proliferation of billions of relatively low-sophistication devices, increases the attack surface of the LAN like never before," said Zeus Kerravala, principal analyst, ZK Research. "This requires strengthened network access controls, including real-time application control and visibility, IoT-supported, secure-authentication methods such as PPSK, granular device policy enforcement at the edge, and centralized reporting and monitoring tools. This should all be accomplished without introducing additional complexity for IT administrators.”

“Organizations need an IoT-security solution before their Wi-Fi-connected water cooler or some other thing calls Moscow,” said David Greene, chief marketing officer, Aerohive Networks. “Most networks today are too brittle to deal with the exponential growth of IoT. Aerohive’s SD-LAN solution brings adaptability and security to the network, building on our Wi-Fi access points, switches, and cloud management that is designed to protect the network from the inside and out.”

About Aerohive Networks
Aerohive enables our customers to simply and confidently connect to the information, applications, and insights they need to thrive. Our simple, scalable, and secure platform delivers mobility without limitations. For our customers worldwide, every access point is a starting point. Aerohive was founded in 2006 and is headquartered in Milpitas, CA. For more information, visit www.aerohive.com.