ClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead

Similar documents
Secure wired and wireless networks with smart access control

HPE Aruba Focus Areas

Visibility, control and response

Intelligent Edge Protection

ARUBA CLEARPASS NETWORK ACCESS CONTROL

ARUBA CLEARPASS NETWORK ACCESS CONTROL

ClearPass Design Scenarios

ARUBA CLEARPASS POLICY MANAGER

CLEARPASS EXCHANGE. Open third party integration for endpoint controls, policy and threat prevention SOLUTION OVERVIEW MAKE BETTER-INFORMED DECISIONS

ARUBA CLEARPASS POLICY MANAGER

ForeScout ControlFabric TM Architecture

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

Identity Based Network Access

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

QuickSpecs. Aruba ClearPass Policy Manager Platform. Overview. Aruba ClearPass Policy Manager Platform The most advanced Secure NAC platform available

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

TECHNICAL NOTE CLEARPASS PROFILING QUICK START GUIDE

ARUBA CLEARPASS POLICY MANAGER

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Cisco Network Admission Control (NAC) Solution

ARUBA 360 SECURE FABRIC

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

ISE North America Leadership Summit and Awards

Mobility First How Tomorrow Moves for Education

Provide One Year Free Update!

2012 Cisco and/or its affiliates. All rights reserved. 1

CYBERSECURITY RISK LOWERING CHECKLIST

The Context Aware Network A Holistic Approach to BYOD

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Portnox CORE. On-Premise. Technology Introduction AT A GLANCE. Solution Overview

Secure IT consumeration (BYOD), users will like you How to make secure access for smart mobile devices

Cyber Protections: First Step, Risk Assessment

CLEARPASS GUEST. A ClearPass Policy Manager Application DATA SHEET KEY FEATURES THE CLEARPASS ADVANTAGES

2013 InterWorks, Page 1

ForeScout CounterACT Pervasive Network Security Platform Network Access Control Mobile Security Endpoint Compliance Threat Management

Designing and Building a Cybersecurity Program

Secure Access - Update

CyberSecurity: Top 20 Controls

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Outnumbered, but not outsmarted A 2-step solution to protect IoT and mobile devices

Stop Threats Before They Stop You

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Changing face of endpoint security

Securing Your Most Sensitive Data

Aligning with the Critical Security Controls to Achieve Quick Security Wins

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

ONE POLICY. Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013

CIS Controls Measures and Metrics for Version 7

Cybersecurity Today Avoid Becoming a News Headline

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

Reviewer s guide. PureMessage for Windows/Exchange Product tour

Don t Be the Next Data Loss Story

CIS Controls Measures and Metrics for Version 7

Access and Policy License Double Click

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

What It Takes to be a CISO in 2017

Security-as-a-Service: The Future of Security Management

RSA IT Security Risk Management

BYOD: BRING YOUR OWN DEVICE.

QuickSpecs. Aruba ClearPass OnGuard Software. Overview. Product overview. Key Features

Pulse Policy Secure X Network Access Control (NAC) White Paper

Cisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

Demystifying NAC. Network Visibility, Access Compliance and Threat Response

SUBSTANTIAL TECHNOLOGY PARTNERSHIPS FOR YOUR SOLID SECURITY

Network Segmentation Through Policy Abstraction: How TrustSec Simplifies Segmentation and Improves Security Sept 2014

ForeScout Extended Module for Carbon Black

QuickSpecs. Aruba ClearPass Guest Software. Overview. Aruba ClearPass Guest Software A ClearPass Policy Manager Application.

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

NEXT GENERATION SOLUTION FOR NETWORK ACCESS MANAGEMNT & CONTROL

Secure Access & SWIFT Customer Security Controls Framework

Build a Software-Defined Network to Defend your Business

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

ForeScout Extended Module for Splunk

Reinvent Your 2013 Security Management Strategy

WHY YOUR NAC PROJECTS KEEP FAILING: ADDRESSING PRODUCTS, PEOPLE, PROCESSES

Automating the Top 20 CIS Critical Security Controls

McAfee MVISION Cloud. Data Security for the Cloud Era

How Breaches Really Happen

TITLE GOES HERE RUCKUS CLOUDPATH ENROLLMENT SYSTEM. The only integrated security and policy management platform that delivers: COMPRISED OF:

Infoblox as Part of the Ecosystem

Identity-Based Cyber Defense. March 2017

Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Network Access Control Whitepaper

the SWIFT Customer Security

Dynamic Datacenter Security Solidex, November 2009

Take Risks in Life, Not with Your Security

Cisco Secure Access Control

Transforming Security Part 2: From the Device to the Data Center

Evolution Of Cyber Threats & Defense Approaches

Software-Define Secure Networks The Future of Network Security for Digital Learning

Security and Control for all Devices on the Access Network

Transcription:

ClearPass Ecosystem Tomas Muliuolis HPE Aruba Baltics lead

2

Changes in the market create paradigm shifts 3

Today s New Behavior and Threats GenMobile Access from anywhere? BYOD Trusted or untrusted? Bad Apps and Hackers How do you keep up? Open Networks Stay away or safe? 4

Ponemon 2015 Results 5

How to start to build solution? Why ClearPass Align to single security vendor strategy? Ask from colleagues from industry? Build own strategy based on best guess? Search for different solutions in web? Align to regulations and compliancy? Ask expert? Just leave as it is? 6

Time for a New Defense Strategy Perimeter Defense Mobility Defense Firewalls A/V Firewalls EMM/MDM IDS/IPS Web gateways Physical IDS/IPS/AV Access Policy Management Network Infrastructure Policy needed for central point of control 7

ClearPass Core Functionality USERS Employee BYOD Visitor Administrator Employee Contractor Headless Devices NETWORK EDGE Multi-Vendor Wired/Wireless/VPN NETWORK CORE AAA/RADIUS NAC Cert. Authority Onboarding Guest Profiler Device Registration PKI ClearPass Policy Visibility - Workflow User/Role IDENTITY SOURCES Token AD/LDAP SQL Time/Day Location Device Type/Health CONTEXT 8

ClearPass Exchange Partner Integration Integration catalog community.arubanetworks.com 9

Eco system is key for secure infrastructure ClearPass Exchange Over 120 different partners 10

ClearPass Exchange Continues to Grow Granular traffic control with user and device data Next-Gen Perimeter Defense MDM / EMM Network controls using real-time device data Visibility and interactive control features SIEM, Automation, MFA Infrastructure Visibility into location and time with granular controls NEW 11

ClearPass Why ClearPass Multivendor & 3 rd Party integration User-experience driven applications Scalability and cost advantages Business oriented policy services building blocks, roles, troubleshooting tools 12

CIS TOP 20 Controls for Effective Cyber Defense V 6.0 1. Inventory of Authorized and Unauthorized Devices 2. Inventory of Authorized and Unauthorized Software 3. Secure Configurations for Hardware and Software 4. Continuous Vulnerability Assessment and Remediation 5. Controlled Use of Administrative Privileges 6. Maintenance, Monitoring, and Analysis of Audit Logs 7. Email and Web Browser Protections 8. Malware Defenses 9. Limitation and Control of Network Ports 10. Data Recovery Capability 11. Secure Configurations for Network Devices 12. Boundary Defense 13. Data Protection 14. Controlled Access Based on the Need to Know 15. Wireless Access Control 16. Account Monitoring and Control 17. Security Skills Assessment and Appropriate Training to Fill Gaps 18. Application Software Security 19. Incident Response and Management 20. Penetration Tests and Red Team Exercises 13

14

ClearPass Policy and Network Access Control News 15

6.6.1 Release - Things of Note Only one Virtual Image instead of one for 500, 5K, 25K (Vmware and HyperV) Customer uses menu to select proper version during deployment Reports now include data on Social Login use You can see Hostname for devices that connect via OnGuard agents We ve gone to a single REST-based API architecture Replacing TipsAPI (XML), Guest SOAP APIs, and Guest XML-RPC APIs http://community.arubanetworks.com/t5/technology-blog/clearpass-6-6-1-what-s-in-and-what-s-out/ba-p/273297 16

6.6.2 Enhancements - Profiling DHCP TCP SSH NMAP CDP, LLDP SNMP WMI OnGuard We re adding NMAP Port-based Scanner On-demand or pre-scheduled scans Granular visibility for like devices Enhances our competitive advantage Before After Mac OUI Two IoT Endpoints Lighting Sensor NMAP Scan Accurate Policy Decision Temperature Sensor 17

ClearPass Exchange is Growing ClearPass Exchange arubanetworks.com Over 120 different partners 18

Customer s 3 rd Party Solution Provides needed Security or Service, But! Solution lacks needed wired/wireless feature IT lacks integration expertise They have ClearPass but no built-in integration What do you do? 19

ClearPass Extensions - New 3 rd Party Integration Option Extensions Repository Aruba ClearPass Opens doors for new Exchange partnerships Device authorization, MFA, visitor registration, EMM/MDM and more Extends use of existing security, productivity solutions Fast, no heavy lifting integration model. 20

Extensions for Intel Security - McAfee epo 1 Devices establish connections 2 Devices profiled 3 ClearPass checks epo for endpoint status Compliant endpoints allowed access Production Resources Corporate owned and IoT Multi-vendor switching Policy and NAC McAfee epo BYOD and corporate owned epo managed endpoints Multi-vendor WLAN 4 ClearPass enforces access privileges Quarantine Vlan Non compliant endpoints can be sent to quarantine 21

Security for IoT is a Concern, But! Devices have no 802.1X capability Not all switches support 802.1X IT lacks time or 802.1X expertise What do you do? 22

ClearPass OnConnect for Easy Wired NAC Enforcement No 802.1X Aruba ClearPass SNMP Enforcement Printer Vlan Infusion Pump Vlan Existing 802.1X wired/wireless support Built-in device-centric security for all non-aaa ready customers Easy to configure on legacy multivendor switches Leverages ClearPass profiling for wired/wireless - IoT, laptops, mobile phones. 23

Ingress Engine Third-party Threat Protection 1 User connects and 2 NGFW/IPS sends 3 uploads threat event to ClearPass ClearPass isolates client ** Firewall / IPS LAN/WLAN Adaptive Trust Defense based on real-time threat detection Offers enhanced user experience as ClearPass can initiate user notifications, help-desk tickets, and update third-party security solutions ** Device in step 2 can be MDM/EMM, SIEM, etc. 24

Enhanced Profiling and Policy Solving IoT Issues OLD WAY: Wait for new Fingerprints to be made and/or manually override devices 1:1 NEW WAY: Create your own Fingerprints! 25

Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback