Network Security & Firewalls

Today's networks have become increasingly more complex, due in part to the rapid adoption of Internet of Things (IoT) devices which are often difficult to detect and manage. In order to leverage the operational efficiencies of mobile and IoT, many organizations are deploying a wide range of devices, without fully understanding the security and compliance implications.

Aruba ClearPass Device Insight provides a full-spectrum of visibility across the network by intelligently discovering and profiling all connected devices. This includes detailed device attributes such as device type, vendor, hardware version, and behavior including applications and resources accessed. This allows organizations to create more granular access policies, reduce security risks and meet key compliance requirements.

As a part of Aruba's ClearPass family of industry-leading access control solutions, ClearPass Device Insight provides the visibility needed to make better informed network access control decisions. Integration with ClearPass Policy Manager delivers comprehensive policy control and real time enforcement. This makes the visibility provided by ClearPass Device Insight actionable and increases the overall level of security and compliance for all devices connected to the network.

FULL-SPECTRUM VISIBILITY

ClearPass Device Insight addresses the most stringent visibility requirements for the most diverse network environments. This includes the ability to broadly and accurately identify all wireless and wired devices connected to the network - from traditional IT managed devices to previously undetected IoT devices such as cameras, medical equipment and other hard to detect endpoints.

ClearPass Device Insight utilizes a unique set of both active (NMAP, WMI, SNMP, SSH) and passive discovery methods (SPAN, DHCP, NetFlow/S-flow/IPFIX) in order to discover and classify a wider range of device types. These capabilities are further enhanced through the use of deep packet inspection which provides additional context and behavioral information that can further identify difficult-to-detect devices connected to the network.

RICH CONTEXT AND BEHAVIORAL INTELLIGENCE

By utilizing data collection and deep packet inspection techniques, ClearPass Device Insight is able to analyze the characteristics and behavioral patterns of any device and extract specific attributes for each. Some of these attributes include domain name lookup, destination IP addresses, applications accessed, and frequency of communication. These attributes can then be used to identify a device using a set of known fingerprints. If there is not a match, machine learning models are used to group unknown devices that exhibit similar characteristics.

HPE Aruba Networking's ClearPass Policy Manager, part of the HPE Aruba Networking 360 Secure Fabric, provides role- and device-based secure network access control for IoT, BYOD, corporate devices, as well as employees, contractors and guests across any multivendor wired, wireless and VPN infrastructure.

With a built-in context-based policy engine, RADIUS, TACACS+, non-RADIUS enforcement using OnConnect, device profiling, posture assessment, onboarding, and guest access options, ClearPass is unrivaled as a foundation for network security for organizations of any size.

For comprehensive integrated security coverage and response using firewalls, UEM and other existing solutions, ClearPass supports the HPE Aruba Networking 360 Security Exchange Program. This allows for automated threat detection and response workflows that integrate with third-party security vendors and IT systems previously requiring manual IT intervention.

In addition, ClearPass supports secure self-service capabilities, making it easier for end users trying to access the network. Users can securely configure their own devices for enterprise use or Internet access based on admin policy controls.

The result is detailed visibility of all wired and wireless devices connecting to the enterprise, increased control through simplified and automated authentication or authorization of devices, and faster, better incident analysis and response through the integration and orchestration with third-party security solutions. This is achieved with a comprehensive and scalable policy management platform that goes beyond traditional AAA solutions to deliver extensive enforcement capabilities for IT-owned and BYOD security requirements.

HPE Aruba Networking's ClearPass Policy Manager, part of the HPE Aruba Networking 360 Secure Fabric, provides role- and device-based secure network access control for IoT, BYOD, corporate devices, as well as employees, contractors and guests across any multivendor wired, wireless and VPN infrastructure.

With a built-in context-based policy engine, RADIUS, TACACS+, non-RADIUS enforcement using OnConnect, device profiling, posture assessment, onboarding, and guest access options, ClearPass is unrivaled as a foundation for network security for organizations of any size.

For comprehensive integrated security coverage and response using firewalls, UEM and other existing solutions, ClearPass supports the HPE Aruba Networking 360 Security Exchange Program. This allows for automated threat detection and response workflows that integrate with third-party security vendors and IT systems previously requiring manual IT intervention.

In addition, ClearPass supports secure self-service capabilities, making it easier for end users trying to access the network. Users can securely configure their own devices for enterprise use or Internet access based on admin policy controls.

The result is detailed visibility of all wired and wireless devices connecting to the enterprise, increased control through simplified and automated authentication or authorization of devices, and faster, better incident analysis and response through the integration and orchestration with third-party security solutions. This is achieved with a comprehensive and scalable policy management platform that goes beyond traditional AAA solutions to deliver extensive enforcement capabilities for IT-owned and BYOD security requirements.