Aruba Networks News

Subscribe to Aruba Networks News feed
Technology Blog articles
Updated: 1 hour 35 min ago

Change the Management VLAN for Aruba Instant

17 hours 44 min ago

Aruba Instant is a very simple and easy to use WLAN solution. In some projects, I have the situation, that users are placed in VLAN 1. Which is easy with Aruba Instant. But unfortunately, VLAN 1 is the default management VLAN and the AP itself should not be placed in VLAN 1. This was impossible in the past but is very easy now. You can change the management VLAN for Aruba Instant and you can use VLAN 1 for your users.

Change the Management VLAN: Untagged on the Uplink

In the past, you configured the management IP for the Instant AP. This IP was always in VLAN 1 untagged. This is fine when you do not need VLAN 1 for clients. If you do, you need to have the management IP in a different VLAN. This is possible in Instant for some time now. I did this test with the latest and greatest version available. But the feature is included in Instant since version 4.3.0.

The first step is to change the uplink VLAN. The IAP consider VLAN 1 as the native (untagged) VLAN for the uplink. To change this, log into the IAP and go to "System":I changed the "Uplink switch native VLAN" to 10. VLAN 10 is my management VLAN in this scenario. And with the default settings, you are done so far, as the IAP assume the management VLAN untagged with default settings. From Wireshark, you can see that the "Virtual Controller IP" is untagged on the uplink:I'm doing a ping from the switch to the controller. No VLAN tags at all.

Change the Management VLAN: Tagged on the Uplink

Now, let's assume, you need the management VLAN tagged on the uplink. This is possible as well. In the scenario above, I have used VLAN 10 for the management and put this untagged on the uplink.

This time, I use VLAN 100 for the management. VLAN 10 is still untagged on the uplink. To change the management VLAN to VLAN 100 and get the VLAN tagged on the port log into the IAP and select one of the IAP's in the cluster. Click the "Edit" link and select the "Uplink" for the IAP:You can define the management VLAN with the "Uplink management VLAN" setting. If this setting is different to the "Uplink switch native VLAN", the management VLAN is tagged on the uplink. In my case, it is VLAN 100. After adopting the switch configuration you can see the use of VLAN 100:As you can see from the screen above, the ping from the switch to the IAP is now tagged in VLAN 100. Let's recap where we are so far. The IAP use VLAN 10 native on uplink and VLAN 100 tagged on the uplink for management. VLAN 1 is not used at all. Which is always my recommendation. But for a complete picture, I use VLAN 1 as an egress network for an SSID.  I do the same for VLAN 10. Just to make sure, it is still untagged. VLAN 1:If a client connects to this SSID, the traffic is tagged with VLAN 1 on the Uplink:As you can see, the DHCP request is tagged with VLAN 1. And the same for VLAN 10:And the Wireshark trace:No VLAN tag for the DHCP request. This is the expected behavior as VLAN 10 is the native (untagged) VLAN on the uplink.

From the post above you see that it is very simple to change the management VLAN for the IAP and change the untagged VLAN to a different VLAN than VLAN 1.

Do you use VLAN 1 in your environment? Please let me know why or why not. Other questions or feedback is highly appreciated as a comment below.

CISO’s Guide: Introduction to Machine Learning for Cybersecurity

Tue, 11/21/2017 - 10:00

Cybersecurity has long been a boardroom discussion, and the potential use of artificial intelligence to detect attacks that have evaded traditional security defenses should be added to the agenda. This blog is the first in a series to introduce chief information security officers (CISOs) and other security leaders to the possibilities of using machine learning and user entity behavioral analytics (UEBA) to detect cyber attacks faster—and before lasting damage is done. In this first blog, we explain the overall situation and why machine learning can help.

 

In days past, threats to the business most often came from the outside through a perimeter that could easily be defended. But things have changed. Organizations face challenging new threats coming from attacks that have reached inside— compromised users, negligent employees and malicious insiders. This, in turn, makes it much more challenging for CISOs and security leaders to successfully protect the organization.

 

Nuance Matters

 

One of the central problems is that most of the security products used by the vast majority of companies look at the world in binary terms: Traffic is bad or good, files are infected or not, users are authorized or blocked. While these approaches have historically proved effective in many circumstances, today, these “black and white“ checkpoints are becoming more and more permeable.

