Security

Newsletter #1

Date: 9/4/2018

Cylance Protect Integration Guide - NEW. Cylance is a next generation AI cyber endpoint protection client, sometimes called an EDR or EPP. Cylance's security solutions provide full spectrum predictive threat prevention and visibility across the enterprise, combatting threats such as malware, ransomware, fileless malware, malicious scripts, weaponized docs, and other attack vectors. With AI based malware prevention, application and script control, memory protection, device policy enforcement, root cause analysis, threat hunting, automated threat detection and response, coupled with expert security services. ClearPass integrates realtime to check the security posture of the endpoint at the time of authentication to decide on the access is should be given, or not. Numerous security contextual attributes are returned and stored in the endpoint so they can be used within an enforcement policy. This guide is to be used with the new Cylance Extension.

Palo Alto Integration Guide - UPDATE. Palo Alto has been our most popular 3^rd party, and the integration stretches back over 5+ years this is version seven of the guide. The guide has been updated to include numerous changes introduced in ClearPass 6.7 which you need to know. We've also taken the opportunity to remove some of the OLD 6.x configuration to tidy up and reduce the document size.

Microsoft Intune Integration Guide - UPDATE. Intune has been making steady inroads into the market of some of the traditional MDM/EMM vendors. We've seen a huge uptick from customer/partners for InTune. Historically, we had to make calls into InTune to check the endpoint details on every authentication, this was an unnecessary overhead based upon the exposed API's from Microsoft, not a limitation in ClearPass. Now we cache the returned attributes and add an expiration duration. This latest version of the Integration Guide supports the updated V4 version of the InTune Extension.

Symantec Endpoint Manager (SEPM) Integration Guide - NEW. Symantec has had a security solution for endpoint protection for many, many years and they have been very successful in this space. Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features. Adding this integration to our endpoint support not only expands the opportunities for ClearPass but enables us to deliver a deeper security solution for enterprise customers. SEPM supports a vast amount of endpoint attributes, close to 100, these attributes are returned and stored in the endpoint so they can be used within an enforcement policy, later these can leveraged to make very granular enforcement decisions when devices access the network.

Sine Pro Visitor Management Integration Guide - NEW. This is an update to an existing Visitor Management solution, which previously had no public guide. It bridges the divide between Visitor and Guest Management. Let's be honest, Visitors need Guest access, for the visitor, he/she registers at the front desk and at the same time, they get guess access… Woohoo. For the security/network team, when the visitor leaves the facility, their account is automatically revoked. We will be coordinating with Sine in the next couple of weeks to retire the current Sine Pro plugin at the same time we publish the new ClearPass Sine Pro extension.

ClearPass Hardening Deployment Guide - UPDATE. This is the latest version of this very valuable document every ClearPass Admin should consult as we update our best practices to react to changing threat and cyber challenges. This guide covers best practice configuration for every ClearPass deployments, which services/protocols are in use, which security and configuration features are being added/modified to ensure you deploy ClearPass with a security first strategy. Every ClearPass Admin EVERY ONE should be familiar with the content of this guide.

IntroSpect Integration Guide - NEW. We're late in publishing this guide, the integration has been available for a while so we're very sorry in how long its taken for us to capture all of the content and get this guide in your hands. This is a new document covering the integration between ClearPass and IntroSpect. IntroSpect continues to have success in existing ClearPass accounts and new accounts. If you need to configure integration between the two platforms, this is the DOC you need. As its our initial DOC covering this we really want to hear your feedback if you feel there is anything missing from this guide, please let us know.

Netfort LANGuardian Integration Guide – NEW. This new guide supports the integration between LANGuardian and ClearPass via the Ingress Event Engine. LANGuardian provides visibility into endpoint Compliance State, such as endpoints running SMBv1, Weak Encryption in use, Unauthorized DNS server access. LANGuardian can alert ClearPass to these events to allow ClearPass to take the appropriate action on the endpoint.

Newsletter #2

Date: 12/10/2018

NEW CLEARPASS INTEGRATIONS

Tenable Nessus Integration

Nessus has been around a long time and is a foundation tool used by many companies to identify vulnerabilities across many software products within an enterprise network. We've worked closely with Tenable to integrate our two products so that the contextual security and threat data is made available and shared. ClearPass can then use this data to make a more informed decision in how to allow/deny access for endpoints authenticating on the network. Several other use-cases exist along the lines of checking the last time a device was scanned for vulnerabilities, has a device every been scanned, etc.

MobileIron Cloud and Common Platform Services

We've had an integration with MobileIron for nearly 6 years. Recently they added a Cloud based platform for managing endpoints, but this utilized a completely different API framework than what we supported. This new integration add the support for the new API framework and complements the existing support for MobileIron Core with support for MobileIron Cloud R56 and above. As part of this release we have also added support for MobileIron Common Platform Services (CPS) which is part of both Core and Cloud but we have only certified support for CPS on the Cloud platform. CPS enables an almost-real-time feed from MobileIron into ClearPass such that endpoint additions/deletions/compliance changes can be updated within 3-5 seconds. Now ClearPass has an almost-real-time view of the MobileIron managed endpoints.

UPDATED CLEARPASS INTEGRATIONS

Check Point

The integration with Check Point is well established and has been available for nearly 4 years. During this time the integration was specifically for Check Point's R77 platform plus the installation of some specific Check Point hotfix's which enabled the integration. When Check Point released their R80 platform, they significantly simplified the integration, removed the need for additional hotfix-patches and made this a part of the core platform. This updated integration guide covers the configuration necessary on R80 and ClearPass to allow the sharing of User and Device context such that policies with Check Point have additional visibility to make more granular and real-time enforcement decisions. 

ENVOY Visitor Management

Envoy is a Visitor Management Solution we've supported for the past couple of years in addition to Sine Pro, TEEM LobbyConnect and TEAMGO GoReception. With this new integration guide we added some new functionality to the integration but more importantly fully documented the end-to-end integration in this V2 release. The overarching value here is we remove the airgap between visitor management and guest-access by automating account creation/deletion in ClearPass Guest on check-in/checkout.

Newsletter #1

Date: 9/4/2018

Cylance Protect Integration Guide - NEW. Cylance is a next generation AI cyber endpoint protection client, sometimes called an EDR or EPP. Cylance's security solutions provide full spectrum predictive threat prevention and visibility across the enterprise, combatting threats such as malware, ransomware, fileless malware, malicious scripts, weaponized docs, and other attack vectors. With AI based malware prevention, application and script control, memory protection, device policy enforcement, root cause analysis, threat hunting, automated threat detection and response, coupled with expert security services. ClearPass integrates realtime to check the security posture of the endpoint at the time of authentication to decide on the access is should be given, or not. Numerous security contextual attributes are returned and stored in the endpoint so they can be used within an enforcement policy. This guide is to be used with the new Cylance Extension.

Palo Alto Integration Guide - UPDATE. Palo Alto has been our most popular 3^rd party, and the integration stretches back over 5+ years this is version seven of the guide. The guide has been updated to include numerous changes introduced in ClearPass 6.7 which you need to know. We've also taken the opportunity to remove some of the OLD 6.x configuration to tidy up and reduce the document size.

Microsoft Intune Integration Guide - UPDATE. Intune has been making steady inroads into the market of some of the traditional MDM/EMM vendors. We've seen a huge uptick from customer/partners for InTune. Historically, we had to make calls into InTune to check the endpoint details on every authentication, this was an unnecessary overhead based upon the exposed API's from Microsoft, not a limitation in ClearPass. Now we cache the returned attributes and add an expiration duration. This latest version of the Integration Guide supports the updated V4 version of the InTune Extension.

Symantec Endpoint Manager (SEPM) Integration Guide - NEW. Symantec has had a security solution for endpoint protection for many, many years and they have been very successful in this space. Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features. Adding this integration to our endpoint support not only expands the opportunities for ClearPass but enables us to deliver a deeper security solution for enterprise customers. SEPM supports a vast amount of endpoint attributes, close to 100, these attributes are returned and stored in the endpoint so they can be used within an enforcement policy, later these can leveraged to make very granular enforcement decisions when devices access the network.

Sine Pro Visitor Management Integration Guide - NEW. This is an update to an existing Visitor Management solution, which previously had no public guide. It bridges the divide between Visitor and Guest Management. Let's be honest, Visitors need Guest access, for the visitor, he/she registers at the front desk and at the same time, they get guess access… Woohoo. For the security/network team, when the visitor leaves the facility, their account is automatically revoked. We will be coordinating with Sine in the next couple of weeks to retire the current Sine Pro plugin at the same time we publish the new ClearPass Sine Pro extension.

ClearPass Hardening Deployment Guide - UPDATE. This is the latest version of this very valuable document every ClearPass Admin should consult as we update our best practices to react to changing threat and cyber challenges. This guide covers best practice configuration for every ClearPass deployments, which services/protocols are in use, which security and configuration features are being added/modified to ensure you deploy ClearPass with a security first strategy. Every ClearPass Admin EVERY ONE should be familiar with the content of this guide.

IntroSpect Integration Guide - NEW. We're late in publishing this guide, the integration has been available for a while so we're very sorry in how long its taken for us to capture all of the content and get this guide in your hands. This is a new document covering the integration between ClearPass and IntroSpect. IntroSpect continues to have success in existing ClearPass accounts and new accounts. If you need to configure integration between the two platforms, this is the DOC you need. As its our initial DOC covering this we really want to hear your feedback if you feel there is anything missing from this guide, please let us know.

Netfort LANGuardian Integration Guide – NEW. This new guide supports the integration between LANGuardian and ClearPass via the Ingress Event Engine. LANGuardian provides visibility into endpoint Compliance State, such as endpoints running SMBv1, Weak Encryption in use, Unauthorized DNS server access. LANGuardian can alert ClearPass to these events to allow ClearPass to take the appropriate action on the endpoint.

Newsletter #3

Date: 3/7/2019

NEW CLEARPASS INTEGRATIONS

IBM BigFix

IBM's BigFix is a collaborative Enterprise Endpoint Management and Security Platform. It's used and deployed by 1000's of customers to aid with managing and securing endpoints across their network. It can provide context for Compliance, Lifecycle, Inventory and Patch. In our initial release of IBM BigFix and ClearPass integration we have focused on the underlying framework and visibility of the managed endpoints. We plan to add support for Compliance next.

CyberHound {SPECIAL THANKS TO JASON ATKINS CLEARPASS CSE IN SYDNEY FOR THIS DOCUMENT}
CyberHound has developed the most comprehensive learning enablement solution for 100's of schools that has become the benchmark in Australia and overseas. Protecting your schools community from a growing number of cyber threats including malicious websites, cyberbullying and predatory behavior requires a comprehensive solution specifically designed for the 21st century. CyberHound delivers a best of bread next generation cyber security platform offering advanced firewall, Web Filtering an IPS features, if CyberHound detects malicious or erroneous activity on an endpoint, it signals ClearPass Policy Manager to take an action against the device such as quarantine to remove the threat and limit the expose.

Zingbox IoT Guardian

Zingbox is an endpoint device and classification partner with focus on Healthcare and IoT Security. Zingbox complements the existing fingerprinting and profiling that exists in ClearPass Policy Manager today and via the Aruba 360 Security Exchange open API framework update the ClearPass Policy Manager EndpointDB to enhance the endpoint classification for IoT Healthcare devices, this provides an enhanced level of visibility for the network and security administrators.

Newsletter #2

Date: 12/10/2018

NEW CLEARPASS INTEGRATIONS

Tenable Nessus Integration

Nessus has been around a long time and is a foundation tool used by many companies to identify vulnerabilities across many software products within an enterprise network. We've worked closely with Tenable to integrate our two products so that the contextual security and threat data is made available and shared. ClearPass can then use this data to make a more informed decision in how to allow/deny access for endpoints authenticating on the network. Several other use-cases exist along the lines of checking the last time a device was scanned for vulnerabilities, has a device every been scanned, etc.

MobileIron Cloud and Common Platform Services

We've had an integration with MobileIron for nearly 6 years. Recently they added a Cloud based platform for managing endpoints, but this utilized a completely different API framework than what we supported. This new integration add the support for the new API framework and complements the existing support for MobileIron Core with support for MobileIron Cloud R56 and above. As part of this release we have also added support for MobileIron Common Platform Services (CPS) which is part of both Core and Cloud but we have only certified support for CPS on the Cloud platform. CPS enables an almost-real-time feed from MobileIron into ClearPass such that endpoint additions/deletions/compliance changes can be updated within 3-5 seconds. Now ClearPass has an almost-real-time view of the MobileIron managed endpoints.

UPDATED CLEARPASS INTEGRATIONS

Check Point

The integration with Check Point is well established and has been available for nearly 4 years. During this time the integration was specifically for Check Point's R77 platform plus the installation of some specific Check Point hotfix's which enabled the integration. When Check Point released their R80 platform, they significantly simplified the integration, removed the need for additional hotfix-patches and made this a part of the core platform. This updated integration guide covers the configuration necessary on R80 and ClearPass to allow the sharing of User and Device context such that policies with Check Point have additional visibility to make more granular and real-time enforcement decisions. 

ENVOY Visitor Management

Envoy is a Visitor Management Solution we've supported for the past couple of years in addition to Sine Pro, TEEM LobbyConnect and TEAMGO GoReception. With this new integration guide we added some new functionality to the integration but more importantly fully documented the end-to-end integration in this V2 release. The overarching value here is we remove the airgap between visitor management and guest-access by automating account creation/deletion in ClearPass Guest on check-in/checkout.

Newsletter #1

Date: 9/4/2018

Cylance Protect Integration Guide - NEW. Cylance is a next generation AI cyber endpoint protection client, sometimes called an EDR or EPP. Cylance's security solutions provide full spectrum predictive threat prevention and visibility across the enterprise, combatting threats such as malware, ransomware, fileless malware, malicious scripts, weaponized docs, and other attack vectors. With AI based malware prevention, application and script control, memory protection, device policy enforcement, root cause analysis, threat hunting, automated threat detection and response, coupled with expert security services. ClearPass integrates realtime to check the security posture of the endpoint at the time of authentication to decide on the access is should be given, or not. Numerous security contextual attributes are returned and stored in the endpoint so they can be used within an enforcement policy. This guide is to be used with the new Cylance Extension.

Palo Alto Integration Guide - UPDATE. Palo Alto has been our most popular 3^rd party, and the integration stretches back over 5+ years this is version seven of the guide. The guide has been updated to include numerous changes introduced in ClearPass 6.7 which you need to know. We've also taken the opportunity to remove some of the OLD 6.x configuration to tidy up and reduce the document size.

Microsoft Intune Integration Guide - UPDATE. Intune has been making steady inroads into the market of some of the traditional MDM/EMM vendors. We've seen a huge uptick from customer/partners for InTune. Historically, we had to make calls into InTune to check the endpoint details on every authentication, this was an unnecessary overhead based upon the exposed API's from Microsoft, not a limitation in ClearPass. Now we cache the returned attributes and add an expiration duration. This latest version of the Integration Guide supports the updated V4 version of the InTune Extension.

Symantec Endpoint Manager (SEPM) Integration Guide - NEW. Symantec has had a security solution for endpoint protection for many, many years and they have been very successful in this space. Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features. Adding this integration to our endpoint support not only expands the opportunities for ClearPass but enables us to deliver a deeper security solution for enterprise customers. SEPM supports a vast amount of endpoint attributes, close to 100, these attributes are returned and stored in the endpoint so they can be used within an enforcement policy, later these can leveraged to make very granular enforcement decisions when devices access the network.

Sine Pro Visitor Management Integration Guide - NEW. This is an update to an existing Visitor Management solution, which previously had no public guide. It bridges the divide between Visitor and Guest Management. Let's be honest, Visitors need Guest access, for the visitor, he/she registers at the front desk and at the same time, they get guess access… Woohoo. For the security/network team, when the visitor leaves the facility, their account is automatically revoked. We will be coordinating with Sine in the next couple of weeks to retire the current Sine Pro plugin at the same time we publish the new ClearPass Sine Pro extension.

ClearPass Hardening Deployment Guide - UPDATE. This is the latest version of this very valuable document every ClearPass Admin should consult as we update our best practices to react to changing threat and cyber challenges. This guide covers best practice configuration for every ClearPass deployments, which services/protocols are in use, which security and configuration features are being added/modified to ensure you deploy ClearPass with a security first strategy. Every ClearPass Admin EVERY ONE should be familiar with the content of this guide.

IntroSpect Integration Guide - NEW. We're late in publishing this guide, the integration has been available for a while so we're very sorry in how long its taken for us to capture all of the content and get this guide in your hands. This is a new document covering the integration between ClearPass and IntroSpect. IntroSpect continues to have success in existing ClearPass accounts and new accounts. If you need to configure integration between the two platforms, this is the DOC you need. As its our initial DOC covering this we really want to hear your feedback if you feel there is anything missing from this guide, please let us know.

Netfort LANGuardian Integration Guide – NEW. This new guide supports the integration between LANGuardian and ClearPass via the Ingress Event Engine. LANGuardian provides visibility into endpoint Compliance State, such as endpoints running SMBv1, Weak Encryption in use, Unauthorized DNS server access. LANGuardian can alert ClearPass to these events to allow ClearPass to take the appropriate action on the endpoint.

Newsletter #4

Date: 6/7/2019

NEW CLEARPASS POLICY MANAGER INTEGRATIONS

I am excited to announce we are releasing three new integrations with Operational Technology and Industrial Control Systems (OT/ICS) vendors. This is a is a new integration space for us and I believe will provide a lot of new opportunities. At the 50,000 foot level, OT/ICS are the network foundation that run in Manufacturing systems, Transportation, Oil and Gas exploration and Power Energy distribution environments. The vendors in this space are probably names that you've seen and heard of in passing such as Rockwell Automation, Beckhoff, ABB, Emerson, Yokogawa, and Omron but have never encountered in your traditional SMB/EDU/Enterprise customer base.

So why are we making a move into this space? Well, these networks run on Ethernet and IP but after layer3 it's a completely different game with protocols we've never typically ever seen like Siemens S7, Modbus, Profinet, GE SRTP, CC-Link, DNP3 and many more. The opportunity here is that history tells us the teams that runs OT/ICS only have one requirement, and it's not security. They only care about uptime/availability, security has never been a consideration, however the world is changing and a number of high profile security incidents has changed the OT/ICS world and there is an opportunity in front of us to capture some of this TAM.

The opportunity around OT/ICS is now, our competitors, both Forescout and Cisco, have already and continue to invest in this space, Cisco just purchased Sentryo. Forescout had been working with a number of partners, but then acquired a company called SecutityMatters last year that drove a lot of them to seek a new NAC partner and came to us. Side Note: these vendors have already been working with Cisco in one way or another. In general the vendors we've partnered with provide very similar capabilities, but there are some small nuances in how they differ which is captured in the integration guides. 

We're taking a multi-phase approach to these integrations, Phase1 is what we're releasing today, covers visibility and classification, this provides an insight into the OT/ICS endpoints. This gives a company the ability to have a centralized companywide view of all network connected assets/inventory across IT and OT but more importantly the ability to set network edge policy in a single platform. The next phase will be specific to cyber/threat reporting and providing actionable capabilities.

To summarize why you should care, integrated Policy Manager with these OT/ICS vendors provides centralized visibility of BOTH IT and OT endpoints, ability to define enforcement policies for these devices in a single place and in the future add the ability to respond and react to cyber threats within their OT/ICS networks. 

NEW OT/ICS Visibility Vendors

• Claroty CoreX
• CyberX 
• Indegy Device Integrity 

All three vendors identify and classify OT/ICS connected equipment and automatically create endpoints inside the ClearPass Policy Manager endpoint database. Network-security/access-control for all of these OT/ICS Ethernet connected devices is enforced using MAB/MAC-Auth. Think of these devices as IIoT, headless and pretty simple when it comes to authentication. Being able to authorize and control access for these devices with the contextual data supplied within an enforcement policy yields a more secure enviornment. CyberX in particular has also added support to automatically notify ClearPass Policy Manager if it detects erroneous activity of OT/ICS connected endpoints.

VMware WorkSpace One (previously marketed as VMware Airwatch) – Realtime updates

We've had support for what was previously marketed by VMWare as Airwatch for many years now using Policy Manager's context server actions. This new integration can be considered an optional supplementary overlay for the existing support but using a ClearPass Extension. The new extension provides the ability for ClearPass Policy Manager to consume real-time updates (roughly 3-5 seconds) from VMware Workspace One rather than waiting for the next poll/ingest to happen, which historically happened hourly. There are several workflows where getting a real-time notification about new devices being enrolled provides for an better user experience and also when devices are removed from management or have changed their compliance state. The new real-time update is significantly beneficial than waiting for the next poll.

Original Message:
Sent: Jun 17, 2023 10:12 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #3

Date: 3/7/2019

NEW CLEARPASS INTEGRATIONS

IBM BigFix

IBM's BigFix is a collaborative Enterprise Endpoint Management and Security Platform. It's used and deployed by 1000's of customers to aid with managing and securing endpoints across their network. It can provide context for Compliance, Lifecycle, Inventory and Patch. In our initial release of IBM BigFix and ClearPass integration we have focused on the underlying framework and visibility of the managed endpoints. We plan to add support for Compliance next.

CyberHound {SPECIAL THANKS TO JASON ATKINS CLEARPASS CSE IN SYDNEY FOR THIS DOCUMENT}
CyberHound has developed the most comprehensive learning enablement solution for 100's of schools that has become the benchmark in Australia and overseas. Protecting your schools community from a growing number of cyber threats including malicious websites, cyberbullying and predatory behavior requires a comprehensive solution specifically designed for the 21st century. CyberHound delivers a best of bread next generation cyber security platform offering advanced firewall, Web Filtering an IPS features, if CyberHound detects malicious or erroneous activity on an endpoint, it signals ClearPass Policy Manager to take an action against the device such as quarantine to remove the threat and limit the expose.

Zingbox IoT Guardian

Zingbox is an endpoint device and classification partner with focus on Healthcare and IoT Security. Zingbox complements the existing fingerprinting and profiling that exists in ClearPass Policy Manager today and via the Aruba 360 Security Exchange open API framework update the ClearPass Policy Manager EndpointDB to enhance the endpoint classification for IoT Healthcare devices, this provides an enhanced level of visibility for the network and security administrators.

Original Message:
Sent: Jun 17, 2023 10:09 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #2

Date: 12/10/2018

NEW CLEARPASS INTEGRATIONS

Tenable Nessus Integration

Nessus has been around a long time and is a foundation tool used by many companies to identify vulnerabilities across many software products within an enterprise network. We've worked closely with Tenable to integrate our two products so that the contextual security and threat data is made available and shared. ClearPass can then use this data to make a more informed decision in how to allow/deny access for endpoints authenticating on the network. Several other use-cases exist along the lines of checking the last time a device was scanned for vulnerabilities, has a device every been scanned, etc.

MobileIron Cloud and Common Platform Services

We've had an integration with MobileIron for nearly 6 years. Recently they added a Cloud based platform for managing endpoints, but this utilized a completely different API framework than what we supported. This new integration add the support for the new API framework and complements the existing support for MobileIron Core with support for MobileIron Cloud R56 and above. As part of this release we have also added support for MobileIron Common Platform Services (CPS) which is part of both Core and Cloud but we have only certified support for CPS on the Cloud platform. CPS enables an almost-real-time feed from MobileIron into ClearPass such that endpoint additions/deletions/compliance changes can be updated within 3-5 seconds. Now ClearPass has an almost-real-time view of the MobileIron managed endpoints.

UPDATED CLEARPASS INTEGRATIONS

Check Point

The integration with Check Point is well established and has been available for nearly 4 years. During this time the integration was specifically for Check Point's R77 platform plus the installation of some specific Check Point hotfix's which enabled the integration. When Check Point released their R80 platform, they significantly simplified the integration, removed the need for additional hotfix-patches and made this a part of the core platform. This updated integration guide covers the configuration necessary on R80 and ClearPass to allow the sharing of User and Device context such that policies with Check Point have additional visibility to make more granular and real-time enforcement decisions. 

ENVOY Visitor Management

Envoy is a Visitor Management Solution we've supported for the past couple of years in addition to Sine Pro, TEEM LobbyConnect and TEAMGO GoReception. With this new integration guide we added some new functionality to the integration but more importantly fully documented the end-to-end integration in this V2 release. The overarching value here is we remove the airgap between visitor management and guest-access by automating account creation/deletion in ClearPass Guest on check-in/checkout.

Original Message:
Sent: Jun 17, 2023 10:06 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #1

Date: 9/4/2018

Cylance Protect Integration Guide - NEW. Cylance is a next generation AI cyber endpoint protection client, sometimes called an EDR or EPP. Cylance's security solutions provide full spectrum predictive threat prevention and visibility across the enterprise, combatting threats such as malware, ransomware, fileless malware, malicious scripts, weaponized docs, and other attack vectors. With AI based malware prevention, application and script control, memory protection, device policy enforcement, root cause analysis, threat hunting, automated threat detection and response, coupled with expert security services. ClearPass integrates realtime to check the security posture of the endpoint at the time of authentication to decide on the access is should be given, or not. Numerous security contextual attributes are returned and stored in the endpoint so they can be used within an enforcement policy. This guide is to be used with the new Cylance Extension.

Palo Alto Integration Guide - UPDATE. Palo Alto has been our most popular 3^rd party, and the integration stretches back over 5+ years this is version seven of the guide. The guide has been updated to include numerous changes introduced in ClearPass 6.7 which you need to know. We've also taken the opportunity to remove some of the OLD 6.x configuration to tidy up and reduce the document size.

Microsoft Intune Integration Guide - UPDATE. Intune has been making steady inroads into the market of some of the traditional MDM/EMM vendors. We've seen a huge uptick from customer/partners for InTune. Historically, we had to make calls into InTune to check the endpoint details on every authentication, this was an unnecessary overhead based upon the exposed API's from Microsoft, not a limitation in ClearPass. Now we cache the returned attributes and add an expiration duration. This latest version of the Integration Guide supports the updated V4 version of the InTune Extension.

Symantec Endpoint Manager (SEPM) Integration Guide - NEW. Symantec has had a security solution for endpoint protection for many, many years and they have been very successful in this space. Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features. Adding this integration to our endpoint support not only expands the opportunities for ClearPass but enables us to deliver a deeper security solution for enterprise customers. SEPM supports a vast amount of endpoint attributes, close to 100, these attributes are returned and stored in the endpoint so they can be used within an enforcement policy, later these can leveraged to make very granular enforcement decisions when devices access the network.

Sine Pro Visitor Management Integration Guide - NEW. This is an update to an existing Visitor Management solution, which previously had no public guide. It bridges the divide between Visitor and Guest Management. Let's be honest, Visitors need Guest access, for the visitor, he/she registers at the front desk and at the same time, they get guess access… Woohoo. For the security/network team, when the visitor leaves the facility, their account is automatically revoked. We will be coordinating with Sine in the next couple of weeks to retire the current Sine Pro plugin at the same time we publish the new ClearPass Sine Pro extension.

ClearPass Hardening Deployment Guide - UPDATE. This is the latest version of this very valuable document every ClearPass Admin should consult as we update our best practices to react to changing threat and cyber challenges. This guide covers best practice configuration for every ClearPass deployments, which services/protocols are in use, which security and configuration features are being added/modified to ensure you deploy ClearPass with a security first strategy. Every ClearPass Admin EVERY ONE should be familiar with the content of this guide.

IntroSpect Integration Guide - NEW. We're late in publishing this guide, the integration has been available for a while so we're very sorry in how long its taken for us to capture all of the content and get this guide in your hands. This is a new document covering the integration between ClearPass and IntroSpect. IntroSpect continues to have success in existing ClearPass accounts and new accounts. If you need to configure integration between the two platforms, this is the DOC you need. As its our initial DOC covering this we really want to hear your feedback if you feel there is anything missing from this guide, please let us know.

Netfort LANGuardian Integration Guide – NEW. This new guide supports the integration between LANGuardian and ClearPass via the Ingress Event Engine. LANGuardian provides visibility into endpoint Compliance State, such as endpoints running SMBv1, Weak Encryption in use, Unauthorized DNS server access. LANGuardian can alert ClearPass to these events to allow ClearPass to take the appropriate action on the endpoint.

Newsletter #5

Date: 9/9/2019

Original Message:
Sent: Jun 17, 2023 10:14 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #4

Date: 6/7/2019

NEW CLEARPASS POLICY MANAGER INTEGRATIONS

I am excited to announce we are releasing three new integrations with Operational Technology and Industrial Control Systems (OT/ICS) vendors. This is a is a new integration space for us and I believe will provide a lot of new opportunities. At the 50,000 foot level, OT/ICS are the network foundation that run in Manufacturing systems, Transportation, Oil and Gas exploration and Power Energy distribution environments. The vendors in this space are probably names that you've seen and heard of in passing such as Rockwell Automation, Beckhoff, ABB, Emerson, Yokogawa, and Omron but have never encountered in your traditional SMB/EDU/Enterprise customer base.

So why are we making a move into this space? Well, these networks run on Ethernet and IP but after layer3 it's a completely different game with protocols we've never typically ever seen like Siemens S7, Modbus, Profinet, GE SRTP, CC-Link, DNP3 and many more. The opportunity here is that history tells us the teams that runs OT/ICS only have one requirement, and it's not security. They only care about uptime/availability, security has never been a consideration, however the world is changing and a number of high profile security incidents has changed the OT/ICS world and there is an opportunity in front of us to capture some of this TAM.

The opportunity around OT/ICS is now, our competitors, both Forescout and Cisco, have already and continue to invest in this space, Cisco just purchased Sentryo. Forescout had been working with a number of partners, but then acquired a company called SecutityMatters last year that drove a lot of them to seek a new NAC partner and came to us. Side Note: these vendors have already been working with Cisco in one way or another. In general the vendors we've partnered with provide very similar capabilities, but there are some small nuances in how they differ which is captured in the integration guides. 

We're taking a multi-phase approach to these integrations, Phase1 is what we're releasing today, covers visibility and classification, this provides an insight into the OT/ICS endpoints. This gives a company the ability to have a centralized companywide view of all network connected assets/inventory across IT and OT but more importantly the ability to set network edge policy in a single platform. The next phase will be specific to cyber/threat reporting and providing actionable capabilities.

To summarize why you should care, integrated Policy Manager with these OT/ICS vendors provides centralized visibility of BOTH IT and OT endpoints, ability to define enforcement policies for these devices in a single place and in the future add the ability to respond and react to cyber threats within their OT/ICS networks. 

NEW OT/ICS Visibility Vendors

• Claroty CoreX
• CyberX 
• Indegy Device Integrity 

All three vendors identify and classify OT/ICS connected equipment and automatically create endpoints inside the ClearPass Policy Manager endpoint database. Network-security/access-control for all of these OT/ICS Ethernet connected devices is enforced using MAB/MAC-Auth. Think of these devices as IIoT, headless and pretty simple when it comes to authentication. Being able to authorize and control access for these devices with the contextual data supplied within an enforcement policy yields a more secure enviornment. CyberX in particular has also added support to automatically notify ClearPass Policy Manager if it detects erroneous activity of OT/ICS connected endpoints.

VMware WorkSpace One (previously marketed as VMware Airwatch) – Realtime updates

We've had support for what was previously marketed by VMWare as Airwatch for many years now using Policy Manager's context server actions. This new integration can be considered an optional supplementary overlay for the existing support but using a ClearPass Extension. The new extension provides the ability for ClearPass Policy Manager to consume real-time updates (roughly 3-5 seconds) from VMware Workspace One rather than waiting for the next poll/ingest to happen, which historically happened hourly. There are several workflows where getting a real-time notification about new devices being enrolled provides for an better user experience and also when devices are removed from management or have changed their compliance state. The new real-time update is significantly beneficial than waiting for the next poll.

Original Message:
Sent: Jun 17, 2023 10:12 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #3

Date: 3/7/2019

NEW CLEARPASS INTEGRATIONS

IBM BigFix

IBM's BigFix is a collaborative Enterprise Endpoint Management and Security Platform. It's used and deployed by 1000's of customers to aid with managing and securing endpoints across their network. It can provide context for Compliance, Lifecycle, Inventory and Patch. In our initial release of IBM BigFix and ClearPass integration we have focused on the underlying framework and visibility of the managed endpoints. We plan to add support for Compliance next.

CyberHound {SPECIAL THANKS TO JASON ATKINS CLEARPASS CSE IN SYDNEY FOR THIS DOCUMENT}
CyberHound has developed the most comprehensive learning enablement solution for 100's of schools that has become the benchmark in Australia and overseas. Protecting your schools community from a growing number of cyber threats including malicious websites, cyberbullying and predatory behavior requires a comprehensive solution specifically designed for the 21st century. CyberHound delivers a best of bread next generation cyber security platform offering advanced firewall, Web Filtering an IPS features, if CyberHound detects malicious or erroneous activity on an endpoint, it signals ClearPass Policy Manager to take an action against the device such as quarantine to remove the threat and limit the expose.

Zingbox IoT Guardian

Zingbox is an endpoint device and classification partner with focus on Healthcare and IoT Security. Zingbox complements the existing fingerprinting and profiling that exists in ClearPass Policy Manager today and via the Aruba 360 Security Exchange open API framework update the ClearPass Policy Manager EndpointDB to enhance the endpoint classification for IoT Healthcare devices, this provides an enhanced level of visibility for the network and security administrators.

Original Message:
Sent: Jun 17, 2023 10:09 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #2

Date: 12/10/2018

NEW CLEARPASS INTEGRATIONS

Tenable Nessus Integration

Nessus has been around a long time and is a foundation tool used by many companies to identify vulnerabilities across many software products within an enterprise network. We've worked closely with Tenable to integrate our two products so that the contextual security and threat data is made available and shared. ClearPass can then use this data to make a more informed decision in how to allow/deny access for endpoints authenticating on the network. Several other use-cases exist along the lines of checking the last time a device was scanned for vulnerabilities, has a device every been scanned, etc.

MobileIron Cloud and Common Platform Services

We've had an integration with MobileIron for nearly 6 years. Recently they added a Cloud based platform for managing endpoints, but this utilized a completely different API framework than what we supported. This new integration add the support for the new API framework and complements the existing support for MobileIron Core with support for MobileIron Cloud R56 and above. As part of this release we have also added support for MobileIron Common Platform Services (CPS) which is part of both Core and Cloud but we have only certified support for CPS on the Cloud platform. CPS enables an almost-real-time feed from MobileIron into ClearPass such that endpoint additions/deletions/compliance changes can be updated within 3-5 seconds. Now ClearPass has an almost-real-time view of the MobileIron managed endpoints.

UPDATED CLEARPASS INTEGRATIONS

Check Point

The integration with Check Point is well established and has been available for nearly 4 years. During this time the integration was specifically for Check Point's R77 platform plus the installation of some specific Check Point hotfix's which enabled the integration. When Check Point released their R80 platform, they significantly simplified the integration, removed the need for additional hotfix-patches and made this a part of the core platform. This updated integration guide covers the configuration necessary on R80 and ClearPass to allow the sharing of User and Device context such that policies with Check Point have additional visibility to make more granular and real-time enforcement decisions. 

ENVOY Visitor Management

Envoy is a Visitor Management Solution we've supported for the past couple of years in addition to Sine Pro, TEEM LobbyConnect and TEAMGO GoReception. With this new integration guide we added some new functionality to the integration but more importantly fully documented the end-to-end integration in this V2 release. The overarching value here is we remove the airgap between visitor management and guest-access by automating account creation/deletion in ClearPass Guest on check-in/checkout.

Original Message:
Sent: Jun 17, 2023 10:06 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #1

Date: 9/4/2018

Cylance Protect Integration Guide - NEW. Cylance is a next generation AI cyber endpoint protection client, sometimes called an EDR or EPP. Cylance's security solutions provide full spectrum predictive threat prevention and visibility across the enterprise, combatting threats such as malware, ransomware, fileless malware, malicious scripts, weaponized docs, and other attack vectors. With AI based malware prevention, application and script control, memory protection, device policy enforcement, root cause analysis, threat hunting, automated threat detection and response, coupled with expert security services. ClearPass integrates realtime to check the security posture of the endpoint at the time of authentication to decide on the access is should be given, or not. Numerous security contextual attributes are returned and stored in the endpoint so they can be used within an enforcement policy. This guide is to be used with the new Cylance Extension.

Palo Alto Integration Guide - UPDATE. Palo Alto has been our most popular 3^rd party, and the integration stretches back over 5+ years this is version seven of the guide. The guide has been updated to include numerous changes introduced in ClearPass 6.7 which you need to know. We've also taken the opportunity to remove some of the OLD 6.x configuration to tidy up and reduce the document size.

Microsoft Intune Integration Guide - UPDATE. Intune has been making steady inroads into the market of some of the traditional MDM/EMM vendors. We've seen a huge uptick from customer/partners for InTune. Historically, we had to make calls into InTune to check the endpoint details on every authentication, this was an unnecessary overhead based upon the exposed API's from Microsoft, not a limitation in ClearPass. Now we cache the returned attributes and add an expiration duration. This latest version of the Integration Guide supports the updated V4 version of the InTune Extension.

Symantec Endpoint Manager (SEPM) Integration Guide - NEW. Symantec has had a security solution for endpoint protection for many, many years and they have been very successful in this space. Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features. Adding this integration to our endpoint support not only expands the opportunities for ClearPass but enables us to deliver a deeper security solution for enterprise customers. SEPM supports a vast amount of endpoint attributes, close to 100, these attributes are returned and stored in the endpoint so they can be used within an enforcement policy, later these can leveraged to make very granular enforcement decisions when devices access the network.

Sine Pro Visitor Management Integration Guide - NEW. This is an update to an existing Visitor Management solution, which previously had no public guide. It bridges the divide between Visitor and Guest Management. Let's be honest, Visitors need Guest access, for the visitor, he/she registers at the front desk and at the same time, they get guess access… Woohoo. For the security/network team, when the visitor leaves the facility, their account is automatically revoked. We will be coordinating with Sine in the next couple of weeks to retire the current Sine Pro plugin at the same time we publish the new ClearPass Sine Pro extension.

ClearPass Hardening Deployment Guide - UPDATE. This is the latest version of this very valuable document every ClearPass Admin should consult as we update our best practices to react to changing threat and cyber challenges. This guide covers best practice configuration for every ClearPass deployments, which services/protocols are in use, which security and configuration features are being added/modified to ensure you deploy ClearPass with a security first strategy. Every ClearPass Admin EVERY ONE should be familiar with the content of this guide.

IntroSpect Integration Guide - NEW. We're late in publishing this guide, the integration has been available for a while so we're very sorry in how long its taken for us to capture all of the content and get this guide in your hands. This is a new document covering the integration between ClearPass and IntroSpect. IntroSpect continues to have success in existing ClearPass accounts and new accounts. If you need to configure integration between the two platforms, this is the DOC you need. As its our initial DOC covering this we really want to hear your feedback if you feel there is anything missing from this guide, please let us know.

Netfort LANGuardian Integration Guide – NEW. This new guide supports the integration between LANGuardian and ClearPass via the Ingress Event Engine. LANGuardian provides visibility into endpoint Compliance State, such as endpoints running SMBv1, Weak Encryption in use, Unauthorized DNS server access. LANGuardian can alert ClearPass to these events to allow ClearPass to take the appropriate action on the endpoint.

Newsletter #6

Date: 12/18/2019

NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS

This quarter we focused on improving a number of our existing integrations and adding a few new ones. We've updated our Symantec Endpoint Protection Manager and made a minor update to our VMware Workspace One real-time update process. We have a couple of new integrations for you that we've releasing, Mosyle, a MDM player that is very successful in the K-12 and academia vertical and Medigate a Medical IoT security vendor. Finally this month we've completely re-written the ClearPass Policy Manager and Palo Alto Integration Guide. This guide has gone through eight previous iterations and had become fragmented with references to old versions and code, this is a fresh new version of the guide.

We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition.

Mosyle – NEW

Most K-12 schools want visibility and control of the devices students and faculty connect to the network. Being able to make intelligent decisions about these devices becomes much easier if there is a source of truth for the devices that can be used. Integrating with an MDM enables an easy way to ensure only authorized devices can connect to the network. If the device is unknown, provide a workflow that enables the student or teacher to self-remediate and enroll the device, if the device is not running the latest s/w direct the user to update their device, if its jailbroken, quarantine it on the network, and so on. Mosyle is a very successful MDM vendor in the K-12 market, specializing exclusively in the Apple eco-system for iOS, macOS and tv-OS.

Why this maters to you? – For K-12 customer's this provides an essential and almost invaluable integration that's delivers an enhanced layer of security for any connected device to the network be it known or unknown.

Medigate – NEW
Medical IoT {MIoT} has started to get a lot if visibility, similar in a way to Industrial IoT {IIoT}, it's highly specialized and security vendors playing in this space are laser focused exclusively on the MIoT space. Identifying connected devices within the medical space is a specialty technology, seeing beyond the regular device-type, device-os is a necessity, not a nice to have. There is no point identifying a MRI machine as a Windows Computer {if its running embedded windows} where the devices functionality and classification is very different. Being able to identify devices on your network with CVE vulnerabilities, firmware or their serial numbers is again a necessity. Our new integration with Medigate provides an enhanced level of visibility into the MIoT world of connected devices, Medigate automatically provisions endpoint with content into the ClearPass Endpoint database.

Why this maters to you? – Having the visibility and context from Medigate enables the deployment of a centralized security access policy for all devices connected to the network.

VMware Workspace One – Updated
Since releasing this integration one of the items specifically requested was the need to have the exchange integration tag endpoints as "unknown" when they are being deleted from within VMware Workspace One, so that they be removed from the ClearPass Endpoint database by normal Policy Manager housekeeping. This update provides an additional switch in the extension config to enable this functionality.
Why this maters to you? – Maintaining a consistent view of your managed network devices is critical, if there is high turn-over or a need to just remove deleted/retired devices from the ClearPass Endpoint database this optional feature lets you chooses how you want to manage your devices.

Symantec Endpoint Protection Manager – Updated
The original SEPM integration was released in 2018, this new version delivers a number of changes and improvements. The integration now pre-appends "SEPM" to all of the endpoint attributes added to Endpoints. We've updated the configuration of the polling process which controls the full or delta-changes update process, it's now based upon a unix style CRON job scheduler. Finally, for this new version we exposed the ability to set the returned page size of Endpoints we retrieve from the remote SEPM per API call, this allows the load on the SEPM server to be better controlled.
Why this maters to you? – Standardizing the experience and functionality across our extensive Extension estate, adding incremental updates.

Palo Alto Networks Integration Guide – Updated
We've re-written the integration guide to bring it up to date and remove a large amount of dated content. In this new guide, we've taken some of the content from the 'other' advanced integration guide and added a new section covering the use of the Ingress Event Engine and its configuration and thus retiring the old advanced guide with this new single guide.

Why this maters to you? – We've streamlined your reading of this guide by removing old redundant content. Being able to leverage all of the capabilities of our integrations enables you to build a more secure environment.

Newsletter #5

Date: 9/9/2019

Original Message:
Sent: Jun 17, 2023 10:14 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #4

Date: 6/7/2019

NEW CLEARPASS POLICY MANAGER INTEGRATIONS

I am excited to announce we are releasing three new integrations with Operational Technology and Industrial Control Systems (OT/ICS) vendors. This is a is a new integration space for us and I believe will provide a lot of new opportunities. At the 50,000 foot level, OT/ICS are the network foundation that run in Manufacturing systems, Transportation, Oil and Gas exploration and Power Energy distribution environments. The vendors in this space are probably names that you've seen and heard of in passing such as Rockwell Automation, Beckhoff, ABB, Emerson, Yokogawa, and Omron but have never encountered in your traditional SMB/EDU/Enterprise customer base.

