Let me start off by telling you a true short story. Once upon a time there was a beautiful fish tank with a sensor pack that monitored the tank’s environmental conditions. That beautiful fish tank was in a very prominent location of a fine casino establishment located in North America. The sensor pack was wireless…and the rest is history.
Why is IoT a Big Security Risk?
Internet of Things (IoT) devices have created security concerns since their inception. Since the beginning of IoT, these devices have neglected to support higher levels of authentication and encryption, such as WPA2-Enterprise, which create opportunities for malicious actors to infiltrate our networks. However, that is only one issue with these devices.
A bigger issue is that due to the wireless chipsets incorporated into the devices, trying to fingerprint these devices is extremely challenging. As it has been stated many times, knowing what is on your network is critically important to designing a security architecture that can prevent attacks and data leakage.
Along the lines of device identification, Aruba is continuing the push towards providing administrators’ piece of mind in that they can be assured they know just what devices are using their network.
Continuous Insight into All Devices
The Aruba device identification effort is centered around cloud-based resources with the announcement of ClearPass Device Insight at the annual Atmosphereconference. This new software is delivered as-a-service (SaaS) and utilizes onsite collectors, either virtual or physical appliances, to gather metadata from your network devices and pass it up to the cloud where analysis is performed. Utilizing crowdsourced data from other ClearPass Device Insight customers, along with custom device fingerprinting, the accuracy of device identification increases dramatically over traditional fingerprinting/identification methods used today.
ClearPass Device Insight utilizes artificial intelligence and machine learning throughout the lifecycle of the device’s connection to the network and constantly evaluates the device for anomalous behavioral patterns and triggers alerts or role changes to devices that are deemed to be a risk via ClearPass Policy Manager. The continuous evaluation of devices on the network is a departure from the existing ClearPass profiler that acts one time, upon the initial connection of the device to the network.
Leveraging AI for Faster Value
Many of you may be asking the question, “How is this different from Aruba IntroSpect User Entity Behavioral Analytics and Network Traffic Analysis?” The short answer is that ClearPass Device Insight is built around evaluating the device itself, whereas IntroSpect is more about building a profile of the user AND the devices used.
The ability of the ClearPass Device Insight software to recognize patterns is based on data science techniques that utilize complex algorithms during the evaluation process that, according to Aruba, result in over 90 percent accuracy. Ninety percent accuracy is pretty spectacular in my opinion, considering the myriad of devices that exist today.
The best part of ClearPass Device Insight is that it doesn’t take days or weeks to provide a lot of value to the organization. The product team at Aruba says that in a matter of hours (assuming the devices are actively transmitting on the network), ClearPass Device Insight can identify and build a profile of the network, allowing administrators greater visibility than ever before into what is actually on the network.
Don’t Be a Fish Story
The moral of this story is that the scalability and resources present within the cloud are vital to increasing the security of our networks. Without those resources, many organizations simply can’t afford the hardware and expertise needed to build out these complex identification systems on-premises. With the help of crowdsourced information, we have the ability to more quickly identify and plug those security holes in our networks, before we become a news story. A news story with very negative optics just as the casino had when the story of the breached fish tank made the news.
Don’t be the news story!
Author: Scott Lester, HPE Blog Contributor