 

Once inside an organization, free from fears of being readily caught, targeted attacks can leisurely surveil, probe and exploit an organization by bypassing the traditional defenses. To identify these “low and slow” threats, security approaches have to deal with the world of “gray”—small signals that must be detected, put in context over time and added up to indicate pending harm. These targeted attacks may pace themselves, taking tiny steps. Most attackers are all too aware of the arsenal of tools designed to find telltale attack signatures.

Adding to this nuanced puzzle is that CISOs must keep in mind that detecting these attacks requires the ability to not only understand what is different but also to make a decision about whether “different” means “deadly.” Anomalous doesn’t always mean malicious. Employees change jobs, locations and work habits all the time. Analysts already see too many false positives, and to alert on every small change is overwhelming and impractical.

 

Choosing the Best Tool

 

So, what to do? How can CISOs stand a fighting chance? Enter machine learning. Machine learning is one of the most powerful tools a company can use to detect these types of inside attacks before they do damage.

 

Machine learning is a form of artificial intelligence (AI) that learns and makes judgments without needing to be explicitly programmed for every scenario. Unlike signature-based products, machine-learning models learn from data. They are capable of providing a probabilistic conclusion, which can then be converted into a binary signal of “good or bad.” The likelihood of a decision being accurate can be interpreted as a measure of confidence in that conclusion.

 

Machine learning is a core capability in the product category that Gartner calls user and entity behavioral analytics (UEBA) and forecasts a healthy 48% compound annual growth rate from 2015 to 2020.

 

UEBA solutions can be used on their own or add value across the security ecosystem. UEBA leverages the same logs that a security information enterprise management (SIEM) like ArcSight, Splunk or QRadar collects, which means that the investment a company made for IT operations and compliance can be easily extended to produce additional value in terms of precision attack detection and accelerated incident response.

 

Learn More

 

In our next blog, we’ll dive into the principles of machine learning.

 

Ready to learn more? Download the CISO’s Guide to Machine Learning and User Entity Behavioral Analytics e-book now. 

 

Like this blog? Give it a thumbs-up or share it on social media using the buttons below.

 

Join the discussion: Tell us your biggest cybersecurity challenges in the comments below.

3 Reasons Why Machine Learning is not a Cybersecurity Pipe Dream

Tue, 11/21/2017 - 10:00

Despite skepticism about machine learning’s role in security, organizations can benefit from machine intelligence when combatting sophisticated attacks. While some believe that machine learning is the latest pipe dream for security, I think otherwise. It all depends on how machine learning is applied. In this blog, I’ll dive into a few ways that machine intelligence can make a difference and enable analysts to stop chasing ghosts.

 

#1: Machine learning accurately detects anomalies, despite weak signals and intelligent attackers.

 

The signals for many advanced attacks are weak. Using machine learning to generate alerts on anything that may be an attack (i.e., all the weak signals) only exacerbates the “alert white noise” problem – i.e., the deluge of alerts that enterprises face today. To produce the higher fidelity alerts that will enable analysts to focus on the issues that matter, machine learning must correlate multiple weak signals over time at a user or host level, with a risk score that reflects the accumulation of anomalous events.

 

For example, machine learning techniques, which serve as the foundation for user and entity behavior analytics (UEBA), can detect an attack by comparing user Bob’s normal access using his machine versus an attacker who has gained access to Bob’s machine and is posing as Bob. The attacker’s motivations are likely to be quite different from Bob in his/her desire to move around the network and gain access to sensitive information worth stealing. Unsupervised machine learning techniques could baseline Bob’s normal behavior from the host he usually accesses and spot deviations in behavior that could indicate a potential compromise.

 

#2 Machine learning makes it easier to know if attackers are still lurking in your network.

 


 

Machine learning can continually sift through the vast amounts of data that an organization already has, annotating and enriching it, even if suspicious activity is not raised to the level of an alert. And it happens without needing pre-configured rules, a pre-determined notion of good and bad, or need to produce detection results in real time.

 

This pre-processing results in a higher-level taxonomy, which is key to speeding up the threat hunting process. Starting with a single thread of evidence, analysts can use this new taxonomy to rapidly test different, complex hypotheses and detect hidden attacks lurking within their network. This constant, behind-the-scenes annotation and enrichment of data is an important reason that machine learning should be part of a meaningful security strategy.

