View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).


This thread has been viewed 123 times

    Posted Oct 01, 2020 02:02 PM








    This quarter we’ve releasing the largest collection of new and updated/refreshed integrations ever, a total of FOURTEEN new or updated Integrations and TechNotes. At this time I want to make a special call out to the following individuals who have stepped up to help the ClearPass PLM/TME Team deliver to you these new documents, if you see, or talk to  them please take time to thank them, and I’m always looking for volunteers to work on future TechNotes.

    • Andy De La Cruz
    • Scott Bodo
    • John Cox
    • Ryan Gursky
    • Jason Atkins

    We’ve focused on adding several new integrations and improving a number of our existing integrations, a couple are refreshed but are close to complete re-writes so they are like new, as you’ll find out below. This quarter like most others highlights the importance of our eco-system of vendor and technology diversity, Unified Endpoint Management {UEM/MDM}, Endpoint Security {EDR/EPP}, a long-awaited update to our Fortinet Integrations, a new MFA Vendor and the most requested integration we’ve had this past 18 months, bi-directional ServiceNow CMDB plus some other minor updates.


    We’ve completed a MAJOR update to our Microsoft Intune {Endpoint Manager} integration, improved on our real-time update framework with VMware WSO Airwatch to add an option for automated Compliance and Compromised quarantining. A major update to our Splunk APP, we’re adding support for Splunk Enterprise 8 and Splunk Cloud and some new features adding significant value in the data the app can report, plus we’re mapping the licensing usage in the APP now.


    Some of the minor updates are for HCL BigFix supporting the change of ownership from IBM and minor API updates, for our TrendMicro Apex Extension, we’ve added support for Proxy bypass and our extension resource webstats reporting, we’ve also had two 3rd party-companies develop their own integration on top of the Generic Skyhook Processor we released last quarter, and finally some minor code updates to our Tenable and JAMF Extensions.


    We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition. I strongly encourage you to take time to read and review the TechNotes for the below integrations.




    ServiceNow CMDB
    We’ve had an integration with SNOW for a few years, and the ability to use them as an authZ source as part of a service-policy workflow. Today we’re releasing the long awaited SNOW update to enable bi-directional support that allows the extension the ability to sync between the SNOW CMDB and the ClearPass EndpointDB, this can be uni-directional {either way} or bi-directional. We also add the ability to update the SNOW CMDB with basically real-time updates to endpoint such as the endpoint IP address, and the ability to add new devices that we discover that are not already in the SNOW CMDB, this could also trigger an ITSM workflow to log the newly discovered endpoint.

    Why this maters to you? – Customers have increasingly been troubled with obtaining a list of all assets across their network, separately from what CPPM/CPDI profiling might show, customers have over the past 2-years been looking to see how they can supplement their investments into SNOW CMDB to make the process of updating this DB more automated. This extension delivers the ability for CPPM to push endpoint information automatically, and also allows for CPPM to download this DB such that we have a local copy and don’t need to make 1:1 API calls when devices authenticate.


    Lightspeed Systems MDM

    We’re adding support for another MDM vendor to the existing 10+ UEM/MDM vendors we have already integrated in this technology space. Lightspeed Systems has had tremendous success in K-12 market segment where they are totally focused. A 100% dedicated and focused company delivering security and solutions to K-12. Today we release our integration to enable ClearPass Policy Manager to leverage the contextual security data from within the Lightspeed System, the extension ingests endpoint data that can be used to validate school assets whether they are managed.

    Why this maters to you? – School increasingly want to know that devices being used within the classroom is of a safe nature, this starts by ensuring the devices in use are owned and managed by the school, the integration with Lightspeed Systems enables schools to get over that first hurdle, and then to start build additional policy, did the device check-in to the management system in the last 24-hours, the device in use is registered to this school etc.


    Sophos Central & Intercept X  EDR

    Support for the Sophos endpoint security client is something we’ve been working to add for a while. We’re pleased to announce today support for Sophos’s latest endpoint security solution, Intercept X. It’s a cloud managed EDR under Sophos Central, our integration allows for multiple security attributes to be ingested, added to the ClearPass endpointDb and then used in Policy as part of an authZ check. You can check for items such as the components installed, Overall Health, Sophos running Services, Sophos Threat Status and more.

