Archive for the ‘latest news’ Category

The Evolution of Wi-Fi 6: Part 6

Tuesday, March 12th, 2019

In part five of this series, we discussed the benefits of Wi-Fi 6 (802.11ax) for new and legacy devices, as well as the expected Wi-Fi feature, set arriving in Wave 1 and Wave 2. In this blog post, we’ll take a closer look at Wi-Fi Alliance certification and how Wi-Fi 6 (802.11ax) will benefit high-density wireless deployments in locations such as stadiums, convention centers, MDUs and student dormitories.

Wi-Fi Alliance Certification

Wi-Fi Alliance certification of Wi-Fi 6 (802.11ax) is expected in mid to late 2019, with the standard due to be publicly ratified and released sometime in late 2019 or early 2020. It should be noted that Wi-Fi 6 devices presented at CES 2018 clocked in at a top speed of 11 gigabits per second. Commercial activity around Wi-Fi 6 has already started, with Ruckus and other companies announcing Wi-Fi 6 APs. As we’ve reiterated throughout this series, Wi-Fi 6 will bring about a profound change in the Wi-Fi industry with faster speeds, increased range and improved performance.

Wi-Fi 6 Device Rollouts

While there aren’t any certifiable Wi-Fi 6 (802.11ax) clients on the market today, Wi-Fi 6 (802.11ax) AP residential router and carrier gateway announcements have already kicked off, with various companies announcing Wi-Fi 6 products throughout late 2017 and 2018. Moreover, several companies have begun shipping Wi-Fi 6 APs, including Ruckus, which was the first to market with the industry’s first 8×8 5g+ 4 x 4 2.4 G Wi-Fi 6 (802.11ax) access point.

Wi-Fi 6 Use Cases: Stadiums and Convention Centers

As we noted earlier, Wi-Fi 6 (802.11ax) technology will benefit a wide range of wireless deployments. However, the new standard is particularly useful for high-density environments in which many users and devices are competing for limited spectrum. Examples include large public venues such as stadiums and convention centers. Indeed, stadiums are increasingly offering fast and ubiquitous Wi-Fi to improve fan or attendee experiences, bolster customer interaction and create value-added services (VAS) such as streaming instant replays on fan devices and allowing attendees to order food from their seats.

It should be noted that stadiums and convention centers typically host tens of thousands of users, many of who attempt to connect to Wi-Fi simultaneously. This scenario poses unique scale and density challenges for access points. Fortunately, Wi-Fi 6 (802.11ax) advancements around OFDMA, 1024-QAM, BSS Coloring and the faster PHY rates will make it easier for large public venue owners to create new business opportunities by offering enhanced services to guests.

Wi-Fi 6 Use Cases: Transportation Hubs and Stations

Similarly, transportation hubs and stations offer public Wi-Fi to passengers and shoppers. Like stadiums, transportation hubs can host tens of thousands of users and devices that attempt to connect to the network simultaneously. However, transportation hubs face additional unique challenges posed by transient devices. These devices aren’t necessarily connecting to the Wi-Fi network, although they still send management traffic and contribute to spectrum congestion. Wi-Fi 6 (802.11ax) advancements such as OFDMA and BSS Coloring provide tools to manage the above-mentioned challenge.

Wi-Fi 6 Use Cases: MDUs, Dormitories & Classrooms

Multiple Dwelling Units (MDUs) and university dormitories are often challenged by hundreds of users competing for limited wireless spectrum to stream 4K video or play eSports. This is also the case for libraries, auditoriums, lecture halls and student union buildings. In addition, primary K-12 education trends such as video-based learning, one-to-one computing, connected classrooms and a mass deployment of IoT devices have created an airtime capacity crisis that stresses network reliability.

Wi-Fi 6 Use Cases: IoT and Smart City Deployments

Like stadiums and transportation hubs, IoT and smart city deployments face a wide variety of connectivity challenges. For example, there may be a high volume of devices (sensors) at a manufacturing site that attempt to communicate simultaneously with a limited number of access points. Or, a small number of devices may be idle and programmed to ‘phone home’ once a day. This is precisely why the Wi-Fi 6 (802.11x) standard features a power saving feature known as target wake time (TWT), which enables devices to go into deep sleep mode and turn on their transmitter at predefined intervals to prolong field time without maintenance.


