visibility, control and response€¦ · understanding connectivity options customers want to...
TRANSCRIPT
![Page 1: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/1.jpg)
Visibility, control and responseProtecting Clients and Unifying Policy
Tomas MuliuolisBaltics Lead
September 2018
![Page 2: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/2.jpg)
2Sensitivity: Internal
Today’s Escalating Customer Challenges
Advanced attacks
and unforeseen
threats continue to
plague customers
Lack of network and
endpoint unified visibility
hampers time to detect
and remediate
Point solutions add to
complexity and
overloads security IT
personnel
![Page 3: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/3.jpg)
3Sensitivity: Internal
Different Network Elements Must Work Together
Real-time sharing of
context provides
visibility for accurate
policy enforcement
Tightly integrated
workflows between
security protection
tools for efficiency
and speed
Holistic approach for
access control,
regardless of
location, time,
device
![Page 4: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/4.jpg)
4Sensitivity: Internal
INTRODUCING THE ARUBA 360 SECURE FABRICOpen, Analytics-driven Security for the Mobile, Cloud, and IoT Era
Aruba Mobile First Infrastructurewith Aruba Secure Core
Secure Boot | Encryption | DPI | VPN | IPS | Firewall
ClearPass | IntroSpectDiscover, Authorization and Integrated Attack Detection and Response
360º active cyber protection and secure access
from the edge, to the core, to the cloud—for any network
AnalyticsSupervised and Unsupervised Machine Learning
3rd Party Infrastructure
Aruba 360 Security Exchange
New Version!
![Page 5: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/5.jpg)
5Sensitivity: Internal
ClearPass at a Glance
CONTROL
• Reduce risk and workload through Automation
• All devices are Authenticated or Authorized – NO UKNOWN DEVICES
RESPONSE
• Adaptive response brokering best of breed security solutions
VISIBILITY
• Know what's connected, connecting in your wired & wireless multivendor environment
![Page 6: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/6.jpg)
6Sensitivity: Internal
ClearPass Policy Manager - What’s Built-in!
Services
- Policy Engine
- 802.1X
- MAC Auth
- Guest
- TACACS+
- Profiling
- Context Database
- +100 RADIUS
dictionaries
IT Tools
- Policy Simulation
- Access Tracking
- Template-based policy
creation
- LDAP Browser
- Per Session Logs
- Advanced Reporting
- AirGroup
Bonjour/DLNA
Security
Exchange
(3rd Party Integration)
- API’s
- Syslog Feeds
- Extensions
- Ingress Events
Over 100+ Partners
![Page 7: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/7.jpg)
7Sensitivity: Internal
Automated workflows
Enhanced security forBYOD and guests
Rules by user role and device types
Onboard Guest OnGuard
ClearPass Expandable Applications
Now Bundled With Access
License
![Page 8: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/8.jpg)
8Sensitivity: Internal
Understanding Connectivity Options
Customers want to managewhat devices connect
Only some support .1Xsupplicants
50% of IoT may bewired
• ClearPass supports any customer Infrastructure and need
![Page 9: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/9.jpg)
9Sensitivity: Internal
OnConnect for Wired Non-RADIUS Enforcement
Aruba
ClearPass
SNMP
Enforcement
Printer VLAN Infusion Pump VLAN
Existing 802.1X
wired/wireless support
No 802.1X
• Built-in device-centric security for all non-AAA ready customers
• Easy to configure on legacy multivendor switches
• Leverages ClearPass profiling for wired/wireless - IoT, laptops, mobile
phones.
