Aruba, a Hewlett Packard Enterprise company, today announced continued innovation at the network edge. The introduction of new security solutions, ecosystem partnerships, and wired infrastructure products is designed to accelerate the move to the digital workspace, while addressing the security concerns associated with the adoption of IoT initiatives.
The explosion of IoT devices connecting to enterprise networks is making it critical to identify, connect, and protect all unknown mobile and IoT devices at the edge via enhanced security and threat remediation technology. The new Aruba ClearPass Universal Profiler and Aruba ClearPass Exchange partnerships, along with the 2540 Switch Series, are key components of HPE’s broader IoT strategy that was unveiled this week at the HPE Discover Conference.
According to Gartner, ‘6.4 billion connected things will be in use worldwide in 2016, up 30% from 2015, and will reach 20.8 billion by 2020’.
Additionally, ‘By 2020, Gartner is projecting more than 300 million building automation devices and more than 400 million devices for energy management in buildings’.
Key findings within a November 2016 Gartner research report, ‘Real Time Discovery, Visibility and Control are Critical for IoT Security’, stated that: "Lack of network and device visibility is a top concern of security and risk management leaders, both in consumer and industrial IoT verticals, as they don’t know what assets they have and if protection is required. Discovery is a prerequisite to IoT security."
Also in the report, Gartner recommended that IT teams ‘determine which discovery and visibility business benefits such as reducing costs/risks, enabling postbreach response and recovery, enabling asset discovery, being more ready for regulations and audits, and complementing BYOD security initiatives are most compelling before architecting use cases’.
IoT-Ready: ClearPass Universal Profiler
To address these challenges, Aruba has developed a strategy to meet enterprise requirements for identifying, connecting, and protecting all mobile and IoT devices at the edge. With new software and hardware solutions, as well as new ecosystem partners, Aruba can now accelerate an organization’s move to IoT adoption in smart buildings across verticals.
The new Aruba ClearPass Universal Profiler automatically discovers and fingerprints all IP-enabled managed, unmanaged, and IoT devices on multi-vendor wired and wireless networks. This gives IT organizations the ability to see clearly how many devices in total and per category are connected at any one time. IT departments no longer have to guess or use disparate tools to see what devices are connecting to their networks. Comprehensive information about device type, operating system, status, and location are displayed in an easy-to-read graphical user interface. This information can then be used for performance and security tuning across infrastructure components, and then shared with ClearPass Exchange partners to deliver user behaviour analytics, deception intelligence, and firewall security.
For organizations that then require policy management, there’s a simple migration path to the Aruba ClearPass Policy Manager to enable automatic authentication and policy enforcement after devices are identified and fingerprinted. Devices that are exhibiting unwanted behaviour can then be automatically remediated using data from Aruba’s partners to minimize the risk to networks.
Scaling for IoT with Aruba 2540 Switch Series and ArubaOS Enhancements
Aruba also introduced the 2540 Switch Series, along with enhancements to the ArubaOS-Switch operating system, both of which are designed to power and secure the intelligent edge, optimizing for mobile and IoT devices. These enhancements enable unified, role-based access across wireless and wired networks with the ability to identify and assign roles to connected IoT devices in order to prioritize business critical applications and secure the network.
The Aruba layer 3 switches (29xx / 3810 / 5400) are also capable of user-based and port-based wired traffic tunnelling to an Aruba Mobility Controller so that policies can be applied, advanced services can be extended, and traffic can be encrypted to secure the LAN, further reducing risk to networks.
To meet the demand for the rapid growth in IoT and connected devices in distributed enterprises, the cost-effective Aruba 2540 Switch Series (as well as the other Aruba switches) support Zero Touch Provisioning and optional cloud-based management to allow enterprises to simplify and slash network deployment and management costs.
New Aruba Ecosystem Partners Help Classify IoT Devices
The Aruba ClearPass Exchange partner ecosystem continues to grow, with new additions, Attivo Networks and Niara, both of which allow IT to identify IoT devices that demonstrate unwanted or suspicious behavior.
Attivo Networks is an award-winning provider of deception-based technologies for in-network threat detection, attack forensic analysis, and continuous threat response. The Attivo Networks ThreatMatrix Deception and Response Platform deceives attackers into engaging by turning the network into a trap with decoys and deception lures. Attackers who have circumvented prevention security systems, then reveal themselves and can be blocked and quarantined. The Attivo platform works with Aruba ClearPass to establish policies that automatically disable devices that are experiencing attacks from internal or external threat actors.
Niara is an innovator and recognized leader in the emerging user and entity behavior analytics (UEBA) market. The Niara Behavioral Analytics platform detects security threats on the inside such as compromised users, hosts and devices, negligent employees, and malicious insiders. Niara leverages Aruba ClearPass to identify and profile users, and IoT and IP-enabled devices, in order to detect attacks based on changes in normal traffic and IT activity, and to take action to remove the unauthorized devices or users from the network.
ClearPass Exchange ecosystem partners also provide user behavior analytics, deception intelligence, firewalls, mobile device management, enterprise mobility management, and solutions for managing security, user identities and network access events. They leverage ClearPass REST-based APIs, Syslog messaging, and a ClearPass Extensions capability to deliver end-to-end threat remediation and endpoint correction.