Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CLEARPASS POLICY MANAGER ARUBA 360 SECURITY EXCHANGE QUARTERLY INTEGRATION NEWSLETTER #8

This thread has been viewed 6 times

  • 1.  CLEARPASS POLICY MANAGER ARUBA 360 SECURITY EXCHANGE QUARTERLY INTEGRATION NEWSLETTER #8

    Posted Jul 01, 2020 10:44 PM

    ARUBA 360 SECURITY EXCHANGE QUARTERLY INTEGRATION NEWSLETTER

      

    CONTENTS

    • NEW AND UPDATED CLEARPASS POLICY MANAGER INTEGRATIONS THIS QUARTER
    • IN CASE YOU MISSED LAST QUARTER’S NEWSLETTER
    • WHERE TO FIND STUFF
    • WHAT WE WANT FROM YOU? 

     

     

    NEW AND UPDATED CLEARPASS POLICY MANANGER INTEGRATIONS THIS QUARTER

    This quarter we’ve releasing the largest collection of new and updated integration ever, a total of NINE new or updated TechNotes. At this time I want to make a special call out to the following individuals who have stepped up to help the ClearPass PLM/TME Team deliver to you these new documents, if you see them please take time to thank them.

    • Tony Kord
    • Andy De La Cruz
    • Ryan Hadley
    • Drew Wyskida
    • Scott Bodo

    We’ve focused on improving a number of our existing integrations, adding several new ones and updating a couple of old TechNote for Palo Alto Networks, Infoblox and Check Point. This quarter highlights the importance of our eco-system of vendor diversity, Unified Endpoint Management {UEM}/MDM seems to be the dominant product technology this quarter as we release three new integrations in this space, Meraki System Manager, Blackberry UEM and a JAMF MDM integration delivered as an Extension. We’ve continued to expand the scope and touchpoints of our integrations with an additional vulnerability scanner, Rapid7 Nexpose. We’ve updated our McAfee ePO integration with several new enhancements and launched a totally new Cloud to on-prem connectivity process we’re calling Skyhook Generic Processor.

     

    We believe these improvements or new integrations will continue to enable you to have more meaningful conversations with both existing customers by ensuring they get the most out of their investment in ClearPass Policy Manager as well as prospective customers looking at us versus the competition. I strongly encourage you to take some time to read and review the TechNotes for the below integrations.

     

     

    McAfee ePO – Updated Integration

    We’ve had an integration with McAfee ePO’s endpoint security platform for several years. Today we release a major update with many new and improved features. The ability to for an ePO administrator to push real-time ‘ePO TAGs’ directly into the ClearPass EndpointDb and then subsequently from the ePO console trigger RADIUS Dynamic Authorizations, better known as CoA or RADIUS DM’s, to have ClearPass re-evaluate the endpoint posture/health based upon the new TAG’s. When ClearPass now finds an endpoint that is not managed by ePO, depending on Policy definition, it can add this endpoint to the ePO Rogue Systems for additional investigation, alerting the ePO administrator to system on the network not running the ePO endpoint security.

    Why this maters to you? – Being able to leverage the ePO endpoint security context allows for more granular and advanced access decisions in Policy Manager, enabling network administration function for ClearPass directly in the ePO console enables a richer and more integrated security solution.

     

     

    Rapid7 Nexpose/Insight – New Integration

    Rapid7 has always had a very strong presence in the vulnerability scanning space. Today we’re releasing our integration between Policy Manager and Nexpose to allow the integration between platforms to enable CPPM to make more security rich decisions based upon the context provided by Nexpose. Multiple use-cases exist but as an overview you can only permit access after endpoints have been scanned, or have been scanned in the last N-days.

    Why this maters to you? – Being able to incorporate vulnerability information specific to an endpoint within the access decision tree adds an additional dimension to how CPPM views the connected edge devices.

     

    Meraki System Manager – New Integration

    Meraki System Manager {MSM} is frequently used by enterprises {running Meraki WiFi} to offer an MDM-light service. An MDM system allows for certain device-level management functions, some of this management is related to the security and compliance of endpoints and where appropriate, this context can be very relevant to allowing/denying/restricting device access to network resources. We’ve also been able to leverage security alerting via webhooks in MSM such that we can trigger ‘real-time’ actions against devices.
    Why this matters to you? – Being able to ensure that devices that connect to your infrastructure are within the policy guidelines set by the MSM administrator is an important addition to our list of UEM/MDM vendors.

     

     

    JAMF Pro – New Integration

    We’ve had an integration with JAMF Pro via the Context-Servers for close to 7-years, in that time we added incremental updates as customers have requested updates. This integration takes the functionality we had in Policy-Manager and moves it to an Extension but also adds many new functions. For example, customer can now decide on what JAMF endpoint attributes are ingested for endpoints, from a list of over 125, customer can define the endpoint attributes ingested and written to the Policy Manager EndpointDb, without the need to ask for updates. Additionally we’ve added the capability for CPPM to ‘request’ that JAMF interrogates managed endpoint and returns ALL network interfaces discovered over and above the basic ethernet/wifi such that Policy Manager has visibility of all interface through which an endpoint could authenticate.

