Intelligent Edge Protection

Similar documents
Intro to Niara. no compromise behavioral analytics. Tomas Muliuolis HPE Aruba Baltics Lead

ClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead

Secure wired and wireless networks with smart access control

Visibility, control and response

HPE Aruba Focus Areas

Produkt Update: Aruba 360 Secure Fabric ClearPass 6.7 neues Lizenzmodell & IntroSpect. Reinhard Lichte, Consulting Systems Engineer

ARUBA CLEARPASS NETWORK ACCESS CONTROL

CLEARPASS EXCHANGE. Open third party integration for endpoint controls, policy and threat prevention SOLUTION OVERVIEW MAKE BETTER-INFORMED DECISIONS

Secure Access - Update

ARUBA 360 SECURE FABRIC

QuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview

ARUBA CLEARPASS NETWORK ACCESS CONTROL

Microsoft Security Management

The Why, What, and How of Cisco Tetration

Portnox CORE. On-Premise. Technology Introduction AT A GLANCE. Solution Overview

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

User and Entity Behavior Analytics

ForeScout Agentless Visibility and Control

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

ARUBA CLEARPASS POLICY MANAGER

2013 InterWorks, Page 1

Compare Security Analytics Solutions

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

2012 Cisco and/or its affiliates. All rights reserved. 1

TECHNICAL NOTE CLEARPASS PROFILING QUICK START GUIDE

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Identity Based Network Access

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

MEETING ISO STANDARDS

Security Readiness Assessment

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

ForeScout Extended Module for Carbon Black

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Provide One Year Free Update!

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

BYOD: BRING YOUR OWN DEVICE.

ARUBA CLEARPASS POLICY MANAGER

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

White Paper. Comply to Connect with the ForeScout Platform

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cybersecurity Roadmap: Global Healthcare Security Architecture

ClearPass Design Scenarios

Aruba Networks. Now is the time to build your Aruba practice

Self-driving Datacenter: Analytics

How-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology

McAfee Skyhigh Security Cloud for Amazon Web Services

ForeScout Extended Module for MaaS360

How to Apply a Zero-Trust Model to Cloud, Data and Identity

Industrial IoT as enabler for digitization

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

McAfee MVISION Cloud. Data Security for the Cloud Era

ForeScout Extended Module for VMware AirWatch MDM

Cisco Network Admission Control (NAC) Solution

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

NEXT GENERATION SOLUTION FOR NETWORK ACCESS MANAGEMNT & CONTROL

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Design and Deployment of SourceFire NGIPS and NGFWL

The Oracle Trust Fabric Securing the Cloud Journey

ForeScout ControlFabric TM Architecture

One Management Realized, with Cisco Prime Infrastructure Manage Complexity. Manage Effectively. Manage Intelligently. Closing

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

CIS Controls Measures and Metrics for Version 7

Borderless Networks. Tom Schepers, Director Systems Engineering

Automated Threat Management - in Real Time. Vectra Networks

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

HiveManager Local Cloud

Go mobile. Stay in control.

The Context Aware Network A Holistic Approach to BYOD

CIS Controls Measures and Metrics for Version 7

Cisco s Appliance-based Content Security: IronPort and Web Security

ForeScout Extended Module for MobileIron

ARUBA CLEARPASS POLICY MANAGER

Un SOC avanzato per una efficace risposta al cybercrime

USP Network Authentication System & MobileIron. Good for mobile security solutions

QuickSpecs. Aruba ClearPass Policy Manager Platform. Overview. Aruba ClearPass Policy Manager Platform The most advanced Secure NAC platform available

PrecisionAccess Trusted Access Control

Zero Trust Security with Software-Defined Secure Networks

Infoblox as Part of the Ecosystem

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

ONE POLICY. Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013

Build a Software-Defined Network to Defend your Business

Enterprise & Cloud Security

CHARLES DARWIN, CYBERSECURITY VISIONARY

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

ForeScout Research and Intelligent Analytics Program

EXTENDING BEHAVIORAL INSIGHTS INTO RISK-ADAPTIVE PROTECTION & ENFORCEMENT

Aruba Central. Tech Webinar, October 6 th Christian Dupont, Britto Jagadesh & Barath Srinivasan

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

Security+ SY0-501 Study Guide Table of Contents

Cisco ISE Ports Reference

Alcatel-Lucent OmniVista 2500 Network Management System

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

Cisco Tetration Analytics

Qualys Cloud Platform

Cisco Secure Access Control

Asset Discovery with Symantec Control Compliance Suite WHITE PAPER

WHY ARMIS. 1. Comprehensive Asset Discovery and Inventory. 2. Agentless. Top 10 Reasons To Consider Armis

Transcription:

Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017

Flexible consumption Beacons, sensors and geo-positioning Driven by agile DevOps Mobile users, apps and devices Ecosystem of innovation partners Reliable performance & experience Hybrid IT Your Apps & Data Ubiquitous connectivity Always workload optimized Security & resilience built-in Containerized, automated and orchestrated Intelligent Edge Built-in data analysis & contextually aware Adaptive trust security

Aruba takes untrusted devices and converts them into sources of trusted and actionable data

The Fundamentals of Network Access Profile the Asset Asset, location and basic posture information Passive and active techniques Validate the Identity Traditional network authentication methods 802.1x, MAC, PSKs Leverage profile data as input to identity Reference an existing asset register or start building one Authorize its Role Lookup existing databases or trigger approval workflows IT policies about security behavior, risk, access control OT policies regarding SLA, auditing, compliance

