NEW DELHI: HPE's Aruba has announced announced the Aruba 360 Secure Fabric, a security framework that provides 360 degrees of analytics-driven attack detection and response to help organizations reduce risk in today’s changing threat landscape.
Aruba is also innovating in User and Entity Behavioral Analytics (UEBA) by expanding the Aruba IntroSpect product family, enabling businesses to easily and rapidly scale machine-learned behavior detection from small projects to full enterprise deployments.
Gartner’s research into insider threats indicates that organizations are not adequately considering the risk from their trusted users even though there are myriad examples where organizations have been impacted. On a positive note, Gartner fielded almost a 100% increase from clients looking to address the insider threat issue, of which UEBA is one of the primary technologies.
To help organizations address new and unknown threats, the Aruba 360 Secure Fabric offers security and IT teams an integrated way to quickly detect and respond to advanced cyberattacks from pre-authorization to post-authorization across multi-vendor infrastructures, supporting enterprises of all sizes.
Components of the Aruba 360 Secure Fabric include the following:
· Aruba IntroSpect UEBA solution: A new network-agnostic family of continuous monitoring and advanced attack detection software. Includes a new entry-level edition and uses machine learning to detect changes in user and device behavior that can indicate attacks that have evaded traditional security defenses. Machine-learning algorithms generate a Risk Score based on the severity of an attack to speed up incident investigations for security teams.
· Aruba ClearPass: A proven network access control (NAC) and policy management security solution that can profile BYOD and IoT users and devices, enabling automated attack response, is now integrated with Aruba IntroSpect. ClearPass can also be deployed on any vendor’s network.
· Aruba Secure Core: Essential security capabilities embedded in the foundation across all of Aruba’s Wi-Fi access points, wireless controllers, and switches, including the recently introduced Aruba 8400 campus core and aggregation switch.
New Edition for Aruba IntroSpect UEBA Family
Aruba IntroSpect Standard joins the IntroSpect UEBA family, along with new features added to the company’s flagship offering, Aruba IntroSpect Advanced. The expansion of the IntroSpect UEBA family offers security teams more choice and a quick way to implement UEBA.
Aruba IntroSpect Standard is an easy way for organizations to start employing UEBA machine learning security with as few as three data sources, accelerating an organization’s time-to-protect corporate and customer data. It is designed for basic monitoring and detection of anomalous and often, subtle, behaviors on the network and across mobile, cloud, and IoT devices and applications, to identify early signs of attack expansion and beaconing, as well as data exfiltration.
It ingests common data sources including Microsoft Active Directory or other LDAP authentication records and identity information, and firewall logs from sources such as Checkpoint, Palo Alto Networks, or Aruba monitoring (AMON) logs from Aruba infrastructure. Action can be taken quickly using ClearPass to quarantine, restrict, or remove identified threats.
Security teams deploying IntroSpect Standard can easily upgrade to IntroSpect Advanced as their requirements expand.
Raising the Bar on Early Detection with Aruba IntroSpect Advanced Edition
Aruba IntroSpect Advanced delivers a wider set of security capabilities than IntroSpect Standard to provide attack detection by correlating across a broader array of data sources, aiding in faster incident investigation and improved threat-hunting, search, and deep forensics. Included are more than 100 supervised and unsupervised machine learning models that provide unmatched analytics and forensics from data such as packets, flows, logs, alerts, and endpoints, as well as mobile, cloud, and IoT traffic, increasing an organization’s effectiveness at identifying risk.
New features for Aruba IntroSpect Advanced include:
· Smarter Security with Dynamic Machine Learning, which allows security teams to easily customize IntroSpect’s analytical models based on the current threat environment and protection priorities. Included is “chaining,” in which the 100+ out-of-the box machine learning models can be linked together to construct new detection scenarios and associated risk scores.
· Classifying Mobile, Cloud, and IoT with Device Peer Grouping, which utilizes the ClearPass profiling functionality to group like devices even when known only by their IP address. For example, ClearPass will classify a surveillance camera or a factory sensor, and IntroSpect will benchmark its behavior amongst its peer group. Introspect will flag unusual device behavior based on peer group comparisons, which is important in extending UEBA functionality to the growing classes of IoT devices.
· Faster Remediation with Integrated Attack Response, enabling security analysts to respond to an attack by triggering an action for ClearPass directly from the IntroSpect console.
Trusted and Secure Network Foundation with Aruba Secure Core
Embedded into Aruba’s networking infrastructure is the Aruba Secure Core, which provides the necessary protection required for any network including secure boot, embedded firewalls, centralized encryption, deep packet inspection, and intrusion prevention. Aruba’s unique infrastructure design helps eliminate the danger of physical tampering while securing and monitoring network traffic.