    Why this maters to you? – Customer have been requesting integration with Sophos for an extended period of time, we ‘re please to offer this integration with their latest EDR solution, Intercept X. Utilizing endpoint security meta-data as part of an authZ check is good practice to ensure the endpoint is compliance to be on the network.


    FortiManager and FortiGate via Fortinet Security Fabric

    We’ve had a integration for 5+ years with FortiAuthenticator and FortiGate, today we’re releasing our latest and significantly updated integration direct into the Fortinet Security Fabric. We worked hand-in-hand with Fortinet to build this integration. This new integration is able to leverage the ‘Aruba Role’ and use this to federate real-time Policy Managers view of an endpoint/user into the FortiGate via FortiManager to leverage the NGFW capabilities to allow/deny access to resource protected behind the firewalls.

    Why this maters to you? – Being able to leverage Active-Directory membership data is useful, but its only part of the story. Firewalls regular integrated with AD and other IS, but they don’t know about the devices behind the user, is it BYIOD, Corp-Owned, in Compliance, encrypted, patched etc. etc. Having Policy Manager build a role across user and device context and then share this with the firewall allows the firewall to make a much more appropriate decision on how to firewall data behind an IP address.


    SentinelOne EDR

    We’ve seen an increasing demand from customers/partners for integration with the SentinelOne EDR platform. SentinelOne does not rely on human analysts or Cloud connectivity for its best-in-class detection and response capabilities. Instead, it utilizes an Active EDR agent that carries out pre- and on-execution analysis on device to detect and protect endpoints autonomously from both known and unknown threats. SentinelOne Endpoint Security does not use traditional anti-virus signatures to spot malicious attacks. Instead, it uses a combination of static machine learning analysis and dynamic behavioral analysis to protect systems. As part of the integration, delivered via the ClearPass extension framework, we ingest a multitude of security related policy, such as Number of Active threats detected, SentinelGroup IDs, Infected status, Last update status, Scan Status etc. etc. 

    Why this maters to you? – S1 offers an extensive amount of contextual data specific to the endpoint security persona for an endpoint. Having ClearPass Policy Manager utilize the data ingested from the extension allows for a heightened level of additional security, CPPM can periodically check S1 for endpoint updates to ensure a near-real-time view of the managed endpoints is sync’d to the CPPM EndpointDb.


    privacyIDEA MFA

    We’ve added support for the privacyIDEA MFA, which supports OneTimePassword, specifically the T-OTP functionality. privacyIDEA is an Open Source solution that has been deployed by a number of Enterprise customers.

    Why this maters to you? – Adding MFA/2FA into a number of common workflows is a best practice lots of Enterprise companies deploy, utilizing the integration we’ve developed allows customer to easily take advantage of these more advanced security workflows.





    Microsoft InTune v5 aka Endpoint Manager MDM

    Our latest version of our very popular Intune integration delivers multiple new features. This is almost a complete re-write of the core functionality, we’ve moved from the nac-api to use the GraphAPI, this enables among other things, the ability to pre-ingest all of the endpoint data for a tenant, and then keep it sync’d after the initial load such that a near-real-time view is maintained in the ClearPass EndpointDb. We still expose the ability if necessary to query re-time for endpoint data {and still supporting a cache fresh/stale timer} but we feel have this new functionality will be welcome by customers removing the need to query on a 1:1 authN. Additional features such as selectively choosing which endpoint attributes are ingested from a list of 45, previously we had only a fixed list of 10 endpoint attributes. The ability to sync delta changes after the initial sync is complete.

    Why this maters to you? – Our integrations with multiple Microsoft products are wildly used, we’re continuing to develop these integration with our technology partners to ensure that our customers can maximize their investment in ClearPass and our integrations. This new v5 of our InTune integration is major enhancement requested by multiple customers.


    Splunk Enterprise / Cloud v3.1.0 ClearPass App + ClearPass HTTP Event Collector Extension

    We’re excited to release our latest version of our highly popular ClearPass Splunk App, improvement across the screens/frames, we’ve added a new Licensing section to replicate the concurrent licenses in ClearPass, this allows a user to track the usage of Access, Onboard or OnGuard, now called Compliance Suite licenses. And finally, we’re utilizing the Splunk HTTP Event Collector {HEC} to expose the ability for an admin to selectively send data outside of syslog via the endpoint filter such that the data filtered can be shown in an Endpoint Info screen, for example you could choose to send Compromised=True, or Endpoint Source=Sophos, the options are limitless. Find this in the Splunk store and the accompanying HEC extension in our ClearPass Extension store.

