Mobile and IoT are changing how we think about NAC. Follow Aruba’s 3-step plan to identify devices, enforce polices, and protect the network. Aruba Networks ClearPass Policy Manager for mobility and IoT. Aruba Networks ClearPass Policy Manager solves today’s security challenges across any multi-vendor wired or wireless network. By replacing outdated legacy AAA with context-aware policies. It delivers visibility, policy control and workflow automation in one cohesive solution. Identify what’s on your wired or wireless network. Security starts with understanding what’s on the network. What devices are being used, how many, and which operating systems are supported? Aruba Networks ClearPass Policy Manager has a built-in profiling engine that collects real-time data. Including device categories, vendors, and OS versions. And the new standalone Aruba Networks ClearPass Policy Manager Universal Profiler provides the same visibility. For those not ready for full policy enforcement.
Enforce smart policies. Organizations must adapt to today’s evolving devices and their use. Whether the device is a smartphone, a printer, or a surveillance camera. Once you know what’s on your network, it’s time to enforce policies. That provide proper user and device access, regardless of user, device type or location. Protect resources via dynamic policy controls and threat remediation. It’s expensive and time-consuming to invest in security. And it’s almost impossible to keep ahead of the hackers by innovating alone. Aruba Networks ClearPass Policy Manager Exchange ecosystem is designed to bring together best-of-breed third-party solutions. To provide end-to-end security at the edge with real-time analytics. Learn how Aruba Networks ClearPass Policy Manager Insight provides real-time analytics. And reporting to better understand who and what is on your network, so you can resolve issues quickly.
Aruba Networks ClearPass Policy Manager — Endpoint Visibility For Wired And Wireless
Aruba Networks ClearPass Policy Manager offers network and security organizations a unique advantage versus the competition. As real-time, agentless profiling can be acquired as a standalone appliance or within a comprehensive policy enforcement solution. Both allow you to continuously identify endpoints, and network devices on non-AAA or AAA enabled wired and wireless networks. Whether via dynamic or static IP addresses. Comprehensive dashboard visuals make it easy to see the total number of endpoints. And the number by category, family and device type. Aruba Networks ClearPass Policy Manager discovers endpoints with unsurpassed ease. Identifying and profiling attributes that determine device category, vendor, operating system, IP address, hostname, owner, and more. Automatic and IT-customizable endpoint classification ensures that new and unknown IoT devices are quickly placed into the proper device families. For visibility and/or security enforcement.
Advanced Policy Management
Enforcement and visibility for wired and wireless. With Aruba Networks ClearPass Policy Manager — organizations can deploy wireless using standards-based 802.1X enforcement for strong authentication. ClearPass also offers a way to create non-.1X policies on wired networks with OnConnect. For those organizations not ready to go full 802.1X and AAA throughout their wired infrastructure. Aruba Networks ClearPass Policy Manager allows for a hybrid approach to enable IT to gain insights about all devices. Including computers, smartphones and IoT – accessing the network. Concurrent authentication methods can be used to support a variety of use-cases. It also includes support for multi-factor authentication based on login times, posture checks, and other context. Such as new user, new device, and more. Attributes from multiple identity stores such as Microsoft Active Directory. And LDAP-compliant directory, ODBC-compliant SQL database, token servers and internal databases across domains can be used within a single policy for fine-grained control.
ClearPass Policy Manager
IntroSpect User and Entity Behavior Analytics (UEBA) uses AI-based machine learning to spot changes in user behavior that often indicate inside attacks that have evaded perimeter defenses. Security teams are armed with insights into malicious, compromised or negligent users, systems and devices — cutting off the threat before it does damage. Entity360 represents an entity’s security-relevant activity regardless of data source, devices used or activity type. It includes a risk score (0 to 100) as well as a full security profile with hours worth of investigation available in a single click. Entity risk scores based on machine learning can account for key factors like the order and time of incidents across various attack stages as well as time since detection and business context.
