Teams,
Please find information and details related to a new ClearPass Integration with Infoblox.
Your thinking that’s a long introduction to this new integration. Well it is, but its worthy of it. Read on for more info, but better still read the TechNote which can be access from the below links.
We’ve had an integration with Infoblox for several years. The integrations have been fairly trivial before but this brings a new dimension to our capabilities. The best part about this integration is that they did 90% of the work, how I love Infobox right now…!!!
Let me share some details, historically the first integration we added about 2 years back allowed ClearPass to authN devices and then signal Infoblox that it was OK for them to provide an IP address to that client. AuthN to CPPM was L2 {EAP}, once we’d verified the session, we make an API call to Infoblox to register the mac-address as being OK, this was especially good in trapping perhaps devices in shared HUB or parts of the network where a devices could just plugin and request an IP address without being authenticated.
In 6.7 we added the capability to use Infoblox as an asset store for enforcement context. Some customer will use Infoblox as an asset DB, in addition they tie config such as vlan into the asset store, ClearPass can now make API calls at time of authN to grab this data, 6.7 introduces the capability to receive and parse nested jSON which allowed us to parse the response and tie it into an enforcement actions, so we could retrieve the vlan info for a printer or security camera and know that we should place this device in the printer or security-camera VLAN.
OK, so that was the old stuff and fairly easy… he comes the eye candy……So what’s new with this, Infoblox has been working with us to develop and add a number of features they previously had with ISE/CounterAct, so if nothing else its good to take those gaps of the table when we’re in a competitive situation…. Let’s go through them….get your coffee, there’s a lot to consume….. here is what they say….
By combining Infoblox’s DNS security and network visibility with Aruba’s control on the network, users can automate their network.
- Visibility, Control, Response:
Malicious insiders and IoT-based attacks continue to grow, bypassing your perimeter security defenses.
With Infoblox and Aruba integration you are able to automate the defense.
Certified secure. The best defense for wired and wireless connections:
Malware have become increasingly intelligent, using the DNS in over 90% of its campaigns. With Infoblox
and Aruba integration you are more protected then ever from DNS attacks and data exfiltration via DNS.
Identify what’s on your multi-vendor wired and wireless network:
Automatic population of your Aruba ClearPass endpoints list with Mac address’s that are found by Infoblox
so that you can see every network asset with unmatched clarity, context, and insight.
Let’s add a little more colour {Yes COLOUR… not COLOR}, in ClearPass speak……
Infoblox is able to update ClearPass with devices it discovers on the network. As Infoblox is discovering devices, {it can also be the authoritative-source for DHCP and DNS}, it’s in a unique place on the network to “see what’s connected”, they can complement the discovery and device visibility we have today. If Infoblox discover new assets/hosts on the network, they can create an asset/host in their DB, this works for fixed/static IP a well as DHCP, in creating the asset/host, Infoblox will automatically create an endpoint on ClearPass…. This is a very nice to have, and help fill the gap around static-IP device discovery.
When the Infoblox Grid detects an endpoint making calls to a malicious or monitored site, it can block that device DNS resolution, then it can update ClearPass with it IOC’s which it will ‘stamp’ into the EndpointDB. We can use them to decide of a device is potentially infected. This part of the integration is scheduled to be enhanced at a later date to allow Infoblox the ability to quarantine an endpoint automatically if a customer desired.
Infoblox has produced a really nice video https://www.youtube.com/watch?v=kmHxQqwxLA8 walking you through the use-cases and integration, this supplements the TechNote below which they authored, Yeah… less work for me. Did I tell you I love Infoblox, OK love’s a bit strong…
This TechNote covers the installation, configuration of Infoblox and ClearPass.
You can find the document on the support site located here https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=30435
Happy reading – go fill your boots..!!….. comments and feedback/suggestions graciously accepted.