Let’s play a word association game. If I say, “Your enterprise network,” what would you say?
Sprawling? Difficult? Insecure? Powerful? Constantly Changing? Challenging? All of the above?
If we had to reduce that list to just one word, would it be “complex”?
如果没有,恭喜。但是,对于我们其他人来说,尽管我们的最佳意图,但随着我们从有线转移到无线,分布式,远程,云,云,AS-Service以及接下来的任何地方,网络变得更加复杂。但是,无论您的网络包含多大的复杂性,都有一个基本要求不会改变。您如何确保只有您知道和信任的设备才能访问它?安全?
网络访问控制是任何网络的关键要求,但它可能是当前以Edge,Sase,Sase,Zero Trust,SD-WAN和Hybrid Workplace为主导的世界中最被低估的技术。Clearpass在这个领域一直是该领域的出色表现已有10多年的历史,并继续悄悄地继续工作 - 与任何供应商的基础架构合作,并以最小的张贴来适应网络技术的变化。(有关此信息的更多信息,请查看此信息ClearPasstimeline infographic from Data#3.)
So, how much do people know about the breadth of the Clearpass solution today? Especially now as IoT really takes off. I can promise there is a lot we need to tell you.
让我们从移动性和智能设备的兴起开始,这意味着每个人的网络上有5个连接的设备。[1]这并不意味着每个人都有5个设备,但是作为一个比例,它通常是正确的。将笔记本电脑,手机,智能手表,智能扬声器,平板电脑等视为起点。
现在有了物联网,预计该比率将增加到每人10个连接的设备。安全摄像头,传感器,智能设备,智能照明等以及这些设备中的每一个都是潜在的安全风险。只需询问通过连接的鱼缸入侵的美国赌场![2]
情况变得更糟,因为几乎任何人都可以使用SSID和密码连接到网络,而IT团队也不知道。除非他们有ClearPass。
这是因为ClearPass是建立在的想法Zero Trust before that term even entered our lexicon. Its entire DNA is based on the premise that nothing is allowed to connect unless it can be identified, classified, authenticated, and secured. Not those new security cameras your facilities team wants to add. Not that Smart TV in the conference room. And not that new smartphone one of your staff just purchased.
“But we don’t want to make it so hard for our staff and visitors! We need to be able to quickly connect new people and devices,” I hear you cry. Well, that’s also part of ClearPass’ capabilities, but let’s go back a step.
Clearpass实际上是一个包括设备洞察力(检测到与网络连接的任何内容),策略管理器(全面的策略控制和实时执行),访客(快速且可靠地管理访客网络访问)(自动配置和配置和安全管理和实时执行)的产品家族(策略管理器(全面策略控制和实时执法))配置移动设备)和OnGuard(高级端点姿势评估)。
您可以根据您的需求来部署一种或多种ClearPass产品,因为它们都可以独立工作,但是它们可以共享增加巨大价值的信息。让我给你一个简单的例子。
You use ClearPass OnBoardto streamline and simplify the onboarding of new devices via a self-service portal. One of your staff has a new business issued laptop - that has been pre-configured with the right security controls - and their own personal mobile phone. And we’ve just onboarded both of them with all the information collected about those devices passed to ClearPass Policy Manager.
设备都使用相同的SSID连接到网络,并且ClearPassDevice Insightdetects and profiles them, passing the context of the device and the user to ClearPass Policy Manager.ClearPassPolicy Manager然后,能够根据此上下文进行身份验证和授权设备,应用控制每个设备访问的适当策略。例如,允许企业笔记本电脑同时访问Internet和Intranet,但仅将(相对)无抵押的智能手机限制为Internet访问。
因此,让我们进一步深入研究Clearpass Device Insight。
Cloud-hosted, ClearPass Device Insight is like having an all-seeing eye, monitoring and controlling all device connections on all networks.
It continuously scans the networks to detect and collect information about devices such as attribution, destination IPs, and applications used. It then groups unknown and known devices into device clusters. Using user-defined device classification rules, it can also classify or reclassify devices that are discovered on the network that match the rule criteria. If a device or network activity changes, it catches that too. It also makes use of crowdsourcing technology to share new device information captured on networks across multiple ClearPass Device Insight customers' sites. In short, all devices are authenticated or authorised – completely eliminating unknown devices from the network without the need for manual intervention.
然后,IT团队可以使用设备Insight用户界面来获得网络上的设备的颗粒状可见性,并制作更明智的网络访问控制决策 - 无论是手动还是通过ClearPass Policy Manager。
但是Clearpass的技巧并不止于此。
- ClearPassExchange is an open ecosystem of 3rd party integrations comprising out-of-the-box integrations with leading firewall, MDM, SIEM, and Endpoint security vendors, sharing context as described above for more granular policy application.
- 当涉及身份时,ClearPass可以与现有的身份验证和身份服务(例如Active Directory或现代云身份存储)集成,例如Azure AD和Google Workspace。这允许对跨公司网络边界身份的创新控制,甚至可以在受信任组织之间共享身份的地步,而无需不断重新认证。
- 它可以在本地,云中部署(作为AWS或Azure上的应用程序),也可以作为Aruba网络管理平台Aruba Central的一部分。
- 正如我们之前提到的,ClearPass是网络供应商Agnostic-您无需拥有Aruba基础架构即可使用ClearPass。
It has a whole host of other features and capabilities that allow organisations to build granular access security capabilities that can scale without adding unmanageable hurdles for staff and IT teams. It really is that ubiquitous piece of network functionality that every IT team should seriously explore.
As for what’s next? Well, it will keep integrating, adapting, and securing network access no matter what the next round of technology change brings. It’s one part of your network you never have to worry about.
