HPE Arcsight

hybrid security imageBYOD and IoT means your network policies must address identity and traffic behaviour to protect against cyber threats that can start from inside the enterprise.

HPE’s Aruba ClearPass and HPE ArcSight integrate seamlessly so that when something strange happens in your network, you know about it immediately and you get multiple remediation alternatives.

Aruba ClearPass is one of the major benefits of using HPE Aruba WiFi Access Points.

Together with HPE ArcSight it gives you a coordinated way to on-board any user and device that connects to your wired, wireless, and VPN networks.

Together, they give you full visibility and control by leveraging user profiles, device types, and suspect traffic patterns to ensure that users — even those authenticated on the network — can be continuously monitored.

ClearPass provides context-based network policy management regardless of user, device type, or location. It includes device profiling, BYOD and guest onboarding, authorisation, authentication, and accounting (AAA) services, and built-in troubleshooting tools.

HPE ArcSight Enterprise Security Management (ESM) offers consolidated data archiving and parsing of data, with analysis and real-time correlation to detect anomalous behaviour and potential threats. By combining information on network connections from ClearPass and other network security devices, ArcSight identifies threats and allows you to respond both automatically and manually.

Suspect Traffic Remediation

When ArcSight receives a suspicious traffic warning from a firewall, it triggers an alert back to ClearPass to enforce a device policy requiring reauthentication, quarantining, or other policy-driven actions.

If a firewall or other network security device detects suspicious traffic it sends this information as part of a log event feed to ArcSight — ArcSight then calls out to ClearPass to track the device threat status and initiates a change in authorisation, forcing the device to re-authenticate.

Behaviour Analysis For Mobile And IoT

ClearPass feeds data into ArcSight ESM that, combined with other contextual data, allows monitoring of behaviour for IoT, corporate, or BYOD devices. If unusual behaviour is detected, a trigger is fired from ArcSight to perform a remediation request via ClearPass.

HPE ArcSight ESM correlates device traffic with other security events to identify anomalous device behaviour based on deviation from baseline or as a result of an investigation.
Remediation triggered by ArcSight can include secondary authentication, VLAN change, or device removal.

Compliance And Data Archive

ClearPass generates event logs covering user, device, and system activities. This data is captured and stored in the central ArcSight platform.

This consolidated view and centralised store is valuable for:

  • Analytics and compliance reporting use cases
  • A central point for policy and analysis
  • Search and report using a comprehensive set of historical data
  • Create compliance reports to meet regulatory or governance requirements.

The seamless integration of Aruba ClearPass and HPE ArcSight means you can take advantage of mobility and IoT, while keeping the network secure — all without spending additional dollars.

For more information on Aruba ClearPass and Arcsight call Evotec on 1300 133 996.