In conclusion, Wi-Fi 6 (802.11ax) is designed for high-density connectivity and offers up to a fourfold capacity increase over its Wi-Fi 5 (802.11ac) predecessor. With Wi-Fi 6, multiple APs deployed in dense device environments can collectively deliver required quality of service to more clients with more diverse usage profiles. This is made possible by a range of technologies such as OFDMA, MU-MIMO with eight uplinks and eight down links, target wake time (TWT), 1024-QAM, Long OFDM Signal and BSS Coloring. As we discussed in this series, these technologies are all playing a critical role in helping Wi-Fi evolve into a collision free deterministic wireless technology. Moreover, the IEE is looking to integrate future iterations of the above-mentioned mechanisms into additional wireless standards to support the future of Wi-Fi and beyond.

To view the original post at The Ruckus Room.

The Evolution of Wi-Fi 6: Part 5

Friday, March 8th, 2019

In part four of this series, we explored a range of Wi-Fi 6 (802.11ax) features, including target wake time (TWT), 1024-QAM and Long OFDM Signal. In this blog post, we’ll take a closer look at the benefits of Wi-Fi 6 (802.11ax) for new and legacy devices, as well as the expected feature set arriving in Wi-Fi 6 (802.11ax) Wave 1 and Wave 2.

Wi-Fi 6: Current and legacy devices

Although there are relatively few Wi-Fi 6 devices (802.11ax) on the market today (90% of the devices of are still Wi-Fi 5), it is important to note that the industry faced a similar situation when Wi-Fi 5 (802.11ac) was first introduced. From our perspective, there are several reasons to begin moving to Wi-Fi 6 (802.11ax) as soon as possible.

Firstly, a Wi-Fi 6 access point (AP) can serve new Wi-Fi 6 (802.11ax) devices, along with legacy Wi-Fi 5 (802.11ac) and Wi-Fi 4 (802.11n) devices. Secondly, a number of manufacturers are already selling Wi-Fi 6 (802.11ax) clients. Thirdly, Wi-Fi 6 (802.11ac) and legacy clients can co-exist just like Wi-Fi 5 (802.11ac) and Wi-Fi 4 (802.11n). Last, but certainly not least, both Wi-Fi 6 (802.11ax) and non-Wi-Fi 6 clients benefit from Wi-Fi 6 technologies.

For example, Wi-Fi 6 clients are more efficient, thereby freeing up more spectrum for Wi-Fi 5 (802.11ac) devices. This is perhaps analogous to a carpool lane, in which the first two lanes are for Wi-Fi 6 (802.11ax) devices. More specifically, let’s say 50% of the devices are Wi-Fi 5 (802.11ac) and 50% are Wi-Fi 6 (802.11ax). We put all the Wi-Fi 6 (802.11ax) devices in the carpool lane, allowing them to operate more efficiently. Concurrently, the remaining Wi-Fi 5 (802.11ac) clients benefit because we took half the cars from all the lanes – which frees up contention for the Wi-Fi 5 (802.11ac) devices.

This provides higher throughput and performance for networks, with beacon intervals occurring every 100 milliseconds. So, how does this work? Well, the AP ‘says’ that it will use its first 40 milliseconds of the beacon interval for Wi-Fi 6 (802.11ax) devices – while deterministically ‘telling’ all legacy devices to remain silent for the first 40 milliseconds (these are the two carpool lanes). The AP subsequently implements scheduled access for Wi-Fi 5 (802.11ac) devices, which get served, go to sleep and vacate the medium, all without ‘speaking’ for the remaining 60% of the time. Put simply, wireless access is improved for all types of devices, with Wi-Fi 6 clients using the fast lanes, while Wi-Fi 5 (802.11ac) devices have less clients to contend with. Put succinctly, more efficiency equals more airtime.

Wi-Fi 6: Wave 1 and Wave 2

As we discussed earlier in this series, Wi-Fi 6 (802.11ax) features a range of new technologies to optimize spectrum efficiency including OFDMA, MU-MIMO, Long OFDM signal, 1024-QAM, BSS Coloring and Target Wake Time (TWT). Like its Wi-Fi 5 predecessor, Wi-Fi 6 will be rolled out in two ‘waves,’ although the exact feature split isn’t yet finalized. Nevertheless, Wave 1 is expected to feature DL and UL OFDMA, DL MU-MIMO and Target Wake Time (TWT). Meanwhile, Wave 2 is likely to feature UL MU-MIMO, spatial reuse using BSS Coloring, along with support for 160 Mhz and 6 GHz. Moreover, the FCC is still working on finalizing the release of the 6 GHz unlicensed spectrum, which will open 1.2 GHz of unlicensed space.

