AirTight Networks vs. Cisco: Promises are not always kept

AirTight Networks vs. Cisco
Author's Note: For the sole purpose of initiating technical debate, the following content in its entirety contains the viewpoint of AirTight Networks regarding a recent Cisco technology announcement, and in no way reflects the opinion or offers an endorsement by the Author or Network World.

Pravin Bhagwat
Thoughts on the Cisco Mobile Vision announcement from Pravin Bhagwat - CTO of AirTight Networks: AirTight welcomes Cisco to the WIPS party! All these years, Cisco has been in a state of denial and thus has missed prime time for the innovations and experience required to build an effective WIPS.

Though four years late, it is a very good development - especially for WIPS vendors such as AirTight. The Cisco announcement can only lead to more clarity in WIPS market landscape and help customers make objective and informed decisions about their wireless security infrastructure investments. For more than four years Cisco has been trying hard to convince their customers that the wireless intrusion detection (WIDS) capability already integrated in its APs, WLC & WCS was good enough protection and that the dedicated sensors and separate appliances sold by WIPS vendors were totally unnecessary.


Change of heart on Cisco’s part is vindication of WIPS vendors’ position all along? Its recent announcement of a Mobile Service Engine (MSE) platform, - an extended WIPS capability as part of Cisco’s Unified Wireless Network (CUWN) - signals a radical change in Cisco’s earlier position on WIPS. The new Cisco message appears to say:

"Mr. Customer, please forget what we told you in the past." "WIPS capability integrated in Cisco WCS isn’t enough." "Please plan on adding dedicated sensors and a separate appliance (for security data aggregation, correlation and event processing) to get equivalent of overlay WIPS protection from Cisco United Wireless Network."

Marketing vision ≠ technical execution Cisco has done a very good job of articulating the business benefits of adopting wireless and enabling a mobile enterprise for which we applaud them. The vision is great, but don’t expect its system to automatically deliver what Cisco marketing has promised. Verify each claim through 3rd party tests, analyst reports and your own bake-off before making a BUY decision. Cisco has a track record of making preemptive marketing announcements and then failing to deliver on the promise. Remember the Cisco Structured Wireless Aware Network (SWAN) announcement in 2004! The promise of SWAN remains unfulfilled even after four years and multiple technology acquisitions.


Functionality gap for Cisco vis-à-vis WIPS vendors is too wide to be filled at this point of time! Overlay WIPS vendors have been innovating, building, delivering and enhancing their offerings relentlessly over the last 6 years! AirTight Networks Patent Information The functionality gap between overlay WIPS (such as AirTight) and what Cisco is now repackaging as adaptive WIPS is too wide to be bridged with marketing messages alone! Functionality gaps reported in an independent Tolly report test two years ago still persist. With the exception of a new adjective adaptive, nothing else seems to have changed.


A blind spot in vision? Aside from protecting WLAN infrastructure from all sorts of attacks and intrusion attempts, another equally important problem is to control wireless mobile clients from connecting to neighbor networks. The increased usage of Wi-Fi enabled iPhones, Blackberry, mobile phones make keeping a mobile workforce compliant with security policies increasingly difficult. Cisco’s adaptive WIPS announcement is totally mum about how the proposed architecture would tackle this challenge. Since traffic from these devices would not even flow through wired infrastructure, neither 802.1x, nor wired side control nor MFP would solve this problem.


Separation of Church and State The biggest selling point of Cisco adaptive WIPS is that it is integrated with Cisco’s Unified Wireless Network (CUWN). Of course, Cisco would like to act both as Church and State, but it is not in the best interest of the customers, auditors and risk managers to depend on Cisco’s architecture where flexibility to combine the best of the breed functionality from multiple technology providers is compromised.


Conclusion If you are serious about security, will you wait another 2-3 years till Cisco delivers a weak solution or do you want to be secure today? Do you want the best technology for wireless intrusion prevention which has been tried, tested, hardened and is ready to deliver and surpass the future promise which Cisco has laid out in its recent announcement?


Do YOU agree that promises are not always kept?

Contact Brad Reese
http://www.BradReese.Com

  
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)