So why are we making a move into this space? Well, these networks run on Ethernet and IP but after layer3 it's a completely different game with protocols we've never typically ever seen like Siemens S7, Modbus, Profinet, GE SRTP, CC-Link, DNP3 and many more. The opportunity here is that history tells us the teams that runs OT/ICS only have one requirement, and it's not security. They only care about uptime/availability, security has never been a consideration, however the world is changing and a number of high profile security incidents has changed the OT/ICS world and there is an opportunity in front of us to capture some of this TAM.

The opportunity around OT/ICS is now, our competitors, both Forescout and Cisco, have already and continue to invest in this space, Cisco just purchased Sentryo. Forescout had been working with a number of partners, but then acquired a company called SecutityMatters last year that drove a lot of them to seek a new NAC partner and came to us. Side Note: these vendors have already been working with Cisco in one way or another. In general the vendors we've partnered with provide very similar capabilities, but there are some small nuances in how they differ which is captured in the integration guides. 

We're taking a multi-phase approach to these integrations, Phase1 is what we're releasing today, covers visibility and classification, this provides an insight into the OT/ICS endpoints. This gives a company the ability to have a centralized companywide view of all network connected assets/inventory across IT and OT but more importantly the ability to set network edge policy in a single platform. The next phase will be specific to cyber/threat reporting and providing actionable capabilities.

To summarize why you should care, integrated Policy Manager with these OT/ICS vendors provides centralized visibility of BOTH IT and OT endpoints, ability to define enforcement policies for these devices in a single place and in the future add the ability to respond and react to cyber threats within their OT/ICS networks. 

NEW OT/ICS Visibility Vendors

• Claroty CoreX
• CyberX 
• Indegy Device Integrity 

All three vendors identify and classify OT/ICS connected equipment and automatically create endpoints inside the ClearPass Policy Manager endpoint database. Network-security/access-control for all of these OT/ICS Ethernet connected devices is enforced using MAB/MAC-Auth. Think of these devices as IIoT, headless and pretty simple when it comes to authentication. Being able to authorize and control access for these devices with the contextual data supplied within an enforcement policy yields a more secure enviornment. CyberX in particular has also added support to automatically notify ClearPass Policy Manager if it detects erroneous activity of OT/ICS connected endpoints.

VMware WorkSpace One (previously marketed as VMware Airwatch) – Realtime updates

We've had support for what was previously marketed by VMWare as Airwatch for many years now using Policy Manager's context server actions. This new integration can be considered an optional supplementary overlay for the existing support but using a ClearPass Extension. The new extension provides the ability for ClearPass Policy Manager to consume real-time updates (roughly 3-5 seconds) from VMware Workspace One rather than waiting for the next poll/ingest to happen, which historically happened hourly. There are several workflows where getting a real-time notification about new devices being enrolled provides for an better user experience and also when devices are removed from management or have changed their compliance state. The new real-time update is significantly beneficial than waiting for the next poll.

Original Message:
Sent: Jun 17, 2023 10:12 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #3

Date: 3/7/2019

NEW CLEARPASS INTEGRATIONS

IBM BigFix

IBM's BigFix is a collaborative Enterprise Endpoint Management and Security Platform. It's used and deployed by 1000's of customers to aid with managing and securing endpoints across their network. It can provide context for Compliance, Lifecycle, Inventory and Patch. In our initial release of IBM BigFix and ClearPass integration we have focused on the underlying framework and visibility of the managed endpoints. We plan to add support for Compliance next.

CyberHound {SPECIAL THANKS TO JASON ATKINS CLEARPASS CSE IN SYDNEY FOR THIS DOCUMENT}
CyberHound has developed the most comprehensive learning enablement solution for 100's of schools that has become the benchmark in Australia and overseas. Protecting your schools community from a growing number of cyber threats including malicious websites, cyberbullying and predatory behavior requires a comprehensive solution specifically designed for the 21st century. CyberHound delivers a best of bread next generation cyber security platform offering advanced firewall, Web Filtering an IPS features, if CyberHound detects malicious or erroneous activity on an endpoint, it signals ClearPass Policy Manager to take an action against the device such as quarantine to remove the threat and limit the expose.

Zingbox IoT Guardian

Zingbox is an endpoint device and classification partner with focus on Healthcare and IoT Security. Zingbox complements the existing fingerprinting and profiling that exists in ClearPass Policy Manager today and via the Aruba 360 Security Exchange open API framework update the ClearPass Policy Manager EndpointDB to enhance the endpoint classification for IoT Healthcare devices, this provides an enhanced level of visibility for the network and security administrators.

Original Message:
Sent: Jun 17, 2023 10:09 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #2

Date: 12/10/2018

NEW CLEARPASS INTEGRATIONS

Tenable Nessus Integration

Nessus has been around a long time and is a foundation tool used by many companies to identify vulnerabilities across many software products within an enterprise network. We've worked closely with Tenable to integrate our two products so that the contextual security and threat data is made available and shared. ClearPass can then use this data to make a more informed decision in how to allow/deny access for endpoints authenticating on the network. Several other use-cases exist along the lines of checking the last time a device was scanned for vulnerabilities, has a device every been scanned, etc.

MobileIron Cloud and Common Platform Services

We've had an integration with MobileIron for nearly 6 years. Recently they added a Cloud based platform for managing endpoints, but this utilized a completely different API framework than what we supported. This new integration add the support for the new API framework and complements the existing support for MobileIron Core with support for MobileIron Cloud R56 and above. As part of this release we have also added support for MobileIron Common Platform Services (CPS) which is part of both Core and Cloud but we have only certified support for CPS on the Cloud platform. CPS enables an almost-real-time feed from MobileIron into ClearPass such that endpoint additions/deletions/compliance changes can be updated within 3-5 seconds. Now ClearPass has an almost-real-time view of the MobileIron managed endpoints.

UPDATED CLEARPASS INTEGRATIONS

Check Point

The integration with Check Point is well established and has been available for nearly 4 years. During this time the integration was specifically for Check Point's R77 platform plus the installation of some specific Check Point hotfix's which enabled the integration. When Check Point released their R80 platform, they significantly simplified the integration, removed the need for additional hotfix-patches and made this a part of the core platform. This updated integration guide covers the configuration necessary on R80 and ClearPass to allow the sharing of User and Device context such that policies with Check Point have additional visibility to make more granular and real-time enforcement decisions. 

ENVOY Visitor Management

Envoy is a Visitor Management Solution we've supported for the past couple of years in addition to Sine Pro, TEEM LobbyConnect and TEAMGO GoReception. With this new integration guide we added some new functionality to the integration but more importantly fully documented the end-to-end integration in this V2 release. The overarching value here is we remove the airgap between visitor management and guest-access by automating account creation/deletion in ClearPass Guest on check-in/checkout.

Original Message:
Sent: Jun 17, 2023 10:06 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #1

Date: 9/4/2018

Cylance Protect Integration Guide - NEW. Cylance is a next generation AI cyber endpoint protection client, sometimes called an EDR or EPP. Cylance's security solutions provide full spectrum predictive threat prevention and visibility across the enterprise, combatting threats such as malware, ransomware, fileless malware, malicious scripts, weaponized docs, and other attack vectors. With AI based malware prevention, application and script control, memory protection, device policy enforcement, root cause analysis, threat hunting, automated threat detection and response, coupled with expert security services. ClearPass integrates realtime to check the security posture of the endpoint at the time of authentication to decide on the access is should be given, or not. Numerous security contextual attributes are returned and stored in the endpoint so they can be used within an enforcement policy. This guide is to be used with the new Cylance Extension.

Palo Alto Integration Guide - UPDATE. Palo Alto has been our most popular 3^rd party, and the integration stretches back over 5+ years this is version seven of the guide. The guide has been updated to include numerous changes introduced in ClearPass 6.7 which you need to know. We've also taken the opportunity to remove some of the OLD 6.x configuration to tidy up and reduce the document size.

Microsoft Intune Integration Guide - UPDATE. Intune has been making steady inroads into the market of some of the traditional MDM/EMM vendors. We've seen a huge uptick from customer/partners for InTune. Historically, we had to make calls into InTune to check the endpoint details on every authentication, this was an unnecessary overhead based upon the exposed API's from Microsoft, not a limitation in ClearPass. Now we cache the returned attributes and add an expiration duration. This latest version of the Integration Guide supports the updated V4 version of the InTune Extension.

Symantec Endpoint Manager (SEPM) Integration Guide - NEW. Symantec has had a security solution for endpoint protection for many, many years and they have been very successful in this space. Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features. Adding this integration to our endpoint support not only expands the opportunities for ClearPass but enables us to deliver a deeper security solution for enterprise customers. SEPM supports a vast amount of endpoint attributes, close to 100, these attributes are returned and stored in the endpoint so they can be used within an enforcement policy, later these can leveraged to make very granular enforcement decisions when devices access the network.

Sine Pro Visitor Management Integration Guide - NEW. This is an update to an existing Visitor Management solution, which previously had no public guide. It bridges the divide between Visitor and Guest Management. Let's be honest, Visitors need Guest access, for the visitor, he/she registers at the front desk and at the same time, they get guess access… Woohoo. For the security/network team, when the visitor leaves the facility, their account is automatically revoked. We will be coordinating with Sine in the next couple of weeks to retire the current Sine Pro plugin at the same time we publish the new ClearPass Sine Pro extension.

ClearPass Hardening Deployment Guide - UPDATE. This is the latest version of this very valuable document every ClearPass Admin should consult as we update our best practices to react to changing threat and cyber challenges. This guide covers best practice configuration for every ClearPass deployments, which services/protocols are in use, which security and configuration features are being added/modified to ensure you deploy ClearPass with a security first strategy. Every ClearPass Admin EVERY ONE should be familiar with the content of this guide.

IntroSpect Integration Guide - NEW. We're late in publishing this guide, the integration has been available for a while so we're very sorry in how long its taken for us to capture all of the content and get this guide in your hands. This is a new document covering the integration between ClearPass and IntroSpect. IntroSpect continues to have success in existing ClearPass accounts and new accounts. If you need to configure integration between the two platforms, this is the DOC you need. As its our initial DOC covering this we really want to hear your feedback if you feel there is anything missing from this guide, please let us know.

Netfort LANGuardian Integration Guide – NEW. This new guide supports the integration between LANGuardian and ClearPass via the Ingress Event Engine. LANGuardian provides visibility into endpoint Compliance State, such as endpoints running SMBv1, Weak Encryption in use, Unauthorized DNS server access. LANGuardian can alert ClearPass to these events to allow ClearPass to take the appropriate action on the endpoint.

Newsletter #7

Date: 4/1/2020

NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS

This quarter we focused on improving a number of our existing integrations and adding a few new ones. This quarter highlights the importance of endpoint security, as we release three new EDR/EPP security integrations, endpoint security along with NGFW firewall is where enterprise business's spend the vast majority of their security budget, being able to integrate them with ClearPass Policy Manager is highly desirable. We've supported a number of vendors over the years, this quarter we've added additional leading endpoint vendors solutions, Crowdstrike, Microsoft and Trend Micro. Continuing with the integration development last quarter with Mosyle Manager for the K-12/Higher-Ed space, we've added Mosyle Business, this version is focused specifically on Enterprise Companies, this has already led to a ClearPass new-business sale in a competitive situation in Canada.

In terms of updates, Cylance Protect, now Blackberry Cylance Protect after they purchased the endpoint security vendor just over 1-year ago in February 2019, a small update to the logic processing in VMware Workspace One {formally known as Airwatch} and we've published the Medigate Integration Technote

We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition.

Crowdstrike Falcon – New

Crowdstrike Falcon has been one of the most requested integrations from the field/partners for the past two years, we're finally pleased to release our integration. A high number of Enterprise Businesses have deployed the Falcon endpoint agent and ClearPass can now leverage Falcon's endpoint security context as part of the Enforcement Policy.

Why this maters to you? – Being able to access and use contextual data from endpoint security agents is very valuable, using this at time of network access provides an invaluable insight in making an enforcement decision on how a device gains, or doesn't, network access and ultimately application access.

Microsoft Defender Advanced Threat Protection {D-ATP} – New

Microsoft have been tightly integrating endpoint behavioral sensors, security analytics and threat intelligence into the Windows platform. D-ATP platform of features is now available to other desktop systems such as macOS and has publicly announced it intends to support Android and iOS later in 2020 via support with other partners. We've seen interest from customer for D-ATP integration through 2019 and we're now pleased to release and announce our integration, we're also the FIRST NAC vendor to have an integration with D-ATP.

Separately we're now members of MISA, the Microsoft Intelligent Security Associate "an ecosystem of independent software vendors that have integrated their solutions to better defend against a world of increasing threats.", we're hopeful this will provide us with an additional avenue to market ClearPass Policy Manager.
Why this matters to you? – Being able to access and use contextual data from endpoint security agents is very valuable, using this at time of network access provides an invaluable insight in making an enforcement decision on how a device gains, or doesn't, network access and ultimately application access.

Trend Micro Apex Central / Apex One – New

Trend Micro has been a highly requested integration especially from our colleagues in APJ region. TM recently re-packaged their endpoint security products as 'APEX', APEX ONE being the agent and APEX CENTRAL being the management platform. We've added integration specifically into APEX CENTRAL as the conduit to access endpoint context from APEX ONE.
Why this matters to you? – Regionally Trend Micro is a very strong player within APJ and adding support will aid our team in selling ClearPass Policy Manager, outside of APJ TM continues as one of the global Anti-Virus vendors and has been very successful as a Cyber-security vendor and adding support for TM APEX CENTRAL will universally help others.

Mosyle Business – New

We added support for Mosyle Manager a UEM focused on K-12 in our last quarters update. This month we've extended and added support for Mosyle Business. Mosyle Business streamlines workflows to manage and deploy APPLE specific networks of devices.

Why this matters to you? – For Enterprise Customers this provides an essential and almost invaluable integration that's delivers an enhanced layer of security for any connected device to the network be it known or unknown.

Blackberry Cylance Protect – Updated

Cylance Protect has been one of the 'new-wave' of NG antivirus vendors this past few years. We originally released Cylance Protect over 3 years back as one of our early extensions, since then we've updated a number of extension related framework features such as scheduling via CRON style controls, we've started to introduce extension level resource/performance statistics, concatenate vendor name's as part of the endpoint attributes and we've exposed a configurable ingest paging sizes to customers.

Why this matters to you? – Refreshing the extension updates a number of key usable features as discussed above and fundamentally adds incremental usability features.

Medigate – Updated

Why this matters to you? – See last quarters link below for our write up on Medigate, this just confirms that the delayed TechNote supporting this integration is now posted.

VMware Workspace One – Updated

The integration with VMware Workspace ONE {WSO} has had a number of releases, this latest release {version 3.1.0} provides support for an issue related to creating/patching endpoints when some of the returned fields are NULL. Note:- There is no documentation update to support this update.
Why this matters to you? – Ensuring that endpoints get updated real-time and with the correct contextual data is paramount, please ensure you or your customer move to this latest version of the WSO extension.

Newsletter #6

Date: 12/18/2019

NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS

This quarter we focused on improving a number of our existing integrations and adding a few new ones. We've updated our Symantec Endpoint Protection Manager and made a minor update to our VMware Workspace One real-time update process. We have a couple of new integrations for you that we've releasing, Mosyle, a MDM player that is very successful in the K-12 and academia vertical and Medigate a Medical IoT security vendor. Finally this month we've completely re-written the ClearPass Policy Manager and Palo Alto Integration Guide. This guide has gone through eight previous iterations and had become fragmented with references to old versions and code, this is a fresh new version of the guide.

We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition.

Mosyle – NEW

Most K-12 schools want visibility and control of the devices students and faculty connect to the network. Being able to make intelligent decisions about these devices becomes much easier if there is a source of truth for the devices that can be used. Integrating with an MDM enables an easy way to ensure only authorized devices can connect to the network. If the device is unknown, provide a workflow that enables the student or teacher to self-remediate and enroll the device, if the device is not running the latest s/w direct the user to update their device, if its jailbroken, quarantine it on the network, and so on. Mosyle is a very successful MDM vendor in the K-12 market, specializing exclusively in the Apple eco-system for iOS, macOS and tv-OS.

Why this maters to you? – For K-12 customer's this provides an essential and almost invaluable integration that's delivers an enhanced layer of security for any connected device to the network be it known or unknown.

Medigate – NEW
Medical IoT {MIoT} has started to get a lot if visibility, similar in a way to Industrial IoT {IIoT}, it's highly specialized and security vendors playing in this space are laser focused exclusively on the MIoT space. Identifying connected devices within the medical space is a specialty technology, seeing beyond the regular device-type, device-os is a necessity, not a nice to have. There is no point identifying a MRI machine as a Windows Computer {if its running embedded windows} where the devices functionality and classification is very different. Being able to identify devices on your network with CVE vulnerabilities, firmware or their serial numbers is again a necessity. Our new integration with Medigate provides an enhanced level of visibility into the MIoT world of connected devices, Medigate automatically provisions endpoint with content into the ClearPass Endpoint database.

Why this maters to you? – Having the visibility and context from Medigate enables the deployment of a centralized security access policy for all devices connected to the network.

VMware Workspace One – Updated
Since releasing this integration one of the items specifically requested was the need to have the exchange integration tag endpoints as "unknown" when they are being deleted from within VMware Workspace One, so that they be removed from the ClearPass Endpoint database by normal Policy Manager housekeeping. This update provides an additional switch in the extension config to enable this functionality.
Why this maters to you? – Maintaining a consistent view of your managed network devices is critical, if there is high turn-over or a need to just remove deleted/retired devices from the ClearPass Endpoint database this optional feature lets you chooses how you want to manage your devices.

Symantec Endpoint Protection Manager – Updated
The original SEPM integration was released in 2018, this new version delivers a number of changes and improvements. The integration now pre-appends "SEPM" to all of the endpoint attributes added to Endpoints. We've updated the configuration of the polling process which controls the full or delta-changes update process, it's now based upon a unix style CRON job scheduler. Finally, for this new version we exposed the ability to set the returned page size of Endpoints we retrieve from the remote SEPM per API call, this allows the load on the SEPM server to be better controlled.
Why this maters to you? – Standardizing the experience and functionality across our extensive Extension estate, adding incremental updates.

Palo Alto Networks Integration Guide – Updated
We've re-written the integration guide to bring it up to date and remove a large amount of dated content. In this new guide, we've taken some of the content from the 'other' advanced integration guide and added a new section covering the use of the Ingress Event Engine and its configuration and thus retiring the old advanced guide with this new single guide.

Why this maters to you? – We've streamlined your reading of this guide by removing old redundant content. Being able to leverage all of the capabilities of our integrations enables you to build a more secure environment.

Newsletter #5

Date: 9/9/2019

Original Message:
Sent: Jun 17, 2023 10:14 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #4

Date: 6/7/2019

NEW CLEARPASS POLICY MANAGER INTEGRATIONS

I am excited to announce we are releasing three new integrations with Operational Technology and Industrial Control Systems (OT/ICS) vendors. This is a is a new integration space for us and I believe will provide a lot of new opportunities. At the 50,000 foot level, OT/ICS are the network foundation that run in Manufacturing systems, Transportation, Oil and Gas exploration and Power Energy distribution environments. The vendors in this space are probably names that you've seen and heard of in passing such as Rockwell Automation, Beckhoff, ABB, Emerson, Yokogawa, and Omron but have never encountered in your traditional SMB/EDU/Enterprise customer base.

So why are we making a move into this space? Well, these networks run on Ethernet and IP but after layer3 it's a completely different game with protocols we've never typically ever seen like Siemens S7, Modbus, Profinet, GE SRTP, CC-Link, DNP3 and many more. The opportunity here is that history tells us the teams that runs OT/ICS only have one requirement, and it's not security. They only care about uptime/availability, security has never been a consideration, however the world is changing and a number of high profile security incidents has changed the OT/ICS world and there is an opportunity in front of us to capture some of this TAM.

The opportunity around OT/ICS is now, our competitors, both Forescout and Cisco, have already and continue to invest in this space, Cisco just purchased Sentryo. Forescout had been working with a number of partners, but then acquired a company called SecutityMatters last year that drove a lot of them to seek a new NAC partner and came to us. Side Note: these vendors have already been working with Cisco in one way or another. In general the vendors we've partnered with provide very similar capabilities, but there are some small nuances in how they differ which is captured in the integration guides. 

We're taking a multi-phase approach to these integrations, Phase1 is what we're releasing today, covers visibility and classification, this provides an insight into the OT/ICS endpoints. This gives a company the ability to have a centralized companywide view of all network connected assets/inventory across IT and OT but more importantly the ability to set network edge policy in a single platform. The next phase will be specific to cyber/threat reporting and providing actionable capabilities.

To summarize why you should care, integrated Policy Manager with these OT/ICS vendors provides centralized visibility of BOTH IT and OT endpoints, ability to define enforcement policies for these devices in a single place and in the future add the ability to respond and react to cyber threats within their OT/ICS networks. 

NEW OT/ICS Visibility Vendors

• Claroty CoreX
• CyberX 
• Indegy Device Integrity 

All three vendors identify and classify OT/ICS connected equipment and automatically create endpoints inside the ClearPass Policy Manager endpoint database. Network-security/access-control for all of these OT/ICS Ethernet connected devices is enforced using MAB/MAC-Auth. Think of these devices as IIoT, headless and pretty simple when it comes to authentication. Being able to authorize and control access for these devices with the contextual data supplied within an enforcement policy yields a more secure enviornment. CyberX in particular has also added support to automatically notify ClearPass Policy Manager if it detects erroneous activity of OT/ICS connected endpoints.

