Download presentation
Presentation is loading. Please wait.
Published byGiovanna Tann Modified over 9 years ago
1
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Adaptive Trust Security Policies for Today’s Enterprise Mobility Pete Ryan – ClearPass solutions, East
2
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved The New Normal - GenMobile BRANCH HOME ENTERPRISE PUBLIC VENUES
3
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Emerging Mobility Concerns 1.Who and what can connect to enterprise resources 2.Loss of data, excessive phone charges, lost productivity 3.Employees on open Wi-Fi networks 2. Device Loss / Theft3. Unsecured Networks1. BYOD
4
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved The Changing Security Perimeter Traditional security focused on a fixed perimeter GenMobile dilutes the notion of a fixed perimeter
5
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Perimeter Defense IDS/IPS Firewalls Adaptive Trust Security Firewalls IDS/IPS/AV EMM/MDM Physical Web gateways A/V Time for a New Mobile Defense Model Policy needed for central point of control Access Policy Management Enforcement Points
6
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Use of Context Awareness ClearPass FIREWALLS IDS/IPS ENFORCEMENT POINTS EMM/MDM The Building Blocks of Adaptive Trust Granular control with user and device data Identity, IP address Network controls using device attributes Highly credible user and device data Visibility into location and time
7
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Example - Context for Accurate Firewall Policies Frederik Mac OS 10.9.3 Marketing 10.0.1.12 User and Device FW policy adapts to need User and device context accuracy Works with AD, LDAP, ClearPass dB, SQL dB No agents/clients required ClearPass Context Shared Employee Access
8
Adaptive Trust – The Starting Point
9
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Growing User Demands on IT Policies for connecting personal devices Onboarding Works regardless of role, device, location Always-On Access Access does not require going through IT Guest Credentials
10
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved The ClearPass Solution for Secure Mobility Guest ClearPass OnboardOnGuard Baseline Hardware or VM Appliances (500, 5,000 or 25,000) Remote Location Expandable Applications
11
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Why Policy vs. AAA Policy with built-in AAA: RADIUS and TACACS Per user access to network and resources Use of context: Users, device profiles, location Note: Optimized for multivendor Wi-Fi, wired and VPN ClearPass Policy Manager
12
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Adaptive Policy Driven by Device Ownership Enterprise Tablet Enterprise Tablet BYOD Tablet Authentication EAP-TLS SSID CORP-SECURE Authentication EAP-TLS SSID CORP-SECURE Internet Only
13
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Adaptive Policy Driven by Device Ownership Enterprise Tablet Enterprise Tablet BYOD Tablet Authentication EAP-TLS SSID CORP-SECURE Authentication EAP-TLS SSID CORP-SECURE Internet Only 1.Uses same identity store and EAP type 2.Leverages profiling, onboarding data 3.No need for separate SSIDs 4.Works at the office and over VPN
14
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Differentiation of Access and Device Limits Authentication using Unique Device Certificates User’s device detected & redirected to portal 1 Settings and cert configured after credentials entered 2 Automatically places user on proper network segment 3 Doctor EasyNo Passwords Secure
15
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Differentiation of Access and Device Limits Authentication using Unique Device Certificates User’s device detected & redirected to portal 1 Settings and cert configured after credentials entered 2 Automatically places user on proper network segment 3 Doctor EasyNo Passwords Secure 1.Uses same identity store for nurse & doctors 2.IT creates policy for who can onboard 3.Role determine # of devices per user 4.All context collected can be used in policy
16
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Secure Guest Access Portals deter users from just hopping on Complete customization: Sponsors, portals, usable data & enforcement Ensures guests receive their own credentials Note : PEAP-Public for secure guest access ClearPass Guest
17
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Secure Guest Access Deter users from just hopping on Complete customization: Usable policy data & enforcement Ensures guests receive their own credentials Note : Sponsor access for convenience and control ClearPass Guest 1.Uses internal identity store – no AD needed 2.Policy determines guest type, access, time, BW 3.Self-serve and sponsor capabilities 4.Onboard context keeps employees off guest network
18
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Guest Access Services Fully customizable –Sponsor privileges with access verification –Self-service –Per session controls –Automated SMS/email credential delivery –Little IT involvement –Mac caching No more wide-open SSIDs and shared keys!
19
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Leader in Network Access Control Strong growth and ability to win large opportunities Streamlined onboarding of personal devices Highly customizable guest access Unique support of Bonjour capable devices Detailed diagnostic and visibility features Gartner NAC Magic Quadrant 2013 & 2014
20
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Industry-wide Deployments
21
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved New Guidance, Overviews and More Definitive Guide to Secure Mobility 2pg Executive Briefs (x3) Partner Solution Briefs (PAN, MobileIron, etc.) AAA Migration to Policy ( PPT ) Secure Mobility Landing Page Adaptive Trust Whitepaper (coming) ClearPass Exchange Recipes Web Site
22
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved POLICY Profiler EMM / MDMNACTACACSRADIUSGuest Device Registration ClearPass Automated security workflows Context-based policy enforcement Integration with Third Party Solutions WIRELESS and WIRED SECURITY MDM/EMMExchangeAuto Sign On Single Sign On Onboarding AirGroup SIEM Support Key Points ANY MULTIVENDOR NETWORK
23
THANK YOU
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.