6 Products Inside Aruba's New 360 Secure Fabric That Partners Should Know About

Aruba 360 Secure Fabric

Aruba is betting big on its new 360 Secure Fabric, which partners are touting as one of the networking vendor's largest cybersecurity launches in years. The analytics-driven attack detection and response fabric is a holistic offering aimed at helping organizations reduce risk in the ever-changing threat landscape.

"This is not just a product initiative, it's a strategic initiative for Aruba to really have a much more dominant presence in security and take advantage of the unique position we have at the intersection of connectivity, intelligent insight and control," said Larry Lunetta, vice president of Security Solutions marketing at Aruba, a Hewlett Packard Enterprise company.

Here are six things inside the Aruba 360 Secure Fabric that partners need to know about.

IntroSpect

Driving the analytics engine is Aruba's new network-agnostic IntroSpect UEBA (User and Entity Behavioral Analytics) offering. The IntroSpect technology was gained from HPE's acquisition of security analytics software provider Niara earlier this year. The software continuously monitors for attacks and includes a new entry-level model that uses machine learning to spot changes in device behavior that indicate attacks have evaded traditional security defenses. Machine-learning algorithms generate a Risk Score based on the severity of an attack to prioritize incident investigations for security teams.

ClearPass Integration

The vendor's flagship network access control and policy management security offering for automated attack response, ClearPass, has been integrated with IntroSpect inside the fabric. ClearPass, with over 7,000 customers already, can also be deployed on any vendor's network.

"It does a wonderful job of discovery, profiling and admission, and that's where IntroSpect now picks up and does continuous monitoring and altering based on ongoing activity," said Lunetta. "We're expanding the mission of ClearPass for access control to being a partner in attack response given this gatekeeper position in the network. … It opens up an exciting set of use cases for [Internet of Things] for the fabric that partners can chase."

Networking Shot In The Arm

As part of the 360 Secure Fabric, Aruba is injecting ClearPass and IntroSpect into the foundation of all of the vendor's Wi-Fi access points, wireless controllers and switches, including the new Aruba 8400 Core Switch Series.

By building security into all components of Aruba's networking infrastructure, Aruba said it provides the necessary protection required of any network including secure boot, hardware-based tamper protection, centralized encryption, embedded firewalls and intrusion prevention.

IntroSpect Standard

The company unveiled the Aruba IntroSpect Standard edition, a simple entryway for customers to start deploying UEBA machine-learning protection. It is specially designed for basic monitoring and kill chain forensics to detect anomalous and subtle behaviors that can indicate attack expansion and beaconing, as well as data exfiltration.

"This is a way for us to not just talk to Aruba customers, but really any business who wants to get started with the technology to have a very quick way to do that," said Lunetta.

IntroSpect Standard can be implemented with as few as three data sources, accelerating an organization's time-to-protect, said Lunetta. It ingests common data sources including Microsoft Active Directory and firewall logs from sources such as Check Point, Palo Alto Networks or Aruba monitoring logs from controllers or IntroSpect packet processors. Customers who deploy IntroSpect Standard can easily upgrade to IntroSpect Advanced as their requirements expand.

IntroSpect Advanced

Aruba's flagship IntroSpect Advanced edition delivers a wider set of security capabilities to provide attack detection from a broader array of data sources, as well as incident investigation, threat hunting, search and deep forensics.

New features include dynamic machine learning, which enables security to easily customize IntroSpect's analytical models based on the current threat environment and protection priorities. The Advanced edition also includes what Aruba calls"'device peer grouping," which utilizes the ClearPass profiling functionality to build peer groups of devices even when known only by their IP address. For example, ClearPass can signal to IntroSpect that a device is a surveillance camera or a factory sensor so that its behavior can be compared to its peers.

Aruba 360 Security Exchange

Aruba's 360 Security Exchange combines the partners and technical resources from the new IntroSpect Technology Partner Program and the Aruba ClearPass Exchange partner program. There are more than 100 security and infrastructure offerings channel partners can leverage for verified interoperability and quick deployment with vendors such as Palo Alto Networks, Citrix, Fortinet, IBM, McAfee and SAP, to name a few.

"Secure Exchange is the most powerful piece for us and for our customers," said Justin Tibbs, CSO at Red Sky, a Draper, Utah-based solution provider and Aruba partner. "When a vendor says, 'We're actually going to create a platform that lets others integrate into our technology so we can use a bi-directional feed from their technology into ours and vice versa' -- that's pretty powerful and compelling for partners."