VMware WorkSpace One (previously marketed as VMware Airwatch) – Realtime updates

We've had support for what was previously marketed by VMWare as Airwatch for many years now using Policy Manager's context server actions. This new integration can be considered an optional supplementary overlay for the existing support but using a ClearPass Extension. The new extension provides the ability for ClearPass Policy Manager to consume real-time updates (roughly 3-5 seconds) from VMware Workspace One rather than waiting for the next poll/ingest to happen, which historically happened hourly. There are several workflows where getting a real-time notification about new devices being enrolled provides for an better user experience and also when devices are removed from management or have changed their compliance state. The new real-time update is significantly beneficial than waiting for the next poll.

Original Message:
Sent: Jun 17, 2023 10:12 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #3

Date: 3/7/2019

NEW CLEARPASS INTEGRATIONS

IBM BigFix

IBM's BigFix is a collaborative Enterprise Endpoint Management and Security Platform. It's used and deployed by 1000's of customers to aid with managing and securing endpoints across their network. It can provide context for Compliance, Lifecycle, Inventory and Patch. In our initial release of IBM BigFix and ClearPass integration we have focused on the underlying framework and visibility of the managed endpoints. We plan to add support for Compliance next.

CyberHound {SPECIAL THANKS TO JASON ATKINS CLEARPASS CSE IN SYDNEY FOR THIS DOCUMENT}
CyberHound has developed the most comprehensive learning enablement solution for 100's of schools that has become the benchmark in Australia and overseas. Protecting your schools community from a growing number of cyber threats including malicious websites, cyberbullying and predatory behavior requires a comprehensive solution specifically designed for the 21st century. CyberHound delivers a best of bread next generation cyber security platform offering advanced firewall, Web Filtering an IPS features, if CyberHound detects malicious or erroneous activity on an endpoint, it signals ClearPass Policy Manager to take an action against the device such as quarantine to remove the threat and limit the expose.

Zingbox IoT Guardian

Zingbox is an endpoint device and classification partner with focus on Healthcare and IoT Security. Zingbox complements the existing fingerprinting and profiling that exists in ClearPass Policy Manager today and via the Aruba 360 Security Exchange open API framework update the ClearPass Policy Manager EndpointDB to enhance the endpoint classification for IoT Healthcare devices, this provides an enhanced level of visibility for the network and security administrators.

Original Message:
Sent: Jun 17, 2023 10:09 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #2

Date: 12/10/2018

NEW CLEARPASS INTEGRATIONS

Tenable Nessus Integration

Nessus has been around a long time and is a foundation tool used by many companies to identify vulnerabilities across many software products within an enterprise network. We've worked closely with Tenable to integrate our two products so that the contextual security and threat data is made available and shared. ClearPass can then use this data to make a more informed decision in how to allow/deny access for endpoints authenticating on the network. Several other use-cases exist along the lines of checking the last time a device was scanned for vulnerabilities, has a device every been scanned, etc.

MobileIron Cloud and Common Platform Services

We've had an integration with MobileIron for nearly 6 years. Recently they added a Cloud based platform for managing endpoints, but this utilized a completely different API framework than what we supported. This new integration add the support for the new API framework and complements the existing support for MobileIron Core with support for MobileIron Cloud R56 and above. As part of this release we have also added support for MobileIron Common Platform Services (CPS) which is part of both Core and Cloud but we have only certified support for CPS on the Cloud platform. CPS enables an almost-real-time feed from MobileIron into ClearPass such that endpoint additions/deletions/compliance changes can be updated within 3-5 seconds. Now ClearPass has an almost-real-time view of the MobileIron managed endpoints.

UPDATED CLEARPASS INTEGRATIONS

Check Point

The integration with Check Point is well established and has been available for nearly 4 years. During this time the integration was specifically for Check Point's R77 platform plus the installation of some specific Check Point hotfix's which enabled the integration. When Check Point released their R80 platform, they significantly simplified the integration, removed the need for additional hotfix-patches and made this a part of the core platform. This updated integration guide covers the configuration necessary on R80 and ClearPass to allow the sharing of User and Device context such that policies with Check Point have additional visibility to make more granular and real-time enforcement decisions. 

ENVOY Visitor Management

Envoy is a Visitor Management Solution we've supported for the past couple of years in addition to Sine Pro, TEEM LobbyConnect and TEAMGO GoReception. With this new integration guide we added some new functionality to the integration but more importantly fully documented the end-to-end integration in this V2 release. The overarching value here is we remove the airgap between visitor management and guest-access by automating account creation/deletion in ClearPass Guest on check-in/checkout.

Original Message:
Sent: Jun 17, 2023 10:06 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #1

Date: 9/4/2018

Cylance Protect Integration Guide - NEW. Cylance is a next generation AI cyber endpoint protection client, sometimes called an EDR or EPP. Cylance's security solutions provide full spectrum predictive threat prevention and visibility across the enterprise, combatting threats such as malware, ransomware, fileless malware, malicious scripts, weaponized docs, and other attack vectors. With AI based malware prevention, application and script control, memory protection, device policy enforcement, root cause analysis, threat hunting, automated threat detection and response, coupled with expert security services. ClearPass integrates realtime to check the security posture of the endpoint at the time of authentication to decide on the access is should be given, or not. Numerous security contextual attributes are returned and stored in the endpoint so they can be used within an enforcement policy. This guide is to be used with the new Cylance Extension.

Palo Alto Integration Guide - UPDATE. Palo Alto has been our most popular 3^rd party, and the integration stretches back over 5+ years this is version seven of the guide. The guide has been updated to include numerous changes introduced in ClearPass 6.7 which you need to know. We've also taken the opportunity to remove some of the OLD 6.x configuration to tidy up and reduce the document size.

Microsoft Intune Integration Guide - UPDATE. Intune has been making steady inroads into the market of some of the traditional MDM/EMM vendors. We've seen a huge uptick from customer/partners for InTune. Historically, we had to make calls into InTune to check the endpoint details on every authentication, this was an unnecessary overhead based upon the exposed API's from Microsoft, not a limitation in ClearPass. Now we cache the returned attributes and add an expiration duration. This latest version of the Integration Guide supports the updated V4 version of the InTune Extension.

Symantec Endpoint Manager (SEPM) Integration Guide - NEW. Symantec has had a security solution for endpoint protection for many, many years and they have been very successful in this space. Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features. Adding this integration to our endpoint support not only expands the opportunities for ClearPass but enables us to deliver a deeper security solution for enterprise customers. SEPM supports a vast amount of endpoint attributes, close to 100, these attributes are returned and stored in the endpoint so they can be used within an enforcement policy, later these can leveraged to make very granular enforcement decisions when devices access the network.

Sine Pro Visitor Management Integration Guide - NEW. This is an update to an existing Visitor Management solution, which previously had no public guide. It bridges the divide between Visitor and Guest Management. Let's be honest, Visitors need Guest access, for the visitor, he/she registers at the front desk and at the same time, they get guess access… Woohoo. For the security/network team, when the visitor leaves the facility, their account is automatically revoked. We will be coordinating with Sine in the next couple of weeks to retire the current Sine Pro plugin at the same time we publish the new ClearPass Sine Pro extension.

ClearPass Hardening Deployment Guide - UPDATE. This is the latest version of this very valuable document every ClearPass Admin should consult as we update our best practices to react to changing threat and cyber challenges. This guide covers best practice configuration for every ClearPass deployments, which services/protocols are in use, which security and configuration features are being added/modified to ensure you deploy ClearPass with a security first strategy. Every ClearPass Admin EVERY ONE should be familiar with the content of this guide.

IntroSpect Integration Guide - NEW. We're late in publishing this guide, the integration has been available for a while so we're very sorry in how long its taken for us to capture all of the content and get this guide in your hands. This is a new document covering the integration between ClearPass and IntroSpect. IntroSpect continues to have success in existing ClearPass accounts and new accounts. If you need to configure integration between the two platforms, this is the DOC you need. As its our initial DOC covering this we really want to hear your feedback if you feel there is anything missing from this guide, please let us know.

Netfort LANGuardian Integration Guide – NEW. This new guide supports the integration between LANGuardian and ClearPass via the Ingress Event Engine. LANGuardian provides visibility into endpoint Compliance State, such as endpoints running SMBv1, Weak Encryption in use, Unauthorized DNS server access. LANGuardian can alert ClearPass to these events to allow ClearPass to take the appropriate action on the endpoint.

Newsletter #8

Date: 7/1/2020

NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS

This quarter we've releasing the largest collection of new and updated integration ever, a total of NINE new or updated TechNotes. We've focused on improving a number of our existing integrations, adding several new ones and updating a couple of old TechNote for Palo Alto Networks, Infoblox and Check Point. This quarter highlights the importance of our eco-system of vendor diversity, Unified Endpoint Management {UEM}/MDM seems to be the dominant product technology this quarter as we release three new integrations in this space, Meraki System Manager, Blackberry UEM and a JAMF MDM integration delivered as an Extension. We've continued to expand the scope and touchpoints of our integrations with an additional vulnerability scanner, Rapid7 Nexpose. We've updated our McAfee ePO integration with several new enhancements and launched a totally new Cloud to on-prem connectivity process we're calling Skyhook Generic Processor.

We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition. I strongly encourage you to take some time to read and review the TechNotes for the below integrations.

McAfee ePO – Updated Integration

We've had an integration with McAfee ePO's endpoint security platform for several years. Today we release a major update with many new and improved features. The ability to for an ePO administrator to push real-time 'ePO TAGs' directly into the ClearPass EndpointDb and then subsequently from the ePO console trigger RADIUS Dynamic Authorizations, better known as CoA or RADIUS DM's, to have ClearPass re-evaluate the endpoint posture/health based upon the new TAG's. When ClearPass now finds an endpoint that is not managed by ePO, depending on Policy definition, it can add this endpoint to the ePO Rogue Systems for additional investigation, alerting the ePO administrator to system on the network not running the ePO endpoint security.

Why this maters to you? – Being able to leverage the ePO endpoint security context allows for more granular and advanced access decisions in Policy Manager, enabling network administration function for ClearPass directly in the ePO console enables a richer and more integrated security solution.

Rapid7 Nexpose/Insight – New Integration

Rapid7 has always had a very strong presence in the vulnerability scanning space. Today we're releasing our integration between Policy Manager and Nexpose to allow the integration between platforms to enable CPPM to make more security rich decisions based upon the context provided by Nexpose. Multiple use-cases exist but as an overview you can only permit access after endpoints have been scanned, or have been scanned in the last N-days.

Why this maters to you? – Being able to incorporate vulnerability information specific to an endpoint within the access decision tree adds an additional dimension to how CPPM views the connected edge devices.

Meraki System Manager – New Integration

Meraki System Manager {MSM} is frequently used by enterprises {running Meraki WiFi} to offer an MDM-light service. An MDM system allows for certain device-level management functions, some of this management is related to the security and compliance of endpoints and where appropriate, this context can be very relevant to allowing/denying/restricting device access to network resources. We've also been able to leverage security alerting via webhooks in MSM such that we can trigger 'real-time' actions against devices.
Why this matters to you? – Being able to ensure that devices that connect to your infrastructure are within the policy guidelines set by the MSM administrator is an important addition to our list of UEM/MDM vendors.

JAMF Pro – New Integration

We've had an integration with JAMF Pro via the Context-Servers for close to 7-years, in that time we added incremental updates as customers have requested updates. This integration takes the functionality we had in Policy-Manager and moves it to an Extension but also adds many new functions. For example, customer can now decide on what JAMF endpoint attributes are ingested for endpoints, from a list of over 125, customer can define the endpoint attributes ingested and written to the Policy Manager EndpointDb, without the need to ask for updates. Additionally we've added the capability for CPPM to 'request' that JAMF interrogates managed endpoint and returns ALL network interfaces discovered over and above the basic ethernet/wifi such that Policy Manager has visibility of all interface through which an endpoint could authenticate.

Why this matters to you? – For Enterprise Customers this opens up the process to easily decide on what JAMF context is valid for them, without the need to have Aruba makes changes. Capturing all of the network interfaces ensures whatever mac-address is used, be it the onboard wifi or perhaps a mac-address from a docking station won't inhibit the device connecting.

Skyhook Generic Processor - New Integration

The ability to connect Cloud apps to on-prem has created many challenges, we had the foresight to create a webhook proxy to allow us the ability to 'connect' cloud events to on-prem ClearPass Policy Manager nodes to ensure integrations like Envoy, Sine VMware WSO which trigger real-time events as webhook can communicate securely. This new integration widens the scope of Skyhook, we've creating a framework to allow other vendors the ability to leverage this framework to build their own integrations. In this phase1 release we support the ability to allow the created of Guest/Visitor Registration, Guest Device Registrations and Policy Manager Endpoint creation.
Why this matters to you? – With more application and services running in the cloud, being able to connect them secure to on-prem services is becoming critical. This new framework opens up the ability for 3^rd parties to use our standard defined webhook to build their own integrations, as an example PASSTAB in Australia is utilizing this to integrate their School Guest Management application with ClearPass Guest for automated creation and notification of Guest accounts.

BlackBerry UEM – Updated Integration

With this update for our BlackBerry integration, we've added support for BlackBerry Cloud and support for OAuth2. BlackBerry previously was only support for on-prem deployments, with this new integration as customer embrace Cloud managed services we continue to provide the necessary support.

Why this matters to you? – Supporting Cloud managed BlackBerry tenants and adding support for modern authentication.

Palo Alto Networks – Updated TechNote 

We've made a large number of updates to our Palo Alto Networks Integration TechNote. Cosmetically we've removed some of the older data, but more importantly we've made several large additions. We've integrated the content from the advanced use-case from an 'old' advanced use-case TechNote, we've added a section on how to use and configure the Ingress Event Engine, added a section on how the leverage the integration between GlobalProtect VPN and OnGuard to push Roles/Tags to federate the endpoint health to the firewall to permit/deny access for remote users.

Why this matters to you? – As one of the leading NGFW vendors, being able to leverage the multiple integration points between Policy Manager and Palo Alto NGFW is critical to securing access to internal resources and for local or remote users.

Check Point – Updated TechNote 

We've updated the Check Point Technote to validate R80.30 and R80.40, the more recent versions of Check Point NGFW. A few other minor updates relating to how to forward via the Context_Server_Action endpoint attributes. Finally a new section on how to strip [] from default roles such as [User Authenticated] so that when parsing TIPS:Roles it doesn't appear as nested arrays.

Why this matters to you? – Ensuring we support and have validated the latest version of Check Points NGFW product line is critical for customer who leverage the ability to federate contest such as roles between the two platforms.

Infoblox – Updated TechNote 

We've worked with  to add some new additional functionality to the existing integration, allowing ClearPass endpoints to be deleted when the network-source-of-truth is the Infoblox system and an administrator deletes them from Infoblox, this new updates will now remove them from the ClearPass EndpointDb.

Why this matters to you? – For customer that manage a network asset source-of-truth with Infoblox, this ensures a seamless integration and reduces operational overhead by administrating network assets in a single place.

Newsletter #7

Date: 4/1/2020

NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS

This quarter we focused on improving a number of our existing integrations and adding a few new ones. This quarter highlights the importance of endpoint security, as we release three new EDR/EPP security integrations, endpoint security along with NGFW firewall is where enterprise business's spend the vast majority of their security budget, being able to integrate them with ClearPass Policy Manager is highly desirable. We've supported a number of vendors over the years, this quarter we've added additional leading endpoint vendors solutions, Crowdstrike, Microsoft and Trend Micro. Continuing with the integration development last quarter with Mosyle Manager for the K-12/Higher-Ed space, we've added Mosyle Business, this version is focused specifically on Enterprise Companies, this has already led to a ClearPass new-business sale in a competitive situation in Canada.

In terms of updates, Cylance Protect, now Blackberry Cylance Protect after they purchased the endpoint security vendor just over 1-year ago in February 2019, a small update to the logic processing in VMware Workspace One {formally known as Airwatch} and we've published the Medigate Integration Technote

We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition.

Crowdstrike Falcon – New

Crowdstrike Falcon has been one of the most requested integrations from the field/partners for the past two years, we're finally pleased to release our integration. A high number of Enterprise Businesses have deployed the Falcon endpoint agent and ClearPass can now leverage Falcon's endpoint security context as part of the Enforcement Policy.

Why this maters to you? – Being able to access and use contextual data from endpoint security agents is very valuable, using this at time of network access provides an invaluable insight in making an enforcement decision on how a device gains, or doesn't, network access and ultimately application access.

Microsoft Defender Advanced Threat Protection {D-ATP} – New

Microsoft have been tightly integrating endpoint behavioral sensors, security analytics and threat intelligence into the Windows platform. D-ATP platform of features is now available to other desktop systems such as macOS and has publicly announced it intends to support Android and iOS later in 2020 via support with other partners. We've seen interest from customer for D-ATP integration through 2019 and we're now pleased to release and announce our integration, we're also the FIRST NAC vendor to have an integration with D-ATP.

Separately we're now members of MISA, the Microsoft Intelligent Security Associate "an ecosystem of independent software vendors that have integrated their solutions to better defend against a world of increasing threats.", we're hopeful this will provide us with an additional avenue to market ClearPass Policy Manager.
Why this matters to you? – Being able to access and use contextual data from endpoint security agents is very valuable, using this at time of network access provides an invaluable insight in making an enforcement decision on how a device gains, or doesn't, network access and ultimately application access.

Trend Micro Apex Central / Apex One – New

Trend Micro has been a highly requested integration especially from our colleagues in APJ region. TM recently re-packaged their endpoint security products as 'APEX', APEX ONE being the agent and APEX CENTRAL being the management platform. We've added integration specifically into APEX CENTRAL as the conduit to access endpoint context from APEX ONE.
Why this matters to you? – Regionally Trend Micro is a very strong player within APJ and adding support will aid our team in selling ClearPass Policy Manager, outside of APJ TM continues as one of the global Anti-Virus vendors and has been very successful as a Cyber-security vendor and adding support for TM APEX CENTRAL will universally help others.

Mosyle Business – New

We added support for Mosyle Manager a UEM focused on K-12 in our last quarters update. This month we've extended and added support for Mosyle Business. Mosyle Business streamlines workflows to manage and deploy APPLE specific networks of devices.

Why this matters to you? – For Enterprise Customers this provides an essential and almost invaluable integration that's delivers an enhanced layer of security for any connected device to the network be it known or unknown.

Blackberry Cylance Protect – Updated

Cylance Protect has been one of the 'new-wave' of NG antivirus vendors this past few years. We originally released Cylance Protect over 3 years back as one of our early extensions, since then we've updated a number of extension related framework features such as scheduling via CRON style controls, we've started to introduce extension level resource/performance statistics, concatenate vendor name's as part of the endpoint attributes and we've exposed a configurable ingest paging sizes to customers.

Why this matters to you? – Refreshing the extension updates a number of key usable features as discussed above and fundamentally adds incremental usability features.

Medigate – Updated

Why this matters to you? – See last quarters link below for our write up on Medigate, this just confirms that the delayed TechNote supporting this integration is now posted.

VMware Workspace One – Updated

The integration with VMware Workspace ONE {WSO} has had a number of releases, this latest release {version 3.1.0} provides support for an issue related to creating/patching endpoints when some of the returned fields are NULL. Note:- There is no documentation update to support this update.
Why this matters to you? – Ensuring that endpoints get updated real-time and with the correct contextual data is paramount, please ensure you or your customer move to this latest version of the WSO extension.

Newsletter #6

Date: 12/18/2019

NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS

This quarter we focused on improving a number of our existing integrations and adding a few new ones. We've updated our Symantec Endpoint Protection Manager and made a minor update to our VMware Workspace One real-time update process. We have a couple of new integrations for you that we've releasing, Mosyle, a MDM player that is very successful in the K-12 and academia vertical and Medigate a Medical IoT security vendor. Finally this month we've completely re-written the ClearPass Policy Manager and Palo Alto Integration Guide. This guide has gone through eight previous iterations and had become fragmented with references to old versions and code, this is a fresh new version of the guide.

We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition.

Mosyle – NEW

Most K-12 schools want visibility and control of the devices students and faculty connect to the network. Being able to make intelligent decisions about these devices becomes much easier if there is a source of truth for the devices that can be used. Integrating with an MDM enables an easy way to ensure only authorized devices can connect to the network. If the device is unknown, provide a workflow that enables the student or teacher to self-remediate and enroll the device, if the device is not running the latest s/w direct the user to update their device, if its jailbroken, quarantine it on the network, and so on. Mosyle is a very successful MDM vendor in the K-12 market, specializing exclusively in the Apple eco-system for iOS, macOS and tv-OS.

Why this maters to you? – For K-12 customer's this provides an essential and almost invaluable integration that's delivers an enhanced layer of security for any connected device to the network be it known or unknown.

Medigate – NEW
Medical IoT {MIoT} has started to get a lot if visibility, similar in a way to Industrial IoT {IIoT}, it's highly specialized and security vendors playing in this space are laser focused exclusively on the MIoT space. Identifying connected devices within the medical space is a specialty technology, seeing beyond the regular device-type, device-os is a necessity, not a nice to have. There is no point identifying a MRI machine as a Windows Computer {if its running embedded windows} where the devices functionality and classification is very different. Being able to identify devices on your network with CVE vulnerabilities, firmware or their serial numbers is again a necessity. Our new integration with Medigate provides an enhanced level of visibility into the MIoT world of connected devices, Medigate automatically provisions endpoint with content into the ClearPass Endpoint database.

Why this maters to you? – Having the visibility and context from Medigate enables the deployment of a centralized security access policy for all devices connected to the network.

VMware Workspace One – Updated
Since releasing this integration one of the items specifically requested was the need to have the exchange integration tag endpoints as "unknown" when they are being deleted from within VMware Workspace One, so that they be removed from the ClearPass Endpoint database by normal Policy Manager housekeeping. This update provides an additional switch in the extension config to enable this functionality.
Why this maters to you? – Maintaining a consistent view of your managed network devices is critical, if there is high turn-over or a need to just remove deleted/retired devices from the ClearPass Endpoint database this optional feature lets you chooses how you want to manage your devices.

