WIPS Differentiators

Mojo Networks' patented and award-winning Wireless Intrusion Prevention System (Mojo AirTight) is designed for automated WiFi and “No-WiFi” policy enforcement, significantly reducing resources and time-to-resolution compared to other WIDS/WIPS solutions through its behavioral techniques that minimize false positives and encourage automatic quarantine.

Mojo Networks Overlay vs. Integrated Solutions are Better and More Cost Effective

Consider the following:

  • Both the Mojo AirTight and legacy integrated solutions require a dedicated controller or management module
  • For 24x7 monitoring, the integrated solutions must deploy dedicated sensors in addition to the access points required for WLAN capabilities
  • Mojo AirTight is a dedicated enterprise security solution, while the integrated solutions offer security features as a subset to the WLAN product
  • Mojo AirTight monitors and protects both the WLAN and wired enterprise network from wireless threats, while the integrated solutions focus mainly on protecting their WLANs. Their solution to protect the enterprise wired network is not emphasized and can be very costly.
  • Mojo AirTight allows for WLAN flexibility and variety, while the integrated solution locks you into a WLAN solution. Mojo provides the ability for the security team to have a stable and secure solution regardless of which WLAN solution is selected by the networking team.
  • Mojo AirTight provides accurate detection and classification, and automated and active policy enforcement, as compared to the integrated solutions that require human intervention to diagnose events and select a response.

Only WIPS Tested to the “IPS Protection Profile” for Common Criteria

NIAP has created a new Protection Profile (PP) to evaluate IPS systems. This PP is distinctly different and more rigorous than the “WLAN PP.” Furthermore, the legacy and integrated WIDS/WIPS vendors that claim Common Criteria certification do not make this distinction and have only been tested to the “WLAN PP.”

Off-Line Sensor Mode

The Mojo sensors included in our WIPS solution are “always on.” Even if the network connection is lost between the sensor and management appliance, the sensor will continue to enforce the last know policy and store event data indefinitely until the sensor connection is re-established. This is in comparison to all other WIDS/WIPS products whose sensors will “sleep” after approximately 20 minutes of lost connection or when the buffers are full. This is even more disturbing for the integrated AP/WIDS solutions because you can lose all event data and miss the possible cause for the network failure.

Patented Marker Packet Technology

Our unique ability to create proof statements to verify that access points are indeed on your wired network is the key to automated policy enforcement. Various types of Marker Packets are sent across the network and when an access point transfers that packet into the air our sensors can quickly and accurately identify what type of access point it is, which VLAN it is connected to, and where it is physically located. Unlike legacy WIDS who crawl through CAM table entries and compare that to MAC addresses seen in the air, our techniques are not prone to the same false positives or false negatives. These Marker Packets also allow you to detect data leakage from bridging clients on the wired network.

Location Information from a Single Sensor

Our patented “Location Tracking Algorithm” (LTA) provides the ability to obtain basic location information from a single sensor. This includes both access points and wireless client devices. All other WIDS/WIPS vendors require at least three sensors to detect a device before providing any location information. Our LTA also provides the most accurate location tracking in the industry.

Geo-Fencing

Mojo AirTight can be used to define and protect geographic boundaries from wireless devices (SCIFs and other “No-WiFi” environments). Sensors will trigger proximity alerts for WiFi clients and access points that cross the configurable threshold. We can automatically re-classify and quarantine client devices and access points that trigger this alert.

Cellular Device Detection

This feature includes the capability to detect and report 3G, 4G LTE, and CDMA voice and data communications activity. Applications include detection of network and printer eavesdropping devices that use cellular radios to transmit confidential information beyond the security perimeter and enforcing compliance with DoD and other Federal agency “no-wireless” policies.

Live Packet Capture from any Sensor to the Admin Console

With just a few clicks of the mouse, the administrator can launch a full PCAP from any Mojo sensor and stream it live to his or her console. The PCAP can be easily configured to capture just the data from a specific wireless device, a specific channel, or rotate on all channels in a single band or both bands. The PCAP can be viewed, filtered and stored by WireShark, OmniPeak or other packet capture tools.

Prevents Authorized Client Mis-associations

Mojo sensors will prevent your client devices from associating to non-authorized wireless access points. This includes personal Mi-Fi devices, neighboring wireless access points and public Hotspots. This also prevents active attacks such as Wi-Fishing, wireless DOS and Karma attacks, all without loading any agent software required on the client device.

Distributed Administration

The Mojo console provides the ability to designate specific location folders for specific administrators and apply role-based access control to each user. This allows a local administrator to access information only in his or her area of operation (this includes alarms, alerts, and reports), while upper level administrators can access all locations as needed. There is no additional cost for multiple administrative accounts.

Enterprise Class WIPS

Mojo Networks offers a Manager of Managers (MoM) solution for WIPS management. A single virtual or physical appliance is designated as the primary console, allowing it to manage and distribute policies to up to twenty-five separate appliances, all from a single pane of glass. This is available as a VMware bundle or as a Mojo appliance and enables management of up to 15,000 sensors from a single console.

Automated Policy Enforcement

The goal of Mojo AirTight is to enforce WiFi and no-WiFi policies without human action. This can only be achieved when the entire airspace surrounding the protected area is understood. This means WiFi devices are accurately detected and classified as authorized, guest, external or rogue devices. When this is known and vetted against pre-defined policies, Mojo AirTight can be configured to block any unauthorized associations automatically and without harming or disrupting neighboring networks.

Pre-defined DoD Compliance Report

Mojo AirTight provides a number of canned reports including compliance reports for various industries, including the DoD 8100.02. All reports can be scheduled and delivered as needed.

Enforcement of No-WiFi Policies Across Large Enterprise Networks

Our patented Marker Packets allow Mojo AirTight to monitor up to 100 VLAN using a single sensor. This feature allows us to protect both authorized WLANs and the VLANS they are associated to, as well as the wired VLANS that need to remain “no-WiFi.” We actively protect these wired VLANS from rogue access points and bridging clients connected to these networks.

Integration with the Leading WLAN Vendors

Mojo AirTight integrates with the two largest WLAN vendors in the industry. It pulls vital information from the WLAN controllers (authorized APs, 1x authenticated clients, and location tracking information) which allow Mojo to provide better security and more accurate location tracking than the integrated solution alone.

Share this: