Aruba, a Hewlett Packard Enterprise Company, is best known for its outstanding business-grade Wi-Fi products. What’s less well known about Aruba is that it has always had excellent security products. In fact, I’ve often described the company as a security vendor dressed up as a Wi-Fi vendor, as Aruba and security have gone hand in hand like the New England Patriots and winning.
但是,Aruba的安全定位一直是战术性的,而不是战略性的,因为其产品用于特定目的,例如终点保护或无线安全。本周在澳门的亚太气氛中发生了变化,当时该公司引入了360个安全结构,这使其能够提供端到端的安全性,以满足越来越多的数字化的世界的需求。
+ Also on Network World:Cybersecurity fabric vs. a security platform: Fabric wins+
Technologies such as the Internet of Things, cloud and mobility have created a number of new entry points that enable the bad guys to bypass traditional perimeter devices. An interesting factoid from ZK Research is that 90 percent of security budgets are still spent building a bigger and stronger perimeter, but only 27 percent of the breaches come through that avenue. I’m in no way downplaying the importance of securing the perimeter, as it’s something all businesses need to do, but this must be complemented with better internal security.
我喜欢安全结构的概念,因为它简化了安全性,它使网络和安全专业人员能够更快地响应网络攻击,从而最大程度地减少违规的影响。一年前,我写了关于security fabrics,尽管我对Fortinet进行了介绍。
While the value proposition for the Fortinet and Aruba fabrics are similar, the way the two companies developed their solutions is quite different, showing there is indeed more than one way to skin a cat.
As one would expect, Fortinet’s fabric leverages great security products. While Aruba plays to its strengths by building the fabric on strong networking products, making it ideal for companies where there is a tight coupling between network and security operations. Given most digital technologies are network centric, this should be a trend that becomes more commonplace.
Aruba 360 Security Fabric features
Aruba 360 Security Fabric is built on the following components:
- Aruba IntroSpect User and Entity Behavioral Analysis (UEBA) solution (formerly Niara).As the name suggests, this continuously monitors network activity from all devices, including IoT endpoints. The basic version uses baselines and anomaly detection to spot what might be a breach. A new advanced version incorporates machine learning, peer group analysis and integrated response. Businesses can start with basic and then quickly upgrade to IntroSpect Advanced when needed.
- Aruba ClearPass.There is no product from Aruba that emphasizes how good the company is at security than ClearPass. The widely adopted network access control (NAC) and policy management solution automates the threat response sent from UEBA. One of the strengths of ClearPass is that it is vendor agnostic and often runs on Cisco networks.
- Aruba安全核心。The security fabric uses a number of features built into Aruba’s Wi-Fi APs, wireless controllers and network switches. This includes flow information, analytics and encryption.
重要的是要注意,客户不必立即部署所有这些技术,因为Aruba 360 Security Fabric支持了一系列第三方,并且可以利用这些技术。例如,您可以使用Microsoft Active Directory,而不是使用ClearPass进行身份验证。数据源的其他示例是检查点和帕洛阿尔托日志和LDAP。
确保物联网设备
One of the more interesting features worth investigating deeper is the device peer grouping, particularly for IoT. The majority of IoT devices are deployed by the operational technology (OT) group, meaning network operations is often blind to them. As ZK Research notes, 50 percent of networking teams have little to no confidence they are aware of all the connected endpoints. This poses a security challenges, since, as the axiom goes, you can’t secure what you can’t see. Also, even if the network operations team is aware of the IoT devices, many of those devices are fairly dumb and offer very little information to help with security and network optimization.
The device peer grouping feature profiles all devices and builds “peer groups” of them and then ClearPass signals when something seems awry. For example, the solution could infer a device was a connected soda machine by comparing the traffic to and from the device. All of the devices in that peer group would exhibit similar behavior, such as sending traffic to and from Coca-Cola. If the device suddenly starts trying to access point-of-sale devices, that anomaly would be flagged for further investigation and ClearPass would automatically quarantine it.
企业变得越来越动态和分发,使用丰富的数据和机器学习以分析驱动的安全性可以比大多数企业使用的反应性工具更好地保护公司。Aruba 360安全织物利用公司的广泛网络和安全产品来提供高级功能网络,从而缩短了时间并应对从几周或几个月到几个小时的违规行为的时间。