Close

RSA 2021 Conference Spotlights Need for Networking and Security Partnership

By Jon Green, VP and Chief Security Technologist
Share Post

New Aruba Central Device Discovery and Profiling Leverages AI and Network Data to Automate Access Policies for Users and Devices

  • More than ever, networking teams need to be working hand-in-hand with security teams.
  • Aruba networks can be both a security sensor and a security enforcement tool – it’s built into the infrastructure itself. We have new capabilities in both areas within the past six months.
  • AI/machine learning provides a powerful means of answering “What’s on my network?” in a way that was difficult to do in the past with signature-based approaches.

RSA 2021 started today, and while it’s not the same in-person extravaganza of pre-COVID years, it is still an important barometer of what is top-of-mind in the security world. Given the current events, ransomware is on everyone’s mind and the focus is how to plug the security gaps that allow attackers access. Last week’s cybersecurity executive order from President Joe Biden made this a top priority with a focus on the well-established Zero Trust security framework.

Vulnerabilities come in many forms and we have known for a long time that the onslaught of IoT devices onto corporate networks is largely unprotected. It’s little wonder that when the Ponemon Institute surveyed 4,000 security professionals and asked why breaches still happen, the top answer was the increasing attack surface. As a networking vendor, connecting people and things is part of our core mission. But that’s not good enough anymore – we and our customers can’t continue down the “networks connect everything; the security team will install firewalls to block the things they don’t want” path.  That is why we have increasingly focused not just on connecting and managing users and devices, but also building security into our networks with support for frameworks like Zero Trust and SASE, forging an essential partnership between networking and security.

Built-in security has been the hallmark of Aruba since day one. Starting life as we did in 2002, as a Wi-Fi company with the breaking of WEP encryption fresh in our minds, we heavily invested in security to assure our enterprise customers that Wi-Fi could be done securely.  Today, our evolving security architecture allows us to offer customers a very prescriptive Zero Trust security foundation in five key areas:

  • Visibility: It’s hard to protect something when you don’t know it’s there. We answer the fundamental question, “What’s on my network?”
  • Authentication: Employing a variety of technologies to clearly identify who and what is trying to obtain access.
  • Role-based Access Control: Just because a device connected to an Ethernet port or a Wi-Fi network doesn’t mean it gets unfettered access to the entire network. We apply business-driven access policies, based on identity and mapped to a role, enforced with a built-in L4-7 Policy Enforcement Firewall.
  • Continuous Monitoring: Looking for changes in security status that can indicate a compromise.
  • Attack Response: Changing network access privileges in response to a breach.

(For the NIST Cybersecurity Framework fans out there, you might recognize the above as covering four of the five: Identify, Protect, Detect, and Respond.)

For years Aruba customers have been using our built-in Policy Enforcement Firewall, a Layer 7 stateful firewall, combined with ClearPass Policy Manager to deliver these five capabilities. But, as I mentioned, we’ve put a lot of focus on the IoT problem over the last several years as the influx of these devices into the enterprise world has accelerated.

From vending machines to building controls to a professor’s Raspberry Pi-based experiments, “things” are flooding onto the network at an exponentially increasing rate. They are driving much of the new customer experiences and business models that make up digital transformation, and aside from the general IoT management issues, these devices come with little or no security controls or protection. In that same Ponemon survey, over 75% percent said they had little or no confidence in protecting IoT devices. Our customers tell us that they can’t see up to 50% of what is connected to their network.

That is why we introduced ClearPass Device Insight (CDPI) in 2019. CPDI uses network traffic analysis to spot everything connected to the network, and machine learning to automatically determine what the device is.  This answers the question, “What’s on my network?” in a much more definitive way than was previously possible.

When CPDI launched, packet-level visibility was provided by a “collector” – a virtual or physical appliance connected to a SPAN port or a network packet broker. Such a collector is typical in the security industry – but we wanted to do better. From the beginning, we wanted this sort of telemetry to come directly from the network infrastructure itself. In case you missed it, at Aruba Atmosphere 2021 last month we delivered on that goal during the “Define Your Edge Journey” technology keynote, showing a demo of CPDI, running inside Aruba Central, collecting telemetry through an Aruba gateway. The replay of that keynote session is available for anyone to view (if you can tolerate Dan the Man jokes!).

So now our network is a security sensor. Can we use it for security enforcement as well? Absolutely. As CPDI collects data about network activity, it develops a detailed view of what each connected device is doing: protocols, ports, and behavior patterns. That information flows to ClearPass Policy Manager, which uses it to decide the appropriate role and access privileges, and to the Policy Enforcement Firewall to enforce access rights and traffic segmentation. No more blind spots. No more security cameras with free access the ERP system.

All of this is managed and delivered via Aruba ESP (Edge Services Platform) and our cloud-native network management solution, Aruba Central. A practical example of the power of role-based access control is the recently introduced Aruba IoT Transport for Azure. This Aruba Central service allows IoT devices connected to Aruba access points (APs) to securely and bi-directionally communicate with the Azure IoT Hub.

We suspect you’ll be hearing a lot about IoT security, network data and ML at this year’s RSA conference. That’s a good thing. In our interconnected world, networks without built-in security controls leave us all more vulnerable. We’re proud to lead the pack in bringing Zero Trust principles to enterprise networks, and as the need grows stronger, we’ll continue to lead.

Ready to learn more?

What's your biggest worry?

To learn more about the state of Zero Trust, SD-WAN, and SASE architectures, view the infographic.

For more information about Aruba security solutions, visit www.arubanetworks.com/security.