 

#3 Machine learning shortens the time to detect attacks.

 

 

Today, the average time it takes to identify attacks inside a network is more than six months, and a vast majority of attackers are bypassing existing detection and prevention systems. During this time, attackers are using a variety of methods to exploit their presence inside the network, but in doing so, they are leaving a trail via huge volumes of log, packet and network flow data. Machine learning automatically analyzes these vast amounts of data to detect attacks. And even if the attack isn’t automatically detected, per #2 above, machine learning makes the threat hunting process significantly faster.

 

The result is that machine learning can help shorten the time to detect and investigate these classes of attacks, which is a huge win for organizations. This also speaks to the need for a fundamental mind shift for organizations – their real-time detection and prevention investments for the last ten years are wholly inadequate for the security needs of today. Balancing this with monitoring and response for timely detection of threats lurking in the network is increasingly becoming a vital security requirement.

 

Stop Threats Faster

 

Organizations are faced with a sophisticated attack landscape and vast datasets. Traditional defenses that rely on correlation rules and real-time signatures are proving inadequate at detecting a majority of these threats. Sophisticated multi-stage attacks can almost never be detected in real time, and raising alerts for all variances seen during every stage of the kill chain just compounds the alert white noise problem for analysts, rather than mitigating it. Machine learning can help because it can automatically detect attacks. While it may not be able to automatically detect every single attack, it can shed deep insights that support human-driven workflows to detect and respond to threats.

 

Learn how Aruba is using machine learning to deliver a smarter security solution. Get the IntroSpect solution overview.

Aruba Secure: You Need the Best Fighter in Your Security Corner

Mon, 11/20/2017 - 14:53

Recently we introduced Aruba 360 Secure Fabric, a security architecture designed around open standards, analytics and adaptive response. The Secure Fabric achieves a number of things, both integration-wise, but also communication-wise. For a decade, Aruba was the security company you never heard of. For many years, we were the sole NSA-approved solution for Suite B wireless connectivity. Our controllers and access points are the prescribed choice internationally for three-letter-acronym agencies, and our infrastructure tools sit at the heart of enterprises that require statute and regulatory compliance, from healthcare to NASDAQ. And yet while we fought like Ali to secure that business, we never spoke of it. I hope you’ll read the executive overview or watch the Pulse video to learn more about Aruba 360 Secure Fabric.

 

What we were known for, in security circles, was our secure network access control (NAC) solution, Aruba ClearPass. ClearPass is the only NAC solution that secures connectivity, wired, wirelessly, on VPNs, in multivendor environments. It’s the only solution that integrates with the leading security vendors such as Palo Alto Networks, Check Point, Duo, ArcSight, Splunk, McAfee, Carbon Black, and 120 more at no cost. At no cost, because that is our culture, that is our commitment to our customers and a greater good to business as a whole. We won’t put a financial impediment in place of the human issues of integrating a SOC and a NOC.

 

If your NAC solution connects first and secures as a secondary mission, (the laid back NAC), if your NAC vendor charges you for profiling and fingerprinting devices, if they charge for “orchestration” or usage of a Partner eXchange (emphasis on the PX), then we need a conversation with you. The Home Depot and over 1,000 other customers secured their environments with us this year because of our technology, partners, people and culture.

 

And now IntroSpect, our leading user entity and behavioral analytics (UEBA) solution, or as my dear friend and spook agency deputy CISO commented,  “Oh how cute, a consumer version.” I myself was dubious when we acquired Niara, I questioned the capabilities of machine learning, of the cookie cuttering of data science. I was wrong, no, I was an idiot. I see how customers have deployed IntroSpect, how they are detecting low and slow attacks, and how they are thwarting insider and malicious behavior. The time saved in proactive resolution, the time saved in reduced analysis, and the resources saved in quicker, better-informed decisions and actions – it’s a sight to behold, and one I hope we can share with you in the Customer Experience Center.

 

We are excited that once again Gartner has recognized Aruba, a Hewlett Packard Enterprise company, as a Leader, positioned furthest overall for its completeness of vision, in the 2017 Magic Quadrant for the Wired and Wireless LAN Access Infrastructure. [1] This is now the 12th consecutive year [2] that Aruba has been positioned as a Leader in the market, including the prior Gartner Magic Quadrant for the Wireless LAN Access Infrastructure.    The team at Aruba is in your corner, ready for the fight, ready to take it to hackers, the malicious insiders, and the rogue IoT.

