As the demand for mobility at work increases, laptops, smartphones, tablets and Internet of Things (IoT) devices are pouring into the workplace. On average, employees utilize three different devices at a time – and all of them increase vulnerabilities inside your enterprise.
Identifying who and what is connecting is the first step towards network security and protecting your enterprise. The automated application of wired and wireless policy enforcement ensures that only authorized and authenticated users and devices are allowed to connect. At the same time. real-time attack response and threat protection is required to secure and meet audit and compliance requirements.
Ensuring network security means changing priorities for IT
The boundaries of IT’s domain now extend beyond the four walls of the business’ physical location. With the need to connect anywhere, anytime, how does IT maintain visibility and control without sacrificing security? It starts with a three-step plan.
- Identify what devices are being used, how many, where they’re connecting from and which operating systems are supported. These insights give IT the visibility required over time.
- Enforce accurate policies that provide proper user and device access, regardless of user, device type, or location.
- Protect resources via dynamic policy controls and real-time threat remediation that extends to third-party systems.
Aruba ClearPass provides full-spectrum visibility across the network
Network security starts with visibility of all devices, because you can’t secure what you can’t see. Here’s a look at the tools being rolled out to increase visibility:
- ClearPass Device Insight greatly enhances core discovery and profiling capabilities to identify the wide range of IoT devices in many environments.
- ClearPass OnConnect is a built-in feature that enables organizations to lock down those thousands of wired ports using non-AAA enforcement.
- ClearPass Onboard lets users safely configure devices for use on secure networks on their own, while allowing IT to define which users have that privilege, the type of device they can use, and how many devices per person.
- ClearPass Guest makes it easy and efficient for employees, receptionists, event coordinators, and other non-IT staff to create temporary network access accounts for any number of guests per day, which can be set to expire automatically.
- ClearPass OnGuard features built-in capabilities that perform posture-based health checks to eliminate vulnerabilities across a wide range of computer operating systems and versions.
The final element of network security is response: the ability to respond to attack event data presented by other security vendors. Aruba 360 Security Exchange lets you automate security threat remediation or enhance a service using popular third-party solutions like firewalls, MDM/EMM, MFA, visitor registration, and SIEM tools. Leveraging the context intelligence included in Aruba ClearPass allows organizations to ensure that security and visibility is provided at a device, network access, traffic inspection, and threat protection level.
Using a common-language (REST) API, syslog messaging, and a built-in repository called ClearPass Exchange, automated workflows and decisions help simplify tasks and secure the enterprise – no more complex scripting languages and tedious manual configuration. And for faster integration, ClearPass Extensions allows partners to upload an extension, for real time delivery of new services to joint customers.
With ClearPass Exchange, networks can automatically take action:
- MDM/EMM data like jailbreak status of a device can determine if it can connect to a network
- Firewalls can accurately enforce policies based on user, group, and specific device attributes, and leverage ClearPass to remediate a device exhibiting poor behavior
- SIEM tools can be set-up to store authentication data for all connected devices
- Users can be asked to use multi-factor authentication to verify their identity when connecting to networks and resources
Network events can also prompt firewalls, SIEM, and other tools to inform ClearPass to take action on a device by triggering actions in a bidirectional manner. For example, if a user fails network authentication multiple times, ClearPass can trigger a notification message directly to the device or blacklist the device from accessing the network.
Protect network security by detecting threats before they do damage
Modern threats to network security are now evolving from inside organizations. They may involve malicious, compromised, or negligent users, systems, and devices. An enterprise can no longer look at security the same way. Machine learning and behavior analysis are the next steps to solving the dual crisis of better resourced threats and undervalued security operations.
Aruba’s IntroSpect UEBA plugs the gap between device visibility and control, and the secondary threat of malicious behavior. It detects small changes in behavior that, when put into context over a period of time, become indicative of attacks that have evaded traditional security defenses.
With the integration of IntroSpect and ClearPass, the prevision alerts generated by one mean that the other can respond with pre-determined policy-based actions and cut off the threat before it does damage.
Contact WEI for a custom network security solution with Aruba ClearPass today
Over 7,000 customers in 100 countries have secured their network and their enterprise with Aruba ClearPass for better visibility, control, and response. To start the conversation about how you can better protect your organization, contact WEI today.