Aruba is entering a new era with the launch of a security fabric filled with analytics, networking and Internet of Things technologies as it looks to turn up the heat on Cisco Systems.
The Aruba 360 Secure Fabric provides an analytics-driven attack detection and response offering to reduce threats with an open approach unmatched in the market today, said Larry Lunetta, vice president of security solutions marketing at Aruba, a Hewlett Packard Enterprise company.
The centerpiece of the fabric is Aruba's new network-agnostic IntroSpect UEBA (User and Entity Behavioral Analytics) offering, which integrates with Aruba ClearPass to enable policy-based attack response. ClearPass is the vendor's flagship network access control and secure policy management product.
"If you get under the covers with some of the Cisco security solutions, if you don’t have their technology it doesn't work. That's not the case with ClearPass and IntroSpect and how they operate. This is a very open fabric. Openness is big for Aruba," said Lunetta in an interview with CRN. "We are doubling down on security. This is a strategic initiative at the highest level."
Lunetta said a vital part of the 360 Secure Fabric is that customers can start anywhere. "We can start with Aruba infrastructure or if a customer doesn't have Aruba infrastructure, ClearPass and IntroSpect work just fine," he said. "The solutions work with other products and other vendors. … Clearly, the pieces together, the fabric together, adds tremendous value, but individually there's also a lot of value as well."
Aruba's IntroSpect UEBA offering was gained from HPE's acquisition of security analytics software provider Niara earlier this year. The software continuously monitors for attacks and includes a new entry-level model that uses machine learning to spot changes in device behavior that indicate attacks have evaded traditional security defenses.
Justin Tibbs, chief security officer at Draper, Utah-based Red Sky, an Aruba partner ranked No. 278 on the 2017 CRN Solution Provider 500 list, said the new fabric leverages Aruba security technology like never before.
"Aruba already had a lot of security built into their products but never really leveraged it. Bringing in something like IntroSpect to continuously monitor and use machine-learning scenarios to spot the anomalies makes perfect sense," said Tibbs. "They're investing quite a lot here around security, and the money is in security right now."
As part of the 360 Secure Fabric, Aruba is injecting ClearPass and IntroSpect into the foundation of all of the vendor's Wi-Fi access points, wireless controllers and switches, including the new Aruba 8400 Core Switch Series.
"We've had these technologies that make devices secure and the traffic secure for a while, but we've now opened them up so the analytics can leverage this infrastructure more productively," said Lunetta.
The Sunnyvale, Calif.-based network vendor also launched the Aruba 360 Security Exchange, which combines the partners and technical resources from the new IntroSpect Technology Partner Program and the Aruba ClearPass Exchange partner program.
There are more than 100 security and infrastructure offerings partners can leverage for verified interoperability and quick deployment with vendors such as Palo Alto Networks, Citrix Systems, Fortinet, IBM, McAfee and SAP, to name a few.
"Secure Exchange is the most powerful piece for us and for our customers," said Red Sky's Tibbs. "When a vendor says, 'We're actually going to create a platform that lets others integrate into our technology so we can use a bi-directional feed from their technology into ours and vice versa' -- that's pretty powerful and compelling for partners."
Tibbs said Red Sky has many customers that use Palo Alto Networks.
"So Palo Alto [Networks], for example, the ability to integrate those solutions into Aruba's 360 Secure Fabric means we don’t have point products that are just sitting out there. We have solutions that are working with each other to provide security posture," said Tibbs.
Aruba ClearPass also is being revamped through IntroSpect integration, with an eye on the IoT market.
"ClearPass can now deliver device information at a much more detailed level, and that includes IoT things. So now we can look at groups of devices, such as Dropcams or heart monitors or anything like that, and understand if any one of those elements is behaving differently than the rest," said Aruba's Lunetta. "So it opens up an exciting set of use cases for IoT for the fabric that partners can chase. … We're now seeing IoT-oriented [proofs of concept] with large customers based on the capabilities with IntroSpect."
Tibbs said ClearPass competes in the network access control market against Cisco's Identity Services Engine (ISE) offering. He said the revamped ClearPass with new analytics and interoperability capabilities will help win deals against Cisco.
"So if a customer is already using a Palo Alto [Networks offering] and they have a [Cisco] ISE infrastructure or are looking at ISE, we can talk a lot deeper and provide a lot more value now with this Secure Fabric than we could in the past," said Tibbs, who is a former Cisco Network Security Engineer. "Cisco's a massive beast; they're always going to be there. The Secure Fabric does give us a little more beef to go in and talk a better solution, a better integration story."
According to Tibbs, Aruba is now saying, "We have our fabric, but we know we can't do this by ourselves. So we're going to integrate it into these partners that our customers are also using. That's a powerful statement, in my opinion."
To get partners and customers quickly up and running on IntroSpect, Aruba has introduced IntroSpect Standard -- a simple way for customers to start deploying UEBA machine-learning protection. It is designed for basic monitoring and kill chain forensics to detect anomalous and subtle behaviors that can indicate attack expansion and beaconing, as well as data exfiltration.
IntroSpect Standard can be implemented with as few as three data sources, accelerating an organization's time-to-protect, said Lunetta. It ingests common data sources including Microsoft Active Directory and firewall logs from sources such as Check Point, Palo Alto Networks or Aruba monitoring logs from controllers or IntroSpect packet processors.
Customers who deploy IntroSpect Standard can then easily upgrade to IntroSpect Advanced, which delivers a wider set of security capabilities to provide attack detection from a broader array of data sources, as well as incident investigation, threat-hunting, search and deep forensics.
Bill Buckalew, vice president of partner development for Optiv Security, a Denver-based Aruba partner that is ranked No. 27 on CRN's 2017 Solution Provider 500 list, has seen multiple IntroSpect demos.
"One of the things I like about it is how a device is able to be fingerprinted and its behavior mapped. Additionally, you can map its behavior to a device, like a camera, and make decisions on whatever behavior it should be exhibiting versus the behavior it is exhibiting," said Buckalew. "So if at 3 a.m., a whole bunch of traffic starts coming from a camera in a closet, that's probably bad."
Buckalew said Aruba's 360 Fabric is a holistic platform that could help customers cut the amount of security vendors needed inside their IT environment.
"There's a lot of really bad stuff that can happen in security, and we only have [a certain number of] people. When you have multiple systems, it takes a lot of time to be experts on multiple systems. So boiling that down to systems that do more, and can take data sources and feeds and control other aspects -- it only makes sense," said Buckalew.
The Aruba IntroSpect Standard and Advanced models are available now in North America, with global availability planned for 2018.
"This is not just a product initiative, it's a strategic initiative for Aruba to really have a much more dominant presence in security and take advantage of the unique position we have at the intersection of connectivity, intelligent insight and control," said Lunetta.