absicherung des mobilitÄtsorientierten … · 2017-11-30 · aruba security exchange protected...
TRANSCRIPT
ABSICHERUNG DES MOBILITÄTSORIENTIERTENUNTERNEHMENSNETZWERKS
DR. ŁUKASZ BUDZISZ
System Engineer
HPE Aruba
Berlin, 16. November 2017
3
HPE and Aruba…Better Together
• HPE Aruba ranked in the Leaders Quadrant of the latest Gartner’s Wired and Wireless LAN Access Infrastructure Magic Quadrant (for 12 consecutive years)
• HPE Aruba named leader in 6 out of 6 use cases in Gartner’s Wired and Wireless LAN Access Infrastructure Critical Capabilities report
• HPE Aruba feels this should be considered further validation that HPE Aruba is redefining the intelligence edge and a leader in connecting the world with intelligence mobility
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Aruba, a Hewlett Packard Enterprise company. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties or merchantability or fitness for a particular purpose.
Source: Gartner Magic Quadrant for the Wired and Wireless LAN Access InfrastructureAugust 2016. Tim Zimmerman, Christian Canales, Bill Menezes, Danilo CiscatoID Number: G00291908
4
Aruba Mobile First Campus Portfolio
Network management from
AirWave/Central and IMC
Mobile engagement &
business analytics
Infrastructure Control Management
Policy management and
Network Access Control (NAC)802.11ac
Wave 1 & 2
Wired edge and
distribution
CoreBLE
Beacons
Routers
SDN and
Mobility Controllers
5
Evolution von Zugangs- Management und Kontrolle
Früher
Wired Desktop
Basic AAA mit User/Port Control
Windows Vulnerabilities
Perimeter Security durchPlatform Silos
Stark IT verwaltet
HEUTE
Mobile Geräte, BYOD & Wireless, Gäste, Fremdfirmen
Multi-factor policies mitSichtbarkeit
Multiple Attack Vectors
Vertrauensstellung durchKontextbetrachtung
Self Service, AutomatisierteProcesse
6
Über 1,3 Mrd. mobile Arbeitnehmer
2/3 OHNE Büro Arbeitsplatz
67% nutzen BYOD unabhängig der Firmenpolicy
IDC
Microsoft study
77% falsch genutzte interne UserkontenVerizon study
Sowas haben wir nicht !
Einige Zahlen
7
Zeit für ein neues Sicherheitskonzept
Statische Perimeter Abwehr
IDS/IPS
Firewalls
Adaptive Edge Abwehr
Perimeter Defense
PhysicalComponents
Anti/Virus
Security und Policy pro Nutzer oder Gruppe
Webgateways
FEINGRANULARE KONTEXT BASIERTE RECHTVERGABE MIT CLEARPASS
9
Zentrale Policy Instanz entscheidet über Zugangsrechte
Access Methoden Policy Decision Point
Remote User
Wired User
Wireless User
Policy Enforcement Points
VPN Concentrator
WLAN Controller
Switch
Customer’s LAN
Active Directoryor LDAP Server
SQL Store
ClearPass Policy Manager
VPN
10
Kontextbasierte Rechtevergabe
• User / role • Device fingerprint• OS version• Health checks
• Location• Trusted or
untrusted network
• Time• Date
• Wired, Wi-Fi, VPNenforcement
ClearPassExchangeExterner Kontext für nochgenauere Policies
11
Geräte Identität: Profiling
DHCP
SNMP
SSH
TCP WMI
CDP, LLDP
OnGuard
NMAP
Mac OUI
NMAP Scan
Two IoT Endpoints
AfterBefore
Temperature Sensor
Lighting Sensor
HTTPS
12
ClearPass Exchange Ecosystem
Infrastructure
MDM / EMM
Network
controls using
real-time
device data
Visibility into
location and
time with
granular
controls
Next-Gen
Perimeter Defense
SIEM, Automation, MFA
Granular
traffic control
with user and device data
Visibility and
interactive
control
features
13
Eine Lösung für alle Nutzertypen
NETWORK EDGE
NETWORK CORE
SiloAnsatz
Profiler
Registration/CA
NAC
TACACS
RADIUS
Guest
Device Registration
Visitor
Employee
Employee BYOD
Headless Devices
Contractor
Administrator
USERS
AD/LDAP
SQL
Token
PKI
IDENTITYSOURCES
