Adaptive Trust Security

CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

Adaptive Trust Security

Policies for Today’s Enterprise Mobility

Trent Fierro – Product & Solutions Mgr., @Trentf_CA

Don Meyer - Product & Solutions Mgr., @Tofly4wifi


The New Normal - GenMobile

BRANCH

HOME

ENTERPRISE

PUBLIC VENUES


Emerging Mobility Concerns

1. Who and what can connect to enterprise resources2. Loss of data, excessive phone charges, lost productivity3. Employees on open Wi-Fi networks

2. Device Loss / Theft 3. Unsecured Networks1. BYOD


The Changing Security Perimeter

Traditional security focused on a fixed perimeter

GenMobile dilutes the notion of a fixed perimeter


Perimeter Defense

IDS/IPS

Firewalls

Adaptive Trust Security

Firewalls

IDS/IPS/AV Web gateways

EMM/MDM

Physical

Webgateways

A/V

Time for a New Mobile Defense Model

Policy needed for central point of control

Access Policy Management


Sharing of Contextual Awareness

ClearPass

FIREWALLS

IDS/IPS WEB GATEWAYS

EMM/MDM

The Building Blocks of Adaptive Trust

Granular control with user and device data

Identity, IP address

Network controls using device attributes

Highly credible user and device data

Visibility into user and device OS

Central repository


Example - Context for Accurate Firewall Policies

• Frederik• Mac OS 10.9.3• Marketing• 10.0.1.12User and Device

FW policy adapts to need

User and device context accuracy Works with AD, LDAP, ClearPass dB, SQL dB No agents/clients required

ClearPass

Context SharedEmployee Access

Adaptive Trust – The Starting Point


Growing User Demands on IT

Policies for connecting

personal devices

Onboarding

Works regardless ofrole, device, location

Always-On Access

Access doesnot require

going throughIT

Guest Credentials


The ClearPass Solution for Secure Mobility

Guest

ClearPass

Onboard OnGuard

Baseline Hardware or VM Appliances(500, 5,000 or 25,000) Remote Location

Expandable Applications


Why Policy vs. AAA

Policy with built-in AAA: RADIUS and TACACS

Per user access to network and resources

Use of context:Users, device profiles, location

Note: Optimized for multivendor Wi-Fi, wired and VPN

ClearPass Policy Manager


Adaptive Policy Driven by Device Ownership

Enterprise Tablet BYOD Tablet

Authentication EAP-TLS

SSID CORP-SECURE


SSID CORP-SECURE

Internet Only


Adaptive Policy Driven by Device Ownership

Enterprise Tablet BYOD Tablet


SSID CORP-SECURE


SSID CORP-SECURE

Internet Only

1. Uses same identity store and EAP type2. Leverages profiling, onboarding data3. No need for separate SSIDs4. Works at the office and over VPN


Differentiation of Access and Device Limits

Authentication using Unique Device Certificates

User’s device detected& redirected to portal

1

Settings and cert configuredafter credentials entered

2

Automatically places user on proper network segment

3

Doctor

• Easy • No Passwords• Secure


Differentiation of Access and Device Limits

Authentication using Unique Device Certificates

User’s device detected& redirected to portal

1

Settings and cert configuredafter credentials entered

2

Automatically places user on proper network segment

3

Doctor

• Easy • No Passwords• Secure

1. Uses same identity store for nurse & doctors2. IT creates policy for who can onboard3. Role determine # of devices per user4. All context collected can be used in policy


Secure Guest Access

Portals deter users from just hopping on

Complete customization:Sponsors, portals, usable data & enforcement

Ensures guests receive their own credentials

Note: PEAP-Public for secure guest accessClearPass Guest


Secure Guest Access

Deter users from just hopping on

Complete customization:Usable policy data & enforcement

Ensures guests receive their own credentials

Note: Sponsor access for convenience and controlClearPass Guest

1. Uses internal identity store – no AD needed2. Policy determines guest type, access, time, BW 3. Self-serve and sponsor capabilities4. Onboard context keeps employees off guest

network


Guest Access Services

• Fully customizable

– Sponsor privileges with access verification

– Self-service

– Per session controls

– Automated SMS/email credential delivery

– Little IT involvement

– Mac caching

No more wide-open SSIDs and shared keys!


Leader in Network Access Control

Strong growth and abilityto win large opportunities

• Streamlined onboarding of personal devices

• Highly customizable guest access

• Unique support of Bonjour capable devices

• Detailed diagnostic and visibility features

Gartner NAC Magic Quadrant 2013 & 2014


Industry-wide Deployments


New Guidance, Overviews and More

Definitive Guide to Secure Mobility

2pg Executive Briefs (x3)Partner Solution Briefs(PAN, MobileIron, etc.)

AAA Migration to Policy (PPT)

Secure Mobility Landing Page

Adaptive TrustWhitepaper (coming)

ClearPass Exchange Recipes Web Site


POLICY

Profiler

EMM / MDM

NAC

TACACS

RADIUS

Guest

Device Registration

ClearPass

Automated security workflows

Context-based policy enforcement

Integration with Third Party Solutions

WIRELESS and WIRED SECURITY

MDM/EMM

Exchange

Auto Sign On

Single Sign On

Onboarding

AirGroup

SIEM Support

Key Points

ANY MULTIVENDOR NETWORK

THANK YOU

Adaptive Trust Security

Technology

Transcript of Adaptive Trust Security