What is on your network

Tomas Muliuolis – HPE Aruba Baltics

Rapidly Changing Security Landscape

Focused, Targeted

Attacks

Expanding Points

of Vulnerability

Mobile, cloud, BYOD

breaking down

traditional perimeter.

Some attacks inevitably

will get to inside of

network.

Attacks change more

rapidly than traditional

defenses can combat.

Digital assets continue to

increase in value and

vulnerability.

Security Team

Under Stress

Security teams understaffed

with inefficient tools. Need

analytics-driven insights to

focus on right threats

before damage is done.

?

THE NEW SECURITY

IMPERATIVE

Network

Reduce and

Manage the

Attack SurfaceVisibility and Trust

Security

Detect

Advanced

AttacksAnalytics

Network + Security

Accelerate Decision-

making and ActionAttack Response

ARUBA360 Secure

Fabric

What’s New: Aruba 360 Secure Fabric

New analytics-driven framework

• IntroSpect UEBA: New IntroSpect Standard Edition expands UEBA family

• Adaptive Attack Response: Expanded ClearPass mission now enables policy-based remediation

• Aruba Secure Core: Aruba network infrastructure with embedded security and analytics support

ARUBA 360 SECURE FABRICOpen, Analytics-driven Security for the Mobile, Cloud, and IoT Era

Aruba 360 Secure Fabric

Aruba Mobile First Infrastructurewith Aruba Secure Core

Secure Boot | Encryption | DPI | VPN | IPS | Firewall

ClearPass | IntroSpectDiscover, Authorization and Integrated Attack Detection and Response

3600 active cyber protection and secure access

from the edge, to the core, to the cloud—for any network

AnalyticsSupervised and Unsupervised Machine Learning

3rd Party Infra-structure

Aruba360 SecureExchange

THE NEW SECURITY

IMPERATIVE

Reduce and

Manage the

Attack SurfaceVisibility and Trust

Detect

Advanced

AttacksAnalytics

Accelerate Decision-

making and ActionAttack Response

ARUBA360 Secure

Fabric IntroSpect

WHEN ALL ELSE FAILS—DEALING WITH ATTACKS ON THE INSIDE

ARUBA INTROSPECT UEBA

Status Quo

1. Targeted attacks coopt legitimate credentials and take weeks and

months to unfold

2. Response delayed due to poor insights and

tools

With Aruba

1. Better and complementary attack

detection

2. Improved SOC efficiency with accelerated

investigations and response

INTROSPECT DIFFERENTIATION

Total Visibility

100+ supervised and unsupervised machine learning models

Integrated forensics data

Scales from small projects to full enterprise deployment

Open, integrated platform

“Ready-to-Go” option

ANALYZER

ENTITY360

ANALYTICS FORENSICS

DATA FUSION BIG DATA

IntroSpect UEBA

Entity360 Profilewith Risk Scoring

Packets

Flows

Logs

Alerts

ARUBA UEBA ENHANCEMENTS

New, streamlined access to UEBA—

IntroSpectStandard

Extended Visual

Analytics

Behavioral Timelines—summarized event activity

Activity Relationship

Graph—who is talking to what

Dynamic Machine Learning

Custom kill chain definition and risk scoring

Noise suppression

Reliability metrics and reporting

Automated peer grouping

More Accurate Entity

Profiling

IoT devices

Precision Guest tracking

Integrated Attack

Response

Manual or automated attack

remediation

ClearPass Attack Policy Template

Optimized for IntroSpect and

ClearPass integration

INTROSPECT PRODUCT FAMILY:EASY ENTRY, COMPLETE SOLUTION

IntroSpect Standard“Ready-to-Go” UEBA

IntroSpect AdvancedLeading UEBA Solution

AD, LDAP and FW logs (e.g. PAN, Checkpoint, Aruba AMON)

Key use cases: Account compromise, lateral spread

and data exfiltration detection

In-line upgrade to IntroSpect Advanced

Full range of sources (DNS, DHCP, Web Proxy, CASB, etc.)

