This content is part of the Buyer's Guide: Wireless intrusion prevention systems: A buyer's guide

Fluke Networks AirMagnet Enterprise: WIPS overview

Expert Karen Scarfone examines Fluke Networks AirMagnet Enterprise, a wireless intrusion prevention system to monitor WLAN events and detect a wide variety of potential problems.

Fluke Networks' AirMagnet Enterprise is a product that provides wireless intrusion prevention system capabilities for an organization's wireless local area networks and facilities. AirMagnet Enterprise can monitor WLAN events and detect a wide variety of potential problems. These include rogue wireless access points, unauthorized WLAN client devices and various WLAN-based attacks.

AirMagnet Enterprise can also try to stop malicious activity, such as disconnecting unauthorized devices from the organization's WLAN. By stopping perceived attacks on the WLAN, AirMagnet Enterprise can not only safeguard the WLAN itself, but can also prevent WLAN client devices from being compromised and then used to steal sensitive data from the organization.

Product versions

Fluke Networks AirMagnet Enterprise follows a common WIPS architecture: one or more management servers, known as the AirMagnet Enterprise Servers, and many dedicated WIPS sensors, called the AirMagnet Sensors and AirMagnet Spectrum Sensors. The AirMagnet Sensors are typical WIPS sensors in terms of their attack detection capabilities (see below), while the AirMagnet Spectrum Sensors are specialized WIPS sensors that are designed to find a wide variety of wireless communications, not just WLAN communications.

Fluke Networks offers several models for both types of sensors; these models differ primarily by the number of radios and the location of the antenna -- internal or external. Fluke Networks also offers an AirMagnet Sensor model that specializes in the cellular spectrum.

Attack discovery capabilities

The most basic WLAN attack discovery capabilities -- detecting rouge APs and unauthorized WLAN client devices -- are offered by practically all WIPS technologies. AirMagnet Enterprise is no exception. It also offers more advanced attack discovery capabilities, including detecting denial-of-service attacks and spoofing attacks, such as man-in-the-middle attacks, as well as mapping the physical locations of WLAN client devices and APs. Mapping physical locations is invaluable for incident response efforts, particularly for finding things such as rogue APs. AirMagnet Enterprise does not offer the ability to detect active authentication and encryption cracking attempts, but this ability is offered by relatively few WIPS products.

Data collection and reporting capabilities

AirMagnet Enterprise offers robust data collection and reporting capabilities. In terms of data collection, it can record all of the basic event data that WIPS products typically log and can also perform packet captures, which are invaluable for incident response and forensic purposes. For its reporting capabilities, AirMagnet Enterprise has built-in support for a wide variety of security compliance initiatives, including the Payment Card Industry Data Security Standard, HIPAA and the Sarbanes-Oxley Act.


Because AirMagnet Enterprise is based on AirMagnet-branded servers and sensors, there is no information provided by Fluke Networks on licensing costs and terms, other than the availability of licenses for a higher level of support.


The Fluke Network AirMagnet Enterprise product provides a variety of WIPS capabilities for enterprises. Based on a management server and dedicated WIPS sensor architecture, AirMagnet Enterprise can work in parallel with the organization's existing WLAN infrastructure, and it offers several models of dedicated WIPS sensor to meet the needs of many organizations and facilities.

AirMagnet Enterprise has a reasonable range of attack discovery capabilities, only missing the active authentication and encryption cracking attempt detection offered by few WIPS products. It also has strong data collection and reporting capabilities. This combination of features makes it a strong contender for consideration by most organizations seeking a WIPS product.

Next Steps

Part one of this series looks at wireless intrusion prevention systems in the enterprise

Part two of this series offers six enterprise use cases for WIPS

Part three of this series examines seven criteria for purchasing WIPS products

Part four of this series compares the best WIPS products in the market

This was last published in July 2016

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)