Produkt Update: Aruba 360 Secure Fabric ClearPass 6.7 neues Lizenzmodell & IntroSpect. Reinhard Lichte, Consulting Systems Engineer

Similar documents
Intro to Niara. no compromise behavioral analytics. Tomas Muliuolis HPE Aruba Baltics Lead

User and Entity Behavior Analytics

QuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview

Intelligent Edge Protection

ClearPass Policy Manager

ClearPass Policy Manager

Secure wired and wireless networks with smart access control

Compare Security Analytics Solutions

MEETING ISO STANDARDS

ARUBA 360 SECURE FABRIC

CLEARPASS GUEST. A ClearPass Policy Manager Application DATA SHEET KEY FEATURES THE CLEARPASS ADVANTAGES

Visibility, control and response

QuickSpecs. Aruba ClearPass Guest Software. Overview. Aruba ClearPass Guest Software A ClearPass Policy Manager Application.

Cisco Firepower NGFW. Anticipate, block, and respond to threats

RSA NetWitness Suite Respond in Minutes, Not Months

Next-Gen CASB. Patrick Koh Bitglass

ClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

HPE Aruba Focus Areas

ARUBA CLEARPASS POLICY MANAGER

QuickSpecs. Aruba ClearPass Policy Manager Platform. Overview. Aruba ClearPass Policy Manager Platform The most advanced Secure NAC platform available

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cisco Firepower NGFW. Anticipate, block, and respond to threats

CloudSOC and Security.cloud for Microsoft Office 365

Cisco Secure Access Control

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

CipherCloud CASB+ Connector for ServiceNow

Cybersecurity Roadmap: Global Healthcare Security Architecture

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Identity Based Network Access

ARUBA CLEARPASS NETWORK ACCESS CONTROL

McAfee Skyhigh Security Cloud for Amazon Web Services

RUCKUS CLOUD WI-FI Cloud Managed Wi-Fi

Enhanced Threat Detection, Investigation, and Response

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

A. Post-Onboarding. the device wit be assigned the BYOQ-Provision firewall role in me Aruba Controller.

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

SUB-TITLE WLAN Management-as-a-Service

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Cisco Network Admission Control (NAC) Solution

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Driving more value from your Security Operations Center (SOC) Platform. James Hanlon Director, Splunk Security Markets Specialization, EMEA

Speaker Introduction Who Mate Barany, VMware Manuel Mazzolin, VMware Peter Schmitt, Deutsche Bahn Systel Why VMworld 2017 Understanding the modern sec

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

SIEM Solutions from McAfee

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

The Why, What, and How of Cisco Tetration

Product Overview Version 1.0. May 2018 Silent Circle Silent Circle. All Rights Reserved

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Automated Threat Management - in Real Time. Vectra Networks

Securing Office 365 with SecureCloud

ACCP-V6.2Q&As. Aruba Certified Clearpass Professional v6.2. Pass Aruba ACCP-V6.2 Exam with 100% Guarantee

ARUBA CLEARPASS POLICY MANAGER

QuickSpecs. Aruba ClearPass OnGuard Software. Overview. Product overview. Key Features

Seceon s Open Threat Management software

The Oracle Trust Fabric Securing the Cloud Journey

McAfee Skyhigh Security Cloud for Citrix ShareFile

Go mobile. Stay in control.

CyberArk Privileged Threat Analytics

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

10 FOCUS AREAS FOR BREACH PREVENTION

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Popular SIEM vs aisiem

ADC im Cloud - Zeitalter

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Partner Webinar. AnyConnect 4.0. Rene Straube Cisco Germany. December 2014

CLEARPASS EXCHANGE. Open third party integration for endpoint controls, policy and threat prevention SOLUTION OVERVIEW MAKE BETTER-INFORMED DECISIONS

Simplifying the Branch Network

ForeScout Extended Module for Splunk

ARUBA CLEARPASS NETWORK ACCESS CONTROL

Incident Response Agility: Leverage the Past and Present into the Future

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Microsoft Security Management

McAfee MVISION Cloud. Data Security for the Cloud Era

Speed Up Incident Response with Actionable Forensic Analytics

AKAMAI CLOUD SECURITY SOLUTIONS

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Cisco ISE Features. Cisco Identity Services Engine Administrator Guide, Release 1.4 1

