Aruba Security Solution
Aruba 360 Secure Fabric has two solution available:
- Aruba Clear Pass
- Aruba Introspect.
The Aruba 360 Secure Fabric is an analytic-driven security framework built for mobile, IoT, and cloud. It starts with the Aruba Secure Infrastructure that includes embedded security in wired infrastructure as well as the security features in the WLAN with Aruba OS.
Network access control (NAC) with Clear Pass adds role-based policy management. Aruba Introspect adds machine learning security analytics that mines data not only from the Aruba Secure Infrastructure and Clear Pass but also from a wide range of IT security products and workflow solutions to surface anomalies about user, system, and IoT behaviors. With this user and entity behavior analytics (UEBA), security operators get early detection and integrated remediation.
Aruba security software can work on any vendor’s network, but works better on Aruba’s analytics-ready infrastructure. The solution also integrates with over one hundred third-party infrastructure vendors through the 360 Security Exchange. These vendors include McAfee, Palo Alto Networks, and more.
Aruba has invested in a wide range of security technologies to make its access points, controllers, and switches the most secure in the industry. It is called the Aruba Secure Infrastructure.
Trusted Traffic reduces the likelihood that traffic can be intercepted by using:
- Centralized encryption
- Deep packet inspection and application-layer firewall
Analytics-ready insights increase the precision and effectiveness of technologies such as Introspect machine learning by providing:
- Packet-level visibility
- Analytics-ready traffic summaries to the supervised and unsupervised models
Device assurance ensures devices have not been modified or tampered, and prevents device impersonation or disablement with following capabilities
- Hardware-enforced protection
- Hardware-based secure boot
Clear Pass + Introspect = Integrated Protection
The combination of ClearPass and IntroSpect with the secure infrastructure delivers 360 degree protection to help customers discover and authorize devices, monitor the network and alert security teams of potential threats, as well as decide and act on the response.
The core value proposition for ClearPass Policy Manager is its unmatched ability to detect, profile, authenticate, and authorize users and devices identically for both wired and wireless networks.
Using the information collected by ClearPass, IntroSpect’s UEBA solution knows about and monitors the ongoing use of IT resources for every user and device connected to the network. It establishes a baseline behavior, looks for anomalies, puts them into context, and raises an actionable alert when the Entity360 Profile Risk Scoring reaches predetermined levels.
When these alerts are passed to ClearPass in either a manual or automated process, they can trigger policy-based actions designed to respond to the severity of the alert and the potential business impact.
ClearPass can send a message to the device’s user, the user’s supervisor, or to other designated individuals. In the case of IoT, the notification goes to the designated device owners to let them know there is likely a security issue and what ClearPass action was taken.
ClearPass Secure Network Access Control
ClearPass is Aruba’s Secure Network Access Control (NAC) solution, and with over 8000 customers, it is a leader in the NAC market. Aruba ClearPass offers customers a rich set of functions that give them better visibility, authorization, authentication, and enforcement.
Visibility is knowing what is connected so there are no surprises or rogue devices. Custom fingerprinting allows the teams to incorporate new or never-seen devices into their profile database.
After determining what’s on the network, ClearPass provides authentication, no matter what connection method is used. Roles follow users and devices independent of their connection. ClearPass authenticates the user or device identity against a wide variety of identity sources such as Active Directory.
Rolebased access control is an important ClearPass advantage and differentiator. It means that the IT and security teams can define roles and policies for users and devices once, and have them apply across all types of connections, which include wired, wireless, and remote access.
With a rich Policy Engine for authorization, ClearPass establishes precision access privileges to control what users and what devices can access what resources. With identity and context-based rules, ClearPass can apply policies that differ based on attributes, such as location, device used, network security, and more.
ClearPass leverages its position as gatekeeper to the network to provide enforcement in the event that a user or device changes its security status or is found participating in an attack. As a result, ClearPass can enable either analyst guided or automated attack response with alert-triggered actions.
Following are the benefits of Clear Pass Secure NAC.
ClearPass provides detailed visibility and profiles for users, IoT, and BYOD devices, without the need for any type of agents or additional software. For each device, customers can see whether it is corporate, BYOD or IOT and how it was fingerprinted. They can then authenticate and authorize access to IT resources.
