Aruba, a Hewlett Packard Enterprise Company, is best known for its outstanding business-grade Wi-Fi products. What’s less well known about Aruba is that it has always had excellent security products. In fact, I’ve often described the company as a security vendor dressed up as a Wi-Fi vendor, as Aruba and security have gone hand in hand like the New England Patriots and winning.
However, Aruba’s security positioning has always been tactical rather than strategic because its products were used for specific purposes, such as end point protection or wireless security. That shifted this week at APAC Atmosphere in Macau when the company introduced its 360 Security Fabric, which enables it to provide end-to-end security to address the needs of a world that is becoming increasingly digitized.
+ Also on Network World: Cybersecurity fabric vs. a security platform: Fabric wins +
Technologies such as the Internet of Things, cloud and mobility have created a number of new entry points that enable the bad guys to bypass traditional perimeter devices. An interesting factoid from ZK Research is that 90 percent of security budgets are still spent building a bigger and stronger perimeter, but only 27 percent of the breaches come through that avenue. I’m in no way downplaying the importance of securing the perimeter, as it’s something all businesses need to do, but this must be complemented with better internal security.
I like the concept of a security fabric because it simplifies security, and it enables network and security professionals to respond to cyber attacks faster, minimizing the impact of a breach. A little under a year ago, I wrote about security fabrics, although I profiled Fortinet’s approach with it.
While the value proposition for the Fortinet and Aruba fabrics are similar, the way the two companies developed their solutions is quite different, showing there is indeed more than one way to skin a cat.
As one would expect, Fortinet’s fabric leverages great security products. While Aruba plays to its strengths by building the fabric on strong networking products, making it ideal for companies where there is a tight coupling between network and security operations. Given most digital technologies are network centric, this should be a trend that becomes more commonplace.
Aruba 360 Security Fabric features
Aruba 360 Security Fabric is built on the following components:
- Aruba IntroSpect User and Entity Behavioral Analysis (UEBA) solution (formerly Niara). As the name suggests, this continuously monitors network activity from all devices, including IoT endpoints. The basic version uses baselines and anomaly detection to spot what might be a breach. A new advanced version incorporates machine learning, peer group analysis and integrated response. Businesses can start with basic and then quickly upgrade to IntroSpect Advanced when needed.
- Aruba ClearPass. There is no product from Aruba that emphasizes how good the company is at security than ClearPass. The widely adopted network access control (NAC) and policy management solution automates the threat response sent from UEBA. One of the strengths of ClearPass is that it is vendor agnostic and often runs on Cisco networks.
- Aruba Secure Core. The security fabric uses a number of features built into Aruba’s Wi-Fi APs, wireless controllers and network switches. This includes flow information, analytics and encryption.
It’s important to note that customers do not have to deploy all of these technologies at once, as Aruba 360 Security Fabric supports a broad set of third parties and can leverage those. For example, instead of using ClearPass for authentication, you can use Microsoft Active Directory. Other examples of sources of data are Checkpoint and Palo Alto logs and LDAP.
Securing IoT devices
One of the more interesting features worth investigating deeper is the device peer grouping, particularly for IoT. The majority of IoT devices are deployed by the operational technology (OT) group, meaning network operations is often blind to them. As ZK Research notes, 50 percent of networking teams have little to no confidence they are aware of all the connected endpoints. This poses a security challenges, since, as the axiom goes, you can’t secure what you can’t see. Also, even if the network operations team is aware of the IoT devices, many of those devices are fairly dumb and offer very little information to help with security and network optimization.
The device peer grouping feature profiles all devices and builds “peer groups” of them and then ClearPass signals when something seems awry. For example, the solution could infer a device was a connected soda machine by comparing the traffic to and from the device. All of the devices in that peer group would exhibit similar behavior, such as sending traffic to and from Coca-Cola. If the device suddenly starts trying to access point-of-sale devices, that anomaly would be flagged for further investigation and ClearPass would automatically quarantine it.
Businesses are becoming increasingly dynamic and distributed, and analytics-driven security using rich data and machine learning can protect companies much better than the reactive tools that most businesses currently use. Aruba 360 Security Fabric leverages the company’s broad set of networking and security products to deliver the advanced capabilities network wide, cutting the time to find and respond to breaches from weeks or months to literally hours.