Colubris Gets Secure

WiFi vendor Colubris Networks Inc. has released a new access point aimed at the ever-more-crowded enterprise wireless intrusion detection and prevention marketplace.

The Waltham, Mass.-based company claims that its MAP-330 Integrated Sensor/AP is different from the rest because it can operate as a normal access point and a security scanner at the same time. This, Colubris says, will reduce the cost and complexity of deploying IDS-type systems in the office and elsewhere.

Carl Blume, director of product marketing at Colubris, says that the way the company uses the radios on the AP makes it unique.

"As far as I know we're the only one that has two full a/b/g radios, each of which could be configured to work on either 2.4GHz or 5GHz," Blume says. "This means that a user can dedicate one radio to client access and ... the second radio to full-time scanning of both bands."

In theory, this means that the Colubris box would alleviate the need for a separate WiFi security overlay. The AP is yet another option in the crowded IDS/IPS monitor market, where Colubris will be competing with dedicated security vendors such as AirMagnet Inc. and Network Chemistry Inc. as well as larger players such as Cisco Systems Inc. (Nasdaq: CSCO) and IBM Corp. (NYSE: IBM).

In fact, many dedicated wireless security vendors have been trying to broaden their appeal to a wider audience recently with new products and marketing strategies. Analysts and industry figures alike are anticipating a shakeout of the IDS/IPS niche as larger players get more involved. (See AirMagnet: Life Beyond Security.)

— Dan Jones, Site Editor, Unstrung

wirelessfreak 12/5/2012 | 3:39:29 AM
re: Colubris Gets Secure It doesn't seem like an entirely novel idea to put two a/b/g radios in the same AP so can anyone provide some more information on how Colubris does this while nobody else can?

I would think that this would cause serious issues when you need to transmit from one radio for clients and another to counter attack an IDS threat.

It also seems that the transmission from the client supporting radio would drown out the receiver next to it when scanning on that same channel.
joset01 12/5/2012 | 3:39:26 AM
re: Colubris Gets Secure Lots of mesh vendors do something similar on the two-radio front.

-- DJ
joset01 12/5/2012 | 3:39:26 AM
re: Colubris Gets Secure They say it works fine. I suspect we'll hear from users if it doesn't when they start to arrive in the field.
wlanner 12/5/2012 | 3:39:20 AM
re: Colubris Gets Secure Yes, the catch is you have one radio transmitting and the second listening. If the listening radio selects the same channel as the transmitting radio you'll get a feedback loop and boom (we'll maybe not boom, but not good). I'm sure they have some algorithm that has the listening radio skip over the channel the other radio is transmitting on (and the adjancent channels). You'll get RF information on the transmitting channel from that radio anyways.

So, technically feasible. Original or even worthwhile is another subject (aren't we still waiting for their "unified wi-fi switch" that was hyped last year?).

Messaging - We are the unified enterprise play, no wait - the VoIP play, no the security play - depends on which administration is at the helm and you can see by the Unstrung stories, its been 3 different CEOs in that time (and the last one just left).
Carl Blume 12/5/2012 | 3:39:18 AM
re: Colubris Gets Secure In a practical real-world deployment, there is negligible impact from the proximity of the two radios. Here's why:

When a Sensor needs to counter-attack, it does not need to deluge the channel with mega-bytes of packets to do the trick. A few carefully chosen packets will be sufficient to disrupt the attacker. The Sensor (like any 802.11 compliant device) will wait for a clear channel to transmit those packets. Thus the Sensor will not interfere with the APGÇÖs functioning even when intrusion prevention is taking place.

The scanning sensor is only affected by the transmitting AP in the case that the sensor is listening on the same channel and the AP happens to be transmitting at that time. Scanning on the remaining 40 or more channels is unaffected. Because the sensor is dedicated, it will quickly return to the original channel and pick up any interesting activity.

If the AP is transmitting when the sensor is listening on the same channel, it is likely that potential threats on that channel have stopped transmitting and backed-off. So, the sensor will not have missed anything.

Finally, most deployments use multiple overlapping sensors. If an interesting event were to occur during an instant when the sensor is listening on the same channel as a transmitting AP, it is likely that this event will be picked up by another sensor.

All in all, this situation is no different than deploying an AP and a sensor close together.

Sign In