360 Security Fabric leverages Aruba’s networking and security products to provide network-wide security to an increasingly digital world
19 September 2017 |
Aruba, a Hewlett Packard Enterprise Company, is best known for its business-grade Wi-Fi products. What is less well known about Aruba is that it has always had excellent security products. In fact, the company has often been described as a security vendor dressed up as a Wi-Fi maker.
However, Aruba’s security positioning has always been tactical rather than strategic because its products were used for specific purposes, such as end point protection or wireless security. That has now changed. At the APAC Atmosphere in Macau as the company introduced its 360 Security Fabric, which enables it to provide end-to-end security to address the needs of a world that is becoming increasingly digitised.
The concept of a security fabric is a good one because it simplifies security, and enables network and security professionals to respond faster to cyberattacks, minimising the impact of a breach. A little less than a year ago, Fortinet offered its approach to security fabrics too. While the value proposition for the Fortinet and Aruba fabrics are similar, the way the two companies developed their solutions is quite different, showing there is indeed more than one way to skin a cat.
As one would expect, Fortinet’s fabric leverages great security products. While Aruba plays to its strengths by building the fabric on strong networking products, making it ideal for companies where there is a tight coupling between network and security operations. Given most digital technologies are network centric, this should be a trend that becomes more commonplace.
Aruba 360 Security Fabric features:
- Aruba 360 Security Fabric is built on the following components:
- Aruba IntroSpect User and Entity Behavioral Analysis (UEBA) solution (formerly Niara). As the name suggests, this continuously monitors network activity from all devices, including IoT endpoints. The basic version uses baselines and anomaly detection to spot what might be a breach. A new advanced version incorporates machine learning, peer group analysis and integrated response. Businesses can start with basic and then quickly upgrade to IntroSpect Advanced when needed.
- Aruba ClearPass. There is no product from Aruba that emphasises how good the company is at security than ClearPass. The widely adopted network access control (NAC) and policy management solution automates the threat response sent from UEBA. One of the strengths of ClearPass is that it is vendor agnostic and often runs on Cisco networks.
- Aruba Secure Core. The security fabric uses a number of features built into Aruba’s Wi-Fi APs, wireless controllers and network switches. This includes flow information, analytics and encryption.
It is important to note that customers do not have to deploy all of these technologies at once, as Aruba 360 Security Fabric supports a broad set of third parties and can leverage those. For example, instead of using ClearPass for authentication, you can use Microsoft Active Directory. Other examples of sources of data are Checkpoint and Palo Alto logs and LDAP.
Securing IoT devices
One of the more interesting features worth investigating deeper is the device peer grouping, particularly for IoT. The majority of IoT devices are deployed by the operational technology (OT) group, meaning network operations is often blind to them. As ZK Research notes, 50% of networking teams have little to no confidence they are aware of all the connected endpoints. This poses security challenges, since, as the axiom goes, one cannot secure what one cannot see. Also, even if the network operations team is aware of the IoT devices, many of those devices are fairly dumb and offer very little information to help with security and network optimisation.
The device peer grouping feature profiles all devices and builds “peer groups” of them and then ClearPass signals when something seems awry. For example, the solution could infer a device was a connected soda machine by comparing the traffic to and from the device. All of the devices in that peer group would exhibit similar behaviour, such as sending traffic to and from Coca-Cola. If the device suddenly starts trying to access point-of-sale devices, that anomaly would be flagged for further investigation and ClearPass would automatically quarantine it.
Businesses are becoming increasingly dynamic and distributed, and analytics-driven security using rich data and machine learning can protect companies much better than the reactive tools that most businesses currently use. Aruba 360 Security Fabric leverages the company’s broad set of networking and security products to deliver the advanced capabilities network wide, cutting the time to find and respond to breaches from weeks or months to literally hours.
IDG News Service