up d at e a i r h ead s tec h...• demo: coa mellom clearpass og aos 8 • demo: introspect gui •...
TRANSCRIPT
![Page 1: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/1.jpg)
Airheads Tech Update25. mai 2018
Fornebu
Airheads Tech Update25. mai 2018
Fornebu
![Page 2: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/2.jpg)
2
AgendaAirheads Tech Update
• Velkommen og praktisk info (~5 minutter)
• Del 1 (~60 minutter)
• Aruba Secure Core
• ClearPass - Network Access Control
• 360 Security Exchange
• IntroSpect - User and Entity Behavior Analytics
• Kort pause (~10 minutter)
• Del 2 (~35 minutter)
• Demo: CoA mellom ClearPass og AOS 8
• Demo: IntroSpect GUI
• Q&A
• Avslutning og informasjon om neste ATU
![Page 3: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/3.jpg)
3
Velkommen og praktisk infoAirheads Tech Update
–Toaletter finnes i gangen ved heisene der dere kom inn
–Airheads Tech Updates gjennomføres kvartalsvis framover
–Airheads Community - http://community.arubanetworks.com/
– Det finnes to norskspråklige grupper:
–Norsk Forum - http://community.arubanetworks.com/t5/Norsk-Forum/bd-p/NorwegianForum
–Airheads Channel Group – Norway
–ABC Networking - https://www.youtube.com/c/ABCNetworking
–Facebook - https://www.facebook.com/groups/564300347107470/
– Airheads Happy Hour
–Spør gjerne underveis
![Page 4: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/4.jpg)
Aruba Secure CoreANALYTICS-DRIVEN PROTECTION
FROM THE EDGE TO THE CORE TO THE CLOUD
Anders Lagerqvist – Systems Engineer
![Page 5: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/5.jpg)
ARUBA 360 SECURE FABRICOpen, Analytics-driven Security for the Mobile, Cloud, and IoT Era
Aruba 360 Secure Fabric
Aruba Mobile First Infrastructurewith Aruba Secure Core
Secure Boot | Encryption | DPI | VPN | IPS | Firewall
ClearPass | IntroSpectDiscover, Authorization and Integrated Attack Detection and Response
3600 active cyber protection and secure access
from the edge, to the core, to the cloud—for any network
AnalyticsSupervised and Unsupervised Machine Learning
3rd Party Infra-structure
Aruba360 SecureExchange
![Page 6: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/6.jpg)
Trusted Traffic
Centralized encryption
Per-user virtual
connection/FW
Device Assurance
Hardware-enforced protection
Secure Boot
Aruba Secure
Core
Analytics-Ready Insights
Traffic intelligence
Tuned for Machine Learning
![Page 7: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/7.jpg)
Secure Core – Network Security features
Mobility
Master
Cluster of
Mobility Controllers
WebCC
Policy Engine FirewallRF Protect
![Page 8: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/8.jpg)
Secure Core - Role based access networking
Next-Gen Firewall
(for WLAN, LAN & VPN)Role Based
access
Stateful
firewall
rules
QoS
flow-based
VLAN
Device context:
User, device,
location, time,
application
ROLE BASED ACCESS
NETWORKING
![Page 9: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/9.jpg)
Secure Core – For every use case
DATA CENTER
LAN
(trusted)
Campus AP
WAN
(trusted)Internet
(untrusted)
VLANs
Remote AP
Mobility
Controllers
FW End-to-end encryption
![Page 10: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/10.jpg)
Secure Core - Wired and VPN
AirWave Network
ManagementClearPass Access
Management
Wired AP: ArubaOS Switches
with SDN
VLANs
VIA
LAN
(trusted)WAN
(trusted)Internet
(untrusted)
Mobility
Controller
![Page 11: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/11.jpg)
Secure Core - MultiZone
Multiple networks on the same access point with MultiZone
LoCtrl2
CSw1 CSw1
LoCtrl1
Aruba 7200Mobility Controller
Aruba 7200Mobility Controllers
Network A Network B
MultiZone
• Multiple secure separated networks
• SSIDs terminate on different controllers
• SSIDs managed by different controllers
• Efficient use of Wi-Fi resources
• Secure data separation
• Multiple vertical use cases:
• Government (classified vs. unclassified)
• Airports (public, airport security, airline staff)
• Shopping malls (staff, service provider,
retail stores)
![Page 12: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/12.jpg)
AirWave
ClearPass
Secure Core – IoT and guest ready
Mobility Master
Cluster of
Mobility Controllers
Centralized
management of Virtual
Mobility Controllers and
mobility controllers
MultiZone for
multi-tenant
access points
Zero-touch
provisioning Centralized licensing
Hierarchical config and New UI
Per user tunnel node
![Page 13: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/13.jpg)
Rapidly Changing Security Landscape
Focused, Targeted
Attacks
Expanding Points
of Vulnerability
Mobile, cloud, BYOD
breaking down
traditional perimeter.
