intelligent edge protection - netclose · intelligent edge protection sicherheit im zeitalter von...
TRANSCRIPT
![Page 1: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/1.jpg)
Intelligent Edge ProtectionSicherheit im Zeitalter von IoT und Mobility
September 26, 2017
![Page 2: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/2.jpg)
Hybrid IT
Built-in data analysis& contextually aware
Beacons, sensors and geo-positioning
Ubiquitous connectivity
Reliable performance& experience
Adaptive trust security
Mobile users, apps and devices
Security & resilience built-in Containerized, automated
and orchestrated
Intelligent Edge
Your Apps& Data
Driven by agile DevOps
Flexibleconsumption
Alwaysworkload optimized
Ecosystem of innovation partners
![Page 3: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/3.jpg)
“Aruba takes untrusted devices and converts them into sources of trusted and actionable data”
![Page 4: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/4.jpg)
The Fundamentals of Network Access
– Profile the Asset– Asset, location and basic posture information– Passive and active techniques
– Validate the Identity– Traditional network authentication methods 802.1x, MAC, PSKs– Leverage profile data as input to identity– Reference an existing asset register or start building one
– Authorize its Role– Lookup existing databases or trigger approval workflows– IT policies about security behavior, risk, access control– OT policies regarding SLA, auditing, compliance
![Page 5: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/5.jpg)
Situational aware securityEvent-triggered threat protection
3rd party integration for end to end visibility and control
IT managed and controlled workflows for guest, BYOD, IoT, health checks
Wired, Wi-Fi, VPNAAA and non-AAA options
Enterprise-wide coverage acrossany location, device type
Integration w/ network and security infrastructure
Step by Step access privilegesIdentity and context-based rules
Relationship between device, apps, services, and infrastructure
Orchestrated device discoveryWired, Wireless, IOTProfile and Manage
Custom FingerprintingVisibility Policy
AutomationEnforcement
The 4 stages of visibility and control
![Page 6: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/6.jpg)
ClearPass Policy Manager and NAC Solution
CLEARPASS POLICY MGR
Onboard Guest
Built-in:• Policy Engine• RADIUS/CoA/TACACS• Profiling• Accounting/reports• Identity store
Expandable Applications
REMOTE LOCATION
• BYOD onboarding• Simple guest access• Health assessments
OnGuard
![Page 7: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/7.jpg)
Device Profiling• Samsung SM-G900• Android• “Jons-Galaxy”
EMM/MDM
• Personal owned• Registered• OS up-to-date
• Hansen, Jon [Sales]• MDM enabled = true• In-compliance = true
Enforcement Points• Hansen, Jon [Sales]• Title – COO• Dept – Executive office• City – London • Location – Bldg 10
• Floor – 3• Bandwidth – 10MbpsIdentity Stores
Sources of Usable Context
![Page 8: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/8.jpg)
Comprehensive Profiler MethodsHelps ensure accurate fingerprints
Passive Profiling– DHCP Fingerprinting (MAC OUI & Certain Options)
– DHCP Relay or SPAN
– HTTP User-Agent– AOS IF-MAP Interface, Guest and Onboard Workflows
– TCP Fingerprinting (SYN, SYN/ACK)– SPAN
– ARP– SPAN
– Cisco Device Sensor
– Netflow/IPFIX– Identifies open ports
Active Profiling– Windows Management Instrumentation (WMI)
– Nmap
– MDM/EMM
– SSH
– ARP Table– SNMP
– MAC/Interface Table– SNMP
– CDP/LLDP Table– SNMP
![Page 9: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/9.jpg)
ClearPass Exchange
Infrastructure
MDM / EMMNetwork controls using real-time device data
Visibility into location and time with granular controls
Next-Gen Perimeter Defense
SIEM, Automation, MFA
Granular traffic control with user and
device data
Visibility and interactive
control features
NEW
Client Devices
IoT Devices
![Page 10: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/10.jpg)
Demo Time
