Editor’s note: This article was originally posted in 2017 and has been updated to reflect new information. With the proliferation of smartphones, tablets, and other mobile devices, companies and IT departments are faced with the challenge of managing the vast assortment of devices on their network. This predicament is magnified by the growing prevalence of remote work and BYOD (bring your own device). Employees benefit from the convenience, but there are some downsides, too. For starters, the sheer number of requests to grant personal device access can overburden any IT team. It can become difficult to track which devices and users are connected to the network. Network compliance and troubleshooting issues also become more complicated. And, the increased traffic can lead to bottlenecks on your network. The number of devices connecting to your network is one issue, but someone also needs to decide which devices and which users get which levels of network access. After all, you need to ensure that your network is secure. Employees connect their personal devices to Wi-Fi networks everywhere they go, and download apps and data for both work and personal reasons. Personal apps don’t have the security protections needed to safeguard business networks. So when employees come back from the outside world and reconnect to your business network, they could jeopardize your security. So, how do you reduce the IT staff’s burden of onboarding new devices without sacrificing security or policy enforcement? Aruba ClearPass is one solution. As a network engineer, I understand the importance of keeping your IT infrastructure protected and the need to balance that with convenience for your employees. In this article, I’ll explain what Aruba ClearPass is and how it works. Aruba ClearPass is a policy management platform that many businesses use to onboard new devices, grant varying access levels, and keep networks secure.What is Aruba ClearPass?
ClearPass allows business and personal devices to connect to your network in compliance with your security policies. It allows you to grant full or limited access to devices based on user roles, device type, and cybersecurity posture.
How Does ClearPass Work?
This solution works in four ways:
1. Identification
With the increasing demand for network access, the burden on your IT department has increased exponentially. Laptops, smartphones, IoT (Internet of Things) devices, printers, and even surveillance cameras are connecting to company wireless networks.
ClearPass helps identify which devices are being used, how many are connected to the network, where they’re connecting from, and which operating systems are supported.
It gives continuous visibility into changes on your network, including which devices are connecting and disconnecting.
Need device-specific information? ClearPass can easily identify a device’s:
- Type and model name
- Media access control address
- Internet protocol address
- Network interface card vendor
- Operating system and version number
- Virtual local area network
2. Enforcement
Enforcing network policies is a challenge for many IT departments. When an employee wants to add a new personal device to the network, they often have to go through extensive IT protocols. Someone from IT may even need to walk them through the process.
ClearPass has a built-in certificate authority that allows your IT team to establish your foundation of security and write rules that define who can onboard a device as well as the types and number of devices users can onboard.
This allows your IT team to enforce policies during new device onboarding without any involvement, allowing new devices to be supported more quickly without tying up IT resources.
There are multiple ways to enforce access. You can use a portal, or you can use encryption in the authentication process. (Encryption is the more secure and preferred method.)
After devices are granted access, ClearPass uses active and passive profiling methods to monitor your network and keep it safe.
3. Protection
The health of individual devices connected to your network is an essential component of network security.
With ClearPass OnGuard, your IT team can define the “level of health” a device must have to gain network access.
This solution automatically conducts critical endpoint health checks and posture assessments to ensure that all devices are compliant with your requirements (and industry best practices).
It works for both wired and wireless networks.
4. Integration
The right network security solution must be comprehensive, which often requires you to create a seamless solution with several different platforms.
ClearPass offers a variety of third-party integrations that empower you to implement dynamic policy controls and threat remediation.
These third-party technology systems could include:
- firewalls
- enterprise mobility management
- mobile device management
- security information and event management (SIEM)
Aruba ClearPass Exchange integrates with more than 25 IT partners – the vast majority of your current technology and security stacks - to ensure that every element of your system is working without issue.
This solution provides real-time insight into the activity on your network, equipping you to identify and address any threats that may present themselves.
After all, you have to be prepared to take action if you discover unusual network behavior. That requires establishing a unified approach that can block traffic and disconnect devices when necessary – even in the middle of the night.
Whichever platforms you use (or are considering), they will work with ClearPass’ REST-based APIs, Syslog messaging, and extensions repository. Your collective solution will deliver end-to-end policy enforcement and the visibility you need to keep your network secure.
Building A Formidable Network Security Solution
Your business faces unique challenges, and protecting your network requires a unique solution.
With a variety of devices connecting to your network, you need to make sure that users can gain access without compromising your security.
After reading this article, you have a comprehensive overview of the Aruba ClearPass solution: what it is and how it works. Keep in mind that Aruba ClearPass is only one solution and there are others out there that might be a better fit for your business.
It’s important to understand your options and figure out what is the best solution for you.
At Kelser, we work with customers to evaluate which IT solutions are right for their business. While we provide a full complement of managed IT support services, we know that managed IT isn’t the right solution for every organization.
We publish articles like these to provide the information you need to make the right choice for your unique situation.
Looking to up your security game? Read this article: 6 Easy Ways To Add Physical Security to Your Cybersecurity Strategy.
Want to know how to integrate security into your organization’s culture? Read this for ideas:What Is An Information Security Culture? How Can You Foster One?
Or, if you are wondering about managed IT support, we encourage you to check out several providers to see which one is the best fit for your organization. This article provides an overview of managed IT and the services that are usually included: .