Symantec Endpoint Protection Manager – Updated
The original SEPM integration was released in 2018, this new version delivers a number of changes and improvements. The integration now pre-appends "SEPM" to all of the endpoint attributes added to Endpoints. We've updated the configuration of the polling process which controls the full or delta-changes update process, it's now based upon a unix style CRON job scheduler. Finally, for this new version we exposed the ability to set the returned page size of Endpoints we retrieve from the remote SEPM per API call, this allows the load on the SEPM server to be better controlled.
Why this maters to you? – Standardizing the experience and functionality across our extensive Extension estate, adding incremental updates.

Palo Alto Networks Integration Guide – Updated
We've re-written the integration guide to bring it up to date and remove a large amount of dated content. In this new guide, we've taken some of the content from the 'other' advanced integration guide and added a new section covering the use of the Ingress Event Engine and its configuration and thus retiring the old advanced guide with this new single guide.

Why this maters to you? – We've streamlined your reading of this guide by removing old redundant content. Being able to leverage all of the capabilities of our integrations enables you to build a more secure environment.

Newsletter #5

Date: 9/9/2019

Original Message:
Sent: Jun 17, 2023 10:14 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #4

Date: 6/7/2019

NEW CLEARPASS POLICY MANAGER INTEGRATIONS

I am excited to announce we are releasing three new integrations with Operational Technology and Industrial Control Systems (OT/ICS) vendors. This is a is a new integration space for us and I believe will provide a lot of new opportunities. At the 50,000 foot level, OT/ICS are the network foundation that run in Manufacturing systems, Transportation, Oil and Gas exploration and Power Energy distribution environments. The vendors in this space are probably names that you've seen and heard of in passing such as Rockwell Automation, Beckhoff, ABB, Emerson, Yokogawa, and Omron but have never encountered in your traditional SMB/EDU/Enterprise customer base.

So why are we making a move into this space? Well, these networks run on Ethernet and IP but after layer3 it's a completely different game with protocols we've never typically ever seen like Siemens S7, Modbus, Profinet, GE SRTP, CC-Link, DNP3 and many more. The opportunity here is that history tells us the teams that runs OT/ICS only have one requirement, and it's not security. They only care about uptime/availability, security has never been a consideration, however the world is changing and a number of high profile security incidents has changed the OT/ICS world and there is an opportunity in front of us to capture some of this TAM.

The opportunity around OT/ICS is now, our competitors, both Forescout and Cisco, have already and continue to invest in this space, Cisco just purchased Sentryo. Forescout had been working with a number of partners, but then acquired a company called SecutityMatters last year that drove a lot of them to seek a new NAC partner and came to us. Side Note: these vendors have already been working with Cisco in one way or another. In general the vendors we've partnered with provide very similar capabilities, but there are some small nuances in how they differ which is captured in the integration guides. 

We're taking a multi-phase approach to these integrations, Phase1 is what we're releasing today, covers visibility and classification, this provides an insight into the OT/ICS endpoints. This gives a company the ability to have a centralized companywide view of all network connected assets/inventory across IT and OT but more importantly the ability to set network edge policy in a single platform. The next phase will be specific to cyber/threat reporting and providing actionable capabilities.

To summarize why you should care, integrated Policy Manager with these OT/ICS vendors provides centralized visibility of BOTH IT and OT endpoints, ability to define enforcement policies for these devices in a single place and in the future add the ability to respond and react to cyber threats within their OT/ICS networks. 

NEW OT/ICS Visibility Vendors

• Claroty CoreX
• CyberX 
• Indegy Device Integrity 

All three vendors identify and classify OT/ICS connected equipment and automatically create endpoints inside the ClearPass Policy Manager endpoint database. Network-security/access-control for all of these OT/ICS Ethernet connected devices is enforced using MAB/MAC-Auth. Think of these devices as IIoT, headless and pretty simple when it comes to authentication. Being able to authorize and control access for these devices with the contextual data supplied within an enforcement policy yields a more secure enviornment. CyberX in particular has also added support to automatically notify ClearPass Policy Manager if it detects erroneous activity of OT/ICS connected endpoints.

VMware WorkSpace One (previously marketed as VMware Airwatch) – Realtime updates

We've had support for what was previously marketed by VMWare as Airwatch for many years now using Policy Manager's context server actions. This new integration can be considered an optional supplementary overlay for the existing support but using a ClearPass Extension. The new extension provides the ability for ClearPass Policy Manager to consume real-time updates (roughly 3-5 seconds) from VMware Workspace One rather than waiting for the next poll/ingest to happen, which historically happened hourly. There are several workflows where getting a real-time notification about new devices being enrolled provides for an better user experience and also when devices are removed from management or have changed their compliance state. The new real-time update is significantly beneficial than waiting for the next poll.

Original Message:
Sent: Jun 17, 2023 10:12 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #3

Date: 3/7/2019

NEW CLEARPASS INTEGRATIONS

IBM BigFix

IBM's BigFix is a collaborative Enterprise Endpoint Management and Security Platform. It's used and deployed by 1000's of customers to aid with managing and securing endpoints across their network. It can provide context for Compliance, Lifecycle, Inventory and Patch. In our initial release of IBM BigFix and ClearPass integration we have focused on the underlying framework and visibility of the managed endpoints. We plan to add support for Compliance next.

CyberHound {SPECIAL THANKS TO JASON ATKINS CLEARPASS CSE IN SYDNEY FOR THIS DOCUMENT}
CyberHound has developed the most comprehensive learning enablement solution for 100's of schools that has become the benchmark in Australia and overseas. Protecting your schools community from a growing number of cyber threats including malicious websites, cyberbullying and predatory behavior requires a comprehensive solution specifically designed for the 21st century. CyberHound delivers a best of bread next generation cyber security platform offering advanced firewall, Web Filtering an IPS features, if CyberHound detects malicious or erroneous activity on an endpoint, it signals ClearPass Policy Manager to take an action against the device such as quarantine to remove the threat and limit the expose.

Zingbox IoT Guardian

Zingbox is an endpoint device and classification partner with focus on Healthcare and IoT Security. Zingbox complements the existing fingerprinting and profiling that exists in ClearPass Policy Manager today and via the Aruba 360 Security Exchange open API framework update the ClearPass Policy Manager EndpointDB to enhance the endpoint classification for IoT Healthcare devices, this provides an enhanced level of visibility for the network and security administrators.

Original Message:
Sent: Jun 17, 2023 10:09 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #2

Date: 12/10/2018

NEW CLEARPASS INTEGRATIONS

Tenable Nessus Integration

Nessus has been around a long time and is a foundation tool used by many companies to identify vulnerabilities across many software products within an enterprise network. We've worked closely with Tenable to integrate our two products so that the contextual security and threat data is made available and shared. ClearPass can then use this data to make a more informed decision in how to allow/deny access for endpoints authenticating on the network. Several other use-cases exist along the lines of checking the last time a device was scanned for vulnerabilities, has a device every been scanned, etc.

MobileIron Cloud and Common Platform Services

We've had an integration with MobileIron for nearly 6 years. Recently they added a Cloud based platform for managing endpoints, but this utilized a completely different API framework than what we supported. This new integration add the support for the new API framework and complements the existing support for MobileIron Core with support for MobileIron Cloud R56 and above. As part of this release we have also added support for MobileIron Common Platform Services (CPS) which is part of both Core and Cloud but we have only certified support for CPS on the Cloud platform. CPS enables an almost-real-time feed from MobileIron into ClearPass such that endpoint additions/deletions/compliance changes can be updated within 3-5 seconds. Now ClearPass has an almost-real-time view of the MobileIron managed endpoints.

UPDATED CLEARPASS INTEGRATIONS

Check Point

The integration with Check Point is well established and has been available for nearly 4 years. During this time the integration was specifically for Check Point's R77 platform plus the installation of some specific Check Point hotfix's which enabled the integration. When Check Point released their R80 platform, they significantly simplified the integration, removed the need for additional hotfix-patches and made this a part of the core platform. This updated integration guide covers the configuration necessary on R80 and ClearPass to allow the sharing of User and Device context such that policies with Check Point have additional visibility to make more granular and real-time enforcement decisions. 

ENVOY Visitor Management

Envoy is a Visitor Management Solution we've supported for the past couple of years in addition to Sine Pro, TEEM LobbyConnect and TEAMGO GoReception. With this new integration guide we added some new functionality to the integration but more importantly fully documented the end-to-end integration in this V2 release. The overarching value here is we remove the airgap between visitor management and guest-access by automating account creation/deletion in ClearPass Guest on check-in/checkout.

Original Message:
Sent: Jun 17, 2023 10:06 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #1

Date: 9/4/2018

Cylance Protect Integration Guide - NEW. Cylance is a next generation AI cyber endpoint protection client, sometimes called an EDR or EPP. Cylance's security solutions provide full spectrum predictive threat prevention and visibility across the enterprise, combatting threats such as malware, ransomware, fileless malware, malicious scripts, weaponized docs, and other attack vectors. With AI based malware prevention, application and script control, memory protection, device policy enforcement, root cause analysis, threat hunting, automated threat detection and response, coupled with expert security services. ClearPass integrates realtime to check the security posture of the endpoint at the time of authentication to decide on the access is should be given, or not. Numerous security contextual attributes are returned and stored in the endpoint so they can be used within an enforcement policy. This guide is to be used with the new Cylance Extension.

Palo Alto Integration Guide - UPDATE. Palo Alto has been our most popular 3^rd party, and the integration stretches back over 5+ years this is version seven of the guide. The guide has been updated to include numerous changes introduced in ClearPass 6.7 which you need to know. We've also taken the opportunity to remove some of the OLD 6.x configuration to tidy up and reduce the document size.

Microsoft Intune Integration Guide - UPDATE. Intune has been making steady inroads into the market of some of the traditional MDM/EMM vendors. We've seen a huge uptick from customer/partners for InTune. Historically, we had to make calls into InTune to check the endpoint details on every authentication, this was an unnecessary overhead based upon the exposed API's from Microsoft, not a limitation in ClearPass. Now we cache the returned attributes and add an expiration duration. This latest version of the Integration Guide supports the updated V4 version of the InTune Extension.

Symantec Endpoint Manager (SEPM) Integration Guide - NEW. Symantec has had a security solution for endpoint protection for many, many years and they have been very successful in this space. Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features. Adding this integration to our endpoint support not only expands the opportunities for ClearPass but enables us to deliver a deeper security solution for enterprise customers. SEPM supports a vast amount of endpoint attributes, close to 100, these attributes are returned and stored in the endpoint so they can be used within an enforcement policy, later these can leveraged to make very granular enforcement decisions when devices access the network.

Sine Pro Visitor Management Integration Guide - NEW. This is an update to an existing Visitor Management solution, which previously had no public guide. It bridges the divide between Visitor and Guest Management. Let's be honest, Visitors need Guest access, for the visitor, he/she registers at the front desk and at the same time, they get guess access… Woohoo. For the security/network team, when the visitor leaves the facility, their account is automatically revoked. We will be coordinating with Sine in the next couple of weeks to retire the current Sine Pro plugin at the same time we publish the new ClearPass Sine Pro extension.

ClearPass Hardening Deployment Guide - UPDATE. This is the latest version of this very valuable document every ClearPass Admin should consult as we update our best practices to react to changing threat and cyber challenges. This guide covers best practice configuration for every ClearPass deployments, which services/protocols are in use, which security and configuration features are being added/modified to ensure you deploy ClearPass with a security first strategy. Every ClearPass Admin EVERY ONE should be familiar with the content of this guide.

IntroSpect Integration Guide - NEW. We're late in publishing this guide, the integration has been available for a while so we're very sorry in how long its taken for us to capture all of the content and get this guide in your hands. This is a new document covering the integration between ClearPass and IntroSpect. IntroSpect continues to have success in existing ClearPass accounts and new accounts. If you need to configure integration between the two platforms, this is the DOC you need. As its our initial DOC covering this we really want to hear your feedback if you feel there is anything missing from this guide, please let us know.

Netfort LANGuardian Integration Guide – NEW. This new guide supports the integration between LANGuardian and ClearPass via the Ingress Event Engine. LANGuardian provides visibility into endpoint Compliance State, such as endpoints running SMBv1, Weak Encryption in use, Unauthorized DNS server access. LANGuardian can alert ClearPass to these events to allow ClearPass to take the appropriate action on the endpoint.

Newsletter #9

Date: 10/1/2020

NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS

This quarter we've releasing the largest collection of new and updated/refreshed integrations ever, a total of FOURTEEN new or updated Integrations and TechNotes. We've focused on adding several new integrations and improving a number of our existing integrations, a couple are refreshed but are close to complete re-writes so they are like new, as you'll find out below. This quarter like most others highlights the importance of our eco-system of vendor and technology diversity, Unified Endpoint Management {UEM/MDM}, Endpoint Security {EDR/EPP}, a long-awaited update to our Fortinet Integrations, a new MFA Vendor and the most requested integration we've had this past 18 months, bi-directional ServiceNow CMDB plus some other minor updates.

We've completed a MAJOR update to our Microsoft Intune {Endpoint Manager} integration, improved on our real-time update framework with VMware WSO Airwatch to add an option for automated Compliance and Compromised quarantining. A major update to our Splunk APP, we're adding support for Splunk Enterprise 8 and Splunk Cloud and some new features adding significant value in the data the app can report, plus we're mapping the licensing usage in the APP now.

Some of the minor updates are for HCL BigFix supporting the change of ownership from IBM and minor API updates, for our TrendMicro Apex Extension, we've added support for Proxy bypass and our extension resource webstats reporting, we've also had two 3^rd party-companies develop their own integration on top of the Generic Skyhook Processor we released last quarter, and finally some minor code updates to our Tenable and JAMF Extensions.

We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition. I strongly encourage you to take time to read and review the TechNotes for the below integrations.

NEW INTEGRATIONS

ServiceNow CMDB
We've had an integration with SNOW for a few years, and the ability to use them as an authZ source as part of a service-policy workflow. Today we're releasing the long awaited SNOW update to enable bi-directional support that allows the extension the ability to sync between the SNOW CMDB and the ClearPass EndpointDB, this can be uni-directional {either way} or bi-directional. We also add the ability to update the SNOW CMDB with basically real-time updates to endpoint such as the endpoint IP address, and the ability to add new devices that we discover that are not already in the SNOW CMDB, this could also trigger an ITSM workflow to log the newly discovered endpoint.

Why this maters to you? – Customers have increasingly been troubled with obtaining a list of all assets across their network, separately from what CPPM/CPDI profiling might show, customers have over the past 2-years been looking to see how they can supplement their investments into SNOW CMDB to make the process of updating this DB more automated. This extension delivers the ability for CPPM to push endpoint information automatically, and also allows for CPPM to download this DB such that we have a local copy and don't need to make 1:1 API calls when devices authenticate.

Lightspeed Systems MDM

We're adding support for another MDM vendor to the existing 10+ UEM/MDM vendors we have already integrated in this technology space. Lightspeed Systems has had tremendous success in K-12 market segment where they are totally focused. A 100% dedicated and focused company delivering security and solutions to K-12. Today we release our integration to enable ClearPass Policy Manager to leverage the contextual security data from within the Lightspeed System, the extension ingests endpoint data that can be used to validate school assets whether they are managed.

Why this maters to you? – School increasingly want to know that devices being used within the classroom is of a safe nature, this starts by ensuring the devices in use are owned and managed by the school, the integration with Lightspeed Systems enables schools to get over that first hurdle, and then to start build additional policy, did the device check-in to the management system in the last 24-hours, the device in use is registered to this school etc.

Sophos Central & Intercept X  EDR

Support for the Sophos endpoint security client is something we've been working to add for a while. We're pleased to announce today support for Sophos's latest endpoint security solution, Intercept X. It's a cloud managed EDR under Sophos Central, our integration allows for multiple security attributes to be ingested, added to the ClearPass endpointDb and then used in Policy as part of an authZ check. You can check for items such as the components installed, Overall Health, Sophos running Services, Sophos Threat Status and more.

Why this maters to you? – Customer have been requesting integration with Sophos for an extended period of time, we 're please to offer this integration with their latest EDR solution, Intercept X. Utilizing endpoint security meta-data as part of an authZ check is good practice to ensure the endpoint is compliance to be on the network.

FortiManager and FortiGate via Fortinet Security Fabric

We've had a integration for 5+ years with FortiAuthenticator and FortiGate, today we're releasing our latest and significantly updated integration direct into the Fortinet Security Fabric. We worked hand-in-hand with Fortinet to build this integration. This new integration is able to leverage the 'Aruba Role' and use this to federate real-time Policy Managers view of an endpoint/user into the FortiGate via FortiManager to leverage the NGFW capabilities to allow/deny access to resource protected behind the firewalls.

Why this maters to you? – Being able to leverage Active-Directory membership data is useful, but its only part of the story. Firewalls regular integrated with AD and other IS, but they don't know about the devices behind the user, is it BYIOD, Corp-Owned, in Compliance, encrypted, patched etc. etc. Having Policy Manager build a role across user and device context and then share this with the firewall allows the firewall to make a much more appropriate decision on how to firewall data behind an IP address.

SentinelOne EDR

We've seen an increasing demand from customers/partners for integration with the SentinelOne EDR platform. SentinelOne does not rely on human analysts or Cloud connectivity for its best-in-class detection and response capabilities. Instead, it utilizes an Active EDR agent that carries out pre- and on-execution analysis on device to detect and protect endpoints autonomously from both known and unknown threats. SentinelOne Endpoint Security does not use traditional anti-virus signatures to spot malicious attacks. Instead, it uses a combination of static machine learning analysis and dynamic behavioral analysis to protect systems. As part of the integration, delivered via the ClearPass extension framework, we ingest a multitude of security related policy, such as Number of Active threats detected, SentinelGroup IDs, Infected status, Last update status, Scan Status etc. etc. 

Why this maters to you? – S1 offers an extensive amount of contextual data specific to the endpoint security persona for an endpoint. Having ClearPass Policy Manager utilize the data ingested from the extension allows for a heightened level of additional security, CPPM can periodically check S1 for endpoint updates to ensure a near-real-time view of the managed endpoints is sync'd to the CPPM EndpointDb.

privacyIDEA MFA

We've added support for the privacyIDEA MFA, which supports OneTimePassword, specifically the T-OTP functionality. privacyIDEA is an Open Source solution that has been deployed by a number of Enterprise customers.

Why this maters to you? – Adding MFA/2FA into a number of common workflows is a best practice lots of Enterprise companies deploy, utilizing the integration we've developed allows customer to easily take advantage of these more advanced security workflows.

UPDATED/REFRESHED INTEGRATIONS

Microsoft InTune v5 aka Endpoint Manager MDM

Our latest version of our very popular Intune integration delivers multiple new features. This is almost a complete re-write of the core functionality, we've moved from the nac-api to use the GraphAPI, this enables among other things, the ability to pre-ingest all of the endpoint data for a tenant, and then keep it sync'd after the initial load such that a near-real-time view is maintained in the ClearPass EndpointDb. We still expose the ability if necessary to query re-time for endpoint data {and still supporting a cache fresh/stale timer} but we feel have this new functionality will be welcome by customers removing the need to query on a 1:1 authN. Additional features such as selectively choosing which endpoint attributes are ingested from a list of 45, previously we had only a fixed list of 10 endpoint attributes. The ability to sync delta changes after the initial sync is complete.

Why this maters to you? – Our integrations with multiple Microsoft products are wildly used, we're continuing to develop these integration with our technology partners to ensure that our customers can maximize their investment in ClearPass and our integrations. This new v5 of our InTune integration is major enhancement requested by multiple customers.

Splunk Enterprise / Cloud v3.1.0 ClearPass App + ClearPass HTTP Event Collector Extension

We're excited to release our latest version of our highly popular ClearPass Splunk App, improvement across the screens/frames, we've added a new Licensing section to replicate the concurrent licenses in ClearPass, this allows a user to track the usage of Access, Onboard or OnGuard, now called Compliance Suite licenses. And finally, we're utilizing the Splunk HTTP Event Collector {HEC} to expose the ability for an admin to selectively send data outside of syslog via the endpoint filter such that the data filtered can be shown in an Endpoint Info screen, for example you could choose to send Compromised=True, or Endpoint Source=Sophos, the options are limitless. Find this in the Splunk store and the accompanying HEC extension in our ClearPass Extension store.

Why this maters to you? – Having a real-time interface of CPPM activity, is critical for sec-ops, but the new Splunk App delivers a lot more, interfaces and summaries for operations and data to allow for trend and planning, all critical for understanding how your system is running.

VMware WorkSpaceOne aka Airwatch v4 UEM/MDM

We've continued to enhance our WSO feature set over the past year, this release continues the tradition of enabling more advanced functionality. Today I'm excited to announce we're enabling the ability for your to selectively enable a near-real-time {3-5 seconds} automated quarantined/disconnect capability. If devices that are managed by WSO drop into an outOfCompliance state then ClearPass Policy Manager can be configured to automatically change the access role/vlan/dACL for this device, it could also trigger other chained actions such as triggering emails, creating ITSM records etc. When the device is remediated an automated restore-action can apply. These triggers are applicable for Compromised and Compliance states as defined in Airwatch.

Why this maters to you? – The need to automate security functions that can be dynamic is starting to get mainstream acceptance, we're enabling the capability, but customers can choose what to them is meant by compliance and can selectively enable the capabilities in Policy Manager. The need to secure the edge has never been greater that today.

Original Message:
Sent: Jun 17, 2023 10:28 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #8

Date: 7/1/2020

NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS

This quarter we've releasing the largest collection of new and updated integration ever, a total of NINE new or updated TechNotes. We've focused on improving a number of our existing integrations, adding several new ones and updating a couple of old TechNote for Palo Alto Networks, Infoblox and Check Point. This quarter highlights the importance of our eco-system of vendor diversity, Unified Endpoint Management {UEM}/MDM seems to be the dominant product technology this quarter as we release three new integrations in this space, Meraki System Manager, Blackberry UEM and a JAMF MDM integration delivered as an Extension. We've continued to expand the scope and touchpoints of our integrations with an additional vulnerability scanner, Rapid7 Nexpose. We've updated our McAfee ePO integration with several new enhancements and launched a totally new Cloud to on-prem connectivity process we're calling Skyhook Generic Processor.