All devices are profiled and fingerprinted at the point of attempted connectivity. ClearPass profiling allows for enhanced visibility of endpoints so that the IT team has an accurate understanding of information like device OS version, MAC address, and manufacturer information. ClearPass knows if an employee needs to access internal applications on an internal server or if a visitor is using Windows7 and trying to access cloud applications.
Define and Automate Policy with Authentication and Authorization
In addition to visibility, ClearPass includes authentication and authorization.
ClearPass Policy Manager can enforce policies based on permissions, device type, and device location. It has built-in authenticate, authorize, and accounting (AAA) services for context-based enforcement and services, such as RADIUS for authorizing access to requested systems and services and TACACS for controlling access to infrastructure, such as switches.
Authorizing users and devices refers to giving permission to the user or device to determine what access is allowed. ClearPass Policy Manager delivers precise and consistent role-based access privileges that adapt to the current circumstances.
With Authentication and Authorization, customers get control. ClearPass can enforce policies based on device type and location to determine who and what devices can connect to which devices, data, infrastructure and apps.
Enforcement with Automated Defense
ClearPass can be signaled to take a response action from a wide range of security, network, and IT sources, such as Aruba switches, ArubaOS, Aruba IntroSpect UEBA, or one of over 140 partner products that integrate with ClearPass.
ClearPass then can invoke a range of responses based on pre-defined policies (for example re-authorization, bandwidth control, quarantine, or block). ClearPass offers flexibility, to where responses to security alerts can be executed either automatically in a pre-configured policy workflow, or manually by the security team.
What You Get from Clear Pass:
The basic ClearPass license delivers a complete package for comprehensive coverage. ClearPass’s major functions include a policy engine and reporting to provide visibility, authentication,
authorization and enforcement capabilities. The ClearPass license also includes ClearPass Guest for login and traffic encryption, guest self-registration, and the ability to create a customized guest access portal. Additionally, customers get support for TACACS+ and a broad portfolio of 3rd party ecosystem integrations.
ClearPass also offers Onboard and OnGuard as optional applications. ClearPass Onboard automatically configures and provisions mobile devices, enabling them to securely connect to the network. The result is a streamlined workflow and improved user experience.
ClearPass OnGuard can optionally be installed to monitor the health and security status of endpoints to ensure that they conform to policy requirements, such as having a current version of anti-virus software installed, or the most recent system patches applied to fix vulnerabilities.
Once users and devices are securely admitted to the network by ClearPass, IntroSpect takes over with continuous monitoring to detect compromised or rogue users and devices. To understand how IntroSpect user and entity behavioral analytics (UEBA) works, you need to begin with understanding entities.
An entity is something that carries an IP address, so it can be a user, device, or system. Entity 360 Profiles are created when IntroSpect aggregates all the activity data from the IT ecosystem and puts it in the context of an entity.
Tying a user or device (an entity) to the IP address associated with a security alert is one of the ways UEBA simplifies and eases detection and response. In one click a security analyst can not only see the historical and current risk score for that entity, but also all of the security relevant IT activity for that entity across any timeframe with the Entity360 profile.
IntroSpect uniquely incorporates all sources of IT-relevant data, such as packets, flows, logs, alerts, endpoints, and cloud data into both analytics and forensics. With continuous monitoring and attack detection with over one hundred supervised and unsupervised models, IntroSpect can detect the widest range of attacks.
Continuous monitoring results in pinpoint attack detection, accelerated incident investigation, and breakthrough reduction in the time and effort required to understand, diagnose and respond to an attack.
IntroSpect is based on a mature, Spark- and Hadoop-based architecture, the solution can scale from the most focused edge-based applications to the entire enterprise. The open and integrated platform allows organizations to add data from major SIEM and log aggregation systems, such as ArcSight and Splunk. In addition, IntroSpect gathers data from access control systems, such as ClearPass. No other security vendor can pair the attack detection of UEBA with the policy-based response of ClearPass for 360 degrees of protection, especially when you add the integration with third-party solutions.