View the original post at The Ruckus Room.

New e-book links poor network access security to data breach risk

Friday, March 8th, 2019

Ruckus has just published a new e-book titled “Seven Network Access Security Risks—and How They Can Lead to a Data Breach.” It focuses on faulty network access security as a risk area that can lead to data compromise. As the title implies, this e-book outlines seven distinct risk areas that IT organizations should be aware of, especially when it comes to providing connectivity for BYOD and guest users.

As detailed in a previous Ruckus blog, “What’s wrong with PSKs and MAC authentication for BYOD?”, default methods of network onboarding and authentication have serious security flaws that can leave you open to data compromise. These security holes get less attention that more high-profile threats like ransomware, but the dangers are still very real. Sometimes it’s the attack surface that you aren’t thinking about that attackers seek to exploit.

Linking IT security risk areas to the potential for a data breach

Sometimes the link between a threat vector and the risk of data compromise is obvious. Keylogging malware tracks a user’s every keystroke, including when they type in their username and password for cloud-based business applications. Email phishing attacks compromise credit card numbers or other sensitive data by tricking users into entering them into a website that spoofs a legitimate site. Misconfigured cloud storage can leave sensitive data just hanging out there on the web for attackers to steal. All of those are obvious ways that attackers can get at your data.

Network access security is a category where the linkages may be less obvious. The point of the new e-book is to help clarify the connection between this risk area and a potential breach. It’s a highly accessible way to increase your knowledge of this often-overlooked area of the IT security domain—a five-minute read covering an underestimated attack surface in modern IT environments. This document can help you keep other stakeholders in your organization informed about the risks as well, so feel free to pass it along. We should emphasize that no registration is required to access the e-book—just read and enjoy.

Here’s just a taste of one of the seven ways that poor network access security maps to data compromise. Risk area number four in the e-book is that without proper controls in place, users can get broader access to network resources than is appropriate. Proper data governance requires access to resources on a need-to-know basis. You might be wondering what would constitute proper controls in this context—you’ll find the answer to that in the e-book. Another recent Ruckus blog, titled “Eastern Europe bank hack highlights the need for network access security,” also provides useful background on this aspect of secure access.

More thoughts on data compromise

We blogged last year about the definition of a data breach. Ten or fifteen years ago data breach events were much less common than they are today. These days, it seems as if major breaches occur all the time. Krebs on Security and CyberScoop are two great websites to follow if you are interested in this topic.

Not every malicious attack represents an attempt to steal sensitive data—for example, crypto-mining malware seeks to steal computing resources for monetary gain. A denial of service attack tries to bring down a system, website or network. Likewise, not every data breach is caused by malicious activity. Sometimes data compromise happens due to human error. But preventing data breaches caused by malicious attackers is the primary driver of a large portion of the IT security industry.

Dark Reading reported recently on a security breach study from Risk Based Security that found 2018 was the second most active year on record in terms of the number of data breach events. They counted over 6,500 breaches in 2018, the large majority categorized as “hacking.” Several of the network access security risks outlined in the new Ruckus e-book would seem to fall into this category—although a lot of other attack scenarios would also fit that description.


If you would like to dive deeper into risk areas related to network access security, you can have a look at the recent ESG white paper “Does Your Method for BYOD Onboarding Compromise Network Security?” You can access this in the form of a dynamic website or go straight to the PDF version. When you are ready to address some of the security issues described in the e-book and the white paper, Ruckus Cloudpath Enrollment System is definitely worth a look. It’s our SaaS/software for secure network onboarding, and it’s a great way to shore up your defenses with strong network access security.

View the original post at The Ruckus Room.

Palo Alto Networks Introduces Cortex, the Industry’s Only Open and Integrated, AI-Based Continuous Security Platform

Friday, March 8th, 2019

Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, today introduced three significant advancements aimed at harnessing the power of advanced AI and machine learning to transform how security will be managed in the future.

Introducing Cortex™
Cortex is the industry’s only open and integrated, AI-based continuous security platform. Cortex is a significant evolution of the Application Framework designed to simplify security operations and considerably improve outcomes. Deployed on a global, scalable public cloud platform, Cortex allows security operations teams to speed the analysis of massive data sets. Cortex is enabled by the Cortex Data Lake, where customers can securely and privately store and analyze large amounts of data that is normalized for advanced AI and machine learning to find threats and orchestrate responses quickly.