We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition. I strongly encourage you to take some time to read and review the TechNotes for the below integrations.

McAfee ePO – Updated Integration

We've had an integration with McAfee ePO's endpoint security platform for several years. Today we release a major update with many new and improved features. The ability to for an ePO administrator to push real-time 'ePO TAGs' directly into the ClearPass EndpointDb and then subsequently from the ePO console trigger RADIUS Dynamic Authorizations, better known as CoA or RADIUS DM's, to have ClearPass re-evaluate the endpoint posture/health based upon the new TAG's. When ClearPass now finds an endpoint that is not managed by ePO, depending on Policy definition, it can add this endpoint to the ePO Rogue Systems for additional investigation, alerting the ePO administrator to system on the network not running the ePO endpoint security.

Why this maters to you? – Being able to leverage the ePO endpoint security context allows for more granular and advanced access decisions in Policy Manager, enabling network administration function for ClearPass directly in the ePO console enables a richer and more integrated security solution.

Rapid7 Nexpose/Insight – New Integration

Rapid7 has always had a very strong presence in the vulnerability scanning space. Today we're releasing our integration between Policy Manager and Nexpose to allow the integration between platforms to enable CPPM to make more security rich decisions based upon the context provided by Nexpose. Multiple use-cases exist but as an overview you can only permit access after endpoints have been scanned, or have been scanned in the last N-days.

Why this maters to you? – Being able to incorporate vulnerability information specific to an endpoint within the access decision tree adds an additional dimension to how CPPM views the connected edge devices.

Meraki System Manager – New Integration

Meraki System Manager {MSM} is frequently used by enterprises {running Meraki WiFi} to offer an MDM-light service. An MDM system allows for certain device-level management functions, some of this management is related to the security and compliance of endpoints and where appropriate, this context can be very relevant to allowing/denying/restricting device access to network resources. We've also been able to leverage security alerting via webhooks in MSM such that we can trigger 'real-time' actions against devices.
Why this matters to you? – Being able to ensure that devices that connect to your infrastructure are within the policy guidelines set by the MSM administrator is an important addition to our list of UEM/MDM vendors.

JAMF Pro – New Integration

We've had an integration with JAMF Pro via the Context-Servers for close to 7-years, in that time we added incremental updates as customers have requested updates. This integration takes the functionality we had in Policy-Manager and moves it to an Extension but also adds many new functions. For example, customer can now decide on what JAMF endpoint attributes are ingested for endpoints, from a list of over 125, customer can define the endpoint attributes ingested and written to the Policy Manager EndpointDb, without the need to ask for updates. Additionally we've added the capability for CPPM to 'request' that JAMF interrogates managed endpoint and returns ALL network interfaces discovered over and above the basic ethernet/wifi such that Policy Manager has visibility of all interface through which an endpoint could authenticate.

Why this matters to you? – For Enterprise Customers this opens up the process to easily decide on what JAMF context is valid for them, without the need to have Aruba makes changes. Capturing all of the network interfaces ensures whatever mac-address is used, be it the onboard wifi or perhaps a mac-address from a docking station won't inhibit the device connecting.

Skyhook Generic Processor - New Integration

The ability to connect Cloud apps to on-prem has created many challenges, we had the foresight to create a webhook proxy to allow us the ability to 'connect' cloud events to on-prem ClearPass Policy Manager nodes to ensure integrations like Envoy, Sine VMware WSO which trigger real-time events as webhook can communicate securely. This new integration widens the scope of Skyhook, we've creating a framework to allow other vendors the ability to leverage this framework to build their own integrations. In this phase1 release we support the ability to allow the created of Guest/Visitor Registration, Guest Device Registrations and Policy Manager Endpoint creation.
Why this matters to you? – With more application and services running in the cloud, being able to connect them secure to on-prem services is becoming critical. This new framework opens up the ability for 3^rd parties to use our standard defined webhook to build their own integrations, as an example PASSTAB in Australia is utilizing this to integrate their School Guest Management application with ClearPass Guest for automated creation and notification of Guest accounts.

BlackBerry UEM – Updated Integration

With this update for our BlackBerry integration, we've added support for BlackBerry Cloud and support for OAuth2. BlackBerry previously was only support for on-prem deployments, with this new integration as customer embrace Cloud managed services we continue to provide the necessary support.

Why this matters to you? – Supporting Cloud managed BlackBerry tenants and adding support for modern authentication.

Palo Alto Networks – Updated TechNote 

We've made a large number of updates to our Palo Alto Networks Integration TechNote. Cosmetically we've removed some of the older data, but more importantly we've made several large additions. We've integrated the content from the advanced use-case from an 'old' advanced use-case TechNote, we've added a section on how to use and configure the Ingress Event Engine, added a section on how the leverage the integration between GlobalProtect VPN and OnGuard to push Roles/Tags to federate the endpoint health to the firewall to permit/deny access for remote users.

Why this matters to you? – As one of the leading NGFW vendors, being able to leverage the multiple integration points between Policy Manager and Palo Alto NGFW is critical to securing access to internal resources and for local or remote users.

Check Point – Updated TechNote 

We've updated the Check Point Technote to validate R80.30 and R80.40, the more recent versions of Check Point NGFW. A few other minor updates relating to how to forward via the Context_Server_Action endpoint attributes. Finally a new section on how to strip [] from default roles such as [User Authenticated] so that when parsing TIPS:Roles it doesn't appear as nested arrays.

Why this matters to you? – Ensuring we support and have validated the latest version of Check Points NGFW product line is critical for customer who leverage the ability to federate contest such as roles between the two platforms.

Infoblox – Updated TechNote 

We've worked with  to add some new additional functionality to the existing integration, allowing ClearPass endpoints to be deleted when the network-source-of-truth is the Infoblox system and an administrator deletes them from Infoblox, this new updates will now remove them from the ClearPass EndpointDb.

Why this matters to you? – For customer that manage a network asset source-of-truth with Infoblox, this ensures a seamless integration and reduces operational overhead by administrating network assets in a single place.

Original Message:
Sent: Jun 17, 2023 10:23 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #7

Date: 4/1/2020

NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS

This quarter we focused on improving a number of our existing integrations and adding a few new ones. This quarter highlights the importance of endpoint security, as we release three new EDR/EPP security integrations, endpoint security along with NGFW firewall is where enterprise business's spend the vast majority of their security budget, being able to integrate them with ClearPass Policy Manager is highly desirable. We've supported a number of vendors over the years, this quarter we've added additional leading endpoint vendors solutions, Crowdstrike, Microsoft and Trend Micro. Continuing with the integration development last quarter with Mosyle Manager for the K-12/Higher-Ed space, we've added Mosyle Business, this version is focused specifically on Enterprise Companies, this has already led to a ClearPass new-business sale in a competitive situation in Canada.

In terms of updates, Cylance Protect, now Blackberry Cylance Protect after they purchased the endpoint security vendor just over 1-year ago in February 2019, a small update to the logic processing in VMware Workspace One {formally known as Airwatch} and we've published the Medigate Integration Technote

We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition.

Crowdstrike Falcon – New

Crowdstrike Falcon has been one of the most requested integrations from the field/partners for the past two years, we're finally pleased to release our integration. A high number of Enterprise Businesses have deployed the Falcon endpoint agent and ClearPass can now leverage Falcon's endpoint security context as part of the Enforcement Policy.

Why this maters to you? – Being able to access and use contextual data from endpoint security agents is very valuable, using this at time of network access provides an invaluable insight in making an enforcement decision on how a device gains, or doesn't, network access and ultimately application access.

Microsoft Defender Advanced Threat Protection {D-ATP} – New

Microsoft have been tightly integrating endpoint behavioral sensors, security analytics and threat intelligence into the Windows platform. D-ATP platform of features is now available to other desktop systems such as macOS and has publicly announced it intends to support Android and iOS later in 2020 via support with other partners. We've seen interest from customer for D-ATP integration through 2019 and we're now pleased to release and announce our integration, we're also the FIRST NAC vendor to have an integration with D-ATP.

Separately we're now members of MISA, the Microsoft Intelligent Security Associate "an ecosystem of independent software vendors that have integrated their solutions to better defend against a world of increasing threats.", we're hopeful this will provide us with an additional avenue to market ClearPass Policy Manager.
Why this matters to you? – Being able to access and use contextual data from endpoint security agents is very valuable, using this at time of network access provides an invaluable insight in making an enforcement decision on how a device gains, or doesn't, network access and ultimately application access.

Trend Micro Apex Central / Apex One – New

Trend Micro has been a highly requested integration especially from our colleagues in APJ region. TM recently re-packaged their endpoint security products as 'APEX', APEX ONE being the agent and APEX CENTRAL being the management platform. We've added integration specifically into APEX CENTRAL as the conduit to access endpoint context from APEX ONE.
Why this matters to you? – Regionally Trend Micro is a very strong player within APJ and adding support will aid our team in selling ClearPass Policy Manager, outside of APJ TM continues as one of the global Anti-Virus vendors and has been very successful as a Cyber-security vendor and adding support for TM APEX CENTRAL will universally help others.

Mosyle Business – New

We added support for Mosyle Manager a UEM focused on K-12 in our last quarters update. This month we've extended and added support for Mosyle Business. Mosyle Business streamlines workflows to manage and deploy APPLE specific networks of devices.

Why this matters to you? – For Enterprise Customers this provides an essential and almost invaluable integration that's delivers an enhanced layer of security for any connected device to the network be it known or unknown.

Blackberry Cylance Protect – Updated

Cylance Protect has been one of the 'new-wave' of NG antivirus vendors this past few years. We originally released Cylance Protect over 3 years back as one of our early extensions, since then we've updated a number of extension related framework features such as scheduling via CRON style controls, we've started to introduce extension level resource/performance statistics, concatenate vendor name's as part of the endpoint attributes and we've exposed a configurable ingest paging sizes to customers.

Why this matters to you? – Refreshing the extension updates a number of key usable features as discussed above and fundamentally adds incremental usability features.

Medigate – Updated

Why this matters to you? – See last quarters link below for our write up on Medigate, this just confirms that the delayed TechNote supporting this integration is now posted.

VMware Workspace One – Updated

The integration with VMware Workspace ONE {WSO} has had a number of releases, this latest release {version 3.1.0} provides support for an issue related to creating/patching endpoints when some of the returned fields are NULL. Note:- There is no documentation update to support this update.
Why this matters to you? – Ensuring that endpoints get updated real-time and with the correct contextual data is paramount, please ensure you or your customer move to this latest version of the WSO extension.

Original Message:
Sent: Jun 17, 2023 10:21 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #6

Date: 12/18/2019

NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS

This quarter we focused on improving a number of our existing integrations and adding a few new ones. We've updated our Symantec Endpoint Protection Manager and made a minor update to our VMware Workspace One real-time update process. We have a couple of new integrations for you that we've releasing, Mosyle, a MDM player that is very successful in the K-12 and academia vertical and Medigate a Medical IoT security vendor. Finally this month we've completely re-written the ClearPass Policy Manager and Palo Alto Integration Guide. This guide has gone through eight previous iterations and had become fragmented with references to old versions and code, this is a fresh new version of the guide.

We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition.

Mosyle – NEW

Most K-12 schools want visibility and control of the devices students and faculty connect to the network. Being able to make intelligent decisions about these devices becomes much easier if there is a source of truth for the devices that can be used. Integrating with an MDM enables an easy way to ensure only authorized devices can connect to the network. If the device is unknown, provide a workflow that enables the student or teacher to self-remediate and enroll the device, if the device is not running the latest s/w direct the user to update their device, if its jailbroken, quarantine it on the network, and so on. Mosyle is a very successful MDM vendor in the K-12 market, specializing exclusively in the Apple eco-system for iOS, macOS and tv-OS.

Why this maters to you? – For K-12 customer's this provides an essential and almost invaluable integration that's delivers an enhanced layer of security for any connected device to the network be it known or unknown.

Medigate – NEW
Medical IoT {MIoT} has started to get a lot if visibility, similar in a way to Industrial IoT {IIoT}, it's highly specialized and security vendors playing in this space are laser focused exclusively on the MIoT space. Identifying connected devices within the medical space is a specialty technology, seeing beyond the regular device-type, device-os is a necessity, not a nice to have. There is no point identifying a MRI machine as a Windows Computer {if its running embedded windows} where the devices functionality and classification is very different. Being able to identify devices on your network with CVE vulnerabilities, firmware or their serial numbers is again a necessity. Our new integration with Medigate provides an enhanced level of visibility into the MIoT world of connected devices, Medigate automatically provisions endpoint with content into the ClearPass Endpoint database.

Why this maters to you? – Having the visibility and context from Medigate enables the deployment of a centralized security access policy for all devices connected to the network.

VMware Workspace One – Updated
Since releasing this integration one of the items specifically requested was the need to have the exchange integration tag endpoints as "unknown" when they are being deleted from within VMware Workspace One, so that they be removed from the ClearPass Endpoint database by normal Policy Manager housekeeping. This update provides an additional switch in the extension config to enable this functionality.
Why this maters to you? – Maintaining a consistent view of your managed network devices is critical, if there is high turn-over or a need to just remove deleted/retired devices from the ClearPass Endpoint database this optional feature lets you chooses how you want to manage your devices.

Symantec Endpoint Protection Manager – Updated
The original SEPM integration was released in 2018, this new version delivers a number of changes and improvements. The integration now pre-appends "SEPM" to all of the endpoint attributes added to Endpoints. We've updated the configuration of the polling process which controls the full or delta-changes update process, it's now based upon a unix style CRON job scheduler. Finally, for this new version we exposed the ability to set the returned page size of Endpoints we retrieve from the remote SEPM per API call, this allows the load on the SEPM server to be better controlled.
Why this maters to you? – Standardizing the experience and functionality across our extensive Extension estate, adding incremental updates.

Palo Alto Networks Integration Guide – Updated
We've re-written the integration guide to bring it up to date and remove a large amount of dated content. In this new guide, we've taken some of the content from the 'other' advanced integration guide and added a new section covering the use of the Ingress Event Engine and its configuration and thus retiring the old advanced guide with this new single guide.

Why this maters to you? – We've streamlined your reading of this guide by removing old redundant content. Being able to leverage all of the capabilities of our integrations enables you to build a more secure environment.

Original Message:
Sent: Jun 17, 2023 10:17 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #5

Date: 9/9/2019

Original Message:
Sent: Jun 17, 2023 10:14 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #4

Date: 6/7/2019

NEW CLEARPASS POLICY MANAGER INTEGRATIONS

I am excited to announce we are releasing three new integrations with Operational Technology and Industrial Control Systems (OT/ICS) vendors. This is a is a new integration space for us and I believe will provide a lot of new opportunities. At the 50,000 foot level, OT/ICS are the network foundation that run in Manufacturing systems, Transportation, Oil and Gas exploration and Power Energy distribution environments. The vendors in this space are probably names that you've seen and heard of in passing such as Rockwell Automation, Beckhoff, ABB, Emerson, Yokogawa, and Omron but have never encountered in your traditional SMB/EDU/Enterprise customer base.

So why are we making a move into this space? Well, these networks run on Ethernet and IP but after layer3 it's a completely different game with protocols we've never typically ever seen like Siemens S7, Modbus, Profinet, GE SRTP, CC-Link, DNP3 and many more. The opportunity here is that history tells us the teams that runs OT/ICS only have one requirement, and it's not security. They only care about uptime/availability, security has never been a consideration, however the world is changing and a number of high profile security incidents has changed the OT/ICS world and there is an opportunity in front of us to capture some of this TAM.

The opportunity around OT/ICS is now, our competitors, both Forescout and Cisco, have already and continue to invest in this space, Cisco just purchased Sentryo. Forescout had been working with a number of partners, but then acquired a company called SecutityMatters last year that drove a lot of them to seek a new NAC partner and came to us. Side Note: these vendors have already been working with Cisco in one way or another. In general the vendors we've partnered with provide very similar capabilities, but there are some small nuances in how they differ which is captured in the integration guides. 

We're taking a multi-phase approach to these integrations, Phase1 is what we're releasing today, covers visibility and classification, this provides an insight into the OT/ICS endpoints. This gives a company the ability to have a centralized companywide view of all network connected assets/inventory across IT and OT but more importantly the ability to set network edge policy in a single platform. The next phase will be specific to cyber/threat reporting and providing actionable capabilities.

To summarize why you should care, integrated Policy Manager with these OT/ICS vendors provides centralized visibility of BOTH IT and OT endpoints, ability to define enforcement policies for these devices in a single place and in the future add the ability to respond and react to cyber threats within their OT/ICS networks. 

NEW OT/ICS Visibility Vendors

• Claroty CoreX
• CyberX 
• Indegy Device Integrity 

All three vendors identify and classify OT/ICS connected equipment and automatically create endpoints inside the ClearPass Policy Manager endpoint database. Network-security/access-control for all of these OT/ICS Ethernet connected devices is enforced using MAB/MAC-Auth. Think of these devices as IIoT, headless and pretty simple when it comes to authentication. Being able to authorize and control access for these devices with the contextual data supplied within an enforcement policy yields a more secure enviornment. CyberX in particular has also added support to automatically notify ClearPass Policy Manager if it detects erroneous activity of OT/ICS connected endpoints.

VMware WorkSpace One (previously marketed as VMware Airwatch) – Realtime updates

We've had support for what was previously marketed by VMWare as Airwatch for many years now using Policy Manager's context server actions. This new integration can be considered an optional supplementary overlay for the existing support but using a ClearPass Extension. The new extension provides the ability for ClearPass Policy Manager to consume real-time updates (roughly 3-5 seconds) from VMware Workspace One rather than waiting for the next poll/ingest to happen, which historically happened hourly. There are several workflows where getting a real-time notification about new devices being enrolled provides for an better user experience and also when devices are removed from management or have changed their compliance state. The new real-time update is significantly beneficial than waiting for the next poll.

Original Message:
Sent: Jun 17, 2023 10:12 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #3

Date: 3/7/2019

NEW CLEARPASS INTEGRATIONS

IBM BigFix

IBM's BigFix is a collaborative Enterprise Endpoint Management and Security Platform. It's used and deployed by 1000's of customers to aid with managing and securing endpoints across their network. It can provide context for Compliance, Lifecycle, Inventory and Patch. In our initial release of IBM BigFix and ClearPass integration we have focused on the underlying framework and visibility of the managed endpoints. We plan to add support for Compliance next.

CyberHound {SPECIAL THANKS TO JASON ATKINS CLEARPASS CSE IN SYDNEY FOR THIS DOCUMENT}
CyberHound has developed the most comprehensive learning enablement solution for 100's of schools that has become the benchmark in Australia and overseas. Protecting your schools community from a growing number of cyber threats including malicious websites, cyberbullying and predatory behavior requires a comprehensive solution specifically designed for the 21st century. CyberHound delivers a best of bread next generation cyber security platform offering advanced firewall, Web Filtering an IPS features, if CyberHound detects malicious or erroneous activity on an endpoint, it signals ClearPass Policy Manager to take an action against the device such as quarantine to remove the threat and limit the expose.

Zingbox IoT Guardian

Zingbox is an endpoint device and classification partner with focus on Healthcare and IoT Security. Zingbox complements the existing fingerprinting and profiling that exists in ClearPass Policy Manager today and via the Aruba 360 Security Exchange open API framework update the ClearPass Policy Manager EndpointDB to enhance the endpoint classification for IoT Healthcare devices, this provides an enhanced level of visibility for the network and security administrators.

Original Message:
Sent: Jun 17, 2023 10:09 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #2

Date: 12/10/2018

NEW CLEARPASS INTEGRATIONS

Tenable Nessus Integration

Nessus has been around a long time and is a foundation tool used by many companies to identify vulnerabilities across many software products within an enterprise network. We've worked closely with Tenable to integrate our two products so that the contextual security and threat data is made available and shared. ClearPass can then use this data to make a more informed decision in how to allow/deny access for endpoints authenticating on the network. Several other use-cases exist along the lines of checking the last time a device was scanned for vulnerabilities, has a device every been scanned, etc.

MobileIron Cloud and Common Platform Services

We've had an integration with MobileIron for nearly 6 years. Recently they added a Cloud based platform for managing endpoints, but this utilized a completely different API framework than what we supported. This new integration add the support for the new API framework and complements the existing support for MobileIron Core with support for MobileIron Cloud R56 and above. As part of this release we have also added support for MobileIron Common Platform Services (CPS) which is part of both Core and Cloud but we have only certified support for CPS on the Cloud platform. CPS enables an almost-real-time feed from MobileIron into ClearPass such that endpoint additions/deletions/compliance changes can be updated within 3-5 seconds. Now ClearPass has an almost-real-time view of the MobileIron managed endpoints.

UPDATED CLEARPASS INTEGRATIONS

Check Point

The integration with Check Point is well established and has been available for nearly 4 years. During this time the integration was specifically for Check Point's R77 platform plus the installation of some specific Check Point hotfix's which enabled the integration. When Check Point released their R80 platform, they significantly simplified the integration, removed the need for additional hotfix-patches and made this a part of the core platform. This updated integration guide covers the configuration necessary on R80 and ClearPass to allow the sharing of User and Device context such that policies with Check Point have additional visibility to make more granular and real-time enforcement decisions. 

ENVOY Visitor Management

Envoy is a Visitor Management Solution we've supported for the past couple of years in addition to Sine Pro, TEEM LobbyConnect and TEAMGO GoReception. With this new integration guide we added some new functionality to the integration but more importantly fully documented the end-to-end integration in this V2 release. The overarching value here is we remove the airgap between visitor management and guest-access by automating account creation/deletion in ClearPass Guest on check-in/checkout.

