Embed Size (px)
Citation preview
Airheads Tech Update25. mai 2018
Fornebu
Airheads Tech Update25. mai 2018
Fornebu
2
AgendaAirheads Tech Update
• Velkommen og praktisk info (~5 minutter)
• Del 1 (~60 minutter)
• Aruba Secure Core
• ClearPass - Network Access Control
• 360 Security Exchange
• IntroSpect - User and Entity Behavior Analytics
• Kort pause (~10 minutter)
• Del 2 (~35 minutter)
• Demo: CoA mellom ClearPass og AOS 8
• Demo: IntroSpect GUI
• Q&A
• Avslutning og informasjon om neste ATU
3
Velkommen og praktisk infoAirheads Tech Update
–Toaletter finnes i gangen ved heisene der dere kom inn
–Airheads Tech Updates gjennomføres kvartalsvis framover
–Airheads Community - http://community.arubanetworks.com/
– Det finnes to norskspråklige grupper:
–Norsk Forum - http://community.arubanetworks.com/t5/Norsk-Forum/bd-p/NorwegianForum
–Airheads Channel Group – Norway
–ABC Networking - https://www.youtube.com/c/ABCNetworking
–Facebook - https://www.facebook.com/groups/564300347107470/
– Airheads Happy Hour
–Spør gjerne underveis
Aruba Secure CoreANALYTICS-DRIVEN PROTECTION
FROM THE EDGE TO THE CORE TO THE CLOUD
Anders Lagerqvist – Systems Engineer
ARUBA 360 SECURE FABRICOpen, Analytics-driven Security for the Mobile, Cloud, and IoT Era
Aruba 360 Secure Fabric
Aruba Mobile First Infrastructurewith Aruba Secure Core
Secure Boot | Encryption | DPI | VPN | IPS | Firewall
ClearPass | IntroSpectDiscover, Authorization and Integrated Attack Detection and Response
3600 active cyber protection and secure access
from the edge, to the core, to the cloud—for any network
AnalyticsSupervised and Unsupervised Machine Learning
3rd Party Infra-structure
Aruba360 SecureExchange
Trusted Traffic
Centralized encryption
Per-user virtual
connection/FW
Device Assurance
Hardware-enforced protection
Secure Boot
Aruba Secure
Core
Analytics-Ready Insights
Traffic intelligence
Tuned for Machine Learning
Secure Core – Network Security features
Mobility
Master
Cluster of
Mobility Controllers
WebCC
Policy Engine FirewallRF Protect
Secure Core - Role based access networking
Next-Gen Firewall
(for WLAN, LAN & VPN)Role Based
access
Stateful
firewall
rules
QoS
flow-based
VLAN
Device context:
User, device,
location, time,
application
ROLE BASED ACCESS
NETWORKING
Secure Core – For every use case
DATA CENTER
LAN
(trusted)
Campus AP
WAN
(trusted)Internet
(untrusted)
VLANs
Remote AP
Mobility
Controllers
FW End-to-end encryption
Secure Core - Wired and VPN
AirWave Network
ManagementClearPass Access
Management
Wired AP: ArubaOS Switches
with SDN
VLANs
VIA
LAN
(trusted)WAN
(trusted)Internet
(untrusted)
Mobility
Controller
Secure Core - MultiZone
Multiple networks on the same access point with MultiZone
LoCtrl2
CSw1 CSw1
LoCtrl1
Aruba 7200Mobility Controller
Aruba 7200Mobility Controllers
Network A Network B
MultiZone
• Multiple secure separated networks
• SSIDs terminate on different controllers
• SSIDs managed by different controllers
• Efficient use of Wi-Fi resources
• Secure data separation
• Multiple vertical use cases:
• Government (classified vs. unclassified)
• Airports (public, airport security, airline staff)
• Shopping malls (staff, service provider,
retail stores)
AirWave
ClearPass
Secure Core – IoT and guest ready
Mobility Master
Cluster of
Mobility Controllers
Centralized
management of Virtual
Mobility Controllers and
mobility controllers
MultiZone for
multi-tenant
access points
Zero-touch
provisioning Centralized licensing
Hierarchical config and New UI
Per user tunnel node
Rapidly Changing Security Landscape
Focused, Targeted
Attacks
Expanding Points
of Vulnerability
Mobile, cloud, BYOD
breaking down
traditional perimeter.