Some attacks inevitably
will get to inside of
network.
Attacks change more
rapidly than traditional
defenses can combat.
Digital assets continue to
increase in value and
vulnerability.
Security Team
Under Stress
Security teams understaffed
with inefficient tools. Need
analytics-driven insights to
focus on right threats
before damage is done.
?
![Page 14: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/14.jpg)
THE NEW SECURITY
IMPERATIVE
Network
Reduce and
Manage the
Attack SurfaceVisibility and Trust
Security
Detect
Advanced
AttacksAnalytics
Network + Security
Accelerate Decision-
making and ActionAttack Response
ARUBA360 Secure
Fabric
![Page 15: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/15.jpg)
What’s New: Aruba 360 Secure Fabric
New analytics-driven framework
• IntroSpect UEBA: New IntroSpect Standard Edition expands UEBA family
• Adaptive Attack Response: Expanded ClearPass mission now enables policy-based remediation
• Aruba Secure Core: Aruba network infrastructure with embedded security and analytics support
![Page 16: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/16.jpg)
ClearPassSecure Network Access Control
![Page 17: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/17.jpg)
Today’s Digital Workplace Concerns
Device Visibility
Over 90% of customers do not
know how many and what types are on their networks
Connection Options
Customers lack plans for BYOD, IoT, wired, wireless and VPN policies
User Logins
Customers want help withaccess for employees, guests, students, doctors
![Page 18: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/18.jpg)
Question of the Day – Week - Month - Year
WHAT
ISTHE
![Page 19: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/19.jpg)
Visibility – the first step
![Page 20: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/20.jpg)
Device Visibility Enhanced
DHCP
SNMP
SSH
TCPWMI
CDP, LLDP
OnGuard
Accurate Policy Decision
NMAP
• NMAP Port-based Scanner
• On-demand or pre-scheduled scans
• Granular visibility for like devices
• Enhances our competitive advantage
Mac OUI
NMAP Scan
Two IoT Endpoints
AfterBefore
Temperature Sensor
Lighting Sensor
![Page 21: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/21.jpg)
NEW WAY:
Create your own Fingerprints!
OLD WAY:
Wait for new Fingerprints to be made and/or manually
override devices 1:1
Enhanced Profiling and Policy – Solving IoT Issues
![Page 22: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/22.jpg)
Understanding Device & IoT Connectivity Options
Customers want to managewhat devices connect
Only some support secure connections
50% of IoT may bewired
• ClearPass supports any customer infrastructure and need
![Page 23: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/23.jpg)
First
Flo
or
Second F
loor
Third F
loor
Wired vs WirelessSecuring the ports
CONTROLLERS
SWITCHESACCESS POINTS
SMALL NUMBER OF UNUSED CONTROLLERPORTS TO CLOSE (ZERO with VM)
1000’s of CORE, DC, CAMPUS & EDGEPORTS TO DEFINE, CLOSE & SECURE
![Page 24: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/24.jpg)
SOFTWARE CONTROLS FOR
“COLORLESS” PORTS
Device and
user identity
stores
Ports assigned to new
VLANs through ClearPass
based on device type
IoT devices on the
wired network
connecting to any portPrevention against malware
and insider threats
Secure per device
tunneling to Aruba
Mobility Controller
Aruba
switches
![Page 25: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/25.jpg)
user/role device type / health
locationtime / day
Enforce A Per Device Policy
![Page 26: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/26.jpg)
user/role device type / health
locationtime / day
Enforce A Per Device Policy
ClearPass
ENFORCEIDENTIFY PROTECT
![Page 27: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/27.jpg)
27
ClearPass Exchange
Infrastructure
MDM / EMM
Network
controls using
real-time
device data
Visibility into
location and
time with
granular
controls
Next-Gen
Perimeter Defense
SIEM, Automation, MFA
Granular
traffic control
with user and device data
Visibility and
interactive
control
features
![Page 28: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/28.jpg)
28
Adaptive Trust Context Sharing
Firewall policy
adapts to needContext sharedEmployee access
• Thomas
• Mac OS 10.9.3
• Marketing
• 10.0.1.12
Works with AD, LDAP, ClearPass dB, SQL dB
No agents/clients required
![Page 29: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/29.jpg)
29
Ingress Engine Third-party Threat Protection
Adaptive Trust Defense based on real-time threat detection
** Firewall / IPS
LAN/WLAN
User connects and
uploads threat
NGFW/IPS sends
event to ClearPass
ClearPass isolates
client
• Offers enhanced user experience as ClearPass can initiate user
notifications, help-desk tickets, and update third-party security solutions
• ** Device in step 2 can be MDM/EMM, SIEM, etc.
