We like to take a critical look at new networking technologies and solutions to understand if and how they might benefit our clients. In this post, we turn our attention to Aruba’s very new (launched in September) 360 Secure Fabric; an analytics-driven attack detection and response offering.
Just to recap, the components of the fabric are:
- ClearPass - Aruba’s flagship, and very successful, network access control and secure policy management product. Ranked as a Leader in Gartner’s annual Magic Quadrant in 2017 for the 12th year in a row.
- IntroSpect – Aruba’s User and Entity Behavioural Analytics (UEBA) solution which was gained from HPE’s acquisition of Niara earlier this year
- Existing network infrastructure – These two solutions seamlessly, and powerfully, integrate with wide range of vendors in a truly vendor agnostic, open way.
The result has been referred to as a ‘game-changing’ security platform, but is it really?
What is UEBA?
UEBA is a relatively new cybersecurity approach based on machine learning and analytics to detect anomalies in device behaviour that would otherwise go undetected. This makes it ideal for use in IoT environments as well as identifying “insider” threats that are the result of compromised employee credentials.
For example, when a security camera on your network has an abnormal spike in activity and network traffic, you need to know about it quickly, and UEBA can do that for you.
While the UEBA market is growing quickly, various analysts have been making predictions of how this market will continue to evolve – especially in comparison with more traditional SIEM based approaches. Gartner predicts that standalone UEBA platforms will disappear by 2022 as the underlying machine learning technology gets absorbed into other security products.
With this in mind, it makes Aruba’s decision to bring IntroSpect and ClearPass together more interesting – are they ahead of the market?
Breaking down the layers
The first point to make about this platform is that it has been built on open standards, and designed for interoperability with third party vendors. That’s significant for a solution in this space as more and more corporate networks have evolved to be multi-vendor environments over the years. Having a security solution that can talk to your firewall or analyse data from third party infrastructure is hugely valuable. You don’t need to have all HPE or Aruba equipment to start benefiting from 360 Secure Fabric.
The second point is around the integration of machine learning with network access control and policy management. While UEBA solutions can be used “out of the box”, the greater value comes by giving them time to truly understand your network, your traffic and what is considered normal – that’s the machine learning bit.
By analysing big data from your network and using machine learning to detect anomalies, it can identify situations that would typically go unnoticed or ignored, while also reducing the number of false positives generated – a regular complaint about SIEM based solutions. This is where the integration with ClearPass adds value by providing actionable automation to the environment from both a security and networking perspective.
Think of ClearPass as the security guard at the front of the store or the bouncer at a nightclub. Once they’ve decided to let you in, their job is done, but if your mischief only starts once you’re in, they can’t see it. This is where IntroSpect takes over. It’s more like an undercover agent, watching everyone and looking for abnormal behaviour from the inside. If they see something going wrong, they can notify the security team to help get the person out of there.
In Aruba’s 360 Secure Fabric, IntroSpect can talk to ClearPass and then, depending on your company’s policies, have the network access of the suspicious user or device revoked so they’re quarantined or locked out.
Whether this happens automatically with human intervention, or not, is entirely configurable and up to you. It will depend on your type of business, acceptable risk levels, available resources and the cost of a breach. You could even determine what kinds of behaviour or breaches would result in automatic actions and those that are referred to your IT or security team for further review.
To be the most effective solution possible, it relies on data – lots of it. This is where Introspect comes in again, analysing and learning from this data; the more data Introspect ingests, the more effective the system becomes. Having native integration with different vendor products means it can incorporate vast amounts of additional data from sources that are normally not leveraged.
It also doesn’t replace existing perimeter security solutions you’ve already built up; it adds an extra layer of protection while making your existing infrastructure work smarter, making full use of the fabric concept and providing protection from the edge, to the core, to the cloud.
We believe it’s this combination of openness, with machine learning and the ability to automate responses, that really make this solution a game-changer. You can build it up slowly, implementing one piece at a time - or deploy it as a complete solution, letting you choose the approach that best meets your business needs.
Ultimately though, if your business has been wrestling with how to take additional steps to secure and protect a network that continues to grow in complexity, it would definitely be worth exploring this solution further.
If you’d like further information on Aruba 360 Secure Fabric and how it can deliver the protection your organisation needs, get in touch with us today and our engineers can walk you through the solution and how it would become an integral part of your team.