The 4 stages of visibility and control Orchestrated device discovery Wired, Wireless, IOT Profile and Manage Custom Fingerprinting Visibility Policy Step by Step access privileges Identity and context-based rules Relationship between device, apps, services, and infrastructure Wired, Wi-Fi, VPN Situational aware security AAA and non-aaa options Event-triggered threat protection Enterprise-wide coverage across any location, device type Integration w/ network and security infrastructure Enforcement Automation 3rd party integration for end to end visibility and control IT managed and controlled workflows for guest, BYOD, IoT, health checks

ClearPass Policy Manager and NAC Solution Built-in: Policy Engine RADIUS/CoA/TACACS Profiling Accounting/reports Identity store CLEARPASS POLICY MGR Expandable Applications REMOTE LOCATION BYOD onboarding Simple guest access Health assessments Onboard Guest OnGuard

Sources of Usable Context EMM/MDM Device Profiling Samsung SM-G900 Android Jons-Galaxy Personal owned Registered OS up-to-date Hansen, Jon [Sales] MDM enabled = true In-compliance = true Hansen, Jon [Sales] Enforcement Points Title COO Dept Executive office City London Location Bldg 10 Floor 3 Bandwidth 10Mbps Identity Stores

Comprehensive Profiler Methods Helps ensure accurate fingerprints Passive Profiling DHCP Fingerprinting (MAC OUI & Certain Options) DHCP Relay or SPAN HTTP User-Agent AOS IF-MAP Interface, Guest and Onboard Workflows TCP Fingerprinting (SYN, SYN/ACK) SPAN ARP SPAN Cisco Device Sensor Netflow/IPFIX Identifies open ports Active Profiling Windows Management Instrumentation (WMI) Nmap MDM/EMM SSH ARP Table SNMP MAC/Interface Table SNMP CDP/LLDP Table SNMP

ClearPass Exchange Granular traffic control with user and device data Next-Gen Perimeter Defense Client Devices MDM / EMM Network controls using real-time device data Visibility and interactive control features SIEM, Automation, MFA IoT Devices Infrastructure Visibility into location and time with granular controls NEW

Demo Time

Use Case: IoT Device Security Incident Adaptive Trust Identity Operator Asset DB Vendor: Selecta Class: Beverage Fridge Role: Store IoT devices Location: Pike Place, Seattle Authentication: MAC, SQL Mac Address: AA:BB:CC:11:22:33 Firmware Version: 12.35b Risk Profile: High (open ports) Polling Frequency: 83 in last 5 mins BW Profile: 89% increase ClearPass Update switch (sandbox role, shutdown port) Update FW policy for store Block access to update URL Generate notifications to OT and IT Update risk profile for other fridges Flag inventory application to review data

IntroSpect Overview Packets Flows Logs Alerts IntroSpect UEBA ANALYZER ENTITY360 ANALYTICS FORENSICS DATA FUSION BIG DATA Most complete visibility 100+ supervised and unsupervised machine learning models Integrated forensics data Scales from small projects to full enterprise deployment Open, integrated platform Fast-start option Entity360 Profile with Risk Scoring

The Start: User/Entity View of Events IP Address

Behavior Many Different Dimensions Authentication AD logins Internal Resource Access Finance servers Remote Access VPN logins External Activity C&C, personal email Behavioral Analytics SaaS Activity Office 365, Box Cloud IaaS AWS, Azure Exfiltration DLP, Email Physical Access badge logs

Basics of Behavioral Analytics MACHINE LEARNING UNSUPERVISED Behavioral Analytics BASELINES INDIVIDUAL HISTORICAL + PEER GROUP (e.g. from AD designation or profiling from ClearPass) ABNORMAL INTERNAL RESOURCE ACCESS

Finding the Malicious in the Anomalous BUSINESS CONTEXT High Value Assets High Value Actors Behavioral Analytics MACHINE LEARNING SUPERVISED UNSUPERVISED THIRD PARTY ALERTS DLP Sandbox Firewalls STIX Rules Etc.

Accelerated Investigation and Response Behavioral Analytics

SOLUTION - INTEGRATED A GLANCE WITH SECURITY ECOSYSTEM IDENTITY INFASTRUCTURE Consoles / Workflows SaaS CASB SIEM ANALYZER ENTITY360 PACKET PROCESSOR laas ALERTS ANALYTICS DATA FUSION FORENSICS BIG DATA DPI PACKET CAPTURE NETWORK TRAFFIC PACKETS FLOWS

ClearPass + IntroSpect = 360 Protection! 1. Detect and Authorize Wired/Wireless Device Authentication ClearPass Policy Manager User/Device Context Actionable Alerts IntroSpect UEBA Entity360 Profile with Risk Scoring 2. Monitor and Alert 3. Decide and Act ClearPass Real-time Policy-based Actions Real-time quarantine, Re-authentication Bandwidth Control Blacklist www.arubanetworks.com/clearpass www.introspect.com

Demo Time

Why all of this? BYOD, NAC, Guest Access, OT, IT Different level of scale..again Cannot VLAN or MAC whitelist your way out of IoT Automation a requirement, not a nice to have Role Based Access Control is key Extend WLAN roles to the LAN and VPN Leverage controllers for low bandwidth LAN devices Firewall at the edge to help with network segmentation

OLIVER WEHRLI TECHNOLOGY CONSULTANT SWITZERLAND T: +41 58 199 00 55 UEBERLANDSTRASSE 1 CH-8600 DUEBENDORF SWITZERLAND AIRHEADS COMMUNITY FOLLOW US Twitter LinkedIn Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback