New SmartFlow Features Detect Rogue DHCP Servers

Oct 15, 2015

Solana Networks is pleased to announce that its SmartFlow Network Security Monitoring product includes new features to detect rogue DHCP servers.

Rogue DHCP servers are a network security risk for enterprise networks of different sizes - from the smallest to the largest enterprise network. Their existence on the network can occur as a result of malicious cyber attackers. They are also installed unintentionally by users who install software and devices on the network without turning off the DHCP server capability.

Due to the limited resources available to small and medium network enterprises, such networks often face significant outages and down-time due to rogue DHCP servers.

Unintentionally installed rogue DHCP servers cause intermittent network outages which have historically been difficult to trouble-shoot. Malicious rogue DHCP servers pose a security risk as they provide outside third-parties with visibility into network traffic and devices in your network.

In many cases, network operators may not even be aware that a rogue DHCP server has been installed.  The first step is to become aware that a rogue DHCP server exists on the network. The second step is to determine which device is hosting the server. Network and Security administrators trouble-shooting DHCP issues usually resort to a series of manual steps to determine the location of the rogue server - steps which are time consuming and often themselves cause additional outages and downtime.

Historically rogue servers are the among the hardest issues to trouble-shoot on a network. Resolution may require systematic shutting down of all devices on the network and controlled trouble-shooting as each device is brought online. In a network with 1000 users, such an approach leads to significant cost and downtime.

With its recent release, SmartFlow's monitoring of network traffic flows (eg via Netflow or Sflow) can quickly pinpoint the existence of rogue DHCP servers as well as rogue DNS servers which can wreak havoc on the security posture and performance of enterprise networks.

Solana's SmartFlow is a leading industry network security monitoring product which applies machine learning to network traffic flow information. SmartFlow's unique capabilities allow it to detect cyber threats which cannot be detected using traditional signature-based detection methods. For more information please contact Solana Networks.