    Why this matters to you? – For Enterprise Customers this opens up the process to easily decide on what JAMF context is valid for them, without the need to have Aruba makes changes. Capturing all of the network interfaces ensures whatever mac-address is used, be it the onboard wifi or perhaps a mac-address from a docking station won’t inhibit the device connecting.

     

    Skyhook Generic Processor - New Integration

    The ability to connect Cloud apps to on-prem has created many challenges, we had the foresight to create a webhook proxy to allow us the ability to ‘connect’ cloud events to on-prem ClearPass Policy Manager nodes to ensure integrations like Envoy, Sine VMware WSO which trigger real-time events as webhook can communicate securely. This new integration widens the scope of Skyhook, we’ve creating a framework to allow other vendors the ability to leverage this framework to build their own integrations. In this phase1 release we support the ability to allow the created of Guest/Visitor Registration, Guest Device Registrations and Policy Manager Endpoint creation.
    Why this matters to you? – With more application and services running in the cloud, being able to connect them secure to on-prem services is becoming critical. This new framework opens up the ability for 3rd parties to use our standard defined webhook to build their own integrations, as an example PASSTAB in Australia is utilizing this to integrate their School Guest Management application with ClearPass Guest for automated creation and notification of Guest accounts.

     

     

    BlackBerry UEM – Updated Integration

    With this update for our BlackBerry integration, we’ve added support for BlackBerry Cloud and support for OAuth2. BlackBerry previously was only support for on-prem deployments, with this new integration as customer embrace Cloud managed services we continue to provide the necessary support.

    Why this matters to you? – Supporting Cloud managed BlackBerry tenants and adding support for modern authentication.

     

     

    Palo Alto Networks – Updated TechNote 

    We’ve made a large number of updates to our Palo Alto Networks Integration TechNote. Cosmetically we’ve removed some of the older data, but more importantly we’ve made several large additions. We’ve integrated the content from the advanced use-case from an ‘old’ advanced use-case TechNote, we’ve added a section on how to use and configure the Ingress Event Engine, added a section on how the leverage the integration between GlobalProtect VPN and OnGuard to push Roles/Tags to federate the endpoint health to the firewall to permit/deny access for remote users.

    Why this matters to you? – As one of the leading NGFW vendors, being able to leverage the multiple integration points between Policy Manager and Palo Alto NGFW is critical to securing access to internal resources and for local or remote users.


    Check Point – Updated TechNote 

    We’ve updated the Check Point Technote to validate R80.30 and R80.40, the more recent versions of Check Point NGFW. A few other minor updates relating to how to forward via the Context_Server_Action endpoint attributes. Finally a new section on how to strip [] from default roles such as [User Authenticated] so that when parsing TIPS:Roles it doesn’t appear as nested arrays.

    Why this matters to you? – Ensuring we support and have validated the latest version of Check Points NGFW product line is critical for customer who leverage the ability to federate contest such as roles between the two platforms.

     

    Infoblox – Updated TechNote 

    We’ve worked with  to add some new additional functionality to the existing integration, allowing ClearPass endpoints to be deleted when the network-source-of-truth is the Infoblox system and an administrator deletes them from Infoblox, this new updates will now remove them from the ClearPass EndpointDb.

    Why this matters to you? – For customer that manage a network asset source-of-truth with Infoblox, this ensures a seamless integration and reduces operational overhead by administrating network assets in a single place..

     

     

    IN CASE YOU MISSED LAST QUARTER’S NEWSLETTER

    We announced several new and updated integrations which we are re-listing below for those that missed it. For a more detailed description of the below integrations from the last quarter use this link to read more and why they are useful and valuable to you and our customers. 

    • Crowdstrike Falcon – NEW
    • Microsoft Defender-ATP – NEW
    • Trend Micro APEX ONE– New
    • Mosyle Business – New
    • VMware Workspace One - Updated
    • Cylance – Updated
    • Medigate - Updated

    You can also find a complete list of all the Aruba 360 Security Exchange Quarterly announcement here on our community site.


    WHERE TO FIND STUFF

    Everyone including customer and partners can find the documents on the community site located here, this is a NEW landing page which will become the source of access to all ClearPass Documentation.

    https://www.arubanetworks.com/clearpassdocs

     

    Additionally, going forward we are now posting all of the documents in the new Aruba Support Portal.



    WHAT WE WANT FROM YOU? 

    We always want your feedback on the integrations we deliver, good or bad. What we like to hear from you is what integrations are you are seeing or hearing about in your accounts today, what’s missing, what do you need to help you win?

     

     

    Finally, A big thanks to the ClearPass Engineering and QA team for helping us develop, validate and update these integrations!

     

    Tony Kord, Scott Bodo, Ryan Hadley, Andy Del La Cruz, Drew Wyskida, Anish Pansare and Danny Jump