aruba clearpass device insight - bkm · ensures secure access via seamless integration with...
TRANSCRIPT
ARUBA CLEARPASS
DEVICE INSIGHT
QUESTIONS WILL GET ASKED
• What is your current level of visibility related to
devices connecting to your network?
• How are you addressing IoT devices? Do you know
which types are currently on your network?
• Do you have a plan to find an appropriately segment
these devices?
Clearpass Video’s
CURRENT CHALLENGES IN DEVICE VISIBILITY
IT/Security teams lack visibility into devices on the network i.e. factory
controllers, medical equipment
Current toolset fails to adequately address visibility and IoT use cases
Volume, variety and the innovation of “things” means manual approaches cannot keep pace
Without comprehensive visibility, effective security and compliance is not possible
HALF OF ENTERPRISE STRUGGLING TO SECURE IOT
Source: Ponemon Institute
CLEARPASS DEVICE INSIGHT OVERVIEW
Reduces Risk by Eliminating Blind Spots
through DPI-based discovery and profiling of devices
Automatically Classifies Unknown Devices
using advanced machine learning and crowdsourcing intelligence
Ensures Secure Accessvia seamless integration with ClearPass Policy Manager
TRADITIONAL PROFILING TECHNIQUES LACK DEVICE CONTEXT
STATIC ATTRIBUTES
NMAP | SNMP | WMI
CLEARPASS DEVICE INSIGHT: FROM GENERIC TO GRANULAR DEVICE VIEW
STATIC ATTRIBUTES
NMAP | SNMP | WMI
WINDOWS DEVICE
AXIS DEVICE
AXIS SECURITY CAMERA
AXIS Q35 NETWORK CAMERA
DEEP PACKET INSPECTION (DPI)
STATIC + BEHAVIORAL ATTRIBUTES
APPLICATIONSWEB SITES
PORTSPROTOCOLS
CROWD-SOURCING
MACHINELEARNING
CLASSIFIES UNKNOWN DEVICES
Device Attributes
IP/MAC Address
Application Access
Communication Protocols
Communication Frequency
Deep Packet Inspection (DPI)
MACHINE LEARNING
CROWDSOURCING
AUTOMATED DEVICE DISCOVERY AND PROFILING
Static Attributes: Operating System, Hardware Vendor
Active and Passive techniques such as MAC OUI, NMAP, etc.
Dynamic Attributes: Understanding Behavioral AttributesDeep Packet Inspection (DPI) and Machine Learning leverage communication patterns,
applications, etc.
Comparative Attributes: Finding Commonality
Continuous monitoring of device trafficand crowdsourced intelligence to refine
and update device fingerprints
ELIMINATES BLIND SPOTS
Discovered Devices Classify known
devices with
fingerprintsClassification based on
static, flow and behavior
based attributes
Checks for Fingerprint
Device Identified and
Labeled
ML-based Classification
Utilizing Machine Learning for Unknown Devices
MACHINE LEARNING-
BASED CLUSTERING
USING DPI
MAC / Vendor info
Port/ProtocolStatic Attributes
(DHCP, User agent, SNMP info)
Destination IP
Communication Frequency
Application Communications
CLOUD-ENABLED COMMUNITY CROWDSOURCING
Aruba receives the signature
Signature is made available for use by
all customers
Customer labels a device using clusters or rules
Signature is tested and validated
ARCHITECHTURE OVERVIEW
Combination of on-premises data collector (appliance or virtual) and
cloud-based analyzer
Through Deep Packet Inspection (DPI), device attributes are are
extracted and metadata is sent to the cloud for analysis
Campus / Datacenter
Device InsightVirtual
Collector
Device Insight
Hardware Collector
Branch
Device InsightVirtual
Collector
Gateway Switch
DEVICE INSIGHT
ANALYZER
CLOUD PLATFORM
Device Insight
Hardware Collector
Device InsightVirtual
Collector
Multi-Vendor Switching
Multi-Vendor WLANs
3rd Party Security and Networking Vendors
360 SECURE FABRIC
ECOSYSTEM
ClearPass Policy ManagerSEGMENTATION / ENFORCEMENT
Internet of Things (IoT)
BYOD and Corporate Owned
ClearPass Device InsightENHANCED DISCOVERY / PROFILING
Bi-Directional Data Exchange
INTEGRATION ENSURES SECURE ACCESS
Aruba IntroSpect - ClearPass Integration
A
C
B
NETWORK TRAFFIC
PACKETS
FLOWS
AUTHENTICATION/I
DENTITY
Consoles / Workflows
SIEM
THREAT INTELLIGENCE
ANALYZER
ENTITY360
FULL SET
ANALYTICS FORENSICS
DATA
FUSION BIG DATA
IntroSpect Sources
• AD• LDAP
INFRASTRUCTURE
• Firewall• VPN• Web Proxy
PACKET PROCESSOR
DPIPACKET
CAPTURE
NETWORK ACCESS
• ClearPass
ARUBA INFRASTRUCTURE
• Controller AMON
DNS / DHCP
EMAIL / DLP
3RD PARTY ALERTS
• FireEye
NETFLOW
PORT-BASED DYNAMIC ROLE-BASED
StaticCamera port
Printer port
PoS port
Manual configuration of ACLs, VLANs, QoS
Automate configurations with context
PCI-compliant
Hard to scale for device type and quantity across multiple sites
Dynamic
Flatten configurations at high scale based on user, device, app
ENFORCED BY DYNAMIC SEGMENTATION
IOT IN HEALTHCARE
ClearPass Device InsightENHANCED DISCOVERY / PROFILING
HOW WE’RE DIFFERENT
CONTINUAL INNOVATION IN IOT CONNECTIVITY, SECURITY, AND AI
COMPLETE VISIBILITY ACROSS THE ENTIRE INFRASTRUCTRE
AUTOMATED, MACHINE LEARNING-BASED, DISCOVERY AND PROFILING
CLOUD-ENABLED, CROWDSOURCED FINGERPRINTS
DYNAMIC ROLE-BASED ACCESS CONTROL
ClearPass and Aruba ClearPass Device Insight
Do you need visibility and control?
Device Insight By Itself Provides Enhanced Visibility and Reporting Only
IoT Devices
Enhanced Visibility
Enhanced Reporting
User Devices
Enhanced Visibility
Enhanced Reporting
Guest Devices
Enhanced Visibility
Enhanced Reporting
Aruba ClearPass Device Insight
ClearPass Policy Manager Provides Good Visibility and Expert Control
IoT Devices
Good Visibility
Basic Reporting
Policy Based Control
User Devices
Great Visibility
Basic Reporting
Policy Based Control
Guest Devices
Good Visibility
Basic Reporting
Policy Based Control
ClearPass Policy Manager
Aruba ClearPass Device Insight + ClearPass Policy Manager
IoT Devices
Enhanced Visibility
Enhanced Reporting
Policy Based Control
User Devices
Enhanced Visibility
Enhanced Reporting
Policy Based Control
Guest Devices
Enhanced Visibility
Enhanced Reporting
Policy Based Control
Aruba ClearPass Device Insight
ClearPass Policy Manager
License model
Component Component Type SKUs
Aruba ClearPass Device Insight
software (Device count based SKU)
Software running on ACP* Subscription based 1,3 and 5 year SKUs
Collectors (Virtual) Software on customer
hardware
Comes with device insight
Collectors (Physical) Hardware 3 models to support 500, 5000 and 25K device
count
*Long term plan is to support on-prem and private cloud deployment**Compliance suite includes Aruba ClearPass Device Insight