Aruba Integrates UEBA and Network Access Control in Security Fabric

Aruba's IntroSpect User Entity and Behavior Analytics technology gets integrated with ClearPass network access control to provide an adaptive attack response capability.

Aruba IntroSpect

Aruba, a Hewlett Packard Enterprise (HPE) company, announced its new 360 Secure Fabric platform on Sept. 18, providing organizations with analytics, network access control and embedded security features.

Among the components in Aruba 360 Secure Fabric is the new Introspect User Entity and Behavior Analytics (UEBA) offering. The IntroSpect technology comes to Aruba from UEBA vendor Niara, which HPE acquired on Feb. 1. IntroSpect is an enhanced and rebranded version of the original Niara product, according to Larry Lunetta, vice president of Security Solutions Marketing for Aruba.

"Since the acquisition, Aruba has continued to enhance the machine learning-based attack detection features for IntroSpect," Lunetta told eWEEK.

One of the enhancements in IntroSpect is the ability to benefit from over 100 different machine learning models that are preconfigured to create what Lunetta referred to as mega models. The mega models map to new attack scenarios and kill chain sequences that organizations have either experienced or are most concerned about that relate to potential future incidents. 

Aruba has also done work to integrate the Niara technology with Aruba's existing network infrastructure technology. For example, Lunetta said IntroSpect can utilize the monitoring data generated by Aruba's wireless controllers to provide network insight to the machine learning models. 

"This now means that Aruba networking customers can seamlessly add advanced attack detection without any change to their infrastructure," he said.

The Aruba 360 Secure Fabric also includes Aruba's ClearPass network access control (NAC) technology, which now benefits from the IntroSpect UEBA integration. Lunetta said there is a bidirectional integration between ClearPass and IntroSpect that provides operational insights into entities such as internet of things (IoT) devices. With the integration, the IntroSpect technology can help detect potential attacks and then pass along that information to ClearPass to take action on the network and to quarantine or block a user or device.

Another element of the Aruba 360 Secure Fabric is the Secure Core technology embedded into Aruba's wireless and wired networking devices. One of the components of Secure Core is hardware device assurance. Lunetta said Aruba network devices use a Trusted Platform Module (TPM) to ensure the integrity of switches and wireless access points through a range of validation mechanisms supporting a secure boot process.  

"TPM is also used to help deliver Trusted Traffic, where encryption keys are stored in a secure fashion," Lunetta said. "We use centralized encryption, which means all encryption keys are stored on the wireless controllers, not on the access points."

Looking forward, Lunetta said Aruba will continue to refine its adaptive attack response capability that benefits from the collaboration between IntroSpect and ClearPass.

"The goal is to provide the tools and confidence for security teams to use automation as part of their attack response repertoire to create greater efficiencies for security investigators and better collaboration between security, operations and network teams," he said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.