 

That’s enough of my words. For some real insight, I recommend you read Aruba CTO, Partha Narasimhan’s blog, or Larry Lunetta’s, Aruba VP of Security, blog.

 

 

Who’s ready for the next round? US and YOU. Watch the video.

 

Thanks for being customers, thanks for being partners, and thank you for giving us consideration if you are not.

 

Jon Garside - Security Aruban

 

 

[1] Gartner Magic Quadrant for the Wired and Wireless LAN Access Infrastructure, Tim Zimmerman, Christian Canales, Bill Menezes, 17 October 2017.  This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Aruba, a Hewlett Packard Enterprise company. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.  

[2] Aruba’s 12 years of placement includes HPE (Aruba) in the Magic Quadrant for the Wired & Wireless LAN Access Infrastructure from 2015-2017 (3 years), Aruba Networks in the same Magic Quadrant from 2012-2014 (3 years) and in the Magic Quadrant for Wireless LAN Access Infrastructure from 2006-2011 (6 years). 

Blockchain, IoT and Emerging Blockchain Technologies

Thu, 11/16/2017 - 10:55

Talk of blockchain is everywhere, and it has enormous potential beyond just cryptocurrencies. Blockchain can transform the transparency and security of a broad variety of transactions, from insurance to supply chain auditing to identity management. This blog series will explore the technical features and utility of blockchain.

 

Why IoT and Blockchain?

 

"IoT and blockchain" are related like “human cells and DNA.” Both cells and IoT devices are numerous in their respective environments. Both blockchains and DNA strands are chains that hold vital information about attributes needed for survival. DNA reflects the story of our ancestors and the genesis of life. Blockchain mirrors each transaction and points back to a Genesis Block.

 

 

Both DNA and blockchain can copy themselves and store a copy locally. Both have instruction sets – RNA and Smart Contracts – to construct building blocks, proteins and transactions, respectively. DNA and blockchain diverge when it comes to roots of truth. Mutations can occur when DNA is exposed to hazardous conditions, but blockchains are immutable – anomalies create inconsistencies that are immediately flagged. And it is this property that makes blockchain so well suited to use in the Internet of Things (IoT). A drastic genetic drift results in the evolution of new species from existing ones. A drastically different protocol adoptions (hard fork) result in the formation of new blockchains from existing ones (for example, Bitcoin vs Bitcoin Cash vs SegWit2x).

 

  (Blockchain images courtesy: https://gcn.com/articles/2017/04/27/illinois-blockchain.aspx)

 

Blockchain is an abstract concept of a distributed ledger and public key infrastructure (PKI), on top of which different platforms can be built. Bitcoin was the first successful blockchain platform, but it’s important to note that cryptocurrencies are just one instantiation of a blockchain. Equally interesting are smart contracts.

 

What’s Ethereum?

 

Ethereum is a new and a very popular blockchain smart contact platform that has the potential to be applied to any industry vertical. Distributed in use, just like IoT, Ethereum provides data immutability, peer-to-peer (P2P) communications, distributed storage, smart contracts, and support for public networks.

 

Ethereum is one of the leading innovative platforms in the blockchain world with respect to IoT, and the second half of this blog will discuss the latest updates from the Ethereum Foundation Developers Conference (Devcon) held 1-4 November 2017. This was the third year of Devcon, and it coincided with the release of Byzantium, which is the third release of Ethereum.

 

The first version of Ethereum, Frontier, was released in 2015 and constituted more of an experimental release, demonstrating the capabilities of mining, smart contracts and distributed apps (dapps). The Homestead release in 2016 was the first stable release of Ethereum, and was the basis on which many startups began building applications and wallets.

 

Byzantium, released in October 2017, has a lot of interesting features that lay the technical foundation for massive blockchain-based IoT networks of the future.

 

Emerging Blockchain Technologies

 

The most recent Devcon had more than 50 sessions delivered by research scholars, developers, and entrepreneurs. Ten topics of my interest from these sessions, including current and future technologies, with a simplistic description, are below.

