AI和自动化解决网络安全问题

In today’s hyperconnected world of BYOD and IoT, it’s not enough for a K-12 school district to rely on a hand full of laptops on carts and Internet access. The network and cloud services are increasingly used by teachers for lessons, homework assignments and communicating with parents and administrators. And it often makes sense to let students use the endpoints that they’re familiar with as nearly 90 percent of what they’re asked to do is now online. A shorter learning curve equates to happier users.

IT团队的目标是确保网络体验快速安全。幸运的是，当需要刷新时，总会有更新的高性能选择。更大的挑战是将网络在边缘和网络内部确保，因为新的BYOD和IoT设备（例如监视摄像机，HVAC控制器和温度监视器）连接到网络。

For K-12 schools like Pearland Independent School District in Texas, all of this must be managed, monitored and secured by a lean IT staff. The same team is also responsible for addressing the District’s mission to deliver an amazing network experience across 23 campuses and 4 administrative and support buildings for its 22,000 students, and 2,700 teachers and staff.

“自动化是关键，” Pearland ISD首席技术官Greg Bartay说。“例如，我们的插件网络使我们能够将Aruba接入点或IoT设备连接到开关中，而无需重新配置它们。现在的目标是，一旦连接到我们的有线和无线网络上，就可以自动收集有关端点行为的更好数据。”

散装高达802.11ax

To date, 2,200 Aruba APs have supported the bulk of the district’s coverage requirements, however the IT team is planning to refresh each of their campuses and buildings with Aruba’s new 802.11ax (Wi-Fi 6) APs to ensure that they’re ready for future network demands.

As Wi-Fi 6 enabled devices start connecting to the network it will be easy to leverage multi-user capabilities that automatically improve the performance for everyone and everything, even IoT devices. The greater speed, throughput and multi-gigabit capacity that the 802.11ax APs deliver will be key, according to Bartay.

“Complete coverage and connectivity at all of our locations is key,” said Bartay. “We have access points in all of our classrooms and covering all of our common areas and we are expanding that coverage to the outside corners of the buildings to support the security measures we have in place with the city and local police.”

When considering the refresh, Bartay looked at a couple of other vendors, but given the Pearland’s long-term relationship and success with Aruba solutions, he chose to stay with what was working well for the district. To make the most of the district’s funding, they tapped into E-Rate funding to move forward with their plans.

安全自动化和编排

Pearland IT团队正在寻找一种利用自动化来帮助确保网络的方法。在访问了Aruba的客户体验中心之后，Bartay和Team决定使用Aruba的Introspect解决方案启动POC。Introspect不用让他们的精益IT团队在小时的开采日志上花费小时，而是让他们可以将Splunk和其他现有解决方案的数据馈入内省，以自动在端点行为中自动找到更改。

The user and entity behavior analytics (UEBA) and Network Traffic Analysis (NTA) capabilities provided by IntroSpect would allow for greater visibility using AI-driven machine learning and other advanced analytics to deliver near-real time insights. Bartay and his team could detect and locate attacks and remediate issues much more quickly. “Big data is worthless without actionable reporting,” Bartay says.

IntroSpect catches an attack before it does damage

甚至在购买内省之前，该团队也能够检测网络上的情绪恶意软件实例。由于未知原因，教师被锁定在他们的帐户之外，无法确定问题的原因或何处。Introspect能够收集数据并指出特定端点的行为变化，这些端点快速识别出首先要查找的位置。

在90分钟之内，梨园能够隔离恶意软件的子网，找到允许其进入并将系统运送到IT团队的机器，这一过程花费了其他学区六个星期才能完成。结果是保护敏感的数据，在操作不间断时阻止攻击者横向移动到其他端点（计算机和物联网设备）。

“作为一家教育机构，我们不能像许多私营部门的业务那样限制，”巴特说。“我们必须提供与用户的访问权限，以了解他们可能不会像我们希望的那样精通安全。面临的挑战是在不干扰教育过程的情况下保持安全的一步。”

Leveraging ClearPass Policy Enforcement

Pearland还实施了Aruba Clearpass，以取代Avaya/Extreme的老化系统。由于内省和ClearPass旨在共同起作用，因此计划是在发现事件时使用产品积极应对攻击。
“We all want to take it one step further,” mentioned Arturo Gonzalez, network manager at Pearland ISD. “We want IntroSpect to leverage ClearPass to take action on actual alerts instead of informing us of suspect behavior.”

将来，内省的警报可能会触发Clearpass自动更改有问题端点的身份验证状态，而不是物理前往端点处于情感示例中的位置。然后，可以花在最终用户度过的任何时间来确定恶意软件的遇到的地方以及将来如何避免使用恶意软件。

Delivering user expectations and ROI

很容易看出，IT团队的Pearland IT团队正在经历与您在任何环境中相同的挑战。网络设备的密度正在增长，更多的应用程序基于云，并且安全性是用户期望的无缝移动性和BYOD连接性的最大问题。

Bartay说：“作为一名网络专家，您必须了解您的业务，并意识到总体目标和战略目标。”“最终，您选择的解决方案必须提供创新，性能和可靠性提供团队可以衡量的ROI的可靠性。”