Upload
others
View
19
Download
0
Embed Size (px)
Citation preview
What is on your network
Tomas Muliuolis – HPE Aruba Baltics
Rapidly Changing Security Landscape
Focused, Targeted
Attacks
Expanding Points
of Vulnerability
Mobile, cloud, BYOD
breaking down
traditional perimeter.
Some attacks inevitably
will get to inside of
network.
Attacks change more
rapidly than traditional
defenses can combat.
Digital assets continue to
increase in value and
vulnerability.
Security Team
Under Stress
Security teams understaffed
with inefficient tools. Need
analytics-driven insights to
focus on right threats
before damage is done.
?
THE NEW SECURITY
IMPERATIVE
Network
Reduce and
Manage the
Attack SurfaceVisibility and Trust
Security
Detect
Advanced
AttacksAnalytics
Network + Security
Accelerate Decision-
making and ActionAttack Response
ARUBA360 Secure
Fabric
What’s New: Aruba 360 Secure Fabric
New analytics-driven framework
• IntroSpect UEBA: New IntroSpect Standard Edition expands UEBA family
• Adaptive Attack Response: Expanded ClearPass mission now enables policy-based remediation
• Aruba Secure Core: Aruba network infrastructure with embedded security and analytics support
ARUBA 360 SECURE FABRICOpen, Analytics-driven Security for the Mobile, Cloud, and IoT Era
Aruba 360 Secure Fabric
Aruba Mobile First Infrastructurewith Aruba Secure Core
Secure Boot | Encryption | DPI | VPN | IPS | Firewall
ClearPass | IntroSpectDiscover, Authorization and Integrated Attack Detection and Response
3600 active cyber protection and secure access
from the edge, to the core, to the cloud—for any network
AnalyticsSupervised and Unsupervised Machine Learning
3rd Party Infra-structure
Aruba360 SecureExchange
THE NEW SECURITY
IMPERATIVE
Reduce and
Manage the
Attack SurfaceVisibility and Trust
Detect
Advanced
AttacksAnalytics
Accelerate Decision-
making and ActionAttack Response
ARUBA360 Secure
Fabric IntroSpect
WHEN ALL ELSE FAILS—DEALING WITH ATTACKS ON THE INSIDE
ARUBA INTROSPECT UEBA
Status Quo
1. Targeted attacks coopt legitimate credentials and take weeks and
months to unfold
2. Response delayed due to poor insights and
tools
With Aruba
1. Better and complementary attack
detection
2. Improved SOC efficiency with accelerated
investigations and response
INTROSPECT DIFFERENTIATION
Total Visibility
100+ supervised and unsupervised machine learning models
Integrated forensics data
Scales from small projects to full enterprise deployment
Open, integrated platform
“Ready-to-Go” option
ANALYZER
ENTITY360
ANALYTICS FORENSICS
DATA FUSION BIG DATA
IntroSpect UEBA
Entity360 Profilewith Risk Scoring
Packets
Flows
Logs
Alerts
ARUBA UEBA ENHANCEMENTS
New, streamlined access to UEBA—
IntroSpectStandard
Extended Visual
Analytics
Behavioral Timelines—summarized event activity
Activity Relationship
Graph—who is talking to what
Dynamic Machine Learning
Custom kill chain definition and risk scoring
Noise suppression
Reliability metrics and reporting
Automated peer grouping
More Accurate Entity
Profiling
IoT devices
Precision Guest tracking
Integrated Attack
Response
Manual or automated attack
remediation
ClearPass Attack Policy Template
Optimized for IntroSpect and
ClearPass integration
INTROSPECT PRODUCT FAMILY:EASY ENTRY, COMPLETE SOLUTION
IntroSpect Standard“Ready-to-Go” UEBA
IntroSpect AdvancedLeading UEBA Solution
AD, LDAP and FW logs (e.g. PAN, Checkpoint, Aruba AMON)
Key use cases: Account compromise, lateral spread
and data exfiltration detection
In-line upgrade to IntroSpect Advanced
Full range of sources (DNS, DHCP, Web Proxy, CASB, etc.)