Original Message:
Sent: Jun 17, 2023 10:06 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #1

Date: 9/4/2018

Cylance Protect Integration Guide - NEW. Cylance is a next generation AI cyber endpoint protection client, sometimes called an EDR or EPP. Cylance's security solutions provide full spectrum predictive threat prevention and visibility across the enterprise, combatting threats such as malware, ransomware, fileless malware, malicious scripts, weaponized docs, and other attack vectors. With AI based malware prevention, application and script control, memory protection, device policy enforcement, root cause analysis, threat hunting, automated threat detection and response, coupled with expert security services. ClearPass integrates realtime to check the security posture of the endpoint at the time of authentication to decide on the access is should be given, or not. Numerous security contextual attributes are returned and stored in the endpoint so they can be used within an enforcement policy. This guide is to be used with the new Cylance Extension.

Palo Alto Integration Guide - UPDATE. Palo Alto has been our most popular 3^rd party, and the integration stretches back over 5+ years this is version seven of the guide. The guide has been updated to include numerous changes introduced in ClearPass 6.7 which you need to know. We've also taken the opportunity to remove some of the OLD 6.x configuration to tidy up and reduce the document size.

Microsoft Intune Integration Guide - UPDATE. Intune has been making steady inroads into the market of some of the traditional MDM/EMM vendors. We've seen a huge uptick from customer/partners for InTune. Historically, we had to make calls into InTune to check the endpoint details on every authentication, this was an unnecessary overhead based upon the exposed API's from Microsoft, not a limitation in ClearPass. Now we cache the returned attributes and add an expiration duration. This latest version of the Integration Guide supports the updated V4 version of the InTune Extension.

Symantec Endpoint Manager (SEPM) Integration Guide - NEW. Symantec has had a security solution for endpoint protection for many, many years and they have been very successful in this space. Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features. Adding this integration to our endpoint support not only expands the opportunities for ClearPass but enables us to deliver a deeper security solution for enterprise customers. SEPM supports a vast amount of endpoint attributes, close to 100, these attributes are returned and stored in the endpoint so they can be used within an enforcement policy, later these can leveraged to make very granular enforcement decisions when devices access the network.

Sine Pro Visitor Management Integration Guide - NEW. This is an update to an existing Visitor Management solution, which previously had no public guide. It bridges the divide between Visitor and Guest Management. Let's be honest, Visitors need Guest access, for the visitor, he/she registers at the front desk and at the same time, they get guess access… Woohoo. For the security/network team, when the visitor leaves the facility, their account is automatically revoked. We will be coordinating with Sine in the next couple of weeks to retire the current Sine Pro plugin at the same time we publish the new ClearPass Sine Pro extension.

ClearPass Hardening Deployment Guide - UPDATE. This is the latest version of this very valuable document every ClearPass Admin should consult as we update our best practices to react to changing threat and cyber challenges. This guide covers best practice configuration for every ClearPass deployments, which services/protocols are in use, which security and configuration features are being added/modified to ensure you deploy ClearPass with a security first strategy. Every ClearPass Admin EVERY ONE should be familiar with the content of this guide.

IntroSpect Integration Guide - NEW. We're late in publishing this guide, the integration has been available for a while so we're very sorry in how long its taken for us to capture all of the content and get this guide in your hands. This is a new document covering the integration between ClearPass and IntroSpect. IntroSpect continues to have success in existing ClearPass accounts and new accounts. If you need to configure integration between the two platforms, this is the DOC you need. As its our initial DOC covering this we really want to hear your feedback if you feel there is anything missing from this guide, please let us know.

Netfort LANGuardian Integration Guide – NEW. This new guide supports the integration between LANGuardian and ClearPass via the Ingress Event Engine. LANGuardian provides visibility into endpoint Compliance State, such as endpoints running SMBv1, Weak Encryption in use, Unauthorized DNS server access. LANGuardian can alert ClearPass to these events to allow ClearPass to take the appropriate action on the endpoint.

Newsletter #10

Date: 1/6/2021

Contents

• New ClearPass Policy Manager Integrations this quarter
• Updated ClearPass Policy Manager Integrations this quarter
• Where to find Information
• Where to submit new requests

New ClearPass Policy Manager Integrations and Extensions

Efficient IP

Why is this interesting? The integration with Efficient IP (EIP, an IPAM solution) allows ClearPass to add/delete endpoints in the Endpoint DB from the EIP dashboard. Moreover, static host lists can be managed from the EIP IPAM interface and keep a unique configuration tool. 

SOTI MobiControl

Why is this interesting? This integration goes over and above the Context-Server SOTI polling and provides the ability to capture all of the mac-addresses on an endpoint and create corresponding entries in the ClearPass Endpoint DB.  For example, if a device uses a wired/wireless dongle to authenticate, ClearPass will have the mac-address of the endpoint such that it can validate it. Finally, in the extension we expose the ability to add any SOTI endpoint attribute required to make your policy complete, and the ClearPass extension will capture that context and add it automatically to the ClearPass Policy Manager Endpoint DB so it can be used in role-mapping or an Enforcement Policy.

Whos On Location

Why is this interesting? This integration leverages the Skyhook Generic Processor which allow us the ability to 'connect' cloud events to on-prem ClearPass Policy Manager nodes to ensure integrations which trigger real-time events as webhook can communicate securely. This new framework opens up the ability for 3rd parties to use our standard defined webhook to build their own integrations. 

Passtab

Why is this interesting? This integration leverages the Skyhook Generic Processor which allow us the ability to 'connect' cloud events to on-prem ClearPass Policy Manager nodes to ensure integrations which trigger real-time events as webhook can communicate securely. This new framework opens up the ability for 3rd parties to use our standard defined webhook to build their own integrations. Passtab is utilizing this to integrate their School Guest Management application with ClearPass Guest for automated creation and notification of Guest accounts.

Updated ClearPass Policy Manager Integrations and Extensions

ServiceNow

This integration is now validated against ServiceNow Paris release.

MS Defender ATP

This integration includes fixes to issues with the D-ATP advanced threat hunting queries. The underlying table names were changed from "Machine" to "Device" tables. This also includes basic feature updates in the form of proxy bypass as well as version checking for profiler to use APIs that do not require extra credentials.

Wired Policy Enforcement Guide

The wired policy enforcement guide is updated to include a section on AOS-CX integration with CPPM. 

Where to find information

All documentation is released centrally in the Aruba Support Portal (ASP).  Everyone is able to download the documents from here directly, but you may also find it easier to bookmark the Aruba Community site with the shortcut https://www.arubanetworks.com/clearpassdocs that will take you directly there.

Where to submit new requests

We always want to hear feedback on Aruba 360 Exchange functionality.  You can reach out to the team through Email if you want to say anything specific.

New 360 Exchange partnerships and ideas are also welcomed to be submitted from Aruba Innovation Zone (AIZ).

A big thanks and congratulations to the ClearPass Engineering & QA, CSE/SE & TME contributors, the Business Development, and 360 Security Exchange Partners who have made this possible!

Best regards,

The Aruba 360 Security Exchange Team

Newsletter #9

Date: 10/1/2020

NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS

This quarter we've releasing the largest collection of new and updated/refreshed integrations ever, a total of FOURTEEN new or updated Integrations and TechNotes. We've focused on adding several new integrations and improving a number of our existing integrations, a couple are refreshed but are close to complete re-writes so they are like new, as you'll find out below. This quarter like most others highlights the importance of our eco-system of vendor and technology diversity, Unified Endpoint Management {UEM/MDM}, Endpoint Security {EDR/EPP}, a long-awaited update to our Fortinet Integrations, a new MFA Vendor and the most requested integration we've had this past 18 months, bi-directional ServiceNow CMDB plus some other minor updates.

We've completed a MAJOR update to our Microsoft Intune {Endpoint Manager} integration, improved on our real-time update framework with VMware WSO Airwatch to add an option for automated Compliance and Compromised quarantining. A major update to our Splunk APP, we're adding support for Splunk Enterprise 8 and Splunk Cloud and some new features adding significant value in the data the app can report, plus we're mapping the licensing usage in the APP now.

Some of the minor updates are for HCL BigFix supporting the change of ownership from IBM and minor API updates, for our TrendMicro Apex Extension, we've added support for Proxy bypass and our extension resource webstats reporting, we've also had two 3^rd party-companies develop their own integration on top of the Generic Skyhook Processor we released last quarter, and finally some minor code updates to our Tenable and JAMF Extensions.

We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition. I strongly encourage you to take time to read and review the TechNotes for the below integrations.

NEW INTEGRATIONS

ServiceNow CMDB
We've had an integration with SNOW for a few years, and the ability to use them as an authZ source as part of a service-policy workflow. Today we're releasing the long awaited SNOW update to enable bi-directional support that allows the extension the ability to sync between the SNOW CMDB and the ClearPass EndpointDB, this can be uni-directional {either way} or bi-directional. We also add the ability to update the SNOW CMDB with basically real-time updates to endpoint such as the endpoint IP address, and the ability to add new devices that we discover that are not already in the SNOW CMDB, this could also trigger an ITSM workflow to log the newly discovered endpoint.

Why this maters to you? – Customers have increasingly been troubled with obtaining a list of all assets across their network, separately from what CPPM/CPDI profiling might show, customers have over the past 2-years been looking to see how they can supplement their investments into SNOW CMDB to make the process of updating this DB more automated. This extension delivers the ability for CPPM to push endpoint information automatically, and also allows for CPPM to download this DB such that we have a local copy and don't need to make 1:1 API calls when devices authenticate.

Lightspeed Systems MDM

We're adding support for another MDM vendor to the existing 10+ UEM/MDM vendors we have already integrated in this technology space. Lightspeed Systems has had tremendous success in K-12 market segment where they are totally focused. A 100% dedicated and focused company delivering security and solutions to K-12. Today we release our integration to enable ClearPass Policy Manager to leverage the contextual security data from within the Lightspeed System, the extension ingests endpoint data that can be used to validate school assets whether they are managed.

Why this maters to you? – School increasingly want to know that devices being used within the classroom is of a safe nature, this starts by ensuring the devices in use are owned and managed by the school, the integration with Lightspeed Systems enables schools to get over that first hurdle, and then to start build additional policy, did the device check-in to the management system in the last 24-hours, the device in use is registered to this school etc.

Sophos Central & Intercept X  EDR

Support for the Sophos endpoint security client is something we've been working to add for a while. We're pleased to announce today support for Sophos's latest endpoint security solution, Intercept X. It's a cloud managed EDR under Sophos Central, our integration allows for multiple security attributes to be ingested, added to the ClearPass endpointDb and then used in Policy as part of an authZ check. You can check for items such as the components installed, Overall Health, Sophos running Services, Sophos Threat Status and more.

Why this maters to you? – Customer have been requesting integration with Sophos for an extended period of time, we 're please to offer this integration with their latest EDR solution, Intercept X. Utilizing endpoint security meta-data as part of an authZ check is good practice to ensure the endpoint is compliance to be on the network.

FortiManager and FortiGate via Fortinet Security Fabric

We've had a integration for 5+ years with FortiAuthenticator and FortiGate, today we're releasing our latest and significantly updated integration direct into the Fortinet Security Fabric. We worked hand-in-hand with Fortinet to build this integration. This new integration is able to leverage the 'Aruba Role' and use this to federate real-time Policy Managers view of an endpoint/user into the FortiGate via FortiManager to leverage the NGFW capabilities to allow/deny access to resource protected behind the firewalls.

Why this maters to you? – Being able to leverage Active-Directory membership data is useful, but its only part of the story. Firewalls regular integrated with AD and other IS, but they don't know about the devices behind the user, is it BYIOD, Corp-Owned, in Compliance, encrypted, patched etc. etc. Having Policy Manager build a role across user and device context and then share this with the firewall allows the firewall to make a much more appropriate decision on how to firewall data behind an IP address.

SentinelOne EDR

We've seen an increasing demand from customers/partners for integration with the SentinelOne EDR platform. SentinelOne does not rely on human analysts or Cloud connectivity for its best-in-class detection and response capabilities. Instead, it utilizes an Active EDR agent that carries out pre- and on-execution analysis on device to detect and protect endpoints autonomously from both known and unknown threats. SentinelOne Endpoint Security does not use traditional anti-virus signatures to spot malicious attacks. Instead, it uses a combination of static machine learning analysis and dynamic behavioral analysis to protect systems. As part of the integration, delivered via the ClearPass extension framework, we ingest a multitude of security related policy, such as Number of Active threats detected, SentinelGroup IDs, Infected status, Last update status, Scan Status etc. etc. 

Why this maters to you? – S1 offers an extensive amount of contextual data specific to the endpoint security persona for an endpoint. Having ClearPass Policy Manager utilize the data ingested from the extension allows for a heightened level of additional security, CPPM can periodically check S1 for endpoint updates to ensure a near-real-time view of the managed endpoints is sync'd to the CPPM EndpointDb.

privacyIDEA MFA

We've added support for the privacyIDEA MFA, which supports OneTimePassword, specifically the T-OTP functionality. privacyIDEA is an Open Source solution that has been deployed by a number of Enterprise customers.

Why this maters to you? – Adding MFA/2FA into a number of common workflows is a best practice lots of Enterprise companies deploy, utilizing the integration we've developed allows customer to easily take advantage of these more advanced security workflows.

UPDATED/REFRESHED INTEGRATIONS

Microsoft InTune v5 aka Endpoint Manager MDM

Our latest version of our very popular Intune integration delivers multiple new features. This is almost a complete re-write of the core functionality, we've moved from the nac-api to use the GraphAPI, this enables among other things, the ability to pre-ingest all of the endpoint data for a tenant, and then keep it sync'd after the initial load such that a near-real-time view is maintained in the ClearPass EndpointDb. We still expose the ability if necessary to query re-time for endpoint data {and still supporting a cache fresh/stale timer} but we feel have this new functionality will be welcome by customers removing the need to query on a 1:1 authN. Additional features such as selectively choosing which endpoint attributes are ingested from a list of 45, previously we had only a fixed list of 10 endpoint attributes. The ability to sync delta changes after the initial sync is complete.

Why this maters to you? – Our integrations with multiple Microsoft products are wildly used, we're continuing to develop these integration with our technology partners to ensure that our customers can maximize their investment in ClearPass and our integrations. This new v5 of our InTune integration is major enhancement requested by multiple customers.

Splunk Enterprise / Cloud v3.1.0 ClearPass App + ClearPass HTTP Event Collector Extension

We're excited to release our latest version of our highly popular ClearPass Splunk App, improvement across the screens/frames, we've added a new Licensing section to replicate the concurrent licenses in ClearPass, this allows a user to track the usage of Access, Onboard or OnGuard, now called Compliance Suite licenses. And finally, we're utilizing the Splunk HTTP Event Collector {HEC} to expose the ability for an admin to selectively send data outside of syslog via the endpoint filter such that the data filtered can be shown in an Endpoint Info screen, for example you could choose to send Compromised=True, or Endpoint Source=Sophos, the options are limitless. Find this in the Splunk store and the accompanying HEC extension in our ClearPass Extension store.

Why this maters to you? – Having a real-time interface of CPPM activity, is critical for sec-ops, but the new Splunk App delivers a lot more, interfaces and summaries for operations and data to allow for trend and planning, all critical for understanding how your system is running.

VMware WorkSpaceOne aka Airwatch v4 UEM/MDM

We've continued to enhance our WSO feature set over the past year, this release continues the tradition of enabling more advanced functionality. Today I'm excited to announce we're enabling the ability for your to selectively enable a near-real-time {3-5 seconds} automated quarantined/disconnect capability. If devices that are managed by WSO drop into an outOfCompliance state then ClearPass Policy Manager can be configured to automatically change the access role/vlan/dACL for this device, it could also trigger other chained actions such as triggering emails, creating ITSM records etc. When the device is remediated an automated restore-action can apply. These triggers are applicable for Compromised and Compliance states as defined in Airwatch.

Why this maters to you? – The need to automate security functions that can be dynamic is starting to get mainstream acceptance, we're enabling the capability, but customers can choose what to them is meant by compliance and can selectively enable the capabilities in Policy Manager. The need to secure the edge has never been greater that today.

Newsletter #8

Date: 7/1/2020

NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS

This quarter we've releasing the largest collection of new and updated integration ever, a total of NINE new or updated TechNotes. We've focused on improving a number of our existing integrations, adding several new ones and updating a couple of old TechNote for Palo Alto Networks, Infoblox and Check Point. This quarter highlights the importance of our eco-system of vendor diversity, Unified Endpoint Management {UEM}/MDM seems to be the dominant product technology this quarter as we release three new integrations in this space, Meraki System Manager, Blackberry UEM and a JAMF MDM integration delivered as an Extension. We've continued to expand the scope and touchpoints of our integrations with an additional vulnerability scanner, Rapid7 Nexpose. We've updated our McAfee ePO integration with several new enhancements and launched a totally new Cloud to on-prem connectivity process we're calling Skyhook Generic Processor.

We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition. I strongly encourage you to take some time to read and review the TechNotes for the below integrations.

McAfee ePO – Updated Integration

We've had an integration with McAfee ePO's endpoint security platform for several years. Today we release a major update with many new and improved features. The ability to for an ePO administrator to push real-time 'ePO TAGs' directly into the ClearPass EndpointDb and then subsequently from the ePO console trigger RADIUS Dynamic Authorizations, better known as CoA or RADIUS DM's, to have ClearPass re-evaluate the endpoint posture/health based upon the new TAG's. When ClearPass now finds an endpoint that is not managed by ePO, depending on Policy definition, it can add this endpoint to the ePO Rogue Systems for additional investigation, alerting the ePO administrator to system on the network not running the ePO endpoint security.

Why this maters to you? – Being able to leverage the ePO endpoint security context allows for more granular and advanced access decisions in Policy Manager, enabling network administration function for ClearPass directly in the ePO console enables a richer and more integrated security solution.

Rapid7 Nexpose/Insight – New Integration

Rapid7 has always had a very strong presence in the vulnerability scanning space. Today we're releasing our integration between Policy Manager and Nexpose to allow the integration between platforms to enable CPPM to make more security rich decisions based upon the context provided by Nexpose. Multiple use-cases exist but as an overview you can only permit access after endpoints have been scanned, or have been scanned in the last N-days.

Why this maters to you? – Being able to incorporate vulnerability information specific to an endpoint within the access decision tree adds an additional dimension to how CPPM views the connected edge devices.

Meraki System Manager – New Integration

Meraki System Manager {MSM} is frequently used by enterprises {running Meraki WiFi} to offer an MDM-light service. An MDM system allows for certain device-level management functions, some of this management is related to the security and compliance of endpoints and where appropriate, this context can be very relevant to allowing/denying/restricting device access to network resources. We've also been able to leverage security alerting via webhooks in MSM such that we can trigger 'real-time' actions against devices.
Why this matters to you? – Being able to ensure that devices that connect to your infrastructure are within the policy guidelines set by the MSM administrator is an important addition to our list of UEM/MDM vendors.

JAMF Pro – New Integration

We've had an integration with JAMF Pro via the Context-Servers for close to 7-years, in that time we added incremental updates as customers have requested updates. This integration takes the functionality we had in Policy-Manager and moves it to an Extension but also adds many new functions. For example, customer can now decide on what JAMF endpoint attributes are ingested for endpoints, from a list of over 125, customer can define the endpoint attributes ingested and written to the Policy Manager EndpointDb, without the need to ask for updates. Additionally we've added the capability for CPPM to 'request' that JAMF interrogates managed endpoint and returns ALL network interfaces discovered over and above the basic ethernet/wifi such that Policy Manager has visibility of all interface through which an endpoint could authenticate.

Why this matters to you? – For Enterprise Customers this opens up the process to easily decide on what JAMF context is valid for them, without the need to have Aruba makes changes. Capturing all of the network interfaces ensures whatever mac-address is used, be it the onboard wifi or perhaps a mac-address from a docking station won't inhibit the device connecting.

Skyhook Generic Processor - New Integration

The ability to connect Cloud apps to on-prem has created many challenges, we had the foresight to create a webhook proxy to allow us the ability to 'connect' cloud events to on-prem ClearPass Policy Manager nodes to ensure integrations like Envoy, Sine VMware WSO which trigger real-time events as webhook can communicate securely. This new integration widens the scope of Skyhook, we've creating a framework to allow other vendors the ability to leverage this framework to build their own integrations. In this phase1 release we support the ability to allow the created of Guest/Visitor Registration, Guest Device Registrations and Policy Manager Endpoint creation.
Why this matters to you? – With more application and services running in the cloud, being able to connect them secure to on-prem services is becoming critical. This new framework opens up the ability for 3^rd parties to use our standard defined webhook to build their own integrations, as an example PASSTAB in Australia is utilizing this to integrate their School Guest Management application with ClearPass Guest for automated creation and notification of Guest accounts.

BlackBerry UEM – Updated Integration

With this update for our BlackBerry integration, we've added support for BlackBerry Cloud and support for OAuth2. BlackBerry previously was only support for on-prem deployments, with this new integration as customer embrace Cloud managed services we continue to provide the necessary support.

Why this matters to you? – Supporting Cloud managed BlackBerry tenants and adding support for modern authentication.

Palo Alto Networks – Updated TechNote 

We've made a large number of updates to our Palo Alto Networks Integration TechNote. Cosmetically we've removed some of the older data, but more importantly we've made several large additions. We've integrated the content from the advanced use-case from an 'old' advanced use-case TechNote, we've added a section on how to use and configure the Ingress Event Engine, added a section on how the leverage the integration between GlobalProtect VPN and OnGuard to push Roles/Tags to federate the endpoint health to the firewall to permit/deny access for remote users.

Why this matters to you? – As one of the leading NGFW vendors, being able to leverage the multiple integration points between Policy Manager and Palo Alto NGFW is critical to securing access to internal resources and for local or remote users.

Check Point – Updated TechNote 

We've updated the Check Point Technote to validate R80.30 and R80.40, the more recent versions of Check Point NGFW. A few other minor updates relating to how to forward via the Context_Server_Action endpoint attributes. Finally a new section on how to strip [] from default roles such as [User Authenticated] so that when parsing TIPS:Roles it doesn't appear as nested arrays.