    Why this maters to you? – Having a real-time interface of CPPM activity, is critical for sec-ops, but the new Splunk App delivers a lot more, interfaces and summaries for operations and data to allow for trend and planning, all critical for understanding how your system is running.


    VMware WorkSpaceOne aka Airwatch v4 UEM/MDM

    We’ve continued to enhance our WSO feature set over the past year, this release continues the tradition of enabling more advanced functionality. Today I’m excited to announce we’re enabling the ability for your to selectively enable a near-real-time {3-5 seconds} automated quarantined/disconnect capability. If devices that are managed by WSO drop into an outOfCompliance state then ClearPass Policy Manager can be configured to automatically change the access role/vlan/dACL for this device, it could also trigger other chained actions such as triggering emails, creating ITSM records etc. When the device is remediated an automated restore-action can apply. These triggers are applicable for Compromised and Compliance states as defined in Airwatch.

    Why this maters to you? – The need to automate security functions that can be dynamic is starting to get mainstream acceptance, we’re enabling the capability, but customers can choose what to them is meant by compliance and can selectively enable the capabilities in Policy Manager. The need to secure the edge has never been greater that today.


    HCL BigFix v3 Patch Management

    Bigfix changed ownership in 2019 IBM sold the prouct to HCL, as part of this change there were a few API related modification, this release adds suppor to the new HCL BigFix v10 released earlier this year. We also took the opportunity to add proxyBypass support and our extension level resource webstats to show how the extension is running and the resources its consuming.

    Why this maters to you? – Being able to validate software inventory and patch status of endpoint connected to the corporate network is critical in ensuting and minimising risk and expose to todays ransomware/malware that daily attack our infrastructure. ClearPass Policy Manager can query BigFix realtime to obtain the patch risk of an endpoint and decide if the endpoint should get network access.


    TrendMicro Apex Central / Apex One v2 – EDR – We made a minor update to our TrendMicro extension to add proxyBypass support and our extension level resource webstats to show how the extension is running and the resources its consuming.


    We’ve also released updated versions of the Tenable v2 and JAMF v3 Extensions  addressing minor workflow related issues that could effect some customers, if you have these deployed please make time to upadte to the latest verions.



    And finally in the words of Steve Jobs “just one more thing”, last quarter we released a new framework under an extension we call our Skyhook Generic Processor {or SHGP for short}, which is an framework extension to our cloud messaging platform we call skyhook. This enables cloud applications to connect to on-prem ClearPass nodes such that events/alerts can be forwarded without the need to open pinholes in WWW firewalls which no one should ever ever do,  we’re pleased to confirm that we’ve already had two independent software vendors develop two appliactions to take advantage of this open framework.





    We announced several new and updated integrations which we are re-listing below for those that missed it. For a more detailed description of the below integrations from the last quarter use this link to read more and why they are useful and valuable to you and our customers. 

    • McAfee ePO – Updated
    • Rapid7 Nexpose/Insight – New
    • Meraki System Manager – New
    • Mosyle Business – New
    • JAMF Pro as an Extension - New
    • SHGP - New
    • Blackberry UEM – Updated
    • Updated TechNotes for PaloAlto, Checkpoint and Infoblox

    You can also find a complete list of all the Aruba 360 Security Exchange Quarterly announcement here on our community site, search for “CLEARPASS POLICY MANAGER ARUBA 360” to read about all of our past announcement.


    Everyone including customer and partners can find the documents on the community site located here, this is a NEW landing page which will become the source of access to all ClearPass Documentation.


    Additionally, going forward we are now posting all of the documents in the new Aruba Support Portal, find that here.


    We always want your feedback on the integrations we deliver, good or bad. What we like to hear from you is what integrations are you are seeing or hearing about in your accounts today, what’s missing, what do you need to help you win?



    Finally, A big thanks to the ClearPass Engineering and QA team for helping us develop, validate and update these integrations!


    Jason Atkins, Chris Lembo, John Cox, Scott Bodo, Ryan Gursky, Andy De La Cruz, Anish Pansare and Danny Jump








    Aruba, a Hewlett Packard Enterprise company

    T: 650.236.9657  |  E: DJUMP@HPE.COM  | AIRHEADS @dannyjump

    3333 SCOTT BVLD | SANTA CLARA, CA, USA, 95054

    FOLLOW US | Twitter | LinkedIn