Extended set of use cases:
command and control, beaconing, pass-the-hash, etc. detection
Threat hunting
Search
Deep forensics
THE NEW SECURITY
IMPERATIVE
Reduce and
Manage the
Attack SurfaceVisibility and Trust
Detect
Advanced
AttacksAnalytics
Accelerate Decision-making
and Action
ClearPass + IntroSpect
+ Partners
ARUBA360 Secure
Fabric
Attack ResponseWired, Wi-Fi, VPN
Precision Access PrivilegesDevice Discovery
and Profiling
Visibility Policy
EnforcementAuthorization
ClearPass Secure Network Access Control
ClearPassAdaptive Response
Real-time quarantine Re-authenticationBandwidth Control
Blacklist
User/Device Context
Wired/WirelessProfiling and Authentication
ActionableAlerts
ClearPassEntity360 Profilewith Risk Scoring
1. Detect and Authorize
2.Monitor
and Alert
3. Decide and Act
IntroSpect UEBA
http://www.arubanetworks.com/products/security/ueba/www.arubanetworks.com/clearpass
CLEARPASS + INTROSPECT = CLOSED-LOOP PROTECTION
4. Update
and Enforce
ClearPassAdaptive Response
Real-time quarantine Re-authenticationBandwidth Control
Blacklist
User/Device Context
Wired/WirelessProfiling and Authentication
ActionableAlerts
ClearPass
1. Detect and Authorize
2.Monitor
and Alert
3. Decide and Act
http://www.arubanetworks.com/products/security/ueba/www.arubanetworks.com/clearpass
CLEARPASS + PARTNERS = CLOSED-LOOP PROTECTION
4. Update
and Enforce
Exchange Partners
THE NEW SECURITY
IMPERATIVE
Reduce and
Manage the
Attack SurfaceVisibility and Trust
Aruba
Secure
Core
Detect
Advanced
AttacksAnalytics
Accelerate Decision-
making and ActionAttack Response
ARUBA360 Secure
Fabric
Trusted Traffic
Centralized encryption
Per-user virtual
connection/FW
Device Assurance
Hardware-enforced protection
Secure Boot
Aruba Secure
Core
Analytics-Ready Insights
Traffic intelligence
Tuned for Machine Learning
Tunneled Node
What is Tunneled Node?
Tunneled Node • Extends the AP-controller tunneling scheme to the access switches
Tunnel
• GRE tunnels from each port transport all traffic to/from “tunneled” interfaces
• Traffic from other interfaces is forwarded normally by the switch
• Management and control traffic is NOT tunneled
Policy enforcement
Products• 5400R switch series with v2 and v3 modules• 3810 switch series
• 3800 switch series• 2930F switch series• 2920 switch series
Trust QoS
* Tunneled Node is not supported in 2540/2530/2620.
Tunneled Node: unified policy enforcement for wired and wireless clients
Consistent wireless-wired network architecture
Centralized role-based policy enforcement
Access to Aruba controller’s security features such as Firewall, packet inspection and finger printing
Enhanced security with traffic separated by tunnels
Redundant controllers supported
Per Port Tunneled NodePPTN
Per Port Tunneled Node
• Complete isolation of access layer based on physical access port
• Access to Controller’s applications
• All traffic tunneled to controller
• Support on 5400R/v3, 3810, 2930F/M and 2920. Requires AOS 8.1 or later in the controllers
Aruba Controllers
3810
Tunnels
ArubaAP
5400R
3810/2930
5400R
ArubaControllers
ClearPassPolicy Manager
Use case: Unified Policy Enforcement
Local controller
Policy enforcement(CPPM, Skype for
Business, etc.)
Guest mgmt
Device profiling
3rd party MDM
3rd Party Directory Svc
Core Switch
(VSF/IRF)
WLANTunnel
Wired LANTunnel
SDN/API Skype for Business (Lync Edge server)
LAN
WWW WAN / VPNs
User / Entity Centric Design Advantages Role based access
Policy denies intra-vlan communication (micro-segmentation)
Continuous profiling
Role assigned based on AAA & Profiling
Faster new services deployment (ZTP)
All ports are secured
Single DHCP scope per branch
WAN policy is centrally defined by user, application and DPS
Traditional access
Intra-vlan communication is allowed
VLAN is assigned only once (manually)
VLAN assigned based on physical port
New services requires new VLAN deployment
Ports are default-open, accidental access is possible
DHCP scope fragmented per vlan
WAN policy is defined by distributed routing
Per User Tunneled NodePUTN
Per User Tunneled Node
• Secured and flexible control of access layer
• Access to Controller’s applications
• Higher availability and scalability
• Support on 5400R/v3, 3810, and 2930F/M. Requires AOS 8.1 or later in the controllers
Aruba Controllers
3810
Tunnels
ArubaAP
5400R
3810/2930
5400R
ArubaControllers
ARUBA 360 SECURE FABRIC
AnalyticsProtected, Proactive Infrastructure Discovery and Authorization
Continuous Monitoring and Detection
Policy-based Adaptive Attack Response
Connectivity, Intelligent Insight, Control
I Know
WHAT ISTHE