Extended set of use cases:

command and control, beaconing, pass-the-hash, etc. detection

Threat hunting

Search

Deep forensics

THE NEW SECURITY

IMPERATIVE

Reduce and

Manage the

Attack SurfaceVisibility and Trust

Detect

Advanced

AttacksAnalytics

Accelerate Decision-making

and Action

ClearPass + IntroSpect

+ Partners

ARUBA360 Secure

Fabric

Attack ResponseWired, Wi-Fi, VPN

Precision Access PrivilegesDevice Discovery

and Profiling

Visibility Policy

EnforcementAuthorization

ClearPass Secure Network Access Control

ClearPassAdaptive Response

Real-time quarantine Re-authenticationBandwidth Control

Blacklist

User/Device Context

Wired/WirelessProfiling and Authentication

ActionableAlerts

ClearPassEntity360 Profilewith Risk Scoring

1. Detect and Authorize

2.Monitor

and Alert

3. Decide and Act

IntroSpect UEBA

http://www.arubanetworks.com/products/security/ueba/www.arubanetworks.com/clearpass

CLEARPASS + INTROSPECT = CLOSED-LOOP PROTECTION

4. Update

and Enforce

ClearPassAdaptive Response

Real-time quarantine Re-authenticationBandwidth Control

Blacklist

User/Device Context

Wired/WirelessProfiling and Authentication

ActionableAlerts

ClearPass

1. Detect and Authorize

2.Monitor

and Alert

3. Decide and Act

http://www.arubanetworks.com/products/security/ueba/www.arubanetworks.com/clearpass

CLEARPASS + PARTNERS = CLOSED-LOOP PROTECTION

4. Update

and Enforce

Exchange Partners

THE NEW SECURITY

IMPERATIVE

Reduce and

Manage the

Attack SurfaceVisibility and Trust

Aruba

Secure

Core

Detect

Advanced

AttacksAnalytics

Accelerate Decision-

making and ActionAttack Response

ARUBA360 Secure

Fabric

Trusted Traffic

Centralized encryption

Per-user virtual

connection/FW

Device Assurance

Hardware-enforced protection

Secure Boot

Aruba Secure

Core

Analytics-Ready Insights

Traffic intelligence

Tuned for Machine Learning

Tunneled Node

What is Tunneled Node?

Tunneled Node • Extends the AP-controller tunneling scheme to the access switches

Tunnel

• GRE tunnels from each port transport all traffic to/from “tunneled” interfaces

• Traffic from other interfaces is forwarded normally by the switch

• Management and control traffic is NOT tunneled

Policy enforcement

Products• 5400R switch series with v2 and v3 modules• 3810 switch series

• 3800 switch series• 2930F switch series• 2920 switch series

Trust QoS

* Tunneled Node is not supported in 2540/2530/2620.

Tunneled Node: unified policy enforcement for wired and wireless clients

Consistent wireless-wired network architecture

Centralized role-based policy enforcement

Access to Aruba controller’s security features such as Firewall, packet inspection and finger printing

Enhanced security with traffic separated by tunnels

Redundant controllers supported

Per Port Tunneled NodePPTN

Per Port Tunneled Node

• Complete isolation of access layer based on physical access port

• Access to Controller’s applications

• All traffic tunneled to controller

• Support on 5400R/v3, 3810, 2930F/M and 2920. Requires AOS 8.1 or later in the controllers

Aruba Controllers

3810

Tunnels

ArubaAP

5400R

3810/2930

5400R

ArubaControllers

ClearPassPolicy Manager

Use case: Unified Policy Enforcement

Local controller

Policy enforcement(CPPM, Skype for

Business, etc.)

Guest mgmt

Device profiling

3rd party MDM

3rd Party Directory Svc

Core Switch

(VSF/IRF)

WLANTunnel

Wired LANTunnel

SDN/API Skype for Business (Lync Edge server)

LAN

WWW WAN / VPNs

User / Entity Centric Design Advantages Role based access

Policy denies intra-vlan communication (micro-segmentation)

Continuous profiling

Role assigned based on AAA & Profiling

Faster new services deployment (ZTP)

All ports are secured

Single DHCP scope per branch

WAN policy is centrally defined by user, application and DPS

Traditional access

Intra-vlan communication is allowed

VLAN is assigned only once (manually)

VLAN assigned based on physical port

New services requires new VLAN deployment

Ports are default-open, accidental access is possible

DHCP scope fragmented per vlan

WAN policy is defined by distributed routing

Per User Tunneled NodePUTN

Per User Tunneled Node

• Secured and flexible control of access layer

• Access to Controller’s applications

• Higher availability and scalability

• Support on 5400R/v3, 3810, and 2930F/M. Requires AOS 8.1 or later in the controllers

Aruba Controllers

3810

Tunnels

ArubaAP

5400R

3810/2930

5400R

ArubaControllers

ARUBA 360 SECURE FABRIC

AnalyticsProtected, Proactive Infrastructure Discovery and Authorization

Continuous Monitoring and Detection

Policy-based Adaptive Attack Response

Connectivity, Intelligent Insight, Control

I Know

WHAT ISTHE