ABSICHERUNG DES MOBILITÄTSORIENTIERTENUNTERNEHMENSNETZWERKS

DR. ŁUKASZ BUDZISZ

System Engineer

HPE Aruba

Berlin, 16. November 2017

3

HPE and Aruba…Better Together

• HPE Aruba ranked in the Leaders Quadrant of the latest Gartner’s Wired and Wireless LAN Access Infrastructure Magic Quadrant (for 12 consecutive years)

• HPE Aruba named leader in 6 out of 6 use cases in Gartner’s Wired and Wireless LAN Access Infrastructure Critical Capabilities report

• HPE Aruba feels this should be considered further validation that HPE Aruba is redefining the intelligence edge and a leader in connecting the world with intelligence mobility

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Aruba, a Hewlett Packard Enterprise company. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties or merchantability or fitness for a particular purpose.

Source: Gartner Magic Quadrant for the Wired and Wireless LAN Access InfrastructureAugust 2016. Tim Zimmerman, Christian Canales, Bill Menezes, Danilo CiscatoID Number: G00291908

4

Aruba Mobile First Campus Portfolio

Network management from

AirWave/Central and IMC

Mobile engagement &

business analytics

Infrastructure Control Management

Policy management and

Network Access Control (NAC)802.11ac

Wave 1 & 2

Wired edge and

distribution

CoreBLE

Beacons

Routers

SDN and

Mobility Controllers

5

Evolution von Zugangs- Management und Kontrolle

Früher

Wired Desktop

Basic AAA mit User/Port Control

Windows Vulnerabilities

Perimeter Security durchPlatform Silos

Stark IT verwaltet

HEUTE

Mobile Geräte, BYOD & Wireless, Gäste, Fremdfirmen

Multi-factor policies mitSichtbarkeit

Multiple Attack Vectors

Vertrauensstellung durchKontextbetrachtung

Self Service, AutomatisierteProcesse

6

Über 1,3 Mrd. mobile Arbeitnehmer

2/3 OHNE Büro Arbeitsplatz

67% nutzen BYOD unabhängig der Firmenpolicy

IDC

Microsoft study

77% falsch genutzte interne UserkontenVerizon study

Sowas haben wir nicht !

Einige Zahlen

7

Zeit für ein neues Sicherheitskonzept

Statische Perimeter Abwehr

IDS/IPS

Firewalls

Adaptive Edge Abwehr

Perimeter Defense

PhysicalComponents

Anti/Virus

Security und Policy pro Nutzer oder Gruppe

Webgateways

FEINGRANULARE KONTEXT BASIERTE RECHTVERGABE MIT CLEARPASS

9

Zentrale Policy Instanz entscheidet über Zugangsrechte

Access Methoden Policy Decision Point

Remote User

Wired User

Wireless User

Policy Enforcement Points

VPN Concentrator

WLAN Controller

Switch

Customer’s LAN

Active Directoryor LDAP Server

SQL Store

ClearPass Policy Manager

VPN

10

Kontextbasierte Rechtevergabe

• User / role • Device fingerprint• OS version• Health checks

• Location• Trusted or

untrusted network

• Time• Date

• Wired, Wi-Fi, VPNenforcement

ClearPassExchangeExterner Kontext für nochgenauere Policies

11

Geräte Identität: Profiling

DHCP

SNMP

SSH

TCP WMI

CDP, LLDP

OnGuard

NMAP

Mac OUI

NMAP Scan

Two IoT Endpoints

AfterBefore

Temperature Sensor

Lighting Sensor

HTTPS

12

ClearPass Exchange Ecosystem

Infrastructure

MDM / EMM

Network

controls using

real-time

device data

Visibility into

location and

time with

granular

controls

Next-Gen

Perimeter Defense

SIEM, Automation, MFA

Granular

traffic control

with user and device data

Visibility and

interactive

control

features

13

Eine Lösung für alle Nutzertypen

NETWORK EDGE

NETWORK CORE

SiloAnsatz

Profiler

Registration/CA

NAC

TACACS

RADIUS

Guest

Device Registration

Visitor

Employee

Employee BYOD

Headless Devices

Contractor

Administrator

USERS

AD/LDAP

SQL

Token

PKI

IDENTITYSOURCES

Policy – Visibility -Workflow

ClearPass

15

Leader in Network Access Control

SICHERHEIT NACH DER ANMELDUNG ?USER AND ENTITY BEHAVIOUR ANALYTICS (UEBA) MIT ARUBA INTROSPECT

18

Wie funktioniert UEBA?: USER view of events

19

Wie funktioniert UEBA?: Characterizing Behavior

Time of Access

Frequency of Access

Typical Activity

Location

Device

Duration

20

Basics of Behavioral Analytics

21

Basics of Behavioral Analytics [2]