Some attacks inevitably
will get to inside of
network.
Attacks change more
rapidly than traditional
defenses can combat.
Digital assets continue to
increase in value and
vulnerability.
Security Team
Under Stress
Security teams understaffed
with inefficient tools. Need
analytics-driven insights to
focus on right threats
before damage is done.
?
THE NEW SECURITY
IMPERATIVE
Network
Reduce and
Manage the
Attack SurfaceVisibility and Trust
Security
Detect
Advanced
AttacksAnalytics
Network + Security
Accelerate Decision-
making and ActionAttack Response
ARUBA360 Secure
Fabric
What’s New: Aruba 360 Secure Fabric
New analytics-driven framework
• IntroSpect UEBA: New IntroSpect Standard Edition expands UEBA family
• Adaptive Attack Response: Expanded ClearPass mission now enables policy-based remediation
• Aruba Secure Core: Aruba network infrastructure with embedded security and analytics support
ClearPassSecure Network Access Control
Today’s Digital Workplace Concerns
Device Visibility
Over 90% of customers do not
know how many and what types are on their networks
Connection Options
Customers lack plans for BYOD, IoT, wired, wireless and VPN policies
User Logins
Customers want help withaccess for employees, guests, students, doctors
Question of the Day – Week - Month - Year
WHAT
ISTHE
Visibility – the first step
Device Visibility Enhanced
DHCP
SNMP
SSH
TCPWMI
CDP, LLDP
OnGuard
Accurate Policy Decision
NMAP
• NMAP Port-based Scanner
• On-demand or pre-scheduled scans
• Granular visibility for like devices
• Enhances our competitive advantage
Mac OUI
NMAP Scan
Two IoT Endpoints
AfterBefore
Temperature Sensor
Lighting Sensor
NEW WAY:
Create your own Fingerprints!
OLD WAY:
Wait for new Fingerprints to be made and/or manually
override devices 1:1
Enhanced Profiling and Policy – Solving IoT Issues
Understanding Device & IoT Connectivity Options
Customers want to managewhat devices connect
Only some support secure connections
50% of IoT may bewired
• ClearPass supports any customer infrastructure and need
First
Flo
or
Second F
loor
Third F
loor
Wired vs WirelessSecuring the ports
CONTROLLERS
SWITCHESACCESS POINTS
SMALL NUMBER OF UNUSED CONTROLLERPORTS TO CLOSE (ZERO with VM)
1000’s of CORE, DC, CAMPUS & EDGEPORTS TO DEFINE, CLOSE & SECURE
SOFTWARE CONTROLS FOR
“COLORLESS” PORTS
Device and
user identity
stores
Ports assigned to new
VLANs through ClearPass
based on device type
IoT devices on the
wired network
connecting to any portPrevention against malware
and insider threats
Secure per device
tunneling to Aruba
Mobility Controller
Aruba
switches
user/role device type / health
locationtime / day
Enforce A Per Device Policy
user/role device type / health
locationtime / day
Enforce A Per Device Policy
ClearPass
ENFORCEIDENTIFY PROTECT
27
ClearPass Exchange
Infrastructure
MDM / EMM
Network
controls using
real-time
device data
Visibility into
location and
time with
granular
controls
Next-Gen
Perimeter Defense
SIEM, Automation, MFA
Granular
traffic control
with user and device data
Visibility and
interactive
control
features
28
Adaptive Trust Context Sharing
Firewall policy
adapts to needContext sharedEmployee access
• Thomas
• Mac OS 10.9.3
• Marketing
• 10.0.1.12
Works with AD, LDAP, ClearPass dB, SQL dB
No agents/clients required
29
Ingress Engine Third-party Threat Protection
Adaptive Trust Defense based on real-time threat detection
** Firewall / IPS
LAN/WLAN
User connects and
uploads threat
NGFW/IPS sends
event to ClearPass
ClearPass isolates
client
• Offers enhanced user experience as ClearPass can initiate user
notifications, help-desk tickets, and update third-party security solutions
• ** Device in step 2 can be MDM/EMM, SIEM, etc.
