Aruba, a Hewlett Packard Enterprise company, announced the Aruba 360 Secure Fabric, a security framework that provides 360 degrees of analytics-driven attack detection and response to help organizations reduce risks. Aruba is also expanding the Aruba IntroSpect product family.
Gartner’s research into insider threats indicates that organizations are not adequately considering the risk from their trusted users even though there are myriad examples where organizations have been impacted. On a positive note, Gartner fielded almost a 100% increase from clients looking to address the insider threat issue, of which UEBA is one of the primary technologies
To help organizations address new and unknown threats, the Aruba 360 Secure Fabric offers security and IT teams a way to detect and respond to advanced cyberattacks from pre-authorization to post-authorization across multi-vendor infrastructures, supporting enterprises of all sizes.
Components of the Aruba 360 Secure Fabric include the following:
- Aruba IntroSpect UEBA solution: A new network-agnostic family of monitoring and advanced attack detection software. Includes a new entry-level edition and uses machine learning to detect changes in user and device behavior that can indicate attacks that have evaded traditional security defenses. Machine-learning algorithms generate a Risk Score based on the severity of an attack to speed up incident investigations for security teams.
- Aruba ClearPass: A network access control (NAC) and policy management security solution which can profile BYOD and IoT users and devices, enabling automated attack response, is now integrated with Aruba IntroSpect. ClearPass can also be deployed on any vendor’s network.
- Aruba Secure Core: Essential security capabilities embedded in the foundation across all of Aruba’s Wi-Fi access points, wireless controllers and switches, including the recently introduced Aruba 8400 campus core and aggregation switch.
Aruba IntroSpect Standard joins the IntroSpect UEBA family, along with new features added to the company’s flagship offering, Aruba IntroSpect Advanced. The expansion of the IntroSpect UEBA family offers security teams more choice and a quick way to implement UEBA.
Aruba IntroSpect Standard is a way for organizations to start employing UEBA machine learning security. It is designed for basic monitoring and detection of anomalous and often, subtle, behaviors on the network and across mobile, cloud, and IoT devices and applications, to identify early signs of attack expansion and beaconing, as well as data exfiltration.
It ingests common data sources including Microsoft Active Directory or other LDAP authentication records and identity information, and firewall logs from sources such as Checkpoint, Palo Alto Networks or Aruba monitoring (AMON) logs from Aruba infrastructure. Action can be taken quickly using ClearPass to quarantine, restrict, or remove identified threats.
Security teams deploying IntroSpect Standard can easily upgrade to IntroSpect Advanced as their requirements expand.
Aruba IntroSpect Advanced delivers a wider set of security capabilities than IntroSpect Standard to provide attack detection by correlating across a broader array of data sources, aiding in faster incident investigation and improved threat-hunting, search, and deep forensics. Included are more than 100 supervised and unsupervised machine learning models that provide unmatched analytics and forensics from data such as packets, flows, logs, alerts, endpoints, and including mobile, cloud, and IoT traffic, increasing an organization’s effectiveness at identify risk.
New features for Aruba IntroSpect Advanced include:
- Smarter Security with Dynamic Machine Learning, which allows security teams to customize IntroSpect’s analytical models. Included is “chaining,” in which the 100+ out-of-the box machine learning models can be linked together to construct new detection scenarios and associated risk scores.
- Classifying Mobile, Cloud, and IoT with Device Peer Grouping, which utilizes the ClearPass profiling functionality to group like devices even when known only by their IP address. For example, ClearPass will classify a surveillance camera or a factory sensor, and IntroSpect will benchmark its behavior amongst its peer group. Introspect will flag unusual device behavior based on peer group comparisons, extending UEBA functionality to the classes of IoT devices.
- Faster Remediation with Integrated Attack Response, enabling security analysts to respond to an attack by triggering an action for ClearPass directly from the IntroSpect console.