One Hospital s Cybersecurity Journey

SYMANTEC DATA CENTER SECURITY

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Cisco Tetration Analytics

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

PrecisionAccess Trusted Access Control

Imperva CounterBreach

McAfee Total Protection for Data Loss Prevention

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Cisco ISE Features Cisco ISE Features

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

EXTENDING BEHAVIORAL INSIGHTS INTO RISK-ADAPTIVE PROTECTION & ENFORCEMENT

ForeScout Extended Module for Carbon Black

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Infrastructure Blind Spots Continue to Fuel Personal Data Breaches. Sanjay Raja Lumeta Corporation Lumeta Corporation

Infoblox as Part of the Ecosystem

Transcription:

Produkt Update: Aruba 360 Secure Fabric ClearPass 6.7 neues Lizenzmodell & IntroSpect Reinhard Lichte, Consulting Systems Engineer

ClearPass 6.7 @ArubaNetworks

What s New in ClearPass 6.7? New license methodology for AAA, Guest and Onboard. Endpoint profiling improvements Client support improvements for OnGuard Insight custom reporting and alerting options ClearPass Extensions and API enhancements Enhanced support for IPv6 Improved internalization support for Guest workflows 3

ClearPass 6.7 Licensing @ArubaNetworks

Challenges With Existing Licensing Difficult to count or explain license usage Customers feel we over license them (e.g. HW/VM + AAA) and lack granularity (500, 5K, 25K) Some competitors include Guest features in the base product Competitors position Onboard on a per-user basis versus per-device 5

What is Changing? Decouple AAA licensing from Hardware and Virtual Machine Appliances Creation of a new license type (Access) which includes 802.1X, MAC Auth, TACACS, Guest, OnConnect, Security Exchange and Endpoint Profiling Move to concurrent authenticated/authorized endpoint counting methodology for Access license with blocks as small as 100 Shift Onboard licensing from per device to per user counting 6

What is Going Away? Replacement of the Subscription ID for access to software downloads HPE Passport credentials will be used instead for authorization to ClearPass web services platform Will reduce customer issues due to mismatch of Subscription ID expiration date with support contract Elimination of 25K, 50K, 100K license bands Software still supports high volume license SKUs but are infrequently purchased so they are removed from the generally available pricelist to reduce SKU count. Elimination of High Capacity Guest Mode With the move to concurrent authenticated/authorized Access counting and the bundling of Guest into the Access license, this mode is no longer needed. Elimination of the Enterprise licensing offering With the bundling of Guest into the Access license, the Enterprise offering had limited value going forward to just cover Onboard and OnGuard. Migration will be available for existing customers. Elimination of 5 Year Subscription offering for OnGuard Aligns our offering with the 3 rd party we license technology from for use in OnGuard. 7

ClearPass 6.7 Licensing Subscription Or Perpetual OnGuard (Endpoint Health/Posture) Onboard (BYOD/CA) Sold as 100, 500, 1K, 2500, 5K, 10K Perpetual and 1/3/5* year Subscription based offerings Subscription Or Perpetual Access (802.1X, MAC-Auth, Guest, TACACS+, OnConnect, Endpoint Profiling & Security Exchange) Sold as 100, 500, 1K, 2500, 5K, 10K Perpetual and 1/3/5 year Subscription based offerings Perpetual VM Appliance / Hardware Appliances Sold as Small, Medium, Large Sizes (HW) Perpetual VM license * OnGuard will no longer be offered as a 5 year subscription 8

What is Concurrency? Method Session Begins Session Ends 802.1X RADIUS Accounting START RADIUS Accounting STOP MAC-Auth RADIUS Accounting START RADIUS Accounting STOP Guest (anonymous, self-reg, social, etc) RADIUS Accounting START RADIUS Accounting STOP VPN RADIUS Accounting START RADIUS Accounting STOP TACACS TACACS Accounting START TACACS Accounting STOP OnConnect MAC Learned (mac-notify or switch link-up) MAC Removed/Aged (mac-notify or switch link-down) Under the concurrency model, a user/device authenticating/authorizing on the network consumes an Access license during an active session. If the session end cannot be identified (e.g. no accounting), the license will be removed from the pool for a period of 24 hours from the time it was consumed. NOTE: Interim-accounting (more chatty) is NOT required to determine start/stop 9

