WiFi-as-a-Risk : Your WiFi-connected corporate devices have always been a concern, even when behind the corporate security systems. You have over 50% of your staff working from home and others are travelling more and using open public and guest WiFi systems to connect to the corporate network. Management and control of these devices has been difficult, to say the least
The Dome technology from AirEye offers a single point of management via a cloud-based console which monitors and analyses the airspace around your corporate devices in the office, home or in public.
The console assesses risks from poorly configured or rogue access points, wifi-connected printers and cameras and even smart fridges and doorbells.
Continuous Monitoring : Your warehouse WiFi network has 50 access points to ensure good connectivity and you regularly enable monitoring on the access points to check the airspace but are forced to run the monitoring technology out-of-hours as the procedure impedes the network performance and often crucial transactions have had to be re-run.
Your courier business is blossoming and you want to offer international deliveries, which means the warehouse facility now needs to expand and operate 24/7.
Monitoring and health-checks are becoming more difficult and scheduling them is a nightmare and is often delayed exposing your systems to threats.
Each Dome device is in itself a small linux based mini-computer and is able to store details of the traffic flow around your network before it updates the management server independently of the access points.
The Dome technology runs out-of-band, not on the access points and is completely separate.
This means that the Domes only use resources on the WiFi network when an update is sent to, or received from the management console in the cloud.
These features mean that the monitoring and analysis of the network traffic is continuous and does not interrupt network performance or uptime.
PCI-DSS 4.0 is coming …
… meaning some changes are being made to how merchants have to deal with wireless around their points-of-sale to remain compliant.
Over and above the existing requirements for compliance set out below, the standard now pushes for continuous monitoring of the airspace around any PoS or PDQ deployment including back-office processing whether you use wireless technologies or not.
Once deployed, the Dome technology continuously monitors the airspace around the points of sales and back office storage.
The devices not only control the airspace but also protect it from offensive wireless devices such as rogue access points and evil twins.
When the workforce is scattered and the working environments become small pockets of unknown and unmonitored WiFi networks, IT services, be it in-house or external (MSSP), need to be able to protect the corporate devices from cyber threats aiming to steal credentials and sensitive data.
The corporate WiFi network is now a prime target for data thieves and cyber threats and while VPNs are imperative and having the latest patches applied to the company’s devices is a must, the home network is exposed as the business has no control over who uses it and connects through it.
The Dome for Home which is deployed by the remote worker, allows the IT department to monitor, analyse, risk assess and protect your home WiFi for bad configurations, out-of-date software and IoT devices that are an open door to would-be attackers. These attackers can be blocked from accessing the home wifi network.
The technology works in the same way as the Dome deployed in office environments and monitors the control and management traffic in your home office airspace.
In real terms, the home office of the remote worker becomes part of the corporate WiFi network and is managed in the same way.
Is the world looking at a perfect storm of open-door vulnerabilities with all this remote working?
Think about the complexities:
The Dome for Home adds enterprise-class WIPS to the layered security methodology used in defending offices all over the globe but applies it to the home WiFI network and offers up control, monitoring and risk assessment.
The unknown, insecure home WiFi network is now part of the general attack surface and can be protected as such
From a cyber-security perspective, why is it less safe working from home than working in the corporate office?
Consider two buildings.
One is a high security storage facility with a single way in and out, so all the defences can be focussed on that door.
The second is a large country hotel with front doors, poolside doors, tradesman entrances, a staff entrance and windows galore – that is the most representative of the home WiFi network.
So when the workforce moves to disparate home WiFi networks, the attack surface grows and hackers have more choice of entry points.
The Dome for Home in this example is the security system that closes the doors, locks the windows and turns on the movement sensors for the security lights and audible alarms.
If you take time to look at the amount of ‘smart’ devices you have in the home, you will be shocked.
Your printer is WiFi connected , your door bell is too with a nice camera that you can access while on the beach , your fridge orders more milk via your voice-controlled personal assistant – all of these are potentially open doors to your network and need monitoring and protecting.
Protecting Sensitive Data
You are a barrister and are key to a high-profile case. You are working from home as per lockdown, you are connected to the corporate network via VPN as instructed and you are running the latest anti-virus and anti-malware software on your laptop… But still you get breached !
You did everything correctly but what you did not know was that earlier this morning sitting in a car outside your home, a hacker who had intentionally tracked you, set up a malicious hotspot and spoofed your home network and you are connected through his machine to the office.
The VPN has been compromised, the antivirus offers no protection at all from having your data intercepted by a rogue access point and your strategy, witness details and data core to the case has gone, stolen and erased.
The Dome-for-Home technology from AirEye in this case would have: