ARUBA CLEARPASS

DEVICE INSIGHT

QUESTIONS WILL GET ASKED

• What is your current level of visibility related to

devices connecting to your network?

• How are you addressing IoT devices? Do you know

which types are currently on your network?

• Do you have a plan to find an appropriately segment

these devices?

Clearpass Video’s

CURRENT CHALLENGES IN DEVICE VISIBILITY

IT/Security teams lack visibility into devices on the network i.e. factory

controllers, medical equipment

Current toolset fails to adequately address visibility and IoT use cases

Volume, variety and the innovation of “things” means manual approaches cannot keep pace

Without comprehensive visibility, effective security and compliance is not possible

HALF OF ENTERPRISE STRUGGLING TO SECURE IOT

Source: Ponemon Institute

CLEARPASS DEVICE INSIGHT OVERVIEW

Reduces Risk by Eliminating Blind Spots

through DPI-based discovery and profiling of devices

Automatically Classifies Unknown Devices

using advanced machine learning and crowdsourcing intelligence

Ensures Secure Accessvia seamless integration with ClearPass Policy Manager

TRADITIONAL PROFILING TECHNIQUES LACK DEVICE CONTEXT

STATIC ATTRIBUTES

NMAP | SNMP | WMI

CLEARPASS DEVICE INSIGHT: FROM GENERIC TO GRANULAR DEVICE VIEW

STATIC ATTRIBUTES

NMAP | SNMP | WMI

WINDOWS DEVICE

AXIS DEVICE

AXIS SECURITY CAMERA

AXIS Q35 NETWORK CAMERA

DEEP PACKET INSPECTION (DPI)

STATIC + BEHAVIORAL ATTRIBUTES

APPLICATIONSWEB SITES

PORTSPROTOCOLS

CROWD-SOURCING

MACHINELEARNING

CLASSIFIES UNKNOWN DEVICES

Device Attributes

IP/MAC Address

Application Access

Communication Protocols

Communication Frequency

Deep Packet Inspection (DPI)

MACHINE LEARNING

CROWDSOURCING

AUTOMATED DEVICE DISCOVERY AND PROFILING

Static Attributes: Operating System, Hardware Vendor

Active and Passive techniques such as MAC OUI, NMAP, etc.

Dynamic Attributes: Understanding Behavioral AttributesDeep Packet Inspection (DPI) and Machine Learning leverage communication patterns,

applications, etc.

Comparative Attributes: Finding Commonality

Continuous monitoring of device trafficand crowdsourced intelligence to refine

and update device fingerprints

ELIMINATES BLIND SPOTS

Discovered Devices Classify known

devices with

fingerprintsClassification based on

static, flow and behavior

based attributes

Checks for Fingerprint

Device Identified and

Labeled

ML-based Classification

Utilizing Machine Learning for Unknown Devices

MACHINE LEARNING-

BASED CLUSTERING

USING DPI

MAC / Vendor info

Port/ProtocolStatic Attributes

(DHCP, User agent, SNMP info)

Destination IP

Communication Frequency

Application Communications

CLOUD-ENABLED COMMUNITY CROWDSOURCING

Aruba receives the signature

Signature is made available for use by

all customers

Customer labels a device using clusters or rules

Signature is tested and validated

ARCHITECHTURE OVERVIEW

Combination of on-premises data collector (appliance or virtual) and

cloud-based analyzer

Through Deep Packet Inspection (DPI), device attributes are are

extracted and metadata is sent to the cloud for analysis

Campus / Datacenter

Device InsightVirtual

Collector

Device Insight

Hardware Collector

Branch

Device InsightVirtual

Collector

Gateway Switch

DEVICE INSIGHT

ANALYZER

CLOUD PLATFORM

Device Insight

Hardware Collector

Device InsightVirtual

Collector

Multi-Vendor Switching

Multi-Vendor WLANs

3rd Party Security and Networking Vendors

360 SECURE FABRIC

ECOSYSTEM

ClearPass Policy ManagerSEGMENTATION / ENFORCEMENT

Internet of Things (IoT)

BYOD and Corporate Owned

ClearPass Device InsightENHANCED DISCOVERY / PROFILING

Bi-Directional Data Exchange

INTEGRATION ENSURES SECURE ACCESS

Aruba IntroSpect - ClearPass Integration

A

C

B

NETWORK TRAFFIC

PACKETS

FLOWS

AUTHENTICATION/I

DENTITY

Consoles / Workflows

SIEM

THREAT INTELLIGENCE

ANALYZER

ENTITY360

FULL SET

ANALYTICS FORENSICS

DATA

FUSION BIG DATA

IntroSpect Sources

• AD• LDAP

INFRASTRUCTURE

• Firewall• VPN• Web Proxy

PACKET PROCESSOR

DPIPACKET

CAPTURE

NETWORK ACCESS

• ClearPass

ARUBA INFRASTRUCTURE

• Controller AMON

DNS / DHCP

EMAIL / DLP

3RD PARTY ALERTS

• FireEye

NETFLOW

PORT-BASED DYNAMIC ROLE-BASED

StaticCamera port

Printer port

PoS port

Manual configuration of ACLs, VLANs, QoS

Automate configurations with context

PCI-compliant

Hard to scale for device type and quantity across multiple sites

Dynamic

Flatten configurations at high scale based on user, device, app

ENFORCED BY DYNAMIC SEGMENTATION

IOT IN HEALTHCARE

ClearPass Device InsightENHANCED DISCOVERY / PROFILING

HOW WE’RE DIFFERENT

CONTINUAL INNOVATION IN IOT CONNECTIVITY, SECURITY, AND AI

COMPLETE VISIBILITY ACROSS THE ENTIRE INFRASTRUCTRE

AUTOMATED, MACHINE LEARNING-BASED, DISCOVERY AND PROFILING

CLOUD-ENABLED, CROWDSOURCED FINGERPRINTS

DYNAMIC ROLE-BASED ACCESS CONTROL

ClearPass and Aruba ClearPass Device Insight

Do you need visibility and control?

Device Insight By Itself Provides Enhanced Visibility and Reporting Only

IoT Devices

Enhanced Visibility

Enhanced Reporting

User Devices

Enhanced Visibility

Enhanced Reporting

Guest Devices

Enhanced Visibility

Enhanced Reporting

Aruba ClearPass Device Insight

ClearPass Policy Manager Provides Good Visibility and Expert Control

IoT Devices

Good Visibility

Basic Reporting

Policy Based Control

User Devices

Great Visibility

Basic Reporting

Policy Based Control

Guest Devices

Good Visibility

Basic Reporting

Policy Based Control

ClearPass Policy Manager

Aruba ClearPass Device Insight + ClearPass Policy Manager

IoT Devices

Enhanced Visibility

Enhanced Reporting

Policy Based Control

User Devices

Enhanced Visibility

Enhanced Reporting

Policy Based Control

Guest Devices

Enhanced Visibility

Enhanced Reporting

Policy Based Control

Aruba ClearPass Device Insight

ClearPass Policy Manager

License model

Component Component Type SKUs

Aruba ClearPass Device Insight

software (Device count based SKU)

Software running on ACP* Subscription based 1,3 and 5 year SKUs

Collectors (Virtual) Software on customer

hardware

Comes with device insight

Collectors (Physical) Hardware 3 models to support 500, 5000 and 25K device

count

*Long term plan is to support on-prem and private cloud deployment**Compliance suite includes Aruba ClearPass Device Insight