Cortex XDR™ – Breaking Data Silos
Cortex XDR is the first-of-its-kind detection, investigation and response product that natively integrates network, endpoint and cloud data. Cortex XDR uncovers threats using behavioral analytics, accelerates investigations with automation, and stops attacks before damage is done through tight integration with existing enforcement points.

Traps™ 6.0 – Great Prevention Gets Even Better
Traps endpoint protection and response now includes a Behavioral Threat Protection engine that stops advanced threats in real time by stitching together a chain of events to identify malicious activity. Traps 6.0 acts as the ultimate data collection sensor for Cortex Data Lake, gathering the most comprehensive endpoint security data in the industry. In conjunction with Cortex XDR, customers can use Traps to extend their prevention capabilities to include detection and response across their entire digital infrastructure with a single agent.


“While detection and response are integral components of cybersecurity defense, the current model of disjointed standalone products leaves organizations with blind spots and conflicting data,” said Lee Klarich, chief product officer at Palo Alto Networks. “We believe the only way to solve this is with best-in-class prevention, combined with the ability to normalize and analyze data at scale from as many sources as possible, applying AI and machine learning to automatically detect and quickly respond to threats.”

“While endpoint and detection response tools are valuable, they give a limited view of what an attack may look like,” said Fernando Montenegro, senior analyst at 451 Research. “Security teams need more sources of data so that they can find and block threats faster across what are increasingly complex enterprise environments. We believe integrating data across endpoint, network and cloud is a positive step toward better addressing these security needs.”

New Partnerships Behind Cortex
To support the rollout of Cortex XDR, five managed security service partners will launch offerings that deliver round-the-clock threat monitoring, detection and response services to Palo Alto Networks customers. The partnerships in place are with PwC, Critical Start, ON2IT, BDO and Trustwave.

Pricing and Availability
Cortex Data Lake and Traps 6.0 will be available immediately to customers worldwide. Cortex XDR will be available to customers on March 4, 2019.

Learn More
Cortex XDR
Cortex Data Lake
Traps endpoint protection and response

View the original post by Palo Alto Networks.

Meet NEXUS – Battery Powered & RF-Based Lockdown Technology

Thursday, February 28th, 2019

Net-Ctrl has expanded its building management portfolio with the Nexus Wireless Alert System. The new NEXUS Wireless Alert system is aimed at organisations, schools and colleges as a lockdown system in the event of an incident requiring rapid restrictions to a site.

It is quick and easy to install with no civil works or cabling required and is fully portable.

The solution at a glance:

  • Battery powered
  • Rapidly deployable and reusable
  • Wireless with up to 64 units on one site
  • Long range transmission of 1km between units  
  • Visual beacon and audible sounder/enunciator
  • Works on advanced wireless mesh protocol negating the need for repeaters
  • IP Masthead receiver available for remote monitoring
  • 3-year battery life with low battery alerts

NEXUS uses a secure wireless mesh protocol to provide a long-range, robust system, designed to alert occupants to a threat on or near their site requiring a lockdown procedure to be implemented.

There is a maximum of 64 units per site, and when one NEXUS unit is activated, it will trigger all units in range to sound an audible lockdown message, accompanied by a flashing beacon light. 

Intelligent power saving technology ensures a long battery life of up to three years, keeping service calls to a minimum and reducing the environmental impact. 

NEXUS is available in both internal and external options – external units are fully weatherproof to IP66 standard.

If you would like to book a meeting slot in advance email

Stay On The Safe Side With Intelligent IP Video Systems From MOBOTIX

Tuesday, February 26th, 2019

MOBOTIX, the leading manufacturer of premium-quality secure IP video systems, is responding to the latest news about the use of non-secure hardware and software in IT or network infrastructures. Global players from the U.S. have already reacted and banned certain manufacturers from public contracts. Australia has also forbidden the use of products from certain manufacturers that are under suspicion of facilitating unauthorized access to data or not being able of warding off hacker attacks via cells on SoCs (System on a Chip).

Thomas Dieregsweiler, Head of Product Management at MOBOTIX, confirms that with certain Systems-on-Chips no reliable protection can be guaranteed when using them. Especially when the basic software is used by third-party SoC vendors, it is difficult to assess the risks for these vendors. SoCs are chips onto which functions of a programmable electronic system (such as an IP-based video surveillance system) are integrated.

