Finding the lazy bee’s – Aerohive’s application visibility and control

This week Aerohive announced their new switch line along with an upgrade to the Hivemanager and HiveOS to version 6.0. There are other reviews that went into this announcement quite well, including Lee H. Badman over at Network Computing and fellow blogger Tom Hollingsworth. What I would like to comment on in this blog is how I believe the addition of application visibility and control is actually a bigger deal than the announcement of new hardware, important though that is for the mobile enterprise.

As more and more businesses discover that their employees are bringing shiny new mobile devices to work (often it happens to be executives that are the primary people doing this) the IT department discovers they have a problem, namely they can’t easily tell the difference between devices connected to their WLAN and more importantly, what those devices are doing. Many enterprises are setup to monitor and filter wired traffic from workstations with web filters, IDS, IPS and the like but it is common for guest WLANs to not have such strict monitoring. Top of the questions I get asked when talking about the issues around BYOD and mobile devices is what can we do to have more insight into what mobile devices are doing on our network. Add in that the apps used in mobile devices many times just simply use standard http/s and it becomes very difficult to use the simple approach of filtering just on ports, protocols and IP addresses

Deep packet inspection

In order to help their customer’s solve this issue Aerohive has added into their OS the ability to inspect packet’s to discover where that packet is destined and what type of data is flowing across a connection. This type of functionality is commonly referred to as deep packet inspection, but Aerohive in keeping with their company mantra to Simpli-fi the WLAN calls it Application Visibility and Control. This perhaps more accurately describes what is gained by their customers in having this great feature added to their Aerohive devices. As I covered in a previous post, I believe that this functionality will eventually make WIPS irrelevant, so I am glad to see that more WLAN vendors are adding it.

If you look from a much higher level at how much mobile devices and cloud connectivity are changing enterprise IT security, this is really a first major step beyond simply authenticating users towards control at an individual device level of the data being accessed by users. Many a CIO or CSO is concerned by the collapse of their controlled perimeter and they know that the only way they can begin to understand what is happening to the different types of data inside their network is to have visibility at an application level as to how mobile devices access that data. If you consider that today many employees access that data via the WLAN, Aerohive is providing them with the tools they need to see what is being accessed, by who and with what types of devices. The next step of being able to control what happens to their data is built into this release and pushes the control to the edge, exactly where it’s needed.

Application Visibility and Control

Managing mobile security

I call this new functionality that is migrating into the WLAN the next generation of WLAN security as its pushing functionality that has been centralized on IT perimeter firewalls out to the edge of the network, to where devices are accessing the network. I recognize, however, that more needs to happen than simply adding this in. Security is a many layered thing and starts with a thorough mobile device access policy that gives employees clear lines of responsibility for what they do with their devices when they access the WLAN. There also needs to be a solid authentication architecture, which can differentiate authorization of what can be accessed based on user, device and location. Aerohive’s Application Visibility and Control gives you the ability to enforce those policies and gain a much greater insight into what is happening on your WLAN than previously. I’m sure that many IT department’s will thank Aerohive for giving them better tools to address management concerns about mobile devices.

My take on wireless has always been from a security point of view and I for one am glad that Aerohive in implementing functionality into their platform to help solve the security problems brought on by the explosion of mobile devices. Aerohive is quite rightly recognized as a lead innovator in the WLAN market and they are taking steps to maintain that lead and solve their customer’s problems in an innovative way. I look forward to seeing what else they have up their sleeves. It’s a great time to be in wireless.

One Response to “Finding the lazy bee’s – Aerohive’s application visibility and control”

  1. Tim Kempener says:

    Hi,

    Great post! I agree on your comment that Aerohive is a leader in Wi-Fi vendors. They are really innovative and with their controller-less AP’s and with a features a great choice for Enterprise Wi-Fi!

Leave a Response