Appliance Transition Existing Appliances (Short Descriptions) Aruba ClearPass 500 HW v2 Appliance Aruba ClearPass 5K DL20 HW Appliance Aruba ClearPass 25K DL360 HW Appliance Aruba ClearPass 500 Virtual App E-LTU Aruba ClearPass 5K Virtual App E-LTU Aruba ClearPass 25K Virtual App E-LTU Replacement Appliance (Short Descriptions) Aruba ClearPass C1000 S-1200 R4 HW Appl Aruba ClearPass C2000 DL20 Gen9 HW Appl Aruba ClearPass C3000 DL360 Gen9 HW Appl Aruba ClearPass Cx000V VM Appl E-LTU Performance numbers (Concurrency & Burst) will be available in a NEW Scaling & Ordering Guide. An ASE based sizing tool is under investigation to assist with ordering. Previous generation hardware will also map to the Cx000 numbering scheme upon upgrade. 10

Sample BoM #1 - University EXAMPLES Requirements Redundancy required 30,000 concurrent/active/connected devices (max at any given point in time) 100 are guests 8,000 total users (all of which will Onboard their devices, ~3 EAP-TLS devices) Dedicated reporting node due to size 6.7 Licenses 3 Cx000V (2 VMs used for AAA, 1 VM used for Insight)* 30,000 Access licenses 8,000 Onboard license 6.6 Licenses 3 CP-VA-25K (2 VMs used for AAA, 1 VM used for Insight)* Includes 75,000 Policy Manager licenses 100 Guest licenses 24,000 Onboard license * These are NOT hard coded functions like in Cisco ISE (personas). Any node can perform any function. 11

Sample BoM #2 - Corporate EXAMPLES Requirements Redundancy required (2 VMs) 10,000 concurrent/active/connected devices (max at any given point in time) 100 are guests 2,000 users will Onboard (~2 devices each) 100 active contractors who require posture assessment on their laptops Inbound events from other solutions 6.7 Licenses 3 Cx000V (2 VMs used for AAA, 1 VM used for IEE)* 10,000 Access licenses 2,000 Onboard licenses 100 OnGuard licenses 6.6 Licenses 3 CP-VA-5K (2 VMs used for AAA, 1 VM used for IEE)* Includes 15,000 Policy Manager licenses 100 Guest licenses 4,000 Onboard license 100 OnGuard licenses * These are NOT hard coded functions like in Cisco ISE (personas). Any node can perform any function. 12

Sample BoM #3 LPV: Airport EXAMPLES Requirements Redundancy required (2 HW) 30,000 concurrent/active/connected guest devices (max at any given point in time) 100,000 unique guest devices per day High Capacity Guest Mode (HCG) 6.7 Licenses 2 C3000 30,000 access licenses 6.6 Licenses 2 CP-HW-25K Calculated as 100K Policy Manager license (HCG) 100,000 guest licenses 13

Conversion HOW IT WORKS During the upgrade, ClearPass will take the original Policy Manager license (500, 5K, 25K) and use it as a pre-activated, Platform Activation Key (PAK) ClearPass will also pre-install 6 month license keys for Access, Onboard and OnGuard MNP will be the first method to convert licenses Due to the complexity of Enterprise and Subscription-based licenses, the Support Welcome Center (TAC) will need to assist in converting them IN SUMMARY With the six month licensing buffer, customers do not need to worry about converting their licenses the day of upgrade. There is plenty of time to convert them without alarm. 14

Conversion Plan (cont.) HOW IT WORKS Existing customers will get a 1:1 license exchange Legacy ClearPass 25K (e.g. CP-VA-25K) = 25,000 Access Licenses Also includes one set of 25 licenses for each feature (Access, Onboard, OnGuard) Legacy ClearPass Guest 500 = 500 Access Licenses Legacy ClearPass Onboard 10K = 10K Onboard Licenses (new key) Legacy ClearPass OnGuard 5K = 5K OnGuard Licenses (new key) Legacy ClearPass Enterprise 100 = New xaccess/yonboard/zonguard Licenses in multiples of 25 For example, 25 Access + 50 Onboard + 25 OnGuard = 100 Enterprise license conversion is a one-time, one-time way process per license key Existing customers will continue to pay support on the original product purchased. 15

