It's hard not to recommend some form of IDS/IPS in any enterprise-class WLAN installation. But there's usually some pushback when it comes to the price of this capability; after all, we're installing sensors and servers and software and the cost can add up quickly. Some organizations thus (foolishly, I believe) forgo having a suitable IDS/IPS installed. I'm personally so concerned about WLAN security that I have a small-business-class IDS/IPS system installed in my office, protecting all of six APs.
On the other hand - and hearing about this was a smack-myself-in-the-forehead moment - why not provision IDS/IPS as a service, effectively leasing the infrastructure and offering the rest as a managed service? This is positively brilliant, and AirTight Networks has now done precisely this with their new SpectraGuard Online service, launched today. SpectraGuard Online includes three key capabilities - a vulnerability assessment, which is the detection of rogues and unauthorized traffic, a regulatory compliance module, which simplifies reporting for such elements as SOX and PCI, and an optional vulnerability remediation module, which implements the countermeasures that can be taken to deal with assorted wireless threats. In short, it's everything that AirTight offered before, plus a bit, but at a cost of about $2-$4 a day per building floor covered. This is clearly affordable even if you have a huge number of floors, and removes the last roadblock to everyone having a complete 24x7x365.25 wireless security capability.
I've seen a number of security-as-a-service offerings for small wireless LANs, but this is the first time I've seen such a service for large organizations. And I'm willing to bet this business model could become very popular indeed. As WLAN technology continues to change rapidly, and as one is never, ever "done" when it comes to security, AirTight has broken some important new ground here. The question, of course, is how this model might extend to other elements of network infrastructure. And it just might.
Mathias is a principal at Farpoint Group, a wireless advisory firm in Ashland, Mass.