MOBOTIX only uses high-performance industrial FPGAs (Field Programmable Gate Arrays) from well-known American manufacturers for its hardware and image generation chains, providing reliable protection for the user. An FPGA is used for the continuous processing of digital signals such as audio and video signals, neural networks and Deep Learning Algorithms / Artificial Intelligence and makes the system far more invulnerable to hacker attacks and espionage software.

“We use proprietary MOBOTIX software on these processors and retain full control over what the entire system does and is capable of,” Thomas Dieregsweiler explains. This approach is a core component of the MOBOTIX “Cactus Concept,” a company-wide overall strategy for cyber-secure products and solutions. Alongside numerous technical measures, such as the use of FPGAs, control over the entire value-adding chain is a key factor in implementing the MOBOTIX “Cactus Concept.”

“We haven’t detected any hacker attacks on our security systems to date,” Thomas Dieregsweiler emphasizes.
In order to prevent security gaps from arising in the first place, the MOBOTIX Security Team regularly checks hardware and software, also in cooperation with internationally recognized penetration test houses. In addition, MOBOTIX offers trainings and webinars to train partners and customers on the topic of security and to raise their awareness for IT security issues.

Thus, MOBOTIX provides end-to-end solutions that offer significantly more protection than the industry standard: A consistent security concept including encryption “Made in Germany”, which was successfully tested by SySS GmbH, the market leader in Germany in the field of penetration testing.


MOBOTIX is a leading manufacturer of premium-quality, intelligent IP video systems and sets standards for innovative camera technologies and decentralized security solutions with the highest level of cybersecurity. MOBOTIX was founded in 1999 and is based in Langmeil, Germany. MOBOTIX has an in-house research and development department, an in-house production facility in Germany and operates distribution companies in New York, Dubai, Sydney, Paris and Madrid. Customers worldwide trust in the durability and reliability of MOBOTIX hardware and software. The flexibility, built-in intelligence and unparalleled data security of the company’s solutions are appreciated in many industries. MOBOTIX products and solutions help customers in industries such as industrial manufacturing, retail, logistics and healthcare. With strong and international technology partnerships, the company will continue to expand its universal platform and develop new applications in the future.

The Evolution of Wi-Fi 6: Part 4

Tuesday, February 26th, 2019

In part three of this series, we took an in-depth look at OFDMA, MU-MIMO and BSS Coloring. In this blog post, we’ll explore target wake time (TWT), 1024-QAM and Long OFDM Signal.

Target Wake Time (TWT) and Wi-Fi 6

Target wake time (TWT) is another mechanism introduced in the Wi-Fi 6 (802.11x) standard. Essentially, TWT allows devices to deterministically negotiate when and how often they wake up to send or receive data. TWT increases device sleep time and in turn, substantially improves battery life, a feature that is especially important for IoT devices. In addition to saving power on the client device side, TWT enables wireless access points (APs) and devices to negotiate and find specific times to access the medium. This helps optimize spectral efficiency by reducing contention and overlap between users.

1024-QAM & the Need for Speed

Although bolstering spectral efficiency is one of the defining features of Wi-Fi 6 (802.11ax), an additional speed boost facilitated by 1024-QAM is obviously a nice bonus. Quadrature amplitude modulation, or QAM, uses both phase and amplitude of an RF signal to represent data bits. As we mentioned above, Wi-Fi 6 (802.11ax) introduces 1024-QAM, along with new modulation and coding schemes (MCS). These define higher data rates that bolster throughput and enable 25% higher capacity with 10 bits per symbol versus 8 bits in 256-QAM, the latter of which is supported by Wi-Fi 5 (802.11ac). Put simply, more bits equal more data, making the (payload) delivery of data more efficient.

Wi-Fi 6 (802.11ax) also introduces two new modulation coding schemes: MCS 10 and MCS 11. Both will likely be optional. It should be noted that 1024-QAM can only be used with 242 subcarrier resource units (RUs) or larger. This means that at least a full 20 MHz channel will be required for 1024-QAM.

Long OFDM Signal & Outdoor APs

When indoor wireless devices transmit a signal, the RF signal reaches the destination receiver directly, or via rapid reflections of walls ceilings and other obstacles. This is referred to as multipath. The OFDM symbol was originally designed with indoor Wi-Fi in mind, with multipath reflected RF signals expected to reach the receiver very quickly. The original OFDM symbol was composed of guard intervals followed by a data portion, then another guard interval and then another data portion, area and so forth. The guard interval was either 0.4 or 0.8 microseconds – with the useful OFDM data portion set at 3.2 microseconds.