![Page 10: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/10.jpg)
10Sensitivity: Internal
Technology Partners
Secure Connections: Authentication Before Access
Aruba
ClearPass
Existing 802.1X
wired/wireless support
• Multivendor support for all 802.1X ready wired and wireless customers
• Secure encrypted wireless access
• Built-in ClearPass profiling - IoT, laptops, mobile phones
• Easy to use policy creation templates
![Page 11: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/11.jpg)
11Sensitivity: Internal
Comprehensive Profiler MethodsHelps ensure accurate fingerprints
Passive Profiling
– DHCP Fingerprinting (MAC OUI & Certain Options)
– AOS IF-MAP Interface, DHCP Relay or SPAN
– HTTP User-Agent
– AOS IF-MAP Interface, SPAN, Guest and Onboard Workflows
– TCP Fingerprinting (SYN, SYN/ACK)
– SPAN
– ARP
– SPAN
– Cisco Device Sensor
– Netflow/IPFIX/sFlow
– Identifies open ports
Active Profiling
– Windows Management Instrumentation (WMI)
– Nmap
– MDM/EMM
– SSH
– ARP Table
– SNMP
– MAC/Interface Table
– SNMP
– CDP/LLDP Table
– SNMP
New!
New!
![Page 12: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/12.jpg)
12Sensitivity: Internal
NEW WAY:
Create your own Fingerprints!
OLD WAY:
Wait for new Fingerprints to be made and/or manually
override devices 1:1
Custom Fingerprinting – Solving IoT Issues
![Page 13: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/13.jpg)
13Sensitivity: Internal
Adaptive Policy Using Device Ownership
Enterprise Laptop BYOD Phone
Authentication EAP-TLS
SSID CORP-SECURE
Authentication EAP-TLS
SSID CORP-SECURE
Internet OnlyInternet and Intranet
![Page 14: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/14.jpg)
14Sensitivity: Internal
Adaptive Policy Using Device Ownership
Enterprise Laptop
Authentication EAP-TLS
SSID CORP-SECURE
Authentication EAP-TLS
SSID CORP-SECURE
Internet OnlyInternet and Intranet
1. Uses same identity store and EAP type
2. Leverages profiling and owner data
3. No need for separate SSIDs
4. Works at the office and over VPN
BYOD Phone
![Page 15: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/15.jpg)
15Sensitivity: Internal
ClearPass Exchange Continues to Grow
Infrastructure
MDM / EMM
Network
controls using
real-time
device data
Visibility into
location and
time with
granular
controls
Next-Gen
Perimeter Defense
SIEM, Automation, MFA
Granular
traffic control
with user and device data
Visibility and
interactive
control
features
Client Devices
IoT Devices
![Page 16: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/16.jpg)
16Sensitivity: Internal
ClearPass Exchange MDM/EMM Partners
MDM
DEVICE AND APP MANAGEMENT NETWORK ACCESS
ClearPass Policy ManagementDeviceWipe
JailbreakDetection
Push / ControlApps
AppBlacklist
AccessVisibility
AgentlessOnboarding(IT & BYOD) App Auto
Sign-On
Policies Using Device Attributes(Jailbreak Status,
Profile etc.)
AccessEnforcement(Deny/Allow)
User/Device Roles
Context-Based Policy
ClearPassMDM Connector
![Page 17: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/17.jpg)
17Sensitivity: Internal
ClearPass Exchange MDM/EMM Partners
MDM
DEVICE AND APP MANAGEMENT NETWORK ACCESS
ClearPass Policy ManagementDeviceWipe
JailbreakDetection
Push / ControlApps
AppBlacklist
Jail-broken Device
Detected
Helpdesk
ticket auto
generated
Message to
device auto
generated
1.
2.3.
ClearPass
Denies Access
to Device
![Page 18: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/18.jpg)
19Sensitivity: Internal
Adaptive Trust Context Sharing
Firewall policy
adapts to needContext sharedEmployee access
• Thomas
• Mac OS 10.9.3
• Marketing
• 10.0.1.12
Works with AD, LDAP, ClearPass dB, SQL dB
No agents/clients required
![Page 19: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/19.jpg)
20Sensitivity: Internal
Adaptive Trust Defense based on real-time threat detection
** Firewall / IPS
LAN/WLAN
User connects and
uploads threat
NGFW/IPS sends
event to ClearPass
ClearPass isolates
client
• Offers enhanced user experience as ClearPass can initiate user
notifications, help-desk tickets, and update third-party security solutions
• ** Device in step 2 can be an on-premises MDM/EMM, SIEM, etc.