 

  1. Sharding – Splitting blockchain into parallel universes for scalability
  2. Plasma – Building many blockchains on a blockchain for faster transactions
  3. zkSnarks – Zero-knowledge proofs for improving security and capacity
  4. Swarm – Distributed storage system
  5. Enterprise-grade Oracle – Guardians of truth for information from the physical world
  6. Whisper – Achieving perfect secrecy while messaging
  7. Casper – Energy-efficient consensus mechanism
  8. Proof of presence
  9. Primea – Microkernel for parallel message processing
  10. Devp2p – peer-to-peer communication protocol with Node discovery v5

Over the next several weeks, we will explore interesting developments in the areas of scaling blockchain, innovations in Ethereum, Hyperledger and other Blockchain platforms in detail and see how they can extend the capabilities of IoT networks. Stay tuned!

 

Like this blog? Share it on social media or like it using the buttons below.

 

Are you researching blockchain? Tell us why in the comment section below.

 

 

The Aruba 8400 Switch Series is the Foundation of an Intelligent, Programmable Campus Network

Tue, 11/14/2017 - 10:00

 

 

A lot has changed since the design of a traditional campus network switch was etched in silicon. Applications have shifted from client-server to a mobile-cloud computing model. The arrival of the Internet of Things (IoT) means an abundance of small, smart devices that can make our lives better in many ways—or wreak security havoc. Business is increasingly digital, lives are lived on social media, and our digital footprints are tracked virtually everywhere, causing data volumes to simply explode.

 

Those tectonic shifts have dramatically changed how traffic flows across the campus network. Mobile devices and sensors largely communicate out to the Internet, and there’s often more traffic leaving the enterprise boundaries than heading to its internal data centers. Campus switches must handle these traffic flows deftly.

 

The campus network has never been more important. Network performance and reliability are critical to nearly every aspect of business operations, from mobile access, cloud applications and phone calls to physical security and environmental controls.

 

Build a Carrier-Class Campus

 

 

That’s why Aruba created the 8400 Core and Aggregation Switch.

 

Aruba has been a leader in access switching, and we extended that leadership with the 8400 Switch Series, the first carrier-class switch for the campus that’s designed for the mobile-cloud and IoT age. The 8400 is a powerful switch, delivering industry-leading line rate 10GbE/40GbE/100GbE port density, very low latency, and scalability for full support of Internet routes. Beyond the hardware specs, the switch runs AOS-CX, a modern network operating system that brings new levels of intelligence and programmability to the network.

 

Database-centric: AOS-CX has a database-centric design and a programmatic interface to the entire database schema. We made a philosophical design choice that everything—internal states, protocols, statistics and more—is expressed in the database, providing full visibility into what’s happening in the network. With a database-driven OS, the network can be better controlled and more capabilities can be made accessible to applications and network administrators.

 

Resilient: High availability and resilience are an outcome of the 8400 architecture, not a bolt-on. The 8400 has multiple layers of resilience, so no single component or protocol is a chokepoint. If a process fails, it can come back up in an instant because it can read the current state from the database. Configurations can be rolled back easily, and checkpoints are taken every five minutes.

 

Full visibility and monitoring: With legacy switches, getting insight into what’s happening is largely a manual process. It’s time-consuming, and it’s hard for network operators to stay ahead of problems. Because AOS-CX is database-driven, any factor can be monitored over time. Think of AOS-CX as enabling rules-based live-streaming of data to improve the network—and the user experience.

 

With AOS-CX, machine-automated troubleshooting vastly accelerates problem resolution. The Network Analytics Engine, an essential part of AOS-CX, is key to gaining this insight and accelerating troubleshooting. Long before a network problem has been fully realized and a person starts digging for the cause, the network proactively contributes to the troubleshooting. Network administrators can set up rules for what they want to monitor, so when they need to take a deeper dive, the right data is already available, analyzed and correlated with recent events, such as a configuration change or addition of a new application. Administrators can develop their own scripts using Python to monitor and manage the network. And in the true spirit of openness, Aruba encourages our community to share those Python scripts with each other.

 

Network administrators access NAE directly from the AOS-CX web-based UI. Admins can easily customize the widgets on the AOS-CX dashboard to fit their way of working. With a clean, sleek design, the UI is just another example of how Aruba is making campus networks easier to support.

