New ClearPass features at HPE Protect 2016

By Trent Fierro, Blog Contributor
Share Post


Aruba ClearPass goes to Washington

Well, close to Washington.  Actually, we'll be at Protect 2016 in National Harbor, MD where we'll be using HPE's biggest security event to unveil some interesting new features within ClearPass that bridge the gap between network and security focused IT staff.

ClearPass OnConnect – For starters there's a new model for deploying NAC that does not require the use of AAA. The network team can setup wired switches to use SNMP enforcement as users and devices connect onto a network. The security team gets a simpler way to meet compliance demands without a complicated deployment that involves having users configure supplicants and agents.

Adding a layer of access control doesn't affect the user experience either. The user gets asked for their login and password, a device assessment is performed and SNMP is used to place the user and device into an appropriate VLAN.  No agents, no heavy lifting.

The best thing about ClearPass is that it supports both this new model and - tried and true - AAA and 802.1X enforcement when needed for wired and wireless deployments. As laptops, smart devices and IoT converge on your networks in greater numbers you'll need a solution that scales to meet changing needs.

ClearPass Extensions – Because the network and security teams may have approached NAC, guest access, BYOD, and IoT controls in different ways we often see disparate solutions that cannot share and leverage each other. A visitor registration service that does not provide a way to give users guest access is an example. An MDM solution that does not share device context with an NAC solution for "network policy" enforcement can be another shortfall in a workflow.

Extensions give our customers a simple way to integrate ClearPass with another vendors' solution via a small purpose-built piece of code that gets uploaded into a repository that sits within ClearPass. The use of APIs are then used to exchange data between ClearPass and the third party solution.

In fact, make sure to check out blogs from Sine (visitor registration), Kasada (multi -factor authentication) and Skyfii (analytics). They're three of first vendors that have created Extensions for their customers.

In summary here's how we help bridge the gap:

  • Identify: All devices are fingerprinted and categorized using ClearPass' built-in profiling feature. And, ClearPass also gives the security staff context about the users that are connecting as well. It's good to know what devices are connecting, but better if you can associate devices with users.
  • Enforce: We give organizations a starting point for protecting the network that doesn't involve a lot of configuration. Cisco, HPE, and other wired switches can play a role in the enforcement of policies within any environment.
  • Unify: We give you ways in which existing and future security, services and point solutions can leverage one another to provide a coordinated defense in any wired, and wireless deployment. Automated workflows now take the place of manual interaction.

Thanks for your time. For more information about OnConnect and Extensions make sure to check out our website.