The subject popped up in all my Gitex 2018 meetings. It is happening is every organization. It is now imminent more than ever and customers are very concerned about it. I am talking about insider threats.
Before proceeding further, let me define what is meant by insider threats. Insider threats are threats that originate from within the organization’s internal network, whether that was wireless, wired or VPN. The threats originate mainly from users with valid credentials (malicious users, compromised users or negligent users) or from IoT devices.
In each and every Gitex meeting, I have emphasized to my partners and customers that to face this dangerous threat, organizations must utilize their own network as the first line of defense and then presented to them how Aruba can help do that with its 360 Secure Fabric Architecture.
An Airport Security Analogy
To explain Aruba 360 Secure Fabric in a simple way, I used the airport security example, as most of my audience at Gitex enjoys (or suffers from ☺) frequent travel.
As Step 1 at airports, you encounter the passport control officers and you have to prove your identity with your passport. Passport control officers often use complex interconnected intelligence systems to verify your identity and then decide whether to let you in or simply block your entrance to the airport altogether.
This is how network admission control systems work and this is where Aruba ClearPass shines in its intelligent decision-making and integration with other ecosystem security partners.
Then in Step 2, you are subjected to body and baggage scan and search. Security officers here look for specific signatures, such as a sharp-edged tools, large bottles of liquid or flammable objects. Officers might just remove dangerous objects or simply block your access at this point.
We do the same thing we do in networks. We place our firewalls and intrusion prevention systems (IPS) in line to look for signature-based threats and to sanitize the traffic flowing inside our networks. This is what Aruba edge firewalls embedded inside Aruba controllers do and perform right at the network entry gates.
Coming back to the airport example: Now we are inside the airport as legitimate passengers and we no longer can be monitored by signature-based systems. Therefore, airport security must turn to different ways to protect the airport from the unknown bad we pose. At this step airport security now relies on complex security surveillance systems.
The security surveillance systems and the officers behind them actually monitor the behavior of the passengers to detect threats, such as a passenger suddenly running, a passenger leaving his bag unattended or maybe a passenger suddenly getting out of the plane boarding line. These behaviors trigger airport security officers to tag the perpetrator with a higher risk score and take actions accordingly. They can keep close monitoring or use the officers on ground to take specific actions, including arresting the perpetrator.
To replicate this in networks today, we use User and Entity Behavior Analytics (UEBA) systems to monitor the behavior of users and devices that have been granted access and now are inside the network. At Aruba, our UEBA system, IntroSpect, is built with machine learning and collects its intelligence information from the network itself, whether it is packets, network flows, security systems logs or alerts. IntroSpect then can assign a risk score to each and every user and device and can also take automatic response by triggering ClearPass to move the user or device out of the network if needed.
A Real World Demo
In most meetings, partners and customers appreciated the framework Aruba built to counter insider threats and immediately asked for a demo, and we were ready for it. Our security-savvy system engineers took the partners and customers for a real online tour around ClearPass and IntroSpect systems in actual Aruba internal production networks.
The response was overwhelming: Partners were enthusiastic about selling this architecture and customers were looking forward to having it deployed at their networks to solve for internal threat headaches.
As our VP for security marketing states, “Aruba is a security company wrapped with network products.” This statement was well demonstrated during Gitex 2018.
I’m looking forward to Gitex 2019 to solve more security challenges with innovation and our customer first, customer last approach.
Related Content
Blog: Aruba Cloud Managed Networking at Gitex Technology Week
Ponemon Institute Research: Closing the IT Security Gap with Automation and AI
