ClearPass Quarterly Integration Update
WELCOME..!!... Please take time to read to the end, I’ll make it worth your time.
This is the first edition of the Aruba 360 Security Exchange quarterly newsletter. Historically we’ve built new integrations/updated old TechNotes and released them randomly month by month. In the past, we’ve released/updated our TechNotes as they were ready but we felt that they became lost in all the typical email noise we deal with on a daily basis. We’re now moving to a quarterly release schedule so that it not only gives us a little more time to build collateral but also help you keep up to date on the latest and greatest integrations. Disclaimer… if we do see a typo or inaccuracy in one of our guides, we will update as needed. ☺These documents will either be updates to existing documents or new documents supporting a new integration. While we introduce this change we will also be taking the opportunity to re-align the functionality of the documents. Historically everything was a TechNote, going forward the below table provides an overview of how we intend to categorize the documents.
Name
|
Description
|
Examples
|
Integration Guide
|
Configuring an integration with another product
Extensions, Exchange, Third-Party NAD
|
- EMM
- Rapid7 Nexpose
- Cisco Wireless
|
Solution Guide
|
Complete solutions, not individual products/integrations
|
- Wired Policy Enforcement
- Complete Palo Alto architecture integration (User-ID, IEEE, GlobalProtect)
|
Configuration Guide
|
Configuring native ClearPass functions/workflows (can include some light third party stuff, ex: Cloud Identity)
|
- ClearPass Device Registration
- SAML
- ClearPass Onboard
- ClearPass Onboard + Cloud IdPs
|
Competitive Note
|
Internal use only, competitive intelligence
|
|
Deployment Guide
|
Architecture level ClearPass deployment information (mostly done by TechPubs)
|
- Deploying ClearPass in a Cluster
- Installing ClearPass in a VM
|
So, what’s coming this month your're all wondering, stop twittering I hear you say, and give us the money-ball.
Cylance Protect Integration Guide - NEW. Cylance is a next generation AI cyber endpoint protection client, sometimes called an EDR or EPP. Cylance’s security solutions provide full spectrum predictive threat prevention and visibility across the enterprise, combatting threats such as malware, ransomware, fileless malware, malicious scripts, weaponized docs, and other attack vectors. With AI based malware prevention, application and script control, memory protection, device policy enforcement, root cause analysis, threat hunting, automated threat detection and response, coupled with expert security services. ClearPass integrates realtime to check the security posture of the endpoint at the time of authentication to decide on the access is should be given, or not. Numerous security contextual attributes are returned and stored in the endpoint so they can be used within an enforcement policy. This guide is to be used with the new Cylance Extension.
Palo Alto Integration Guide - UPDATE. Palo Alto has been our most popular 3rd party, and the integration stretches back over 5+ years this is version seven of the guide. The guide has been updated to include numerous changes introduced in ClearPass 6.7 which you need to know. We’ve also taken the opportunity to remove some of the OLD 6.x configuration to tidy up and reduce the document size.
Microsoft Intune Integration Guide - UPDATE. Intune has been making steady inroads into the market of some of the traditional MDM/EMM vendors. We’ve seen a huge uptick from customer/partners for InTune. Historically, we had to make calls into InTune to check the endpoint details on every authentication, this was an unnecessary overhead based upon the exposed API’s from Microsoft, not a limitation in ClearPass. Now we cache the returned attributes and add an expiration duration. This latest version of the Integration Guide supports the updated V4 version of the InTune Extension.
Symantec Endpoint Manager (SEPM) Integration Guide - NEW. Symantec has had a security solution for endpoint protection for many, many years and they have been very successful in this space. Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features. Adding this integration to our endpoint support not only expands the opportunities for ClearPass but enables us to deliver a deeper security solution for enterprise customers. SEPM supports a vast amount of endpoint attributes, close to 100, these attributes are returned and stored in the endpoint so they can be used within an enforcement policy, later these can leveraged to make very granular enforcement decisions when devices access the network.
Sine Pro Visitor Management Integration Guide - NEW. This is an update to an existing Visitor Management solution, which previously had no public guide. It bridges the divide between Visitor and Guest Management. Let’s be honest, Visitors need Guest access, for the visitor, he/she registers at the front desk and at the same time, they get guess access… Woohoo. For the security/network team, when the visitor leaves the facility, their account is automatically revoked. We will be coordinating with Sine in the next couple of weeks to retire the current Sine Pro plugin at the same time we publish the new ClearPass Sine Pro extension.
ClearPass Hardening Deployment Guide - UPDATE. This is the latest version of this very valuable document every ClearPass Admin should consult as we update our best practices to react to changing threat and cyber challenges. This guide covers best practice configuration for every ClearPass deployments, which services/protocols are in use, which security and configuration features are being added/modified to ensure you deploy ClearPass with a security first strategy. Every ClearPass Admin EVERY ONE should be familiar with the content of this guide.
IntroSpect Integration Guide - NEW. We’re late in publishing this guide, the integration has been available for a while so we’re very sorry in how long its taken for us to capture all of the content and get this guide in your hands. This is a new document covering the integration between ClearPass and IntroSpect. IntroSpect continues to have success in existing ClearPass accounts and new accounts. If you need to configure integration between the two platforms, this is the DOC you need. As its our initial DOC covering this we really want to hear your feedback if you feel there is anything missing from this guide, please let us know.
Netfort LANGuardian Integration Guide – NEW. This new guide supports the integration between LANGuardian and ClearPass via the Ingress Event Engine. LANGuardian provides visibility into endpoint Compliance State, such as endpoints running SMBv1, Weak Encryption in use, Unauthorized DNS server access. LANGuardian can alert ClearPass to these events to allow ClearPass to take the appropriate action on the endpoint.
On the subject of feedback, any comments and feedback/suggestions are graciously accepted.
You can collectively find all the document on the support site located here https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Default.aspx?EntryId=7961
Please also ensure you share some love with our authors this month that have contributed new documents or updated old versions, and finally a big thank you and congratulations to the ClearPass Engineering and QA teams!
Angel - Symantec Endpoint Protection Manager
Arpit - Sine Pro Visitor Management
Arpit - Palo Alto
Arpit - InTune
Arpit - IntroSpect
Dennis - Hardening Guide
Danny - Cylance Protect
Connor Shovlin (SE) - Netfort LANGuardian