Advertisement Advertisement

By VARINDIA    2017-05-19

Network Access Control in Mobility Era

Santanu Ghose
Director - Aruba Hewlett Packard Enterprise

In order to ensure security at the edge, role based access, and end point visibility is becoming critical

In the age of mobility, multiple mobile devices of the workforce, and end point devices like printers and scanners including IoT devices are now the points from where breaches or intrusions occur.

The other aspect is the network today is not compartmentalized as wireless/ datacenter/campus/remote network. It is increasingly one integrated network where a user can have access from any of these areas. Hence the task from the NAC solutions is a combined integrated solution for wired, wireless, and IoT devices with Complete visibility of all devices.

We live in an app environment, and all interactions start at the EDGE. In order to ensure security at the edge, role based access, and end point visibility is becoming critical.  HPE Aruba’s mobility Security Platform –ClearPass, is one of the leading Network Access Control Solution in the world.

ClearPass makes the end point visible and helps to profile them based on role based access. With ClearPassUniversal Profiler, IT team can secure the interactions coming from multiple mobile devices of an end user, multiple endpoint devices like printers and scanners and importantly the IoT devices & dumb devices.

To exemplify the necessity for this,   there was situation where the security of a financial institution was recently compromised, when hackers managed to gain access from a network printer. In such situations Aruba ClearPass helps to mitigate intrusions of this nature.  
The #GenMobileworkforce comes to work with their own devices. Also corporates are increasingly allowing the employees to access corporate applications from their mobile devices.  Profiling and establishing the class of services associated with the employee becomes very critical in this model. Aruba ClearPass allows the creation of policies to address this need. With Aruba ClearPass, when a user or endpoints is brought onboard the network, and access is granted, the user and endpoints are continuously monitored for their security status. Based on their latest security status, they can continue to be connected or be disconnected - this instantaneous function, is a key requirement from the current era NAC solutions.    HPE ArubaClearPASS ensures this functionality through its Adaptive Trust Concept.

Aruba ClearPass is designed grounds up for this and capable of delivering NAC services across the Integrated network. it is also universal in nature as it is  uniquely capable of integrating multi-vendor network elements & components
NAC platforms are increasingly integrated with Firewall Advanced Threat Detection, vulnerability management, SIEM, MDM, and other platforms, thus improving the quality of security by allowing these solutions/softwares’ to trigger defense actions.  The NAC today is orchestrating the entire network access mechanism, and becoming the central console of IT and SOC. The bi-directional communication with other security platforms ensures that these tools in Firewalls/VM etc. hugely improve access control. 

Increasingly, application patches, OS upgrades and policy updates are being pushed centrally from the NAC, and NAC deployments are getting larger in size to accommodate the multiple devices that employees are bringing to work or the incorporation of IoT into the network. 
Aruba ClearPass solution is delivered through two options. One is through its appliance approach, and the other, is its virtual server method, So that it can scale with expanding Networks of the enterprises.  It is a multi-vendor in nature and supports wired, wireless and IoT devices helping them to be profiled and help in  implementing corporate network access policy by enabling seamless interworking with other parallel solutions like firewall software’s’, MDMs etc
An important part of the networking security is being contextually aware, and endpoint device visibility is a key element that the NAC has to execute. For instance, an alert which comes from an endpoint, the security will need to know how the endpoint is attached to the network, what certificates are there on the end point, what applications are supported on the endpoint and also gather its “posture” assessment report. Integration with other security technologies and platform makes the NAC a key ally to seamless integration for network security operations. 

Aruba ClearPass is a true follower of this fundamental through its concept of “ClearPassExchange” initiative wherein it integrates seamlessly with MDM and firewall solutions.

The concept of BYOD or BYOT have triggered the intensity for the customers to seriously evaluate comprehensive NAC solutions, and Aruba ClearPass stands out to be the most defining one.