 

Open and programmable: A fully programmable REST API is key to delivering greater visibility and flexibility. Other software can communicate directly with AOS-CX, enabling tighter coordination between what applications need and what the network delivers. And that makes for a better experience for every user and device.

 

Ready to Learn More?

 

Read the blog, “AOS-CX: A Modern, Programmable Network for the Mobile, IoT Age” by Tom Black, vice president and general manager of the Aruba campus switching business unit.

 

Read the blog, “The 8400: The Core Switch that Makes Every Device Better” by Partha Narasimhan, CTO of Aruba.

 

Watch the demo to see AOS-CX in action.

 

Download the 8400 data sheet.

Extend Wi-Fi Outdoors with Aruba 360 Series Access Points

Tue, 11/14/2017 - 10:00

People expect great Wi-Fi no matter where they are—and that includes outdoors. Workers want to be able to work anywhere on a corporate campus, walking between buildings, wrapping up that customer call while parked outside, or enjoying the sun over lunch. Students want to collaborate on that class project and watch Netflix from the quad. Smooth warehouse operations depend on reliable communications starting at the loading bay, into the refrigerated areas and all the way through to staging areas. So do ports and other industrial sites.

 

With the introduction of the Aruba 360 Series Access Points (APs), Aruba continues its history of innovation. These 802.11ac Wave 2 access points deliver cost-effective connectivity for mobile and IoT devices in outdoor environments at businesses, schools, retailers, and in industrial settings.

 

The 360 Series APs are designed to survive in harsh outdoor environments—from the frigid tundra to the blazing hot desert, and in humid and wet environments. They’re fully sealed to keep out airborne containments.

 

The 360 Series APs are ideal in moderate density deployments, and they can be mixed and matched with the 270 Series APs, which deliver the highest performance and density.

 

Smaller, More Affordable APs

 

Delivering great outdoor Wi-Fi can be challenging, and Aruba is committed to removing the barriers with solutions like the 360 Series. 

 

The 360 Series APs offer several key benefits:

 

  • Cost-effective connectivity –The 360 Series APs deliver a maximum data rate of 867 Mbps in the 5-GHz band and 400 Mbps in the 2.4-GHz band, while supporting MU-MIMO operation for simultaneous transmission for up to two 802.11ac Wave 2 devices. The 360 Series can detect, classify and group 802.11ac Wave 2 capable devices under a single Wave 2 radio, increasing network capacity and efficiency. An integrated Aruba Bluetooth Low Energy (BLE) beacon simplifies remote management and provides advanced location, indoor wayfinding and proximity-based push notification capabilities with Aruba Meridian.

 

  • Dependable connectivity – The Series 360 is the second (the other being Aruba 270) outdoor AP in the market to have a limited lifetime warranty. This is possible thanks to our engineers’ innovative thermal designs and by eliminating the need for the most failure-prone components, a heater or fan. Fewer moving parts means greater reliability. All electrical interfaces have include industrial-strength surge protection and the enclosure has a Gore-Tex plug to equalize pressure while preventing dust and moisture from being drawn into the AP when it goes through a cooling, and hence contraction, phase.

 

  • Easier to deploy – Specifying and installing outdoor APs can be very complex. In the past, you needed to order and install a dozen different components like antennas, RF cables and lightning arrestors. No more. You simply choose the model, whether the AP-365 (omnidirectional and perfect for wide outdoor coverage, usually mounted on a pole) or AP-367 (directional and great for mounting on the outside of a building) and select the mounting bracket. That makes installation much easier when you’re perched 20 feet off the ground on a ladder or in a bucket truck.

The Aruba 360 Series outdoor access points provide cost-effective performance, high reliability and easy deployment.

 

Boosting Creativity and Sales with Outdoor Wi-Fi

 

Aruba helps customers of all sizes extend their mobility coverage outside the office or venue.

 

The artists and engineers at DreamWorks have the same digital workplace experience, whether inside their buildings or outdoors. DreamWorks recently deployed Aruba APs for outdoor Wi-Fi across the 11-acre campus—all painted to blend in with the building colors for maximum aesthetic appeal. Now there’s great coverage everywhere – when artists walk between buildings, brainstorm in the warm Southern California sun or take a quick break on a patio or balcony.