1 One year parts warranty and can be extended with a support contract. TechNote TechNotes @ support.arubanetworks.com ClearPass 6.7 License Conversion TechNote SCALING & ORDERING GUIDE ClearPass Policy Manager INTRODUCTION ClearPass 6.7 introduces a new licensing methodology that aims to simplify ordering, offer customers an easier to understand model and ultimately provide more value and flexibility. This new methodology includes the following high-level changes: Ability to order appliances (hardware or virtual) independent of capacity licenses. Bundling of guest licensing into a new license type called Access. The Access license includes 802.1X, MAC Authentication, TACACS+, Guest, OnConnect, Security Exchange (previously ClearPass Exchange) and Endpoint Profiling functionality. Access licenses are consumed based upon concurrent authenticated/authorized endpoints. Onboard licenses are now consumed based upon the number of users and not per device. ClearPass 6.7 License Conversion APPLIANCE & APPLICATION LICENSE SKUS Appliances ClearPass appliances (hardware or virtual) are available for purchase using the following SKUs. Hardware specifications and scaling details are provided later in this document. Hardware Appliances 1 Part Number JZ508A JZ509A JZ510A Description Aruba ClearPass C1000 S-1200 R4 HW-Based Appliance Aruba ClearPass C2000 DL20 Gen9 HW-Based Appliance Aruba ClearPass C3000 DL360 Gen9 HW-Based Appliance Virtual Appliances 2 Part Number Description JZ399AAE Aruba ClearPass Cx000V VM-Based Appliance E-LTU 2 This single SKU is used to order a Virtual Appliance irrespective of model type, e.g. C1000V ClearPass Application Licenses ClearPass application licenses are available in three types, Access, Onboard and OnGuard. They are available as perpetual and subscription-based licenses ACCESS LICENSES The Access license is used to enable 802.1X, MAC Authentication, TACACS+, Guest, OnConnect, Security Exchange (previously ClearPass Exchange) and Endpoint Profiling. Access license consumption is based upon a concurrent session per-endpoint model. Security Exchange and Endpoint Profiling are enabled when any Access license is installed but not restricted to any ClearPass 6.7 License Conversion - TechNote 1 https://support.arubanetworks.com/documentation/tabid/77/dmxmodule/512/entryid/28178/default.aspx 16

Introspect User and Entity Behavior Analytics @ArubaNetworks

Aruba Security Portfolio Continuous Security Monitoring Niara Per user/device/iot Security Analytics for advanced threat detection ClearPass OnGuard Ecosystem Integration API Access Control Identity Wired/Wireless Infrastructure Per user/device/iot App aware firewall SDN Per user tunnel mode Via VPN ClearPass Policy Manager 802.1X / OnConnect Onboard BYOD CA Profiler Trusted Infrastructure Wired/Wireless Infrastructure Encryption Trusted Boot process Embedded TPM FIPS 140-2 & Common Criteria 18

THE SECURITY GAP SECURITY SPEND DATA BREACHES 146 days median time from compromise to discovery PREVENTION & DETECTION (US $B) # BREACHES % DISCOVERED INTERNALLY SOURCES Mandiant M-Trends 2016, Verizon Data Breach Investigations 2016, IDC 2016 19

THE PROBLEM + PREVENTION & DETECTION NOT ENOUGH INCREASINGLY POROUS MONITORING SYSTEMS FALLING SHORT CANNOT DETECT UNKNOWN THREATS AND UNABLE TO SCALE 20

Attacks involving legitimate credentials COMPROMISED 40 million credit cards were stolen from Target s severs STOLEN CREDENTIALS MALICIOUS Edward Snowden stole more than 1.7 million classified documents INTENDED TO LEAK INFORMATION NEGLIGENT Employees uploading sensitive information to personal Dropbox for easy access DATA LEAKAGE 21

TECHNOLOGY + MACHINE LEARNING CAN DETECT UNKNOWN THREATS BIG DATA CAN SCALE 22

SOLUTION - AT A GLANCE IDENTITY INFASTRUCTURE Consoles / Workflows SaaS laas CASB SIEM ANALYZER ENTITY360 ANALYTICS FORENSICS PACKET BROKER NETWORK TRAFFIC PACKETS FLOWS ALERTS DATA FUSION BIG DATA THREAT INTELLIGENCE 23

