aruba 360 secure fabric€¦ · clearpass family: from visibility to control onboard self-service...
TRANSCRIPT
![Page 1: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/1.jpg)
![Page 2: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/2.jpg)
![Page 3: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/3.jpg)
Aruba 360 Secure Fabric
SECURING THE EXPERIENCE EDGE
Also Security Day 17.10.2019
Mirja Aimo, HPE Aruba
Simo Mäkinen, Also
![Page 4: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/4.jpg)
IOTFIXED MOBILE
CLOUDENABLED
Evolution of the
NETWORK
![Page 5: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/5.jpg)
Key campus network
CHALLENGESPolicy
administration complexity
Security concerns with the growth of
IoT
Enhancing user (and device) experience
![Page 6: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/6.jpg)
New Attack Environment: No Walls, New Threats
ATTACKERSARE QUICKLY INNOVATING &
ADAPTING
BATTLEFIELDWITH IOT AND CLOUD, SECURITY
IS BORDERLESS
![Page 7: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/7.jpg)
…another example…
3. www.engage.arubanetworks.com/LP_REG_510245507_510245507_ARUBA_WW_EN-US
https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish-tank-helped-hack-a-casino/
![Page 8: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/8.jpg)
UNIQUELY POSITIONED TO DELIVER ADVANCED
PROTECTION
ANALYTICS
CONTROL
CONNECTIVITY
VISIBILITY
![Page 9: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/9.jpg)
Visibility, Detection and Control
Aruba 360 Secure Fabric
Experience Edge ArchitectureAruba Secure Infrastructure
Encryption| Application FW | Dynamic Segmentation
ClearPass | IntroSpectDiscovery, Authorization, and Integrated Attack Detection and ResponseAruba
360 SecurityExchange
OtherInfrastructure
Security Analytics
![Page 10: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/10.jpg)
• Real-time Quarantine • Re-authentication• Bandwidth Control• Blacklist
User/Device Context
ActionableAlerts
ClearPassSecure Access Control Entity360 Profile
with Risk Scoring
1. Discover and Authorize
2. Monitor and Alert
3. Decide and Act
IntroSpect UEBA
CLEARPASS + INTROSPECT = INTEGRATED PROTECTION
ClearPass Adaptive Response
![Page 11: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/11.jpg)
IntroSpectContinuousMonitoring
ClearPass Policy Manager
Attack Response
ClearPass Policy Manager
DynamicSegmentation
ClearPass Device InsightDiscovery and
Profiling
AUTOMATED, CLOSED-LOOP SECURE CONNECTIVITY
![Page 12: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/12.jpg)
ClearPass Family: From Visibility to Control
Onboard
Self-service BYOD
Guest/
Captive Portal
Policy Engine
Reporting3rd Party
IntegrationsTACACS+
OnGuard
Device health checks
Device Insight
Total Visibility
![Page 13: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/13.jpg)
What does ClearPass do to help?
Defines WHO and WHAT DEVICES can connect to:
DEVICES DATA INFRASTRUCTURE APPLICATIONS
Identify – Enforce – Protect
![Page 14: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/14.jpg)
CONTROL: AUTHENTICATION AND AUTHORIZATION
WhichDEVICES
WhichDATA
WhichINFRASTRUCTURE
WhichAPPLICATIONS
Enterprises define who can access files and applications
Full range of RADIUS and non-RADIUS authentication
Defines WHO and WHAT DEVICES can connect to:
POLICY MANAGER
![Page 15: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/15.jpg)
SECURITY STARTS WITH VISBILITY
CLEARPASS DEVICE INSIGHT
Delivers automated, AI-powered device identification combined with policy-based
access control
![Page 16: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/16.jpg)
CLASSIFIES UNKNOWN DEVICES
Device Attributes
IP/MAC Address
Application Access
Communication Protocols
Communication Frequency
Deep Packet Inspection (DPI)
MACHINE LEARNING
![Page 17: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/17.jpg)
DEVICE INSIGHT
IT/Security teams lack visibility into devices on the network
Current device profiling techniques fail to address visibility and IoT use cases
Volume and variety of devices means manual approaches cannot keep pace
Without comprehensive visibility, effective security and compliance is not possible
Reduces Risk by Eliminating Blind Spots
through DPI-based discovery and profiling of devices
Automatically Classifies Unknown Devices
using advanced machine learning and crowdsourcing intelligence
Automates Secure Accessvia seamless integration with ClearPass Policy Manager
CHALLENGES VALUE PROPOSITIONS
![Page 18: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/18.jpg)
Multi-Vendor Switching
Multi-Vendor WLANs
ClearPass Policy ManagerAUTOMATED SEGMENTATION AND
ENFORCEMENT
Internet of Things (IoT)
BYOD and Corporate Owned
ClearPass Device InsightENHANCED DISCOVERY / PROFILING
Bi-Directional Data Exchange
DEVICE INSIGHT + POLICY MANAGER
AUTOMATES SECURE ACCESS
40%Of the Global 500
130+ Ecosystem Partners
![Page 19: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/19.jpg)
AUTHORIZE: CONTEXT-BASED ACCESS
Enterprise LaptopInternet and Intranet
Authentication EAP-TLS
SSID CORP-SECURE
BYOD PhoneInternet Only
Authentication EAP-TLS
SSID CORP-SECURE
![Page 20: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/20.jpg)
GUEST
DATA
VOICE
CORP
BYOD
Segmentation brings
COMPLEXITY
![Page 21: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/21.jpg)
Trust Enforced by Dynamic Segmentation
Campus Controller
Cluster
Corp
BYOD
IOT
Guest
Office
365
Academic
Records
n0tma1ware
.biz
AirGroupAccess Point
Access Switch
Users and Devices
Applications and Destinations
ClearPass Role-based
Policies
![Page 22: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/22.jpg)
IntroSpect Advanced Analytics and Forensics
SUPERVISED
UNSUPERVISED
MACHINE LEARNINGPackets
Flows
Logs
Alerts
![Page 23: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/23.jpg)
HOW WE’RE DIFFERENT
CONTINUAL INNOVATION IN IOT CONNECTIVITY, SECURITY, AND AI
COMPLETE VISIBILITY ACROSS THE ENTIRE INFRASTRUCTRE
AUTOMATED, MACHINE LEARNING-BASED, DISCOVERY AND PROFILING
CLOUD-ENABLED, CROWDSOURCED
AUTOMATED, POLICY-BASED SECURE ACCESS
![Page 24: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/24.jpg)
Case Study?
• https://www.arubanetworks.com/assets/cs/CS_Goliska_UK.pdf
![Page 25: Aruba 360 Secure Fabric€¦ · ClearPass Family: From Visibility to Control Onboard Self-service BYOD Guest/ Captive Portal Policy Engine Reporting 3rd Party Integrations TACACS+](https://reader035.vdocuments.site/reader035/viewer/2022071606/614264c2d9e4dc11f47f05f7/html5/thumbnails/25.jpg)
THANK YOU