 

Great outdoor coverage is within the reach of smaller organizations like Cedar Rapids Country Club in Iowa, too. There, members expect to stay connected whether they’re on the golf course, swimming laps at the pool or just finished a set of tennis. Increasingly, people still want to be productive, even when they’re relaxing. But poor outdoor Wi-Fi was causing frustration for the club members and staff. People couldn’t connect their mobile devices, phone calls dropped, and they couldn’t always make purchases because the mobile payment system went down when the Wi-Fi went out.

 

With outdoor 802.11ac Wi-Fi from Aruba, the club now delivers a great experience. Not only can members stay connected as they please, but also with the BLE beacons embedded in the APs and Meridian, they can order food and have it delivered to their golf carts or poolside.

 

Ready to learn more?

 

Learn more about the Aruba 360 Series Outdoor Access Points.  Download the datasheet  

 

Watch DreamWorks and Aruba talk about outdoor Wi-Fi. « Watch the webinar »

Horses, Barn Doors and Ransomware

Mon, 11/13/2017 - 10:35

There is a favorite saying to characterize a situation where the remedy to a problem shows up too late: “It’s like locking the barn door after the horse is stolen.”

 

When we look at how many user and entity behavior analytics (UEBA) solutions deal with email-borne attacks like spearfishing and ransomware, they focus on “and look how we show you the data leaving your organization” as opposed to “we’ve seen an email that looks like it can lead to an attack.” In other words, “the horse is leaving, good luck.”

 

While any notification of an attack in progress (or even finished) is necessary for damage control and cleanup, new technologies such as machine learning should do better than that.

 

Much has been made of the value of machine learning/behavior analytics—often packaged as a UEBA solution—to detect cyber-attacks that have evaded real-time defenses and typically masquerade with legitimate user credentials.

 

The “E” in UEBA stands for “entity.” An entity can be a user, a host, an application—really any IT actor with an IP address including IoT. Until now, UEBA machine learning has been applied to find small changes in user or host behavior that, when collected over time and put into context, will in aggregate indicate a slowly gestating attack. In other words, a focus on the compromised user or system.

 

Aruba has expanded the definition of “entity” to now include the attacker with our UEBA product, IntroSpect. Through the use of UEBA machine learning models that focus on the tactics of the exploit, analysts will see these attempts earlier in the kill chain and can take steps to intercept the attacks before they do damage.

 

This breakthrough came from an exhaustive study of email-based attack campaigns by the IntroSpect threat research team. In a published study, “Using Behavioral Analytics to Detect Malicious Email Campaigns and Targeted Attacks,” five of the most lethal email-targeted campaigns, such as Lokey, PostMoney and Witness, were carefully scrutinized to unearth the tools, techniques or procedures (TTPs) used by attackers. Based on these attack “autopsies,” IntroSpect researchers pinpointed the critical signs of email-based attacks that include:

 

  • Name spoofing
  • Campaign targeting
  • Origination
  • Duration

 

The most important finding of the study is that the same machine learning algorithms that IntroSpect uses to find compromised or malicious insiders can be used on email logs or actual email headers to automatically flag ransomware, spearfishing, whaling, etc.

 

For example, a typical attack email campaign will attempt to trick a user by spoofing the sender address by replacing an “i” with an “l” or an “o” with a zero or making a small change that is easily overlooked: instead of “IntroSpect”, it would be “InterSpect”. With specially trained machine learning models, IntroSpect can spot these subtle changes and combine them with other attacker behaviors to deliver a reliable, highly actionable alert before files are frozen or data leaves the organization.

 

According to the 2017 Verizon Data Breach Investigations Report, 95% of phishing attacks that led to a breach was followed by some form of software installation. Of these attacks phishing: Three-quarters were financially-motivated and a quarter was focused on espionage operations. Despite the array of security defenses, email-focused or not, these attacks still get through and are only noticed as data flies fly out or files are corrupted.

 

IntroSpect has opened a new front in the war on email-borne attacks. By combining the anomalies detected in an attacker’s behavior with other relevant alerts, the doors can be locked and the horses are protected—before the damage is done.

 

Ready to learn more? Watch the IntroSpect video.

Aruba 8400 wins CRN 2017 Tech Innovator Award

Mon, 11/13/2017 - 10:00

CRN®, a brand of The Channel Company, has recognized Aruba, a Hewlett Packard Enterprise company with a 2017 CRN Tech Innovator Award for our new Aruba 8400 Core and Aggregation Switch.  