Basics of Behavioral Analytics MACHINE LEARNING UNSUPERVISED + SUPERVISED Behavioral Analytics BASELINES HISTORICAL + PEER GROUP 24

Behavior Many different dimensions Authentication AD logins Internal Resource Access Finance servers Remote Access VPN logins External Activity C&C, personal email Behavioral Analytics SaaS Activity Office 365, Box Cloud IaaS AWS, Azure Exfiltration DLP, Email Physical Access badge logs 25

The Platform Behavioral Analytics 26

Customer Examples Ransomware Indicators UEBA C&C Communication DGA Detection e.g. iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.], xxlvbrloxvriy2c5[.]onion, sqjolphimrr7jqw6[.]onion, 76jdd2ir2embyv47[.]onion SMB based bot scanning Behavioral Analytics on baseline behavior of systems and detecting anomalous communication patterns Stateful Risk Score for Compromised System 27

Customer Examples Data Exfiltration Indicators UEBA Access to internal sensitive information Abnormal access to internal data Moving sensitive data offshore Abnormal USB writes Abnormal Uploads to Box, Dropbox High Risk Score for user Michele 28

Customer Examples Abnormal Privileged Insider Activity Indicators UEBA Privilege Escalation Escalation of privileges for user not entitled to admin role Abnormal Data access Excessive Service Ticket requests Abnormal data access patterns High Risk Score for user Bob 29

Typical Solution Deployment Native or SIEM AD Logs ANALYZER DNS Packet metadata DHCP VPN Firewall Web Proxy Packet metadata PACKET PROCESSOR PACKET PROCESSOR Packets Packets Server farm Campus Data Center Minimum set of recommended data sources AD, DNS, DHCP, VPN logs native or from SIEM Network Activity ingress / egress - packets or firewall or web proxy logs Network Activity high-value targets(file shares, collaboration servers, etc.) packets or firewall logs [Optional] NetFlow, Threat feeds, Email logs, FireEye alerts 30

Licensing LICENSED BY MONITORED OPTIONS FORM FACTORS USERS SERVERS/IOT 1 YEAR SUBSCRIPTION 3 YEAR SUBSCRIPTION SOFTWARE ONLY APPLIANCE 31

Solution - Analyzer Deployment Options 2RU Appliance Customer Hadoop Cluster 1RU Scale Out Public/Hybrid Cloud (AWS / Azure) 32

ClearPass + IntroSpect = 360 0 Protection Wired/Wireless Device Authentication 1. Detect and Authorize ClearPass Policy Manager User/Device Context Actionable Alerts IntroSpect UEBA Entity360 Profile with Risk Scoring 2. Monitor and Alert 3. Decide and Act ClearPass Real-time Policy-based Actions Real-time quarantine, Re-authentication Bandwidth Control Blacklist 33

Notable Customer Wins F50 Financial CHALLENGE Monitoring privileged user activity Improve SOC efficiency INTROSPECT SOLUTION Behavioral analytics on AD, email, VPN, network FireEye alert context for investigations Legal Concerned about IP theft Lacking user-level visibility and profiling Behavioral analytics User-level visibility High Tech Security analytics initiative to supplement existing SIEM and detection systems User Behavior Analytics Splunk integration F50 Insurance F50 High Tech Alert white noise and overwhelmed SOC Splunk not delivering value High Value asset protection DLP and DNS Analytics SOC efficiency through machine intelligence Behavioral analytics for insider activity to high value assets User activity association with key assets 34

Differentiation Comprehensive visibility Most extensive attack analytics Accelerated Investigations and Response Deployment ease Packets, flows, logs No blind spots 100+ supervised and unsupervised machine learning models Adaptive learning Extensible models (new use cases, data sources) Business context in risk score Integrated forensics Seamless ClearPass integration Flexible: on-premise or cloud Ingest data natively or from SIEM, log management, packet broker solutions Quick Start, Enterprise Scale Standard Edition tuned for Aruba networks Tens of data sources, hundreds of behavioral models across tens of thousands of users 35

IntroSpect Summary Diverse Data Sources Analytics FOR + Forensics SUPPORTING Attack Detection + Incident Investigation Self-Contained Solution ALL IN A + Open Platform AVAILABLE Streamlined for Aruba Networks + Scaled for Enterprise UEBA 36

Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback