Sergey Nivens - Fotolia
Aruba has beefed up the security of its wireless LAN portfolio with software that relies on user behavioral analytics and other features to guard against malicious activity.
Aruba 360 Secure Fabric -- available now in North America -- includes elements of pre-existing Aruba products, such as ClearPass and IntroSpect, armed with additional machine learning and artificial intelligence capabilities to allow customers to rely on user behavioral analytics to determine threats. It's based, in part, on software from Niara, which Aruba's parent, Hewlett Packard Enterprise, acquired earlier this year.
Instead of tracking signatures and known threats, an approach taken by many threat detection and firewall systems, Aruba 360 Secure Fabric attempts to spot small changes in behavior on a network to identify potential malicious activity, according to Larry Lunetta, Aruba's vice president of security solutions marketing.
If malicious activity is detected through IntroSpect, it will be handed off to Aruba's management app, ClearPass, for resolution. Although the new framework works best on Aruba products, it will also interoperate with infrastructure from different vendors, Lunetta said. The fabric also meshes with Aruba's Secure Core offering, which contains security tools embedded within the vendor's line of access points, wireless controllers, and core and aggregation switches.
Lunetta said Aruba 360 Secure Fabric is an attempt to recognize the changing nature of enterprise network security threats, which increasingly encompass ransomware attacks and situations where a breach at a contractor introduces malware that may remain dormant for months.
"We haven't seen a postmortem on Equifax, but it was probably a similar circumstance," Lunetta said of the hack that potentially compromised the information of more than 143 million Americans. Most of all, the new offering is aimed at reducing the manual labor involved in IT security operations, he said.
In conjunction with the new software, Aruba divided its existing IntroSpect user behavioral analytics application into two offerings: IntroSpect Standard and IntroSpect Advanced. Standard allows users to rely on machine learning and data fed from as few as three sources to monitor for and detect anomalous network activity, Lunetta said.
The software also assesses behavior across internet of things, mobile and cloud, combing through data from a variety of sources, including Microsoft Active Directory, Lightweight Directory Access Protocol records and even data sources from other security vendors, such as Palo Alto Networks and Check Point Software Technologies. Suspected threats are diverted and quarantined in ClearPass.
Customers can subsequently upgrade to Advanced, which correlates information from among more data sources and relies on 100 supervised and unsupervised machine learning models to assess potential threats from additional data sources, such as endpoints. IntroSpect Advanced interoperates with ClearPass, which groups devices by common characteristics, like classifying IP security cameras together. In addition, Advanced creates a benchmark for activity among devices in the same class.
Early user plans expansion
Semiconductor manufacturer Cadence Design Systems Inc., an early adopter of Aruba 360 Secure Fabric, is using elements of the user behavior analytics software in preparation for a more comprehensive rollout, said Faramarz Mahdavi, senior group director of IT operations.
"We plan to expand the footprint as time goes on," he said. "We're just focused on [protecting our] source code for now, but plan to expand to other parts of network and data. Like a lot of companies, there's been a lot of focus on perimeter protection, and we've added another layer internally for our security posture."
Exploring the capabilities of Aruba campus switches
User behavioral analytics can thwart attacks
Building a business case for behavioral analytics