ClearPass Device Insight allows IoT devices to be visible with precision rather than identified generically as a Linux or Windows device, so that policies can be properly implemented on them.
Aruba, a Hewlett Packard Enterprise company, has announced a pair of enhancements to their Internet of Things [IoT] portfolio. The big one is Aruba ClearPass Device Insight, which provides a single pane of glass for device visibility of all devices, wired and wireless, which uses automated device discovery, and machine learning-based fingerprinting and identification. They have also followed up last November’s introduction of the Aruba 510 Series, their first 802.11ax access points, with the Aruba 530 and 550 Series APs.
“Aruba ClearPass Device Insight is a single pane of glass device identification solution that shows all devices, wired and wireless, and is ideally suited for IoT as well,” said Paul Kaspian Head of Product Marketing, Security, Aruba Security Solutions.
Customers have used different tools like NMAP, SNMP and WMI for this in the past, but Kaspian said that because they typically indicate static attributes of devices, they are not very effective in IoT devices.
“With the tools they have used, they either don’t see them at all, or they appear simply as Linux or Windows connections, but they didn’t know what they were,” he said. “This gives them a single pane of glass to show it in a granular way rather than a generic one. It uses a clever technology from Aruba’s Data Science Laboratory, that uses Deep Packet Inspection, machine learning and crowdsourcing to look at all sorts of behavioral attributes. It then automates the discovery and fingerprinting of all the devices. A security camera will be identified as a security camera, for example, rather than as a generic ‘Windows device.’” Once the devices are fully identified, IT teams can automate authentication and policy enforcement down to the device and user level, and can automatically quarantine or remove from the network a device that displays abnormal behavior.
“We see a huge opportunity for this in health care, and several of our beta customers are there,” Kaspian said. “There you have benign things like clocks but also many kinds of measurement machines. “One hospital found they had 249 Primex clocks connected to the network, and had not known that facilities teams had connected these clocks. Another found a digital sign in a stack area. The sign was connecting to over 100 different countries, was completely compromised and they didn’t even know it was connected to the network. That’s important for security – the additional visibility – and ties it back from an enforcement standpoint. We have 8000 customers today using ClearPass Policy Manager. By integrating this new visibility, they can also remove devices from the network.”
Retail will be another strong use case, with a different set of devices, for bar code tags and POS.
“Partners see this as a good sales opportunity, because it provides a lot of value very quickly,” Kaspian said. There will be ‘Aha’ moments when customers see boxes not being connected. They also see the advantages of this from a services standpoint, around defining and executing best practices. They can provide services around that. And it opens the door for other conversations.”
Aruba has also expanded its portfolio of next-generation 802.11ax [Wi-Fi 6] IoT-ready access points with the new 530 and 550 Series APs, following the first series, the 510, announced in November. The 510 series was the first to add new capabilities from the 802.11ax standard, such as the ability to put APs into sleep mode to save power in low use times. The 510 series also integrated Bluetooth 5 [BLE 5] into its access points, combined with an integrated Zigbee radio, in order to open up new Internet of Things use cases. The new models have the same capabilities, but have higher throughput, to support higher device densities.
“The higher performance of these new models make them ideal for large public venues and stadiums,” Kaspian said.
ClearPass Device Insight will begin initial customer shipments in April 2019 with a one-year subscription cost starting at $USD 1,260 for 100 devices. The Aruba 530 and 550 Series AP will be available in April 2019. The base list price is $USD 1,495 for the 530 Series and $USD 1,895 for the 550 Series.