1 2 3
30
More Ways to Talk To ClearPassClearPass 6.6 has double the APIs
ClearPass Policy Manager and more…
CLEARPASS POLICY MANAGER
Onboard Guest
REMOTE LOCATION
OnGuard
ClearPass Core Functionality
32
NETWORK EDGE
Multi-Vendor
Wired/Wireless/VPN
NETWORK
COREProfiler
AAA/RADIUS
NAC
Cert. Authority
Onboarding
Guest
Device Registration
Visitor
Employee
Employee BYOD
Headless Devices
Contractor
Administrator
USERS
Policy – Visibility - Workflow
AD/LDAP
SQL
Token
PKI
IDENTITY
SOURCES
ClearPass
User/Role
Time/Day
Location
Device Type/Health
CONTEXT
IntroSpectUser and Entity Behavior Analytics
*NSMs årlige sikkerhetsrapport «Risiko 2018»
Attacks involving legitimate credentials
COMPROMISED40 million credit cards were stolen
from Target’s severs
STOLEN CREDENTIALS
NEGLIGENTEmployees uploading sensitive information to
personal Dropbox for easy access
DATA LEAKAGE
MALICIOUSEdward Snowden stole more than 1.7 million
classified documents
INTENDED TO LEAK INFORMATION
TECHNOLOGY
MACHINE LEARNINGCAN DETECT UNKNOWN THREATS
+
BIG DATACAN SCALE
NETWORK TRAFFIC
PACKETS
FLOWS
IDENTITY
INFRASTRUCTURE
SaaS
laaS
ALERTS
Consoles / Workflows
SIEM
PACKET
BROKER
CASB
THREAT INTELLIGENCE
SOLUTION - AT A GLANCE
ANALYZER
ENTITY360
ANALYTICS FORENSICS
DATA
FUSION BIG DATA
Basics of Behavioral Analytics
Behavioral
Analytics
UNSUPERVISED
+SUPERVISED
HISTORICAL
+PEER GROUP
MACHINE LEARNING BASELINES
DETECTING AN ANOMALY
ABNORMAL APPLICATION
ACCESS
Internal Resource Access
Finance servers
Behavioral
Analytics
Peer Baseline Anomaly
Finding the malicious in the anomalous
Behavioral
Analytics
SUPERVISED
UNSUPERVISED
MACHINE LEARNING
DLP
Sandbox
Firewalls
STIX
Rules
Etc.
THIRD PARTY ALERTS
A look into Introspect
IntroSpect Product Family—Easy Entry, Complete Solution
IntroSpect Standard
Streamlined for Aruba Network
Infrastructure
• Fast start to UEBA technology• AD, LDAP and FW logs (Aruba Wireless Controller Logs)• Account compromise, attack spread and data exfiltration
use cases• In-line upgrade to Advanced functionality
IntroSpect Advanced
Leading UEBA Solution
• Full range of sources• Extended set of use cases• Threat hunting• Search• Deep forensics
www.arubanetworks.com/clearpass www.IntroSpect.com
ClearPass Real-time Policy-based Actions
• Real-time quarantine• Re-authentication• Bandwidth Control• Blacklist
User/DeviceContext
Wired/WirelessDevice Authentication
ActionableAlerts
ClearPassPolicy Manager
IntroSpect UEBA
Entity360 Profilewith Risk Scoring
ClearPass + IntroSpect = 3600 Protection
1. Discover and Authorize
2. Monitor and Alert
3. Decide and Act
