Secure wired and wireless networks with smart access control Muhammad AbuGhalioun Senior Presales Consultant Hewlett-Packard Enterprise Aruba Saudi Arabia
Managing risk in today s digital enterprise Increasingly sophisticated cyber attacks More sophisticated More frequent More damaging Cost and complexity of regulatory pressures Compliance Privacy Data protection Rapid transformation of enterprise IT Shift to hybrid Mobile connectivity Big data explosion
User behavior and the shifting perimeter 30% of users lost data on mobile Younger users are less responsible 60% of users share devices Aruba, HPE 2015 Survey of 4300 Enterprises * Aruba 2015 Running the Risk report
Top concerns for IT Mobility Controlling who and what can connect BYOD/Device loss Personal devices, privileges and loss of data Authentication Separate enterprise and guest access policies 4
Time for a new mobility and IoT defense model Static perimeter defense Anti/Virus Firewalls IDS/IPS Web gateways Physical components
Security posture that adapts to context sensitive situations Anti/Virus Firewalls IDS/IPS Web gateways Static perimeter defense Anti/Virus IDS/IPS Physical components Firewalls Physical Components Web gateways Adaptive trust defense Security and policy for each user or group Security and Policy for each user or group 6
ClearPass policy management Automated workflows Enhanced security for BYOD and guests Security rules by user roles and device types Onboard Guest OnGuard Multi-vendor policy enforcement Full RADIUS/TACACS Exchange (comprehensive third-party integration) Expandable applications ClearPass Policy Manager Exchange 7
The Aruba solution for the digital workplace High visibility Built-in discovery, profiling and dashboards Easy deployment Multi-vendor wired, wireless and VPN ClearPass Policy Manager 802.1X and non-aaa enforcement Easy onboarding Support for AD, LDAP, SQL, Internal db, BYOD, third party integration Hardware and Virtual Appliances (500, 5000, 25000) Technolo
The Aruba apps for BYOD, guest and device assessments Onboard Guest OnGuard Enhanced security for BYOD and guests Automated workflows Device health checks
What s inside Base services IT tools User tools Built-in add-ons Policy Engine Policy simulation AirGroup Pool of 25 Lic. RADIUS/CoA TACACS+ Profiling+ +100 RADIUS dictionaries Advanced reporting Access tracking Template-based policy creation LDAP browser Per session logs Bonjour/DLNA Device registration Certificate revocation Basic guest Onboard Guest OnGuard Exchange API Syslog
Identify, enforce, protect Any user/location Any connection Any device
Device identity Built-in profiling NMAP Port-based Scanner On-demand or pre-scheduled scans Granular visibility for like devices DHCP TCP SSH NMAP CDP, LLDP SNMP WMI OnGuard Mac OUI Before After Lighting sensor NMAP Scan Accurate policy decision Temperature sensor Two IoT endpoints
Device identity ClearPass builds and sees up to date database of devices Devices can be flushed from database Context is used within policies Total devices Device types Fingerprint data
User identity, simple workflows for any use case 1. Employee with IT-managed 2. Employee with BYOD 3. Guest access Login Yi Ling Passwd S1ngp0rSL1ng Device database Device certificate Active directory ClearPass
Secure enforcement Authentication before access Aruba ClearPass Existing 802.1X wired/wireless support Multivendor support for all 802.1X ready wired and wireless customers Secure encrypted wireless access Built-in ClearPass profiling IoT, laptops, mobile phones Easy to use policy creation templates Technolo
Non-AAA wired enforcement option Customers want to manage any device that connects Only some support.1x supplicants 50% of IoT may be wired ClearPass supports any customer Infrastructure and need
OnConnect for non-aaa enforcement No 802.1X SNMP Enforcement Aruba ClearPass Printer Vlan Infusion Pump Vlan Existing 802.1X wired/wireless support Built-in device-centric security for all non-aaa ready customers Easy to configure on legacy multivendor switches Leverages ClearPass profiling for wired/wireless IoT, laptops, mobile phones Technolo
ClearPass Exchange Technology Program is growing ClearPass Exchange arubanetworks.com Over 120 different partners
ClearPass Exchange: End to End Controls Support for popular partner solutions and services Infrastructure Security SIEM Device management MFA Services BYOD and corporate owned
ClearPass exchange, 3 rd party integration ClearPass Exchange: End to End Controls for Enterprise Security REST API/Syslog Security monitoring and threat prevention Internet of Things (IoT) Multi-vendor switching Device management and multi-factor auth BYOD and corporate owned Multi-vendor WLANs Aruba ClearPass with Exchange EcoSystem Helpdesk and voice/sms services in the cloud
ClearPass Extensions, 3 rd party integration option Extensions repository Aruba ClearPass Opens doors for new Exchange partnerships Device authorization, MFA, visitor registration, EMM/MDM and more Extends use of existing security, productivity solutions Fast, no heavy lifting integration model
Aruba ClearPass is the best solution for wired and wireless NAC and the most scalable. Chris Kissel, Senior Industry Analyst, Frost & Sullivan 2016 - Network Access Control Global Market Analysis Frost 2016 NAC review recognized ClearPass for Best NAC Best for Guest Best for Health Checks Best for Multivendor 22
More information www.arubanetworks.com ClearPass, exchange, adaptive trust, promotions
Let s hear your voice! Open HPE Events App, and answer the following question to participate What are the 3 steps that you need to follow to protect your network? 24
Thank you Muhammad AbuGhalioun Senior Presales Consultant Hewlett-Packard Enterprise Aruba Saudi Arabia Muhammadabu.abughalioun@hpe.com 25