1 2 3
Ingress Engine Third-party Threat Protection
![Page 20: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/20.jpg)
21Sensitivity: Internal
What Context Can We Share?
Context/Feature Palo Alto Juniper SRX Check Point Fortinet SonicWall Intel MLC
Source IP ✅ ✅ ✅ ✅ ✅ ✅
Username ✅ ✅ ✅ ✅ ✅ ✅
ClearPass Role ✅ ✅ ✅ ✅ ❌ ❌
Domain ✅ ✅ ✅ ❌ ❌ ✅
Device Type ✅ ✅ ✅ ❌ ❌ ❌
Machine OS ✅ ✅ ✅ ❌ ❌ ❌
Machine Name ✅ ✅ ✅ ❌ ❌ ✅
Health/Posture ✅ ✅ ✅ ❌ ❌ ❌
Ingress Event
Engine Dictionary✅ ✅ ✅ ✅ ❌ ❌
![Page 21: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/21.jpg)
22Sensitivity: Internal
Logon to Applications (SSO)
Update Firewall
Update Web Proxy / Filter
Update EMM/MDM
Security and Usability Coordination
AD/LDAP
EMM/MDM
Who: Bob
Group: Faculty
Device: Personal iPad
Location: Room 104
Time: 9am, Monday
Compliance: Healthy
Mac Address: X
IP Address: Y
Airgroup Permissions
Update Enforcement Device (LAN/WAN/VPN)
Adaptive Trust Identity
ClearPass
![Page 22: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/22.jpg)
23Sensitivity: Internal
Proactive Problem Identification and Resolution
– Use ClearPass to notify/alert helpdesk systems–The right teams with the right information
–As soon as a problem happens
– Not just Syslog/SNMP–Email
–HelpDesk Ticketing Systems
–SMS/Voice
![Page 23: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/23.jpg)
24Sensitivity: Internal
• Opens doors for new Exchange
partnerships▪ Device authorization, MFA, visitor
registration, EMM/MDM and more…
• Extends use of existing security,
productivity solutions
• Fast, no heavy lifting integration model.
ClearPass Extensions
ClearPass
Cloud Service On-Prem Service
![Page 24: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/24.jpg)
25Sensitivity: Internal
Challenges Delivering Guest Access
Everyone expects access –
even employees
Often requires staff to
assist each guest
Open Network!
Little to no security
& reporting
✗
✗
✗
![Page 25: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/25.jpg)
26Sensitivity: Internal
Why ClearPass Guest?
Any industry,any # of guests
Any device, anynetwork vendor
Self-service / sponsor / social
Internet / managed Intranet
Portal fits phone, laptop, tablet
Only secure guest app in industry
![Page 26: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/26.jpg)
27Sensitivity: Internal
Customizable Portal Features
Your branding and data fields✔
Advertising – mobile app, more…✔
Integration with 3rd party billing &
property management systems✔
Portal per department, location✔
Social login, MAC cache, QoS✔
www.grandarubahotel.com
www.levisstadium.com
![Page 27: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/27.jpg)
28Sensitivity: Internal
Access Network
Sponsor confirms
guest is valid
ClearPass Guest
Account enabled,
visitor notified via
screen, SMS, or emailVisitor
information
collected
New Visitor
Sponsor
12
3
Self-service with Sponsor Example
![Page 28: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/28.jpg)
29Sensitivity: Internal
Multi-Factor Authentication
– Vendor Support
– DUO
– ZOOM
– Imageware
– More to come!
