This summary is not available. Please
click here to view the post.
Thursday, September 28, 2017
Aruba Modernizes Network Security to Help Businesses Reduce Risk in the Era of Mobile, Cloud and IoT
Aruba,
a Hewlett Packard Enterprise company announced the Aruba 360
Secure Fabric, a security framework that provides 360 degrees of analytics-driven
attack detection and response to help organizations reduce risk in today’s
changing threat landscape. Aruba is also innovating in User and Entity
Behavioral Analytics (UEBA) by expanding the Aruba IntroSpect product family, enabling
businesses to easily and rapidly scale machine-learned behavior detection from
small projects to full enterprise deployments.
Gartner’s
research into insider threats indicates that organizations are not adequately
considering the risk from their trusted users even though there are myriad
examples where organizations have been impacted. On a positive note, Gartner
fielded almost a 100% increase from clients looking to address the insider
threat issue, of which UEBA is one of the primary technologies.[1]
To
help organizations address new and unknown threats, the Aruba 360 Secure Fabric
offers security and IT teams
an integrated way to quickly detect and respond to advanced cyberattacks from
pre-authorization to post-authorization across multi-vendor infrastructures,
supporting enterprises of all sizes.
Components of the Aruba 360 Secure Fabric include the following:
· Aruba IntroSpect UEBA solution: A new network-agnostic family of continuous monitoring and advanced attack detection software. Includes a new entry-level edition and uses machine learning to detect changes in user and device behavior that can indicate attacks that have evaded traditional security defenses. Machine-learning algorithms generate a Risk Score based on the severity of an attack to speed up incident investigations for security teams.
· Aruba ClearPass: A proven network access control (NAC) and policy management security solution which can profile BYOD and IoT users and devices, enabling automated attack response, is now integrated with Aruba IntroSpect. ClearPass can also be deployed on any vendor’s network.
· Aruba Secure Core: Essential security capabilities embedded in the foundation across all of Aruba’s Wi-Fi access points, wireless controllers and switches, including the recently introduced Aruba 8400 campus core and aggregation switch.
New Edition for Aruba IntroSpect UEBA Family
Aruba IntroSpect Standard joins the IntroSpect UEBA family, along with new features added to the company’s flagship offering, Aruba IntroSpect Advanced. The expansion of the IntroSpect UEBA family offers security teams more choice and a quick way to implement UEBA.
Aruba IntroSpect Standard is an easy way for organizations to start employing UEBA machine learning security with as few as three data sources, accelerating an organization’s time-to-protect corporate and customer data. It is designed for basic monitoring and detection of anomalous and often, subtle, behaviors on the network and across mobile, cloud, and IoT devices and applications, to identify early signs of attack expansion and beaconing, as well as data exfiltration.
It ingests common data sources including Microsoft Active Directory or other LDAP authentication records and identity information, and firewall logs from sources such as Checkpoint, Palo Alto Networks or Aruba monitoring (AMON) logs from Aruba infrastructure. Action can be taken quickly using ClearPass to quarantine, restrict, or remove identified threats.
Security teams deploying IntroSpect Standard can easily upgrade to IntroSpect Advanced as their requirements expand.
Raising the Bar on Early Detection with Aruba IntroSpect
Advanced Edition
Aruba IntroSpect Advanced delivers
a wider set of security capabilities than IntroSpect Standard to provide attack
detection by correlating across a broader array of data sources, aiding in
faster incident investigation and improved threat-hunting, search, and deep
forensics. Included are more than 100 supervised and unsupervised machine
learning models that provide unmatched analytics and forensics from data such
as packets, flows, logs, alerts, endpoints, and including mobile, cloud, and
IoT traffic, increasing an organization’s effectiveness at identify risk.
New features for Aruba IntroSpect
Advanced include:
·
Smarter Security with Dynamic
Machine Learning, which allows security teams to easily customize IntroSpect’s analytical
models based on the current threat environment and protection priorities.
Included is “chaining,” in which the 100+ out-of-the box machine learning
models can be linked together to construct new detection scenarios and
associated risk scores.
·
Classifying Mobile, Cloud,
and IoT with Device Peer Grouping, which utilizes the ClearPass profiling functionality
to group like devices even when known only by their IP address. For example,
ClearPass will classify a surveillance camera or a factory sensor, and
IntroSpect will benchmark its behavior amongst its peer group. Introspect will flag unusual device behavior based
on peer group comparisons, which is important in extending UEBA functionality
to the growing classes of IoT devices.
·
Faster Remediation with Integrated
Attack Response, enabling security analysts to respond to an attack by triggering an
action for ClearPass directly from the IntroSpect console.
