Security has become one of the greatest concerns for every company alike. The industry is moving towards a fast paced and customer-oriented network infrastructure which automatically increases the vulnerabilities a network is exposed to. As the industry today is driven by the customer and network administrator’s visibility and needs for their network infrastructure, security tops the charts when it comes to the major requirement. Let’s face it, everyone wants a robust and secure solution.
So, what are some of the major questions raised for any network by a customer when we talk about visibility and security.
Application visibility: How accurately can the system identify specific applications?
Flow tracking: Can the system accurately report on the specifics of a particular traffic flow?
Encrypted traffic visibility: Can the system identify threats in encrypted traffic without need to decrypt the traffic?
Miercom conducted an independent competitive analysis of leading wireless infrastructure packages – Wireless Controllers and their corresponding Access Points. Cisco Catalyst 9800 was competing against the latest offerings from HPE-Aruba, Ruckus Networks and Huawei Technologies. Cisco Catalyst 9800 Wireless Controller offers a blend of Cisco network leadership with Cisco RF innovation. Catalyst 9800 Wireless Controller is built on top of Cisco’s RF excellence & wireless innovations along with Cisco IOS XE-a modern, programmable and modular operating system which satisfies the requirements for next generation Wireless controller which is robust and secure. Miercom also reviewed aspects of security offered by different vendors. When comparing these products and the features they offer, they did take into consideration other, often optional, security-oriented packages that the vendor offers, which would run on servers elsewhere in the user’s network, typically in a secure, central data center.
When we look at different Vendors for Application identification, Cisco was consistently accurate. It could identify apps including Jabber, Netflix, Dropbox, and YouTube without a single glitch. Cisco was able to dive deeper into data packets with its DPI (Deep Packet Inspection). Only Cisco correctly identified WebEx as a separate audio-video application and CNN Live Video with Akamai as the actual video source, offering more granular control. Aruba was able to identify many applications too like Jabber, Netflix, Dropbox, and YouTube – as well as specific web sites but some applications like WebEx were incorrectly identified too. On the other hand, Ruckus had incorrect identification on many applications. Ruckus offers no DPI and application identification was hit or miss. Huawei has its own limitations when it comes to application identification and DPI.
Another security-based test Miercom conducted was to see whether the system could accurately track and report flows (e.g. large file movements). Cisco excelled in flow tracking as well. Applications were detected immediately with the accurate amount of data passed for that application. Contrarily, Aruba reported application activity long after transmission began and showed considerably less data transmitted than actually sent. Also, Ruckus reported application activity long after transmission began and the User Interface showed much less data transmitted than actually sent. On the other hand, Huawei seems to report application activity accurately, unless monitoring is started after the transfer already began which leads to delayed reporting of application activity.
Cisco is way ahead in the competition in terms of Encrypted Threat Analytics. Cisco Wireless Controller also successfully detected malware, trojans inside encrypted traffic. All the other vendors do not support detection of threats from encrypted traffic.
Cisco stands out as the only vendor which satisfies all visibility and security requirements. Cisco Effectively detected threats in encrypted traffic. Additionally, Cisco outperformed its competitors in tests for flow-tracking accuracy, application identification, multi-level segmentation and threat detection with encrypted traffic which clearly makes Cisco the winner of the security race.
Miercom is an independent third-party testing and certification company. Please download complete Miercom report here.
Just wondering what the best practice is on using DHCP proxy mode vs DHCP bridging mode for roaming clients (L2 / L3 roam)? Does the DHCP proxy feature add significant time to the DHCP handshake and cause roaming clients to lose packets when they go ...
Hi all, I am having issues setting up a few Aironet 1262s (AIR-LAP1262N-E-K9) They are powered from a 3560 PoE-8 (only one at a time) and they power up...The power comes on and the light flashes green for bit (I assume booting)The light then is ...
Hi all, I am using WLC 3504 and i have created a open ssid that require web auth. I have also enabled a lobby admin account on my WLC to create accounts for guests to connect to this ssid. The default ip of the interface of this ssid is 188.8.131.52. For ...
Hello everyone,I am a new customer of Cisco Access Point AIR-AP2802E-E-K9C. I don't have much experience with this class of hardware Cisco. Could someone help me, how to configure this AP? I have experience with switches and routers. I would like, to this...
Dear all, I cannot reimage AP1852i through rommon mode .I tried below commands but it doesn't work. When it boot, it will load the old image (the old image has an issue so I cannot access to controller cli or webui)tftpboot AIR-AP1850-K9-8-5-151...