Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CLEARPASS POLICY MANAGER ARUBA 360 SECURITY EXCHANGE QUARTERLY INTEGRATION NEWSLETTER #4

This thread has been viewed 9 times

  • 1.  CLEARPASS POLICY MANAGER ARUBA 360 SECURITY EXCHANGE QUARTERLY INTEGRATION NEWSLETTER #4

    Posted Jun 07, 2019 08:39 PM

    ARUBA 360 SECURITY EXCHANGE QUARTERLY INTEGRATION NEWSLETTER

      

    CONTENTS

    • NEW CLEARPASS INTEGRATIONS THIS QUARTER
    • IN CASE YOU MISSED LAST QUARTER’S NEWSLETTER
    • WHERE TO FIND STUFF
    • WHAT WE WANT FROM YOU? 

    NEW CLEARPASS POLICY MANAGER INTEGRATIONS THIS QUARTER

    I am excited to announce we are releasing three new integrations with Operational Technology and Industrial Control Systems (OT/ICS) vendors. This is a new integration space for us and I believe will provide a lot of new opportunities. At the 50,000 foot level, OT/ICS are the network foundation that run in Manufacturing systems, Transportation, Oil and Gas exploration and Power Energy distribution environments. The vendors in this space are probably names that you’ve seen and heard of in passing such as Rockwell Automation, Beckhoff, ABB, Emerson, Yokogawa, and Omron but have never encountered in your traditional SMB/EDU/Enterprise customer base.

     

    So why are we making a move into this space? Well, these networks run on Ethernet and IP but after layer3 it’s a completely different game with protocols we’ve never typically ever seen like Siemens S7, Modbus, Profinet, GE SRTP, CC-Link, DNP3 and many more. The opportunity here is that history tells us the teams that runs OT/ICS only have one requirement, and it’s not security. They only care about uptime/availability, security has never been a consideration, however the world is changing and a number of high profile security incidents has changed the OT/ICS world and there is an opportunity in front of us to capture some of this TAM.

     

    The opportunity around OT/ICS is now, our competitors, both Forescout and Cisco, have already and continue to invest in this space, Cisco just purchased Sentryo. Forescout had been working with a number of partners, but then acquired a company called SecutityMatters last year that drove a lot of them to seek a new NAC partner and came to us. Side Note: these vendors have already been working with Cisco in one way or another. In general the vendors we’ve partnered with provide very similar capabilities, but there are some small nuances in how they differ which is captured in the integration guides. 

     

    We’re taking a multi-phase approach to these integrations, Phase1 is what we’re releasing today, covers visibility and classification, this provides an insight into the OT/ICS endpoints. This gives a company the ability to have a centralized companywide view of all network connected assets/inventory across IT and OT but more importantly the ability to set network edge policy in a single platform. The next phase will be specific to cyber/threat reporting and providing actionable capabilities.

     

    To summarize why you should care, integrated Policy Manager with these OT/ICS vendors provides centralized visibility of BOTH IT and OT endpoints, ability to define enforcement policies for these devices in a single place and in the future add the ability to respond and react to cyber threats within their OT/ICS networks. 

     

    NEW OT/ICS Visibility Vendors

    • Claroty CoreX
    • CyberX 
    • Indegy Device Integrity 

     

    All three vendors identify and classify OT/ICS connected equipment and automatically create endpoints inside the ClearPass Policy Manager endpoint database. Network-security/access-control for all of these OT/ICS Ethernet connected devices is enforced using MAB/MAC-Auth. Think of these devices as IIoT, headless and pretty simple when it comes to authentication. Being able to authorize and control access for these devices with the contextual data supplied within an enforcement policy yields a more secure enviornment. CyberX in particular has also added support to automatically notify ClearPass Policy Manager if it detects erroneous activity of OT/ICS connected endpoints.

     

    VMware WorkSpace One (previously marketed as VMware Airwatch) – Realtime updates

    We’ve had support for what was previously marketed by VMWare as Airwatch for many years now using Policy Manager’s context server actions. This new integration can be considered an optional supplementary overlay for the existing support but using a ClearPass Extension. The new extension provides the ability for ClearPass Policy Manager to consume real-time updates (roughly 3-5 seconds) from VMware Workspace One rather than waiting for the next poll/ingest to happen, which historically happened hourly. There are several workflows where getting a real-time notification about new devices being enrolled provides for an better user experience and also when devices are removed from management or have changed their compliance state. The new real-time update is significantly beneficial than waiting for the next poll.

     

     

    IN CASE YOU MISSED LAST QUARTER’S NEWSLETTER

    We announced several new integrations which we are re-listing below for those that missed it. For a more detailed description of the below integrations from the last quarter use this link to read more and why they are useful and valuable to you and our customers. 

    • IBM Bigfix
    • Zingbox IoT Guardian
    • Cyberhound

    You can also find a complete list of all the Aruba 360 Security Exchange Quarterly announcement here on our community site.

    WHERE TO FIND STUFF

    You can locate all the documentation on this NEW landing page which will become the source to all ClearPass Documentation.

    https://community.arubanetworks.com/t5/Security/ClearPass-Docs-Configuration-amp-Integration-Guides-Solution/td-p/522283

     


    WHAT WE WANT FROM YOU?     

    We always want your feedback on the integrations we deliver, good or bad. What we want to hear from you is what integrations are you are seeing or hearing about in your accounts today? For example we recently did a mini-survey across AMS, EMEA and APAC around Endpoint Security vendors to see what people are seeing/hearing. It gave us a great insight into how the regions differ, for example the vendors we think of as being #1 or #2 in AMS don’t appear or hardly make the top 4 in other regions, or another vendor who is #1 in one region don’t appear at all in another. Your input is valuable and helps influence our decision-making process about which integrations we should pursue next, let your voice be heard.

     

     

    Finally, A big thanks to the ClearPass Engineering and QA team for helping us develop, validate and update these integrations!

     

     

    Danny Jump & Arpit Bhatt