With outdoor Wi-Fi, the guard interval needs to be increased to compensate for extended or distant reflections. As such, Wi-Fi 6 introduces Long Signal OFDM, which allows up to a 3.2 microsecond guard interval with the data packet area being increased 4x, or up to 12.8 microseconds. This offers a much broader multipath tolerance, reduces overhead and bolsters throughput, thereby making outdoor Wi-Fi more reliable and dependable.

More GHz For the IoT

As we discussed in part one of this series, Wi-Fi 6 (802.11ax) will support both 2.4 GHz (for the IoT) and 5 GHz, as opposed to Wi-Fi 5 (802.11ac), which only supported the latter. Moreover, the FCC is slated to open the 6 GHz spectrum for Wi-Fi 6 in 2019, thereby creating more than one GHz of new unlicensed spectrum. This is an important development, as the amount of Wi-Fi spectrum in the United States has remained essentially unchanged for more than a decade. From our perspective, the combination of Wi-Fi 6 (802.11ax) and the newly opened 6 GHz spectrum has the potential to fuel a perfect storm of disruption for the wireless industry.

Click here to view the original post by The Ruckus Room.

5 Issues that impact Wi-Fi performance in dense environments

Thursday, February 21st, 2019

Worldwide data and video traffic are growing at double-digit rates. This increase is driven by connected devices and applications like 4K video streaming, VR/AR and eSports. Adding to the complexity of this environment impacting Wi-Fi performance are diversifying device categories and apps, such as headless IoT devices, video and voice-over-Wi-Fi.

Moreover, the congestion of people, devices and bandwidth-hungry apps makes for numerous real-world challenges that conventional wireless technology has difficulty overcoming, especially in dense environments. Let’s take a closer look at some of these challenges below.

Overloaded network

Wi-Fi antennas often radiate signals – like a lightbulb radiates light – in all directions. This can create misdirected and wasted radio energy.

The solution? Ruckus BeamFlex+ technology, which enables the antenna system within a Ruckus access point (AP) to dynamically sense and optimize for its environment. The antenna system also significantly bolsters range and Wi-Fi performance by mitigating radio interference, as well as noise and wireless performance issues.

Too many devices

All access points use ‘lanes’ (radio channels) to transmit and receive traffic. However, a specific lane can become congested, leaving an AP unable to determine if other lanes are free to accommodate wireless traffic.

The solution? Ruckus ChannelFly dynamic channel management, which helps our APs boost Wi-Fi performance by dynamically (automatically) switching a client from a crowded channel to a less congested one.

Wasted radio energy

Excessive management traffic typically saturates available Wi-Fi spectrum in dense Wi-Fi environments. This results in reduced connectivity and low per-client throughput.

The solution? Ruckus Airtime Decongestion, which enables APs to more selectively respond to clients. This dramatically increases overall network efficiency for higher airtime utilization and delivers a more optimized user experience.

Channel congestion

APs are frequently overloaded with an uneven client load in dense network environments. This inefficient utilization of network capacity results in a sub-optimal client-to-AP link quality and lower throughput for clients.

The solution? Ruckus Network Capacity Utilization, which employs real-time learning techniques to associate clients with APs that offer higher link quality and capacity. This mechanism facilitates higher overall network capacity and higher per-client throughput.

Unwanted management traffic

Thousands of non-connecting ‘transient’ devices – often in transport hubs – frequently create unwanted management traffic that negatively impacts Wi-Fi performance.

The solution? Ruckus Transient Client Management, which maintains throughput levels for priority clients in high transient-client environments by delaying AP association with low-priority transient clients.

TO speak to someone about your wireless projects, please get in touch by completing a Contact Form, emailing or calling on 01473 281 211.

The evolution of Wi-Fi 6: part 3

Tuesday, February 19th, 2019

In part two of this series, we explored the basics of MU-MIMO, OFDMA, and 1024-QAM. In this blog post, we’ll take a closer look at Wi-Fi speeds, along with an in-depth look at OFDMA, MU-MIMO and BSS Coloring.