– Captive Portal Login
– Bring MFA to captive portal logins
– Leverage built in database or external identity stores
– Onboard Login
– Support MFA for initial Onboarding
![Page 29: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/29.jpg)
30Sensitivity: Internal
Multi-Factor Authentication (DUO Workflow)
Step 1 – Who are you? Step 2 – 1st FactorSomething You Have
Step 3 – Request Approval from Known Device
Step 4 – Approve from Known Device
Step 5 – 2nd FactorSomething You Know
Step 6 – Logging in!
![Page 30: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/30.jpg)
31Sensitivity: Internal
Set # of GuestsStandard Guest for Enterprise, EDU
High Guest TurnoverHigh Capacity Guest (HCG) for Airports,
Arenas, Entertainment Venues
Scalable for Any Environment
![Page 31: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/31.jpg)
32Sensitivity: Internal
Replaced often
Android, iOS, Windows
Work & personal use
Access from anywhere
User owned
Who can onboard?
Managing Personal Devices
![Page 32: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/32.jpg)
33Sensitivity: Internal
Why ClearPass Onboard?
Self-service workflows
• Automated configuration:
Network settings and certs
• Can include in MDM/EMM
workflows
• Built-in certificate authority (CA):
Including user and device data
• Add security without increasing
IT workload or user frustration
![Page 33: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/33.jpg)
34Sensitivity: Internal
User’s device redirected to portal1 User enters AD credentials
to start onboard2 Automatically places user on proper network segment3
Doctor
Easy No PasswordsSecure
Enter the password for “Acme-net”75%
Authentication Using Unique Device Certificates
![Page 34: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/34.jpg)
35Sensitivity: Internal
Authentication Using Unique Device Certificates
User’s device redirected to portal1 User enters AD credentials
to start onboard2 Automatically places user on proper network segment3
Doctor
Easy No PasswordsSecure
Enter the password for “Acme-net”75%
• IT determines who can onboard devices
• Access differentiated by role and device
• Devices not entered into active directory
• No need for employees on guest network
![Page 35: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/35.jpg)
36Sensitivity: Internal
Onboard Headless Devices (e.g. non-802.1X, IoT)
Protect your users and devices
![Page 36: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/36.jpg)
37Sensitivity: Internal
• Check health before
network access
• Persistent and dissolvable agents
• Multiple operating systems
supported
Endpoint Health
• Can also be used with
BYOD workflows
Why ClearPass OnGuard?
![Page 37: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/37.jpg)
38Sensitivity: Internal
ClearPass OnGuardAccess Network
Automate Device Health Checking
Detect
non-compliant
devices
![Page 38: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/38.jpg)
39Sensitivity: Internal
Block access to network resources
across wired, wireless & remote
ClearPass OnGuardAccess Network
Detect
non-compliant
devices
Automate Device Health Checking
![Page 39: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/39.jpg)
40Sensitivity: Internal
Block access to network resources
across wired, wireless & remote
Minimizes risk to network
Allows user self service
ClearPass OnGuardAccess Network
Detect
non-compliant
devices
Auto-remediate
the device
Automate Device Health Checking
![Page 40: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/40.jpg)
41Sensitivity: Internal
ClearPass Reporting Using Insight
– One stop shop for all your reporting needs
– New Inventory dashboard
– Customizable inventory view of all learned devices
– New custom alerting options and filters
– Improves the ability for ClearPass to proactively notify admins/users of certain events
– Ability to import/export report templates
– Allows admins to create any template they want without needing a feature enhancement.
– Emailed reports now include the HTML version of the report as well as the raw CSV
![Page 41: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/41.jpg)
42Sensitivity: Internal
Multivendor & 3rd Party integration
User-experience driven applications
Scalability and cost advantages
Business oriented policy services
– building blocks, roles, troubleshooting tools
Why ClearPass
![Page 42: Visibility, control and response€¦ · Understanding Connectivity Options Customers want to manage what devices connect ... –DHCP Fingerprinting (MAC OUI & Certain Options) –AOS](https://reader033.vdocuments.net/reader033/viewer/2022042306/5ed18e1c5053201b4d5aa97b/html5/thumbnails/42.jpg)
Thank You