Close

HPE Aruba Networking Blogs

Aruba Better-Together Security Approach Garners Industry Accolades

By Larry Lunetta, VP HPE Aruba Networking, Portfolio and Communities Marketing

As AI-powered attack detection is now being integrated with both network access control and attack response, we are seeing the emergence of “next generation NAC”—providing 360 degrees of total attack management going far beyond the traditional NAC mission of authentication, authorization and accounting.

Savvy industry watchers and industry analysts have now weighed in.

At the RSA conference this April, SC Magazine awarded Aruba IntroSpect User and Entity Behavioral Analytics (UEBA) the Best Threat Detection Technology for 2018. In its write-up describing the key factors driving IntroSpect’s win, SC Magazine award judges highlighted the tight integration between IntroSpect and Aruba’s ClearPass NAC solution and praised how this integration closes the loop between attack detection and policy-based attack response actions, enabling speedier remediation efforts.

Building upon that honor, the Gartner Market Guide for Network Access Control research report also evaluates the power behind Aruba’s ‘better together’ approach to security.

These two recognitions reinforce the value of Aruba’s design framework for embedding security through an organization’s entire network infrastructure, which we call the Aruba 360 Secure Fabric.

Aruba 360 Secure Fabric

The Aruba 360 Secure Fabric, which was announced last September, focuses on the challenges of attack detection and response via Aruba’s unique position at the crossroads of:

  1. Secure Connectivity via the embedded security features in Aruba wired, wireless and remote access networking products
  2. Network Visibility delivered by ClearPass discovery and profiling, including for IoT devices
  3. Zero Trust Network Access Control enforced by the ClearPass policy engine
  4. Advanced Machine Learning-based Analytics utilized by IntroSpect UEBA to detect attacks on the inside that have evaded traditional defenses
  5. Open, Multi-vendor Approach: With more than 140 security and IT infrastructure product integrations, ClearPass stands out as a strategic solution in this “next-gen” NAC space.

Figure 1: The Aruba 360 Secure Fabric embeds security throughout an organization’s entire network infrastructure to reduce risk from advanced cyberattacks.

An additional key factor in the strength of our 360 Secure Fabric is how we have gone beyond the typical API-level connectivity to implement UI and UX-level integration between IntroSpect and ClearPass. This approach makes the interaction between the two products seamless and efficient and enables capabilities that are unique in the market today.

Better Together

Let’s explore the integration between IntroSpect and ClearPass a little more deeply. To start, ClearPass delivers three major value propositions:

  • Extensive visibility through device discovery and profiling
  • Policy-based access control to IT assets
  • Closed-loop attack response via a range of actions from re-authentication to quarantine and block

In essence, Aruba is able to take advantage of ClearPass’ role as network “gatekeeper” to use the same policy-based mechanisms that put a device or user on the network to respond to an attack.

Figure 2: Aruba ClearPass leverages visibility, control and response to serve as a network gatekeeper for enabling integrated attack responses to cyberattacks.

From an IntroSpect perspective, the precision device discovery and fingerprinting delivered by ClearPass provides essential information for comprehensive entity profiling, as well as for enabling the machine learning-based peer baselining that is extremely valuable for detecting behavioral anomalies that are often indicative of a gestating attack.

For example, ClearPass can find and assign a name to identify IoT devices such as cameras, vending machines, medical equipment, etc. This information then automatically flows into IntroSpect to create more accurate risk profiles. This means that when a security analyst begins an attack investigation, he or she knows immediately what or who is involved and what the potential impact might be.

For attack detection, IntroSpect generates two types of baseline reports, which combine to enable highly accurate anomaly detection. One report monitors the activities of users, systems and devices, with the other looking for patterns and changes among the peer groups that these users and devices are members of.

Figure 3: IntroSpect Uses machine learning ML to find attacks on the Inside.

Information from user peer groups (marketing, engineering, etc.) comes from a variety of identity systems such as Active Directory (AD). However, there are no AD-like systems for “things.” This is where the unique integration with ClearPass delivers comprehensive visibility into device categories to allow IntroSpect to see, for example, that a single drop cam is generating more traffic than any of the other cameras within their peer group.

Put this all together and you can see why having ClearPass as a complementary “sidekick” to IntroSpect makes both products more valuable. And we are thrilled with the recognition that this approach has received from both SC Magazine and Gartner.