Introduction to ClearPass Device Insight

Srinivas Loke

JUNE 2019

2@ArubaEMEA | #ATM19EMEA

CURRENT CHALLENGES IN DEVICE VISIBILITY

IT/Security teams lack visibility into devices on the network i.e. factory

controllers, medical equipment

Current toolset fails to adequately address visibility and IoT use cases

Volume, variety and the innovation of “things” means manual approaches cannot keep pace

Without comprehensive visibility, effective security and compliance is not possible

3@ArubaEMEA | #ATM19EMEA

HALF OF ENTERPRISE STRUGGLING TO SECURE IOT

Source: Ponemon Institute

4@ArubaEMEA | #ATM19EMEA

CLEARPASS DEVICE INSIGHT OVERVIEW

Reduces Risk by Eliminating Blind Spots

through DPI-based discovery and profiling of devices

Automatically Classifies Unknown Devices

using advanced machine learning and crowdsourcing intelligence

Ensures Secure Accessvia seamless integration with ClearPass Policy Manager

5@ArubaEMEA | #ATM19EMEA

TRADITIONAL PROFILING TECHNIQUES LACK DEVICE CONTEXT

STATIC ATTRIBUTES

NMAP | SNMP | WMI

6@ArubaEMEA | #ATM19EMEA

CLEARPASS DEVICE INSIGHT: FROM GENERIC TO GRANULAR DEVICE VIEW

STATIC ATTRIBUTES

NMAP | SNMP | WMI

WINDOWS DEVICE

AXIS DEVICE

AXIS SECURITY CAMERA

AXIS Q35 NETWORK CAMERA

DEEP PACKET INSPECTION (DPI)

STATIC + BEHAVIORAL ATTRIBUTES

APPLICATIONSWEB SITES

PORTSPROTOCOLS

CROWD-SOURCING

MACHINELEARNING

7@ArubaEMEA | #ATM19EMEA

CLASSIFIES UNKNOWN DEVICES

Device Attributes

IP/MAC Address

Application Access

Communication Protocols

Communication Frequency

Deep Packet Inspection (DPI)

MACHINE LEARNING

CROWDSOURCING

8@ArubaEMEA | #ATM19EMEA

AUTOMATED DEVICE DISCOVERY AND PROFILING

Static Attributes: Operating System, Hardware Vendor

Active and Passive techniques such as MAC OUI, NMAP, etc.

Dynamic Attributes: Understanding Behavioral AttributesDeep Packet Inspection (DPI) and Machine Learning leverage communication patterns,

applications, etc.

Comparative Attributes: Finding Commonality

Continuous monitoring of device trafficand crowdsourced intelligence to refine

and update device fingerprints

9@ArubaEMEA | #ATM19EMEA

ELIMINATES BLIND SPOTS

10@ArubaEMEA | #ATM19EMEA

Discovered Devices Classify known

devices with

fingerprintsClassification based on

static, flow and

behavior based

attributes

Checks for Fingerprint

Device Identified and

Labeled

ML-based Classification

Utilizing Machine Learning for Unknown Devices

11@ArubaEMEA | #ATM19EMEA

CLOUD-ENABLED COMMUNITY CROWDSOURCING

Aruba receives the signature

Signature is made available for use by

all customers

Customer labels a device using clusters or rules

Signature is tested and validated

12@ArubaEMEA | #ATM19EMEA

ARCHITECHTURE OVERVIEW

Combination of on-premises data collector (appliance or virtual)

and cloud-based analyzer

Through Deep Packet Inspection (DPI), device attributes are are extracted and metadata is sent

to the cloud for analysis

Campus / Datacenter

Device InsightVirtual

Collector

Device Insight

Hardware Collector

Branch

Device InsightVirtual

Collector

Gateway Switch

DEVICE INSIGHT

ANALYZER

CLOUD PLATFORM

Device Insight

Hardware Collector

Device InsightVirtual

Collector

13@ArubaEMEA | #ATM19EMEA

Multi-Vendor Switching

Multi-Vendor WLANs

3rd Party Security and Networking Vendors

360 SECURE FABRIC

ECOSYSTEM

ClearPass Policy ManagerSEGMENTATION / ENFORCEMENT

Internet of Things (IoT)

BYOD and Corporate Owned

ClearPass Device InsightENHANCED DISCOVERY /

PROFILING

Bi-Directional Data Exchange

INTEGRATION ENSURES SECURE ACCESS

14@ArubaEMEA | #ATM19EMEA

PORT-BASED DYNAMIC ROLE-BASED

StaticCamera port

Printer port

PoS port

Manual configuration of ACLs, VLANs, QoS

Automate configurations with context

PCI-compliant

Hard to scale for device type and quantity across multiple

sites

Dynamic

Flatten configurations at high scale based on user, device,

app

ENFORCED BY DYNAMIC SEGMENTATION

15@ArubaEMEA | #ATM19EMEA

IOT IN HEALTHCARE

ClearPass Device InsightENHANCED DISCOVERY /

PROFILING

16@ArubaEMEA | #ATM19EMEA

HOW WE’RE DIFFERENT

CONTINUAL INNOVATION IN IOT CONNECTIVITY, SECURITY, AND AI

COMPLETE VISIBILITY ACROSS THE ENTIRE INFRASTRUCTRE

AUTOMATED, MACHINE LEARNING-BASED, DISCOVERY AND

PROFILING

CLOUD-ENABLED, CROWDSOURCED FINGERPRINTS

DYNAMIC ROLE-BASED ACCESS CONTROL

17@ArubaEMEA | #ATM19EMEA

Getting Started with Simple Subscription-based Licenses

Component Description Deployment Licensing

Device Insight

Subscription

Primary Device Insight

subscription which includes

Device Insight Analyzer and

licenses for virtual collectors

Software running on

Aruba’s Cloud Platform

Subscription based

1,3 and 5 year SKUs

Virtual Collectors Data collector for device

discovery using deep packet

inspection

Virtual deployment on

choice of hardware

Included in Software

License

Collector Appliances Data collector for device

discovery using deep packet

inspection

Turn-key Aruba

hardware appliance

3 models to support

500, 5000 and 25K

device count

18@ArubaEMEA | #ATM19EMEA

Thank You

Still not a part of the Airheads

Community? Sign up today!

community.arubanetworks.com

19@ArubaEMEA | #ATM19EMEA