Everywhere we look today, we hear about hacking of servers or email systems, credit card systems being compromised and public Wi-Fi as a ‘use at your own risk’ service. With all of the big bad’s out there, security should be the new standard within wireless.
Security is More Than a Buzzword
There are so many buzzwords in the industry at this point with 5G, Wi-Fi 6, OFDMA, WPA3 and so on – but security should not be considered one as well. For years, wireless security was nothing more than a rotating passphrase, if someone remembered to change it. Long ago, WEP got hacked, which gave way to WPA and then WPA2. But for the most part, all devices were still using a passphrase that was proudly displayed on a whiteboard, sandwich board or the like.
When wireless was a nice-to-have commodity, this was just fine. With wireless now becoming the primary medium for access, security is a must. Data moving back and forth from private and public clouds requires that data have better security than a passphrase. Certificates, central authorization and accounting have become a must. Centralizing these needs into a single system such as Aruba ClearPass Policy Manager makes securing and monitoring devices within these data sensitive networks.
ClearPass gives us the securing of the network, but how can this go further within the network?
Take Security to the Next Level
Basic monitoring of security within the network, user logins, MAC authentications, machine, authentications and failures is great to keep up with what is happening or to troubleshoot when a user is having an issue. But with the risks in today’s networks, both wired and wireless, a deeper level of understanding and monitoring is needed.
This is where integrated User and Entity Behavioral Analytics (UEBA) and Network Traffic Analysis (NTA) solutions come into play. Aruba has out a great whitepaper on this subject here.
The basics of UEBA and NTA seem simple, but it is a very sophisticated process. Multiple feeds are provided by other systems, such as packet capture and analysis, SIEM input, NAC devices, DNS flows, Active Directory flows, which all come into the system and are correlated against rules that are set up by the security administrators.
As this traffic comes in and is analyzed by a security analyst, a score is provided to that user based on where they are going on the internet, traffic coming in and going out to ‘dangerous’ locations (i.e. Russia or China), infected emails that were opened, etc. This score is updated over time.
Once customized thresholds that are configured by the administrators are met or exceeded, different actions can be taken on that device such as disconnecting from the network, quarantining on the network or sending an alert to an administrator.
It's the Total Package
Designing and deploying networks with complete 360-degree security visibility is no longer an option but a must. With data flowing in and out of private and public clouds, into and out of Internet-based applications, and the pervasiveness of wireless as a primary access medium, there has never been a more important time to make security a standard and not an afterthought.
Read My Other Blogs
Mama Says Channel Bonding is the Devil