Why this matters to you? – Ensuring we support and have validated the latest version of Check Points NGFW product line is critical for customer who leverage the ability to federate contest such as roles between the two platforms.

Infoblox – Updated TechNote 

We've worked with  to add some new additional functionality to the existing integration, allowing ClearPass endpoints to be deleted when the network-source-of-truth is the Infoblox system and an administrator deletes them from Infoblox, this new updates will now remove them from the ClearPass EndpointDb.

Why this matters to you? – For customer that manage a network asset source-of-truth with Infoblox, this ensures a seamless integration and reduces operational overhead by administrating network assets in a single place.

Newsletter #7

Date: 4/1/2020

NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS

This quarter we focused on improving a number of our existing integrations and adding a few new ones. This quarter highlights the importance of endpoint security, as we release three new EDR/EPP security integrations, endpoint security along with NGFW firewall is where enterprise business's spend the vast majority of their security budget, being able to integrate them with ClearPass Policy Manager is highly desirable. We've supported a number of vendors over the years, this quarter we've added additional leading endpoint vendors solutions, Crowdstrike, Microsoft and Trend Micro. Continuing with the integration development last quarter with Mosyle Manager for the K-12/Higher-Ed space, we've added Mosyle Business, this version is focused specifically on Enterprise Companies, this has already led to a ClearPass new-business sale in a competitive situation in Canada.

In terms of updates, Cylance Protect, now Blackberry Cylance Protect after they purchased the endpoint security vendor just over 1-year ago in February 2019, a small update to the logic processing in VMware Workspace One {formally known as Airwatch} and we've published the Medigate Integration Technote

We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition.

Crowdstrike Falcon – New

Crowdstrike Falcon has been one of the most requested integrations from the field/partners for the past two years, we're finally pleased to release our integration. A high number of Enterprise Businesses have deployed the Falcon endpoint agent and ClearPass can now leverage Falcon's endpoint security context as part of the Enforcement Policy.

Why this maters to you? – Being able to access and use contextual data from endpoint security agents is very valuable, using this at time of network access provides an invaluable insight in making an enforcement decision on how a device gains, or doesn't, network access and ultimately application access.

Microsoft Defender Advanced Threat Protection {D-ATP} – New

Microsoft have been tightly integrating endpoint behavioral sensors, security analytics and threat intelligence into the Windows platform. D-ATP platform of features is now available to other desktop systems such as macOS and has publicly announced it intends to support Android and iOS later in 2020 via support with other partners. We've seen interest from customer for D-ATP integration through 2019 and we're now pleased to release and announce our integration, we're also the FIRST NAC vendor to have an integration with D-ATP.

Separately we're now members of MISA, the Microsoft Intelligent Security Associate "an ecosystem of independent software vendors that have integrated their solutions to better defend against a world of increasing threats.", we're hopeful this will provide us with an additional avenue to market ClearPass Policy Manager.
Why this matters to you? – Being able to access and use contextual data from endpoint security agents is very valuable, using this at time of network access provides an invaluable insight in making an enforcement decision on how a device gains, or doesn't, network access and ultimately application access.

Trend Micro Apex Central / Apex One – New

Trend Micro has been a highly requested integration especially from our colleagues in APJ region. TM recently re-packaged their endpoint security products as 'APEX', APEX ONE being the agent and APEX CENTRAL being the management platform. We've added integration specifically into APEX CENTRAL as the conduit to access endpoint context from APEX ONE.
Why this matters to you? – Regionally Trend Micro is a very strong player within APJ and adding support will aid our team in selling ClearPass Policy Manager, outside of APJ TM continues as one of the global Anti-Virus vendors and has been very successful as a Cyber-security vendor and adding support for TM APEX CENTRAL will universally help others.

Mosyle Business – New

We added support for Mosyle Manager a UEM focused on K-12 in our last quarters update. This month we've extended and added support for Mosyle Business. Mosyle Business streamlines workflows to manage and deploy APPLE specific networks of devices.

Why this matters to you? – For Enterprise Customers this provides an essential and almost invaluable integration that's delivers an enhanced layer of security for any connected device to the network be it known or unknown.

Blackberry Cylance Protect – Updated

Cylance Protect has been one of the 'new-wave' of NG antivirus vendors this past few years. We originally released Cylance Protect over 3 years back as one of our early extensions, since then we've updated a number of extension related framework features such as scheduling via CRON style controls, we've started to introduce extension level resource/performance statistics, concatenate vendor name's as part of the endpoint attributes and we've exposed a configurable ingest paging sizes to customers.

Why this matters to you? – Refreshing the extension updates a number of key usable features as discussed above and fundamentally adds incremental usability features.

Medigate – Updated

Why this matters to you? – See last quarters link below for our write up on Medigate, this just confirms that the delayed TechNote supporting this integration is now posted.

VMware Workspace One – Updated

The integration with VMware Workspace ONE {WSO} has had a number of releases, this latest release {version 3.1.0} provides support for an issue related to creating/patching endpoints when some of the returned fields are NULL. Note:- There is no documentation update to support this update.
Why this matters to you? – Ensuring that endpoints get updated real-time and with the correct contextual data is paramount, please ensure you or your customer move to this latest version of the WSO extension.

Newsletter #6

Date: 12/18/2019

NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS

This quarter we focused on improving a number of our existing integrations and adding a few new ones. We've updated our Symantec Endpoint Protection Manager and made a minor update to our VMware Workspace One real-time update process. We have a couple of new integrations for you that we've releasing, Mosyle, a MDM player that is very successful in the K-12 and academia vertical and Medigate a Medical IoT security vendor. Finally this month we've completely re-written the ClearPass Policy Manager and Palo Alto Integration Guide. This guide has gone through eight previous iterations and had become fragmented with references to old versions and code, this is a fresh new version of the guide.

We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition.

Mosyle – NEW

Most K-12 schools want visibility and control of the devices students and faculty connect to the network. Being able to make intelligent decisions about these devices becomes much easier if there is a source of truth for the devices that can be used. Integrating with an MDM enables an easy way to ensure only authorized devices can connect to the network. If the device is unknown, provide a workflow that enables the student or teacher to self-remediate and enroll the device, if the device is not running the latest s/w direct the user to update their device, if its jailbroken, quarantine it on the network, and so on. Mosyle is a very successful MDM vendor in the K-12 market, specializing exclusively in the Apple eco-system for iOS, macOS and tv-OS.

Why this maters to you? – For K-12 customer's this provides an essential and almost invaluable integration that's delivers an enhanced layer of security for any connected device to the network be it known or unknown.

Medigate – NEW
Medical IoT {MIoT} has started to get a lot if visibility, similar in a way to Industrial IoT {IIoT}, it's highly specialized and security vendors playing in this space are laser focused exclusively on the MIoT space. Identifying connected devices within the medical space is a specialty technology, seeing beyond the regular device-type, device-os is a necessity, not a nice to have. There is no point identifying a MRI machine as a Windows Computer {if its running embedded windows} where the devices functionality and classification is very different. Being able to identify devices on your network with CVE vulnerabilities, firmware or their serial numbers is again a necessity. Our new integration with Medigate provides an enhanced level of visibility into the MIoT world of connected devices, Medigate automatically provisions endpoint with content into the ClearPass Endpoint database.

Why this maters to you? – Having the visibility and context from Medigate enables the deployment of a centralized security access policy for all devices connected to the network.

VMware Workspace One – Updated
Since releasing this integration one of the items specifically requested was the need to have the exchange integration tag endpoints as "unknown" when they are being deleted from within VMware Workspace One, so that they be removed from the ClearPass Endpoint database by normal Policy Manager housekeeping. This update provides an additional switch in the extension config to enable this functionality.
Why this maters to you? – Maintaining a consistent view of your managed network devices is critical, if there is high turn-over or a need to just remove deleted/retired devices from the ClearPass Endpoint database this optional feature lets you chooses how you want to manage your devices.

Symantec Endpoint Protection Manager – Updated
The original SEPM integration was released in 2018, this new version delivers a number of changes and improvements. The integration now pre-appends "SEPM" to all of the endpoint attributes added to Endpoints. We've updated the configuration of the polling process which controls the full or delta-changes update process, it's now based upon a unix style CRON job scheduler. Finally, for this new version we exposed the ability to set the returned page size of Endpoints we retrieve from the remote SEPM per API call, this allows the load on the SEPM server to be better controlled.
Why this maters to you? – Standardizing the experience and functionality across our extensive Extension estate, adding incremental updates.

Palo Alto Networks Integration Guide – Updated
We've re-written the integration guide to bring it up to date and remove a large amount of dated content. In this new guide, we've taken some of the content from the 'other' advanced integration guide and added a new section covering the use of the Ingress Event Engine and its configuration and thus retiring the old advanced guide with this new single guide.

Why this maters to you? – We've streamlined your reading of this guide by removing old redundant content. Being able to leverage all of the capabilities of our integrations enables you to build a more secure environment.

Newsletter #5

Date: 9/9/2019

Original Message:
Sent: Jun 17, 2023 10:14 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #4

Date: 6/7/2019

NEW CLEARPASS POLICY MANAGER INTEGRATIONS

I am excited to announce we are releasing three new integrations with Operational Technology and Industrial Control Systems (OT/ICS) vendors. This is a is a new integration space for us and I believe will provide a lot of new opportunities. At the 50,000 foot level, OT/ICS are the network foundation that run in Manufacturing systems, Transportation, Oil and Gas exploration and Power Energy distribution environments. The vendors in this space are probably names that you've seen and heard of in passing such as Rockwell Automation, Beckhoff, ABB, Emerson, Yokogawa, and Omron but have never encountered in your traditional SMB/EDU/Enterprise customer base.

So why are we making a move into this space? Well, these networks run on Ethernet and IP but after layer3 it's a completely different game with protocols we've never typically ever seen like Siemens S7, Modbus, Profinet, GE SRTP, CC-Link, DNP3 and many more. The opportunity here is that history tells us the teams that runs OT/ICS only have one requirement, and it's not security. They only care about uptime/availability, security has never been a consideration, however the world is changing and a number of high profile security incidents has changed the OT/ICS world and there is an opportunity in front of us to capture some of this TAM.

The opportunity around OT/ICS is now, our competitors, both Forescout and Cisco, have already and continue to invest in this space, Cisco just purchased Sentryo. Forescout had been working with a number of partners, but then acquired a company called SecutityMatters last year that drove a lot of them to seek a new NAC partner and came to us. Side Note: these vendors have already been working with Cisco in one way or another. In general the vendors we've partnered with provide very similar capabilities, but there are some small nuances in how they differ which is captured in the integration guides. 

We're taking a multi-phase approach to these integrations, Phase1 is what we're releasing today, covers visibility and classification, this provides an insight into the OT/ICS endpoints. This gives a company the ability to have a centralized companywide view of all network connected assets/inventory across IT and OT but more importantly the ability to set network edge policy in a single platform. The next phase will be specific to cyber/threat reporting and providing actionable capabilities.

To summarize why you should care, integrated Policy Manager with these OT/ICS vendors provides centralized visibility of BOTH IT and OT endpoints, ability to define enforcement policies for these devices in a single place and in the future add the ability to respond and react to cyber threats within their OT/ICS networks. 

NEW OT/ICS Visibility Vendors

• Claroty CoreX
• CyberX 
• Indegy Device Integrity 

All three vendors identify and classify OT/ICS connected equipment and automatically create endpoints inside the ClearPass Policy Manager endpoint database. Network-security/access-control for all of these OT/ICS Ethernet connected devices is enforced using MAB/MAC-Auth. Think of these devices as IIoT, headless and pretty simple when it comes to authentication. Being able to authorize and control access for these devices with the contextual data supplied within an enforcement policy yields a more secure enviornment. CyberX in particular has also added support to automatically notify ClearPass Policy Manager if it detects erroneous activity of OT/ICS connected endpoints.

VMware WorkSpace One (previously marketed as VMware Airwatch) – Realtime updates

We've had support for what was previously marketed by VMWare as Airwatch for many years now using Policy Manager's context server actions. This new integration can be considered an optional supplementary overlay for the existing support but using a ClearPass Extension. The new extension provides the ability for ClearPass Policy Manager to consume real-time updates (roughly 3-5 seconds) from VMware Workspace One rather than waiting for the next poll/ingest to happen, which historically happened hourly. There are several workflows where getting a real-time notification about new devices being enrolled provides for an better user experience and also when devices are removed from management or have changed their compliance state. The new real-time update is significantly beneficial than waiting for the next poll.

Original Message:
Sent: Jun 17, 2023 10:12 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #3

Date: 3/7/2019

NEW CLEARPASS INTEGRATIONS

IBM BigFix

IBM's BigFix is a collaborative Enterprise Endpoint Management and Security Platform. It's used and deployed by 1000's of customers to aid with managing and securing endpoints across their network. It can provide context for Compliance, Lifecycle, Inventory and Patch. In our initial release of IBM BigFix and ClearPass integration we have focused on the underlying framework and visibility of the managed endpoints. We plan to add support for Compliance next.

CyberHound {SPECIAL THANKS TO JASON ATKINS CLEARPASS CSE IN SYDNEY FOR THIS DOCUMENT}
CyberHound has developed the most comprehensive learning enablement solution for 100's of schools that has become the benchmark in Australia and overseas. Protecting your schools community from a growing number of cyber threats including malicious websites, cyberbullying and predatory behavior requires a comprehensive solution specifically designed for the 21st century. CyberHound delivers a best of bread next generation cyber security platform offering advanced firewall, Web Filtering an IPS features, if CyberHound detects malicious or erroneous activity on an endpoint, it signals ClearPass Policy Manager to take an action against the device such as quarantine to remove the threat and limit the expose.

Zingbox IoT Guardian

Zingbox is an endpoint device and classification partner with focus on Healthcare and IoT Security. Zingbox complements the existing fingerprinting and profiling that exists in ClearPass Policy Manager today and via the Aruba 360 Security Exchange open API framework update the ClearPass Policy Manager EndpointDB to enhance the endpoint classification for IoT Healthcare devices, this provides an enhanced level of visibility for the network and security administrators.

Original Message:
Sent: Jun 17, 2023 10:09 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #2

Date: 12/10/2018

NEW CLEARPASS INTEGRATIONS

Tenable Nessus Integration

Nessus has been around a long time and is a foundation tool used by many companies to identify vulnerabilities across many software products within an enterprise network. We've worked closely with Tenable to integrate our two products so that the contextual security and threat data is made available and shared. ClearPass can then use this data to make a more informed decision in how to allow/deny access for endpoints authenticating on the network. Several other use-cases exist along the lines of checking the last time a device was scanned for vulnerabilities, has a device every been scanned, etc.

MobileIron Cloud and Common Platform Services

We've had an integration with MobileIron for nearly 6 years. Recently they added a Cloud based platform for managing endpoints, but this utilized a completely different API framework than what we supported. This new integration add the support for the new API framework and complements the existing support for MobileIron Core with support for MobileIron Cloud R56 and above. As part of this release we have also added support for MobileIron Common Platform Services (CPS) which is part of both Core and Cloud but we have only certified support for CPS on the Cloud platform. CPS enables an almost-real-time feed from MobileIron into ClearPass such that endpoint additions/deletions/compliance changes can be updated within 3-5 seconds. Now ClearPass has an almost-real-time view of the MobileIron managed endpoints.

UPDATED CLEARPASS INTEGRATIONS

Check Point

The integration with Check Point is well established and has been available for nearly 4 years. During this time the integration was specifically for Check Point's R77 platform plus the installation of some specific Check Point hotfix's which enabled the integration. When Check Point released their R80 platform, they significantly simplified the integration, removed the need for additional hotfix-patches and made this a part of the core platform. This updated integration guide covers the configuration necessary on R80 and ClearPass to allow the sharing of User and Device context such that policies with Check Point have additional visibility to make more granular and real-time enforcement decisions. 

ENVOY Visitor Management

Envoy is a Visitor Management Solution we've supported for the past couple of years in addition to Sine Pro, TEEM LobbyConnect and TEAMGO GoReception. With this new integration guide we added some new functionality to the integration but more importantly fully documented the end-to-end integration in this V2 release. The overarching value here is we remove the airgap between visitor management and guest-access by automating account creation/deletion in ClearPass Guest on check-in/checkout.

Original Message:
Sent: Jun 17, 2023 10:06 AM
From: marcibanez23
Subject: ClearPass Policy Manager Aruba 360 Security Exchange Quarterly Integration Newsletter (Combined Thread)

Newsletter #1

Date: 9/4/2018

Cylance Protect Integration Guide - NEW. Cylance is a next generation AI cyber endpoint protection client, sometimes called an EDR or EPP. Cylance's security solutions provide full spectrum predictive threat prevention and visibility across the enterprise, combatting threats such as malware, ransomware, fileless malware, malicious scripts, weaponized docs, and other attack vectors. With AI based malware prevention, application and script control, memory protection, device policy enforcement, root cause analysis, threat hunting, automated threat detection and response, coupled with expert security services. ClearPass integrates realtime to check the security posture of the endpoint at the time of authentication to decide on the access is should be given, or not. Numerous security contextual attributes are returned and stored in the endpoint so they can be used within an enforcement policy. This guide is to be used with the new Cylance Extension.

Palo Alto Integration Guide - UPDATE. Palo Alto has been our most popular 3^rd party, and the integration stretches back over 5+ years this is version seven of the guide. The guide has been updated to include numerous changes introduced in ClearPass 6.7 which you need to know. We've also taken the opportunity to remove some of the OLD 6.x configuration to tidy up and reduce the document size.

Microsoft Intune Integration Guide - UPDATE. Intune has been making steady inroads into the market of some of the traditional MDM/EMM vendors. We've seen a huge uptick from customer/partners for InTune. Historically, we had to make calls into InTune to check the endpoint details on every authentication, this was an unnecessary overhead based upon the exposed API's from Microsoft, not a limitation in ClearPass. Now we cache the returned attributes and add an expiration duration. This latest version of the Integration Guide supports the updated V4 version of the InTune Extension.

Symantec Endpoint Manager (SEPM) Integration Guide - NEW. Symantec has had a security solution for endpoint protection for many, many years and they have been very successful in this space. Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features. Adding this integration to our endpoint support not only expands the opportunities for ClearPass but enables us to deliver a deeper security solution for enterprise customers. SEPM supports a vast amount of endpoint attributes, close to 100, these attributes are returned and stored in the endpoint so they can be used within an enforcement policy, later these can leveraged to make very granular enforcement decisions when devices access the network.

Sine Pro Visitor Management Integration Guide - NEW. This is an update to an existing Visitor Management solution, which previously had no public guide. It bridges the divide between Visitor and Guest Management. Let's be honest, Visitors need Guest access, for the visitor, he/she registers at the front desk and at the same time, they get guess access… Woohoo. For the security/network team, when the visitor leaves the facility, their account is automatically revoked. We will be coordinating with Sine in the next couple of weeks to retire the current Sine Pro plugin at the same time we publish the new ClearPass Sine Pro extension.

ClearPass Hardening Deployment Guide - UPDATE. This is the latest version of this very valuable document every ClearPass Admin should consult as we update our best practices to react to changing threat and cyber challenges. This guide covers best practice configuration for every ClearPass deployments, which services/protocols are in use, which security and configuration features are being added/modified to ensure you deploy ClearPass with a security first strategy. Every ClearPass Admin EVERY ONE should be familiar with the content of this guide.

IntroSpect Integration Guide - NEW. We're late in publishing this guide, the integration has been available for a while so we're very sorry in how long its taken for us to capture all of the content and get this guide in your hands. This is a new document covering the integration between ClearPass and IntroSpect. IntroSpect continues to have success in existing ClearPass accounts and new accounts. If you need to configure integration between the two platforms, this is the DOC you need. As its our initial DOC covering this we really want to hear your feedback if you feel there is anything missing from this guide, please let us know.

Netfort LANGuardian Integration Guide – NEW. This new guide supports the integration between LANGuardian and ClearPass via the Ingress Event Engine. LANGuardian provides visibility into endpoint Compliance State, such as endpoints running SMBv1, Weak Encryption in use, Unauthorized DNS server access. LANGuardian can alert ClearPass to these events to allow ClearPass to take the appropriate action on the endpoint.

Newsletter #11

Date: 4/1/2021

Contents

• New ClearPass Policy Manager Integrations this quarter
• Updated ClearPass Policy Manager Integrations this quarter
• Where to find information
• Where to submit new requests

New ClearPass Policy Manager Integrations and Extensions this quarter

Microsoft Sentinel

Why is this interesting? Microsoft Sentinel is the first cloud-first SIEM available with a built-in collector for ClearPass Policy Manager. Though the integration is currently in open beta, the functionality is available to anyone using Azure. 

Updated ClearPass Policy Manager Integrations and Extensions this quarter

Microsoft Defender ATP

This integration includes update to user agent field in each API call made to Microsoft Defender for Endpoint.

Note: This involves updating the Defender Extension to 1.1.1.

Microsoft Intune

This integration includes updates to GraphAPI permissions to March 2021 standards.

Note: This is an Intune configuration change only. 

Note: Wired clients still do not work with Intune Extension v5.  We are working with Microsoft to support wired devices when the beta GraphAPI is released. 

Where to find information

All documentation is released centrally in the Aruba Support Portal (ASP).  Everyone is able to download the documents from here directly, but you may also find it easier to bookmark the Aruba Community site with the shortcut https://www.arubanetworks.com/clearpassdocs that will take you directly there.

Where to submit new requests

We always want to hear feedback on Aruba 360 Exchange functionality.  You can reach out to the team through Email if you want to say anything specific.

New 360 Exchange partnerships and ideas are also welcomed to be submitted from Aruba Innovation Zone (AIZ).

A big thanks and congratulations to the ClearPass Engineering & QA, CSE/SE contributors, the Business Development, and 360 Security Exchange Partners who have made this possible!

Best regards,

The Aruba 360 Security Exchange Team