Integrating Aruba IntroSpect UEBA and Aruba ClearPass into the Aruba Secure Core provides a seamless path of protection from device discovery and access to attack detection and response. This gives Aruba customers the unique ability to detect an attack and then take automated or analyst-initiated action to protect organizations’ valuable assets, ranging from network reauthentication to quarantining to blacklisting users and devices.
Aruba 360 Security Exchange Program: Multi-vendor Closed Loop Protection
The Aruba 360 Security Exchange Program combines the partners and technical resources from the IntroSpect Technology Program and the Aruba ClearPass Exchange Program. The result is more than 100 leading security and infrastructure solutions that customers and channel partners can leverage for simple, validated interoperability, enabling quick and trusted deployments. Aruba customers can leverage their existing security investments by seamlessly integrating them with Aruba solutions, providing the benefits of a unified solution with the flexibility of an open architecture.
Availability
The Aruba IntroSpect Standard and Advanced editions are generally available now in North America, with limited availability in select countries. Global general availability is planned for 2018.
“In addition to providing visibility to every device on our network, Aruba ClearPass gives us the power to authenticate devices and enforce policies across our wired and wireless infrastructure,” said Faramarz Mahdavi, Senior Group Director of IT Operations, Cadence Design Systems.
“By adding Aruba IntroSpect UEBA analytics and threat detection capabilities, we will be able to better protect our source code by automating anomaly detection and prioritizing security incidents for faster resolution. The combination of ClearPass and IntroSpect gives us a powerful, congruent solution to proactively manage and defend our organization from cyberattacks,”added Mahdavi.
“Security and IT teams need an easier and faster way to detect and respond to cyberattacks across multi-vendor infrastructures,” said Bill Buckalew, Vice President of Partner Development, Optiv.
“We are pleased to see key Optiv partners like Aruba enhance integration of their products to make them more efficient and effective so that organizations can achieve better outcomes from their security programs. We look forward to leveraging these integrated technologies as part of our comprehensive set of cyber security solutions and services that address the evolving threat landscape,” added Buckalew.
Red Sky Technologies architects, builds, and deploys solutions that help customers achieve their desired IT goals. “Integration between products is a major component of our strategy as customers (and the industry alike) recognize a single vendor will not solve all problems,” said Justin Tibbs, CSO, Red Sky Technologies. “For example, the ability to integrate Palo Alto Networks into the Aruba 360 Secure Fabric for increased visibility and detection capabilities alongside Aruba’s integrated security solution, not only helps improve the overall security posture of our customers, it also alleviates a multitude of point products refusing to integrate or work together.“
“Carbon Black is excited to be an Aruba 360 Secure Exchange Partner – one of the few partners to feature integration with both ClearPass and IntroSpect UEBA,” said Tom Barsi, Corporate and Business Development, Carbon Black.
“Our integration improves overall security for enterprises by combining event data and network data to provide a more detailed view on user and device behavior – a long-term, machine-learning view leading to quicker, better decisions. Further, integration with ClearPass ensures corrupted assets are quarantined or booted in an automated fashion – improving security and limiting risk,” added Barsi.
“As traditional security perimeters dissolve rapidly with the adoption of Mobile, Cloud, and IoT, delivering secure endpoint protection regardless of a user’s location and device is paramount in the fight against cybercrime,” said D.J. Long, head of the McAfee Security Innovation Alliance.
“We are very happy to see the integrated platform of Aruba 360 Secure Fabric working jointly with the McAfee portfolio of security products, sharing threat intelligence and workflow policies, increasing the efficiency and efficacy of security protection for mutual customers,” added Long.
"Palo Alto Networks Aruba have joined forces to prevent cyberattacks by expanding on our existing integration with ClearPass and Cloud Services Controller to deliver closed-loop detection and remediation of advanced threats and insider attacks via the Aruba 360 Secure Fabric,” said Chad Kinzelberg, senior vice president of business and corporate development, Palo Alto Networks.
“With the forthcoming Palo Alto Networks Application Framework, which will revolutionize how organizations consume security technologies, joint customers will be able to evaluate and adopt solutions like Aruba IntroSpect without deploying on-premises infrastructure,” added Kinzelberg.
“SecureLink is proud to be a pan-EMEA integration partner of Aruba, especially with regards to the 360 Secure Fabric solution,” said Marco Barkmeijer, CEO, SecureLink Group.
“Ten years ago we chose Aruba as our mobility partner because security was a priority on their hardware and software requirements. Ten years later we have deployed secure, integrated, mobility solutions at more than 350 unique SecureLink customers. As a Cyber Security Integrator, security is in our DNA and Aruba’s 360 Secure Fabric solution enables us to build even better end-to-end secure mobile infrastructures with third-party integration. Customers need integrated visibility, detection, analytics, and response from access to the core. With the 360 Secure Fabric, Aruba enables us to serve even more customers and develop more services,” added Barkmeijer.