22

Peer baselines across multiple dimensions

23

Model Confidence and Business Impact

24

Wie funktioniert UEBA?: Finding the malicious in the anomalous

25

IntroSpect Focuses on Two Key Security Challenges

ATTACKS AND RISKY BEHAVIORS

on the inside

EFFICIENCY AND EFFECTIVENESSof the security team

26

IntroSpect - Übersicht

Most complete visibility

100+ supervised and unsupervised machine learning models

Integrated forensics data

Scales from small projects to full enterprise deployment

Open, integrated platform

Fast-start option

ANALYZER

ENTITY360

ANALYTICS FORENSICS

DATA FUSION BIG DATA

IntroSpect UEBA

Entity360 Profilewith Risk Scoring

Packets

Flows

Logs

Alerts

27

IntroSpect Positioning/Competition

Network TrafficAnalysis

UEBA

• Vectra• LightCyber• DarkTrace• Protectwise

• Splunk/UBA• Exabeam• Securonix• Gurucul• Interset• E8• Fortscale

28

IntroSpect Product Family—Easy Entry, Complete Solution

IntroSpect Standard

“Streamlined” for Aruba Network Infrastructure

• Fast start to UEBA technology• Fewer sources, easier POC, faster time to value

• AD, LDAP and FW logs (Aruba AMON logs)• Account compromise, attack spread and data exfiltration use

cases• Seamless in-line upgrade to Advanced functionality

IntroSpect Advanced

Leading UEBA Solution

• Full range of sources• Extended set of use cases• Threat hunting• Search• Deep forensics

29

IDENTITY/AUTHENTICATION

Consoles / Workflows

SIEM ANALYZER

ENTITY360

ANALYTICS FORENSICS

DATA FUSION BIG DATA

IntroSpect Standard - Übersicht

AMON/FW Logs

ClearPass (optional) PACKETS (Optional)Packet

Processor

30

IDENTITY

Consoles / Workflows

SIEM ANALYZER

ENTITY360

ANALYTICS FORENSICS

DATA FUSION BIG DATA

IntroSpect Advanced - Übersicht

INFASTRUCTURE

NETWORK TRAFFICPACKETSFLOWS

SaaS

laaS

ALERTS

PACKET BROKERCASB

THREAT INTELLIGENCE

ZUSAMMENSPIEL DER BEIDEN

32

ArubaSecurity

Exchange

Protected InfrastructureAruba Trusted Networks

Discovery and Authorization

ClearPass

Continuous Monitoring and Detection

IntroSpect

Policy-based Control and Action

IntroSpect + ClearPass

360°Protection: from the Edge to the Core to the Cloud

33

Aruba ClearPass - Introspect Integration Workflow

5 ActionableAlertsInitiated

User/DeviceContextShared

3

DevicesProfiled2

Wired/WirelessDevice Auth

ClearPassPolicy Manager

1

ANALYZER

ENTITY360

ANALYTICS FORENSICS

DATA FUSION BIG DATA

Introspect UEBA*

Entity360 Profilewith Risk Scoring

Networkand Log-basedMachine Learning

4

Packets

Flows

Logs

Alerts

Aruba ClearPass + Introspect: continuous security monitoring [1]

*User and Entity Behavior Analytics (UEBA)

34

Aruba ClearPass - Introspect Integration Workflow

5 ActionableAlertsInitiated

User/DeviceContextShared

3

DevicesProfiled2

Wired/WirelessDevice Auth

ClearPassPolicy Manager

1

ANALYZER

ENTITY360

ANALYTICS FORENSICS

DATA FUSION BIG DATA

Introspect UEBA*

Entity360 Profilewith Risk Scoring

Networkand Log-basedMachine Learning

4

Packets

Flows

Logs

Alerts

Aruba ClearPass + Introspect: continuous security monitoring [2]

*User and Entity Behavior Analytics (UEBA)

ClearPass PerformsReal-time Policy-based Actions

• Real-time quarantine, re-authentication• Bandwidth Control• Blacklist• Role-change

6

VIELEN DANK!

Fragen?