Showing all posts tagged security:

The Rise of the Machine Learning Solutions

Heading into Aruba Atmosphere this year I was most excited to see Aruba’s new Niara solution in action and learn more about this product as it solves a very real need in every network. Inherently any network policy grants some sort of access to the network and users are free to work within the confines of that policy. Even using 802.1X-based authentication and dynamically provisioned VLANs, access roles, downloadable ACLs, etc. isn’t necessarily enough. Niara solves for these issues in an appealing way and lessens the workloads for SecOps teams.

Case #1: Stolen Credentials
A known valid user can operate within their policy, but what happens if they are compromised either through social engineering, weak passwords, poor password management, etc.? Niara builds a profile of what is typical behavior of a specific user, if their patterns change this will be identified by the system. Perhaps the user starts attempting to access new areas or is visiting new websites—by a change in behavior, it is possible to identify a need for a change in policy, alert the SecOps team, or eventually automate remediation or lockdown of the user. Comparing to a baseline as well as other similar users gives Niara a frame of reference for the user under evaluation.

Case #2: Malware and Viruses
Both malware and viruses are capable of changing the behavior of network attached clients, while numerous tools already exist to help combat these Niara could serve as a welcome tool to identify and isolate infected clients or in a perfect world learn about how a Day Zero Attack might attempt to compromise the network and automatically harden the network in anticipation of this attack. The combination of these capabilities along with Aruba’s open APIs using Aruba’s Exchange offers some very interesting possibilities by enabling the collection of data from ecosystem partners with a greater speciality in the malware and virus arena. Imagine a world in which your firewall vendor has detected a new type of malware, shares that data with Aruba ClearPass and Niara via APIs, syslog, SIEM, or other similar routes and then the network automatically reacts to prevent the spread of that malware at the same time you are being notified.

Case #3: Software Bugs/Anomalous Behavior
If an application is updated and begins to operate differently on the network, Niara can identify this and enable teams to understand the new behavior. New behaviors deemed as risky can be mitigated against and feedback can be provided to the company’s development team. A specific example of this was provided at the conference in a popular file share company who’s update generated unwanted traffic on the network. Niara’s machine learning was able to identify and allow this undesirable behavior to be stopped.

Aruba, a Hewlett Packard Enterprise Company opens the door to a world of possibilities with the addition of machine learning and extends those capabilities elegantly through their open architecture in Aruba Exchange. I would anticipate that this field of machine learning is going to explode in the networking world as IT teams are facing increasingly difficult security challenges and are being asked to do more with less people and less resources. Automation of detection and defense should be able to solve 75-80% of the issues out there, enabling IT to focus on the most challenging and highest value problems out there.

Aruba Extends Feature Velocity to Partners

One of the most promising announcements at Mobility Field Day Live with Aruba, a Hewlett Packard Enterprise company for me had to be the introduction of ClearPass Extensions. The concept behind this feature is to leverage a repository within ClearPass, such that new features may be created and ran without compromising the integrity of the system and the underlying code with some sort of “engineering special". This functionality adds substantial value to an already feature rich ClearPass product.

ClearPass Extensions enabled Aruba partners such as Microsoft, Intel Security, Kasada, and Envoy to develop innovative features that may be released ahead of a major release of code which improves feature velocity and more importantly client satisfaction.
Currently this is a relatively closed system with Aruba handling the development as a professional services engagement, but as a service oriented partner we see the light at the end of the tunnel and are looking to truly create some differentiating features for our customers that provide tight integration of ClearPass with the business.
Aruba’s vision for where ClearPass Extensions will go includes a developer community and an “app store" enabling customers to download or purchase apps that have been developed specifically for ClearPass. Customers can also develop their own features, or engage any third party to do the integration for them in the future.
Creating an opportunity for partners to differentiate themselves from each other and rewarding those that truly understand their customer’s business is an appealing idea. Waiting on features that may take six months to be released during a standard release punishes those companies who are creative and forward looking.
This model rewards these organizations instead by giving them a competitive advantage and an option to potentially generate additional revenues depending on how the app stores comes to light. The potential opportunities of these extensions are seemingly infinite and the upside for organizations investing in this are tremendous.