View
27
Download
0
Category
Preview:
Citation preview
Introduction to ClearPass Device Insight
Srinivas Loke
JUNE 2019
2@ArubaEMEA | #ATM19EMEA
CURRENT CHALLENGES IN DEVICE VISIBILITY
IT/Security teams lack visibility into devices on the network i.e. factory
controllers, medical equipment
Current toolset fails to adequately address visibility and IoT use cases
Volume, variety and the innovation of “things” means manual approaches cannot keep pace
Without comprehensive visibility, effective security and compliance is not possible
3@ArubaEMEA | #ATM19EMEA
HALF OF ENTERPRISE STRUGGLING TO SECURE IOT
Source: Ponemon Institute
4@ArubaEMEA | #ATM19EMEA
CLEARPASS DEVICE INSIGHT OVERVIEW
Reduces Risk by Eliminating Blind Spots
through DPI-based discovery and profiling of devices
Automatically Classifies Unknown Devices
using advanced machine learning and crowdsourcing intelligence
Ensures Secure Accessvia seamless integration with ClearPass Policy Manager
5@ArubaEMEA | #ATM19EMEA
TRADITIONAL PROFILING TECHNIQUES LACK DEVICE CONTEXT
STATIC ATTRIBUTES
NMAP | SNMP | WMI
6@ArubaEMEA | #ATM19EMEA
CLEARPASS DEVICE INSIGHT: FROM GENERIC TO GRANULAR DEVICE VIEW
STATIC ATTRIBUTES
NMAP | SNMP | WMI
WINDOWS DEVICE
AXIS DEVICE
AXIS SECURITY CAMERA
AXIS Q35 NETWORK CAMERA
DEEP PACKET INSPECTION (DPI)
STATIC + BEHAVIORAL ATTRIBUTES
APPLICATIONSWEB SITES
PORTSPROTOCOLS
CROWD-SOURCING
MACHINELEARNING
7@ArubaEMEA | #ATM19EMEA
CLASSIFIES UNKNOWN DEVICES
Device Attributes
IP/MAC Address
Application Access
Communication Protocols
Communication Frequency
Deep Packet Inspection (DPI)
MACHINE LEARNING
CROWDSOURCING
8@ArubaEMEA | #ATM19EMEA
AUTOMATED DEVICE DISCOVERY AND PROFILING
Static Attributes: Operating System, Hardware Vendor
Active and Passive techniques such as MAC OUI, NMAP, etc.
Dynamic Attributes: Understanding Behavioral AttributesDeep Packet Inspection (DPI) and Machine Learning leverage communication patterns,
applications, etc.
Comparative Attributes: Finding Commonality
Continuous monitoring of device trafficand crowdsourced intelligence to refine
and update device fingerprints
9@ArubaEMEA | #ATM19EMEA
ELIMINATES BLIND SPOTS
10@ArubaEMEA | #ATM19EMEA
Discovered Devices Classify known
devices with
fingerprintsClassification based on
static, flow and
behavior based
attributes
Checks for Fingerprint
Device Identified and
Labeled
ML-based Classification
Utilizing Machine Learning for Unknown Devices
11@ArubaEMEA | #ATM19EMEA
CLOUD-ENABLED COMMUNITY CROWDSOURCING
Aruba receives the signature
Signature is made available for use by
all customers
Customer labels a device using clusters or rules
Signature is tested and validated
12@ArubaEMEA | #ATM19EMEA
ARCHITECHTURE OVERVIEW
Combination of on-premises data collector (appliance or virtual)
and cloud-based analyzer
Through Deep Packet Inspection (DPI), device attributes are are extracted and metadata is sent
to the cloud for analysis
Campus / Datacenter
Device InsightVirtual
Collector
Device Insight
Hardware Collector
Branch
Device InsightVirtual
Collector
Gateway Switch
DEVICE INSIGHT
ANALYZER
CLOUD PLATFORM
Device Insight
Hardware Collector
Device InsightVirtual
Collector
13@ArubaEMEA | #ATM19EMEA
Multi-Vendor Switching
Multi-Vendor WLANs
3rd Party Security and Networking Vendors
360 SECURE FABRIC
ECOSYSTEM
ClearPass Policy ManagerSEGMENTATION / ENFORCEMENT
Internet of Things (IoT)
BYOD and Corporate Owned
ClearPass Device InsightENHANCED DISCOVERY /
PROFILING
Bi-Directional Data Exchange
INTEGRATION ENSURES SECURE ACCESS
14@ArubaEMEA | #ATM19EMEA
PORT-BASED DYNAMIC ROLE-BASED
StaticCamera port
Printer port
PoS port
Manual configuration of ACLs, VLANs, QoS
Automate configurations with context
PCI-compliant
Hard to scale for device type and quantity across multiple
sites
Dynamic
Flatten configurations at high scale based on user, device,
app
ENFORCED BY DYNAMIC SEGMENTATION
15@ArubaEMEA | #ATM19EMEA
IOT IN HEALTHCARE
ClearPass Device InsightENHANCED DISCOVERY /
PROFILING
16@ArubaEMEA | #ATM19EMEA
HOW WE’RE DIFFERENT
CONTINUAL INNOVATION IN IOT CONNECTIVITY, SECURITY, AND AI
COMPLETE VISIBILITY ACROSS THE ENTIRE INFRASTRUCTRE
AUTOMATED, MACHINE LEARNING-BASED, DISCOVERY AND
PROFILING
CLOUD-ENABLED, CROWDSOURCED FINGERPRINTS
DYNAMIC ROLE-BASED ACCESS CONTROL
17@ArubaEMEA | #ATM19EMEA
Getting Started with Simple Subscription-based Licenses
Component Description Deployment Licensing
Device Insight
Subscription
Primary Device Insight
subscription which includes
Device Insight Analyzer and
licenses for virtual collectors
Software running on
Aruba’s Cloud Platform
Subscription based
1,3 and 5 year SKUs
Virtual Collectors Data collector for device
discovery using deep packet
inspection
Virtual deployment on
choice of hardware
Included in Software
License
Collector Appliances Data collector for device
discovery using deep packet
inspection
Turn-key Aruba
hardware appliance
3 models to support
500, 5000 and 25K
device count
18@ArubaEMEA | #ATM19EMEA
Thank You
Still not a part of the Airheads
Community? Sign up today!
community.arubanetworks.com
19@ArubaEMEA | #ATM19EMEA
Recommended