Heading into Aruba Atmosphere this year I was most excited to see Aruba’s new Niara solution in action and learn more about this product as it solves a very real need in every network. Inherently any network policy grants some sort of access to the network and users are free to work within the confines of that policy. Even using 802.1X-based authentication and dynamically provisioned VLANs, access roles, downloadable ACLs, etc. isn’t necessarily enough. Niara solves for these issues in an appealing way and lessens the workloads for SecOps teams.
Case #1: Stolen Credentials
A known valid user can operate within their policy, but what happens if they are compromised either through social engineering, weak passwords, poor password management, etc.? Niara builds a profile of what is typical behavior of a specific user, if their patterns change this will be identified by the system. Perhaps the user starts attempting to access new areas or is visiting new websites—by a change in behavior, it is possible to identify a need for a change in policy, alert the SecOps team, or eventually automate remediation or lockdown of the user. Comparing to a baseline as well as other similar users gives Niara a frame of reference for the user under evaluation.
Case #2: Malware and Viruses
Both malware and viruses are capable of changing the behavior of network attached clients, while numerous tools already exist to help combat these Niara could serve as a welcome tool to identify and isolate infected clients or in a perfect world learn about how a Day Zero Attack might attempt to compromise the network and automatically harden the network in anticipation of this attack. The combination of these capabilities along with Aruba’s open APIs using Aruba’s Exchange offers some very interesting possibilities by enabling the collection of data from ecosystem partners with a greater speciality in the malware and virus arena. Imagine a world in which your firewall vendor has detected a new type of malware, shares that data with Aruba ClearPass and Niara via APIs, syslog, SIEM, or other similar routes and then the network automatically reacts to prevent the spread of that malware at the same time you are being notified.
Case #3: Software Bugs/Anomalous Behavior
If an application is updated and begins to operate differently on the network, Niara can identify this and enable teams to understand the new behavior. New behaviors deemed as risky can be mitigated against and feedback can be provided to the company’s development team. A specific example of this was provided at the conference in a popular file share company who’s update generated unwanted traffic on the network. Niara’s machine learning was able to identify and allow this undesirable behavior to be stopped.
Aruba, a Hewlett Packard Enterprise Company opens the door to a world of possibilities with the addition of machine learning and extends those capabilities elegantly through their open architecture in Aruba Exchange. I would anticipate that this field of machine learning is going to explode in the networking world as IT teams are facing increasingly difficult security challenges and are being asked to do more with less people and less resources. Automation of detection and defense should be able to solve 75-80% of the issues out there, enabling IT to focus on the most challenging and highest value problems out there.