Accurate, normalized scores mean security analysts can confidently prioritize their efforts. Machine learning-based analytics build baselines for normal behavior of both individual entities and groups by continuously monitoring IT activities — like authentication, remote access, internal access to high-value resources and cloud app usage — across network and log data. Attack detection and forensics are intrinsically tied together, providing analysts with instant access to complete investigative records. Security teams can now triage more efficiently, make more informed decisions, and respond before damage is done. Aruba security provides 360 degree protection by combining ClearPass network access control with behavior analytics-based attack detection and alerting for a complete solution that secures your organization from malicious threats.
Using policy management in a mobile environment, where users connect over wireless and wired networks throughout the day solves a set of entirely new challenges that didn’t previously exist. If a device is denied access today, user and it productivity is lost. With the right policy management approach, it organizations can ensure that the growing universe of #GenMobile workers get instant access to the apps, printers and network services they’re authorized to use, no matter where they are or what device they have. Mobile devices — authentication services are fairly consistent between AAA and policy management systems.
However, any form of health checks or device interrogation will require a policy management system. A critical policy management capability entails making real-time decisions based on intelligence gathered from devices using NAC and/or MDM agents. the policy management system determines if a device can connect, if remediation is required or if access should be denied. Most it organizations currently rely on active Directory or lDap to assign and enforce security policies for users and devices.
Aruba is in the midst of a massive transition away from networking technologies that were designed for the 20th century when mobile, IoT and cloud did not exist. The surge in mobile and IoT means that the wired and wireless network must deliver more than just connectivity — the network is expected to provide actionable insights about the use of mobile and IoT to justify future investments, so that businesses can adopt new technologies and serve the needs of GenMobile — while keeping the network secure and without breaking the budget.
Cloud networking — Aruba Central manages, monitors and secures wired, Wi-Fi and wide area networks from the public cloud. Thanks to its multi-tenant operation, it enables Aruba and end users to support multiple disparate networks from a single location. Aruba Networks Mobile First Networks are optimized for today’s enterprise and SMB environments where mobile and IoT are pervasive. Aruba Mobile First Platform is the software layer between the Aruba network infrastructure and is designed to share rich, contextual insights with third-party business, IT and end-user facing applications.
Mobile Virtual Enterprise
This capability enables guests to quickly and easily navigate hospitality properties, and, via Aruba Networks Beacons, for hospitality marketing departments to engage them using context-relevant, location-based services while they are doing so. Operating over Aruba Networks’ PIC — compliant Wi-Fi networks, these devices reliably stay connected to the back-office LightSpeed database as users roam, allowing sales to be processed anywhere in the store. Aruba Networks’ context-aware Mobile Virtual Enterprise (MOVE) architecture provides policy enforcement based on device-fingerprinting, application-fingerprinting, and location, ensuring a good in-store experience by prioritizing LightSpeed’s mobile POS applications over other less critical network traffic.
Monscierge is a global software company specializing in innovative hospitality solutions for properties, owners and brands. Monscierge Connect enhances communication between a hotel’s guest and staff through mobile, tablet, large-format touch-screen devices, and a central web-based platform that manages property content. Skyfii IO is a mobile technology and venue analytics company whose solutions capture, analyze, and visualize customer behavior.
Enterprises moving to voice and video calling on Wi-Fi need their IT departments to design a wireless infrastructure that supports these apps at high density. Wired infrastructure — the integration of the HP Enterprise and Aruba Networks access portfolios is a key ingredient in Aruba's mobile-first approach. As organizations transition to the digital workplace, they won’t need as many ports as before because of the increased use of Wi-Fi. Although a highly mobile workforce means that the majority of users will connect via wireless, the surge in IoT devices and the increasing use of Wi-Fi bandwidth means that the wired infrastructure is critical, too.
Predict network issues before they happen — with the huge scale of devices connecting to the network, IT needs granular visibility into the access layer — at the user, device, and app level — to keep things running without disruptions to the business. Aruba Networks AirWave is a powerful and easy-to-use network management system that manages Aruba Networks wired, wireless, and remote access networks, as well as multi vendor wired and wireless infrastructures.