![Page 11: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/11.jpg)
Generate notifications to OT and IT
Update FW policy for store
Block access to update URL
Update risk profile for other fridges
Use Case: IoT Device Security Incident
Operator
Asset DB
Vendor: SelectaClass: Beverage FridgeRole: Store IoT devicesLocation: Pike Place, SeattleAuthentication: MAC, SQLMac Address: AA:BB:CC:11:22:33Firmware Version: 12.35bRisk Profile: High (open ports)Polling Frequency: 83 in last 5 minsBW Profile: 89% increase
Update switch (sandbox role, shutdown port)
Adaptive Trust Identity
ClearPass
Flag inventory application to review data
![Page 12: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/12.jpg)
IntroSpect Overview
ANALYZER
ENTITY360
ANALYTICS FORENSICS
DATA FUSION BIG DATA
IntroSpect UEBA
Entity360 Profilewith Risk Scoring
Packets
Flows
Logs
Alerts
Most complete visibility100+ supervised and
unsupervised machine learning models Integrated forensics data Scales from small projects
to full enterprise deploymentOpen, integrated platformFast-start option
![Page 13: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/13.jpg)
The Start: User/Entity View of Events
IP Address
![Page 14: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/14.jpg)
Behavior – Many Different Dimensions
Behavioral Analytics
Internal Resource Access Finance servers
AuthenticationAD logins
Remote AccessVPN logins
External ActivityC&C, personal email
SaaS ActivityOffice 365, Box
Cloud IaaSAWS, Azure
Physical Accessbadge logs
ExfiltrationDLP, Email
![Page 15: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/15.jpg)
Basics of Behavioral Analytics
ABNORMAL INTERNALRESOURCE ACCESS
Behavioral Analytics
UNSUPERVISED INDIVIDUAL HISTORICAL
+PEER GROUP(e.g. from AD designation or profiling from ClearPass)
MACHINE LEARNING BASELINES
![Page 16: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/16.jpg)
Finding the Malicious in the Anomalous
Behavioral Analytics
SUPERVISEDUNSUPERVISED
MACHINE LEARNINGDLP
SandboxFirewalls
STIXRulesEtc.
THIRD PARTY ALERTS
BUSINESS CONTEXTHigh Value AssetsHigh Value Actors
![Page 17: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/17.jpg)
Accelerated Investigation and Response
Behavioral Analytics
![Page 18: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/18.jpg)
NETWORK TRAFFICPACKETSFLOWS
IDENTITY
INFASTRUCTURE
SaaS
laaS
ALERTS
Consoles / Workflows
SIEMCASB
SOLUTION - AT A GLANCE
ANALYZERENTITY360
ANALYTICS FORENSICS
DATA FUSION BIG DATA
PACKET PROCESSOR
DPI PACKET CAPTURE
SOLUTION – INTEGRATED WITH SECURITY ECOSYSTEM
![Page 19: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/19.jpg)
www.arubanetworks.com/clearpass www.IntroSpect.com
ClearPass Real-time Policy-based Actions
• Real-time quarantine, • Re-authentication• Bandwidth Control• Blacklist
User/DeviceContext
Wired/WirelessDevice Authentication
ActionableAlerts
ClearPassPolicy Manager
IntroSpect UEBA
Entity360 Profilewith Risk Scoring
1. Detect and Authorize
2. Monitor and Alert
3. DecideandAct
ClearPass + IntroSpect = 360° Protection!
![Page 20: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/20.jpg)
Demo Time
![Page 21: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/21.jpg)
Why all of this?
– BYOD, NAC, Guest Access, OT, IT– Different level of scale…..again– Cannot VLAN or MAC whitelist your way out of IoT– Automation a requirement, not a nice to have
– Role Based Access Control is key– Extend WLAN roles to the LAN and VPN– Leverage controllers for low bandwidth LAN devices– Firewall at the edge to help with network segmentation
![Page 22: Intelligent Edge Protection - Netclose · Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017. Hybrid IT. Built-in data analysis & contextually](https://reader034.vdocuments.net/reader034/viewer/2022042309/5ed6e217df0eda5e752ae52c/html5/thumbnails/22.jpg)
Thank You
OLIVER WEHRLITECHNOLOGY CONSULTANT | SWITZERLANDT: +41 58 199 00 55
UEBERLANDSTRASSE 1 | CH-8600 DUEBENDORF | SWITZERLAND
AIRHEADS COMMUNITY | FOLLOW US | Twitter | LinkedIn