1 2 3
![Page 30: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/30.jpg)
30
More Ways to Talk To ClearPassClearPass 6.6 has double the APIs
![Page 31: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/31.jpg)
ClearPass Policy Manager and more…
CLEARPASS POLICY MANAGER
Onboard Guest
REMOTE LOCATION
OnGuard
![Page 32: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/32.jpg)
ClearPass Core Functionality
32
NETWORK EDGE
Multi-Vendor
Wired/Wireless/VPN
NETWORK
COREProfiler
AAA/RADIUS
NAC
Cert. Authority
Onboarding
Guest
Device Registration
Visitor
Employee
Employee BYOD
Headless Devices
Contractor
Administrator
USERS
Policy – Visibility - Workflow
AD/LDAP
SQL
Token
PKI
IDENTITY
SOURCES
ClearPass
User/Role
Time/Day
Location
Device Type/Health
CONTEXT
![Page 33: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/33.jpg)
IntroSpectUser and Entity Behavior Analytics
![Page 34: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/34.jpg)
*NSMs årlige sikkerhetsrapport «Risiko 2018»
![Page 35: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/35.jpg)
Attacks involving legitimate credentials
COMPROMISED40 million credit cards were stolen
from Target’s severs
STOLEN CREDENTIALS
NEGLIGENTEmployees uploading sensitive information to
personal Dropbox for easy access
DATA LEAKAGE
MALICIOUSEdward Snowden stole more than 1.7 million
classified documents
INTENDED TO LEAK INFORMATION
![Page 36: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/36.jpg)
TECHNOLOGY
MACHINE LEARNINGCAN DETECT UNKNOWN THREATS
+
BIG DATACAN SCALE
![Page 37: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/37.jpg)
NETWORK TRAFFIC
PACKETS
FLOWS
IDENTITY
INFRASTRUCTURE
SaaS
laaS
ALERTS
Consoles / Workflows
SIEM
PACKET
BROKER
CASB
THREAT INTELLIGENCE
SOLUTION - AT A GLANCE
ANALYZER
ENTITY360
ANALYTICS FORENSICS
DATA
FUSION BIG DATA
![Page 38: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/38.jpg)
Basics of Behavioral Analytics
Behavioral
Analytics
UNSUPERVISED
+SUPERVISED
HISTORICAL
+PEER GROUP
MACHINE LEARNING BASELINES
![Page 39: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/39.jpg)
DETECTING AN ANOMALY
ABNORMAL APPLICATION
ACCESS
Internal Resource Access
Finance servers
Behavioral
Analytics
![Page 40: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/40.jpg)
Peer Baseline Anomaly
![Page 41: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/41.jpg)
Finding the malicious in the anomalous
Behavioral
Analytics
SUPERVISED
UNSUPERVISED
MACHINE LEARNING
DLP
Sandbox
Firewalls
STIX
Rules
Etc.
THIRD PARTY ALERTS
![Page 42: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/42.jpg)
![Page 43: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/43.jpg)
A look into Introspect
![Page 44: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/44.jpg)
IntroSpect Product Family—Easy Entry, Complete Solution
IntroSpect Standard
Streamlined for Aruba Network
Infrastructure
• Fast start to UEBA technology• AD, LDAP and FW logs (Aruba Wireless Controller Logs)• Account compromise, attack spread and data exfiltration
use cases• In-line upgrade to Advanced functionality
IntroSpect Advanced
Leading UEBA Solution
• Full range of sources• Extended set of use cases• Threat hunting• Search• Deep forensics
![Page 45: Up d at e A i r h ead s Tec h...• Demo: CoA mellom ClearPass og AOS 8 • Demo: IntroSpect GUI • Q&A • Avslutning og informasjon om neste ATU 3 Velkommen og praktisk info Airheads](https://reader033.vdocuments.site/reader033/viewer/2022053008/5f0b881a7e708231d430fa23/html5/thumbnails/45.jpg)
www.arubanetworks.com/clearpass www.IntroSpect.com
ClearPass Real-time Policy-based Actions
• Real-time quarantine• Re-authentication• Bandwidth Control• Blacklist
User/DeviceContext
Wired/WirelessDevice Authentication
ActionableAlerts
ClearPassPolicy Manager
IntroSpect UEBA
Entity360 Profilewith Risk Scoring
ClearPass + IntroSpect = 3600 Protection
1. Discover and Authorize
2. Monitor and Alert
3. Decide and Act