Rogue AP Detection Question

That is a good question, most I could find was https://docs.sophos.com/nsg/sophos-firewall/v17.1.4/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp/RogueAPScanning.html

This is the correct online help link.

https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/WirelessDashboard.html?hl=rogue

Basically we only show the Rogue APs but do not perform any actions (right now).

As far as i know, there are couple of law issues with taking automatic remediation actions. 

I am not a legal expert, but feel free to read this : http://transition.fcc.gov/Daily_Releases/Daily_Business/2015/db1102/FCC-15-146A1.pdf

The technical way to mitigate a rogue ap is something like: 

https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack

Maybe Tejas Kashyap can give more insight on this? :)

Agree. As of now, we are scanning the neighborhood for networks and just classify them. The solution we have is just intrusion detection and not prevention. WIPS in itself is plagued with a lot of issues, right from the legality as has been mentioned above to the effectiveness of the solution. Normally WIPS consists of APs having 3 radios with one acting as a sensor. There are solutions where the same radio serves the clients and acts as a sensor by timesharing. 

To summarize, we do not have any actions that can be performed once rogue APs are identified.

Agree. As of now, we are scanning the neighborhood for networks and just classify them. The solution we have is just intrusion detection and not prevention. WIPS in itself is plagued with a lot of issues, right from the legality as has been mentioned above to the effectiveness of the solution. Normally WIPS consists of APs having 3 radios with one acting as a sensor. There are solutions where the same radio serves the clients and acts as a sensor by timesharing. 

To summarize, we do not have any actions that can be performed once rogue APs are identified.