Policy – Visibility -Workflow
ClearPass
15
Leader in Network Access Control
SICHERHEIT NACH DER ANMELDUNG ?USER AND ENTITY BEHAVIOUR ANALYTICS (UEBA) MIT ARUBA INTROSPECT
18
Wie funktioniert UEBA?: USER view of events
19
Wie funktioniert UEBA?: Characterizing Behavior
Time of Access
Frequency of Access
Typical Activity
Location
Device
Duration
20
Basics of Behavioral Analytics
21
Basics of Behavioral Analytics [2]
22
Peer baselines across multiple dimensions
23
Model Confidence and Business Impact
24
Wie funktioniert UEBA?: Finding the malicious in the anomalous
25
IntroSpect Focuses on Two Key Security Challenges
ATTACKS AND RISKY BEHAVIORS
on the inside
EFFICIENCY AND EFFECTIVENESSof the security team
26
IntroSpect - Übersicht
Most complete visibility
100+ supervised and unsupervised machine learning models
Integrated forensics data
Scales from small projects to full enterprise deployment
Open, integrated platform
Fast-start option
ANALYZER
ENTITY360
ANALYTICS FORENSICS
DATA FUSION BIG DATA
IntroSpect UEBA
Entity360 Profilewith Risk Scoring
Packets
Flows
Logs
Alerts
27
IntroSpect Positioning/Competition
Network TrafficAnalysis
UEBA
• Vectra• LightCyber• DarkTrace• Protectwise
• Splunk/UBA• Exabeam• Securonix• Gurucul• Interset• E8• Fortscale
28
IntroSpect Product Family—Easy Entry, Complete Solution
IntroSpect Standard
“Streamlined” for Aruba Network Infrastructure
• Fast start to UEBA technology• Fewer sources, easier POC, faster time to value
• AD, LDAP and FW logs (Aruba AMON logs)• Account compromise, attack spread and data exfiltration use
cases• Seamless in-line upgrade to Advanced functionality
IntroSpect Advanced
Leading UEBA Solution
• Full range of sources• Extended set of use cases• Threat hunting• Search• Deep forensics
29
IDENTITY/AUTHENTICATION
Consoles / Workflows
SIEM ANALYZER
ENTITY360
ANALYTICS FORENSICS
DATA FUSION BIG DATA
IntroSpect Standard - Übersicht
AMON/FW Logs
ClearPass (optional) PACKETS (Optional)Packet
Processor
30
IDENTITY
Consoles / Workflows
SIEM ANALYZER
ENTITY360
ANALYTICS FORENSICS
DATA FUSION BIG DATA
IntroSpect Advanced - Übersicht
INFASTRUCTURE
NETWORK TRAFFICPACKETSFLOWS
SaaS
laaS
ALERTS
PACKET BROKERCASB
THREAT INTELLIGENCE
ZUSAMMENSPIEL DER BEIDEN
32
ArubaSecurity
Exchange
Protected InfrastructureAruba Trusted Networks
Discovery and Authorization
ClearPass
Continuous Monitoring and Detection
IntroSpect
Policy-based Control and Action
IntroSpect + ClearPass
360°Protection: from the Edge to the Core to the Cloud
33
Aruba ClearPass - Introspect Integration Workflow
5 ActionableAlertsInitiated
User/DeviceContextShared
3
DevicesProfiled2
Wired/WirelessDevice Auth
ClearPassPolicy Manager
1
ANALYZER
ENTITY360
ANALYTICS FORENSICS
DATA FUSION BIG DATA
Introspect UEBA*
Entity360 Profilewith Risk Scoring
Networkand Log-basedMachine Learning
4
Packets
Flows
Logs
Alerts
Aruba ClearPass + Introspect: continuous security monitoring [1]
*User and Entity Behavior Analytics (UEBA)
34
Aruba ClearPass - Introspect Integration Workflow
5 ActionableAlertsInitiated
User/DeviceContextShared
3
DevicesProfiled2
Wired/WirelessDevice Auth
ClearPassPolicy Manager
1
ANALYZER
ENTITY360
ANALYTICS FORENSICS
DATA FUSION BIG DATA
Introspect UEBA*
Entity360 Profilewith Risk Scoring
Networkand Log-basedMachine Learning
4
Packets
Flows
Logs
Alerts
Aruba ClearPass + Introspect: continuous security monitoring [2]
*User and Entity Behavior Analytics (UEBA)
ClearPass PerformsReal-time Policy-based Actions
• Real-time quarantine, re-authentication• Bandwidth Control• Blacklist• Role-change
6
VIELEN DANK!
Fragen?