Trusted and Secure Network Foundation with Aruba Secure Core
Embedded
into Aruba’s networking infrastructure is the Aruba Secure Core which provides
the necessary protection required for any network including secure boot, embedded
firewalls, centralized encryption, deep packet inspection and intrusion
prevention. Aruba’s unique infrastructure design helps eliminate the danger of
physical tampering while securing and monitoring network traffic.
Integrating Aruba
IntroSpect UEBA and Aruba ClearPass into the Aruba Secure Core provides a
seamless path of protection from device discovery and access to attack
detection and response. This gives Aruba customers the unique ability to detect an
attack and then take automated or analyst-initiated action to protect
organizations’ valuable assets, ranging from network reauthentication to
quarantining to blacklisting users and devices.
[1] Gartner, “Market Guide for User and Entity Behavior Analytics,” Toby
Bussa, Avivah Litan, Trisha Philips, Dec. 8, 2016, Pg. 9
E-Commerce Sector at Risk of ‘Lethal’ DDoS Attacks This 2017
A tough road is expected for businesses that rely on digital
technology this year as Distributed Denial of Service (DDoS) attacks continue
to evolve, according to a report cited by IPC, a local cloud pioneer and the
only DDoS mitigation service provider in the country with a local attack
scrubbing facility.
The worldwide study conducted by IPC’s DDoS Mitigation partner Nexusguard revealed a
380% increase in frequency of attacks in the first quarter of 2017. “More than
16,600 attacks were recorded during the first quarter, with notable ones being
an enormous 275Gbps attack that took place during Valentine’s Day and a lengthy
attack spanning 4,060 minutes which occurred during the Chinese New Year,” said
Juniman
Kasman, Chief Technology Officer of Nexusguard.
Additionally, the study shows that the percentage of days with
large attacks also grew substantially. “The percentage of days with sizeable
attacks (larger than 10Gbps) grew considerably between January (48.39%) and
March (64.29%),” added Kasman.
For Dave De Leon, IPC’s Chief Operating Officer, the rising
complexity of DDoS attacks can adversely affect companies who utilize digital
means for business. “Online businesses have much to lose from going offline due
to DDoS attacks. The ecommerce industry is a very vulnerable sector because
operations rely heavily on the Internet. One successful attack can lead to huge
financial losses. If you factor in the risk of losing customers, then we might
be talking about millions.”
Online transactions paralyzed
During a DDoS attack, cybercriminals flood a website with traffic
coming from numerous requests in order to overwhelm its server. Due to the
staggering amount of incoming traffic, the server is unable to support it and
eventually crashes. Its main objective is to prevent users — both customers and
the staff of the company — from accessing the site. To put it plainly, DDoS
attacks knock perfectly healthy websites offline by overwhelming them.
The threat of evolving DDoS attacks is at a pivotal moment where
the practice of online shopping is growing at an exponential rate, as revealed
in an eMarketer study that forecasts a
global e-commerce market amounting to $2.290 trillion this year. IPC believes
that this growth will further attract criminals to launch more attacks.
“An inaccessible website is possibly the worst scenario any
e-commerce company could experience. Aside from not being able to conduct
business, their reputation is also at stake since an ongoing attack can disrupt
the shopping experience of customers. If not remedied, irate customers will
eventually choose other sites.” said De Leon. “As a solution, we urge online
sellers to find a DDoS mitigation provider that can fend off large-scale
attacks and assure them of a stable connection amidst these online disasters.”
Together with partner Nexusguard, IPC’s Premium DDoS Mitigation solution ensures business continuity in light of DDoS attacks.
The company’s DDoS Mitigation experts employ GRE (Generic Route Encapsulation)
Tunnel solutions that easily and constantly avert any incoming malicious
traffic that can take down a website. Round-the-clock monitoring of the network
is also part of the service, as a way to quickly implement security measures in
the event of an attack.
“DDoS Mitigation should be an essential part of an e-commerce
company’s cybersecurity strategy. DDoS attacks are specialized threats designed
to bring down a company’s website. It all boils down to how much an hour or a
day of downtime will cost you. If you can’t even begin to imagine the losses,
then it’s time to talk to a DDoS Mitigation expert,” said De Leon.
For more information on how to protect your online business from
DDoS attacks, visit http://ipc.ph/en/ddos/.
Subscribe to:
Comments (Atom)
Ross is known as the Pambansang Blogger ng Pilipinas - An Information and Communication Technology (ICT) Professional by profession and a Social Media Evangelist by heart.
.jpg)