Theoretical peak speeds vs. network capacity and efficiency

As we’ve emphasized throughout this series, the 802.11 standard has rapidly and significantly evolved over the past two decades. For example, wireless LANs once focused on achieving theoretical peak speeds. With the advent of Wi-Fi 6 (802.11ax), the emphasis has shifted to overall network capacity and efficiency, in addition to throughput speeds. As the latest iteration of 802.11, Wi-Fi 6 (802.11ax) is expected to become prevalent in ultra-dense environments such as transport hubs, urban apartment complexes, college campuses, concert venues and sports stadiums. These are all locations where many clients routinely access the internet over Wi-Fi, as well as share UHD content and stream 4K video.

Currently, in advanced development, the IEEE 802.11ax standard is slated to be released in 2019. It is worth noting that the maximum theoretical speed of Wi-Fi 4 (802.11n) was 150 megabits per second, per stream. Wi-Fi 5 (802.11ac) increased this to a theoretical speed of 866 megabits per second, per stream, which is considered a six-fold jump. Wi-Fi 6 (802.11ax) supports maximum speeds of up to 1201 megabits per second. Although Wi-Fi 6 is certainly faster than its predecessor, it is not the six-fold increase seen with the release of Wi-Fi 5 (802.11ac).

Wi-Fi 6: 4x increase in throughput

More specifically, Wi-Fi 6 (802.11ax) is expected to boast a 4x increase in throughput for the average user. This is primarily due to more efficient spectrum utilization and various improvements for dense deployments. Clearly, speed is not the most important issue, as the maximum rates are notoriously inaccurate when it comes to real-world performance. These can vary widely based on a range of obstacles, other signals in the air, multipath reflections and the capabilities of both access points and client devices.

To address these issues, Wi-Fi 6 (802.11ax) aims to improve efficiency by delivering consistently higher real-world speeds than Wi-Fi 5 (802.11 ac). As we noted in part three of this series, W-Fi 6 introduces orthogonal frequency-division multiple access or OFDMA. The mechanism – which is (4G) LTE-proven – provides more efficient access for users. Essentially, OFDMA technology allows multiple users with varying bandwidth needs to be served simultaneously by dividing each wireless channel into multiple sub-channels. This allows multiple clients to talk to the AP – simultaneously – over a single-channel (depending on the channel size). More specifically: 9 clients over a 20 MHz channel, 18 over a 40 MHz channel, and 37 over an 80 MHz channel. With multiple smaller channels, the AP can offer flexible bandwidth allocation to each device based on specific data requirements, thereby increasing overall network performance. It should be noted that smaller sub-channels are known as Resource Units (RU) or RU tones. The minimum size of one RU is 26 tones or subcarriers, which equals approximately 2 MHz. In practical terms, this means a 20 MHz channel can serve up to 9 users.

Working in tandem: OFDMA & MU-MIMO

OFDMA works in tandem with MU-MIMO, the latter of which helps APs address multiple devices simultaneously, instead of one at a time. From a precise chronological perspective, MU-MIMO was introduced as part of Wi-Fi 5 (802.11n), but only supported the mechanism in downlink mode. In contrast, Wi-Fi 6 (802.11ax) supports up to 8×8 MU-MIMO in both downlink and uplink modes – allowing APs to serve up to 8 users simultaneously. It is important to understand that MU-MIMO also benefits the performance of legacy devices such as those designed to support Wi-Fi 5 (Wave 2) devices.

BSS Coloring

Another important Wi-Fi 6 (802.11ax) feature is Basic Service Set (BSS) Coloring, which can perhaps best be described as a six-bit identifier attached to each PHY header that indicates the origin of the wireless LAN. Since Wi-Fi is a half-duplex medium – meaning that only one radio can transmit on a frequency domain or channel at any given time – Wi-Fi 6 (802.11ax) will defer transmission if it ‘hears’ the PHY preamble transmission of any Wi-Fi 6 radio at a signal detect or SD threshold of four decibels or greater. This medium contention overhead is a major issue in high-density venues such as a stadium or large conference rooms due to the sheer number of APs and clients.

Unnecessary medium contention is referred to as overlapping basic service sets (OBSS), or co-channel interference (CCI). Wi-Fi 6 (802.11ax) addresses this challenge by improving spatial reuse, which is often referred to as BSS Coloring. This mechanism was initially introduced as part of 802.11ah to address medium contention overhead due to OBSS. It assigns a different colour, a number between 0 and 63, which is added to the PHY header of the Wi-Fi 6 (802.11ax) frame to each BSS in an environment. With BSS colouring, an AP can identify which frames are coming from other networks – and ignore them if they are below a certain threshold of weakness to prevent interference. This helps avoid unnecessary wireless slowdowns.

View the original blog post by The Ruckus Room.

Introducing PAN-OS 9.0: Stop Threats Hiding in DNS, Close Security Gaps

Tuesday, February 19th, 2019

We’re excited to announce PAN-OS 9.0, the latest version of the software that powers our next-generation firewalls. PAN-OS 9.0 delivers over 60 tightly integrated innovations that strengthen security. The new DNS Security service continues our tradition of expanding the platform and replacing disconnected point products. We have always set the standard for next-generation firewalls — keeping you on the cutting edge while simplifying security.

Here are a few highlights from PAN-OS 9.0.

Stop threats hiding in DNS traffic

DNS is essential to running your business, but according to the Unit 42 threat research team, almost 80 percent of malware uses DNS to establish command and control. Today, security teams lack the visibility, scale, and agility needed to stop threats that use DNS. Our new DNS Security service applies predictive analytics and infinite cloud scale to disrupt attacks that use DNS for command and control or data theft. Using shared threat intelligence and machine learning, DNS Security enables teams to quickly identify threats hidden in DNS traffic. Because the service is tightly integrated with our next-generation firewall, customers get automated protections and eliminate the need for independent tools or changes to DNS infrastructure.

Close dangerous policy gaps faster and more easily

The new Policy Optimizer strengthens security by closing dangerous policy gaps left by legacy firewall policies. Policy Optimizer’s simple workflows use intelligence gathered by PAN-OS to easily move from legacy rules to App-ID-based rules. Taking complexity out by removing scores of legacy rules reduces human error, which is a leading cause of data breaches. With PAN-OS 9.0, we continue to deliver the tools you need to implement best practices that reduce the risk of attack.

Reduce web-based threat exposure

We’ve taken URL Filtering to the next level with powerful new capabilities to protect your organization from web-based threats. Applied analytics powers granular web policy for more control and flexibility than ever. New risk ratings take the guesswork out of choosing which sites to block or allow. Based on policy, automated actions let you trigger additional inspection or containment, including turning on SSL decryption. Machine learning-based image recognition dramatically increases phishing detection, finding even the most evasive sites attempting to steal your credentials. And finally, your protection is always up to date with instant updates for newly discovered malicious sites.

Protect your network with the fastest next-generation firewall ever

Organizations with large data centers, high volumes of encrypted traffic, and a growing ecosystem of internet of things (IoT) devices must secure more network traffic than ever. Our PA-7000 Series, with new line cards, is the fastest next-generation firewall in the industry, delivering performance without compromising security. Our all-new Network Processing Cards (NPCs), Switch Management Cards (SMCs), and Log Forwarding Cards (LFCs) deliver 350 Gbps of protected throughput, measured with application identification, intrusion prevention, antivirus, anti-spyware, advanced malware analysis, and logging enabled. Palo Alto Networks customers can use the improved cards with their existing chassis and cards, ensuring their security investments are protected.

Consistently secure all of your clouds

Organizations want consistent security across multiple public clouds and virtualized data centers. The VM-Series now provides the broadest range of public cloud and virtualized data center environments by adding support for Oracle Cloud, Alibaba Cloud, Cisco ENCS, and Nutanix. Firewall throughput performance improvements for AWS and Azure of up to 2.5X combined with autoscaling and transitive architectures allow our customers to automate security for dynamic and large-scale public cloud deployments.

Secure large environments at scale

New innovations to Panorama make scaling network security easier. With PAN-OS 9.0, security teams can manage up to 5,000 firewalls with a single instance of Panorama. When required, customers can use Panorama Interconnect plugin to scale the single pane of glass to 30,000 firewalls. Panorama manages security for the entire network using a single security rule base for firewall, threat prevention, URL filtering, application awareness, user identification, advanced malware analysis, file blocking, and data filtering. Panorama helps administrators reduce operational workload and meet budget constraints, while improving overall security posture.

Strengthen network and security operations

New Transformation Services offerings will strengthen security with deep analysis of configuration and network traffic as well as enforcement of advanced security policies. These next-generation firewall, threat, and security operations services are designed to complement our Security Operating Platform by focusing on operational capabilities. This provides maximum protection to enable businesses for future growth.

To learn more, visit our PAN-OS 9.0 security page.

Watch Lee Klarich, chief product officer, dive into what’s new in PAN-OS 9.0.

View the original post by Palo Alto Networks.