 

What is the CRN Tech Innovator Award?

 

These annual awards honor standout hardware, software or services that have helped to move the IT industry forward. In compiling the 2017 Tech Innovator Award list, CRN editors evaluated 216 products across 32 technology categories using several criteria:

 

  • Technological advancements
  • Uniqueness of features
  • Potential to help solution providers solve end users’ IT challenges

Aruba’s 8400 Campus Core and Aggregation Switch Series took top honors in the Networking Enterprise company category. The complete list of winners can be found at crn.com/techinnovators.

 

What are the 8400’s innovations?

 

Mobility, cloud and IoT have challenged every part of the network, and legacy, static campus core networks haven’t been able to keep up. The Aruba 8400 Switch Series breaks that old mode with a flexible and innovative approach to dealing with the new application, security and scalability required by modern networking environments.

 

The 8400 is based on the new ArubaOS-CX, which sets Aruba’s solution apart from legacy static and inflexible operating system designs. ArubaOS-CX acts as the brains of the switch to automate and simplify many critical and complex network tasks delivers enhanced fault tolerance and facilitates zero-service disruption during planned or unplanned control-plane events.

 

ArubaOS-CX brings intelligence and automation to the core with full programmability and embedded network analytics, giving network operators the ability to see more, know more, and act faster.

 

Inside ArubaOS-CX is the powerful Aruba Network Analytics Engine that allows IT teams to easily monitor and troubleshoot the network, system, application and security-related issues activities with simple rules-based monitoring and automatic correlation of network activities using simple Python scripts and REST APIs. The Network Analytics Engine capability comes with a built-in time series database that enables customers and developers to develop software modules that will allow historical troubleshooting, as well as analysis of historical trends, to predict and avoid future problems due to scale, security and performance bottlenecks.

 

The 8400 is a high-performance eight-slot chassis with 19.2Tbps switching capacity that provides industry-leading line-rate 10GbE/40GbE/100GbE port density, large table sizes, deep buffers, and scalability for support of full Internet routes. To ensure the carrier-class high availability required by a campus core, the 8400 maximizes resiliency with redundant management, power and fans.

 

For smaller campus core and aggregation deployments

 

We recently announced the Aruba 8320 Switch Series, a high availability campus core and aggregation switch with 2.5Tbps switching capacity. The 8320 has a compact 1U form factor, so is ideal for smaller deployments. It has built-in line rate 10GbE and 40GbE ports with redundant power and fans and is based on the same ArubaOS-CX with Network Analytics Engine that the 8400 has. Aruba 8320 Switch

The 8320 will be orderable in December and you can learn more about it now at the links below.

 

To learn more about the Aruba 8400 and new 8320

Check out the ArubaOS-CX video, the Aruba Network Analytics Engine video and learn more about the Aruba 8400 Switch Series and the Aruba 8320 Switch Series.

 

Like this blog? Like it or share it on social media using the buttons below.

User Experience is at the Center of the Digital Workplace

Mon, 11/13/2017 - 10:00

Massive changes in enterprise technology and business processes are having a major impact on the nature and operation of the workplace. At the same time, we are in the midst of a profound demographic shift toward more and more Millennial and Gen Z workers. With mobile technology, the workplace can be anywhere. In a strong economy, there is fierce competition for talent and a laser focus on maximizing workforce productivity and loyalty.

 

 

As a result, workplaces are evolving to meet users’ needs in a proactive way, rather than just being a “place to sit.” Workplace technology and space design are working hand in hand more than ever before. This is nurturing a new spirit of collaboration among traditionally disparate IT, corporate real estate, and management stakeholders. Traditional office layouts have given way to vibrant collaborative spaces, creating environments where people innovate and thrive. And that appeals to the newest generation of workers, who have grown up in a culture of technology immersion and group collaboration.

 

A Successful Workplace Puts the Needs of End Users First

 

Putting the user at the center of new workplace design elevates the working experience and helps organizations achieve their goals of innovation, productivity, and cost savings. This approach creates a workplace that supports the array of activities that people do during the day, from heads-down work to ad-hoc collaborations. Technology is a key part of this approach, from the IT infrastructure all the way to end-user devices such as smartphones.

 

When designing a workplace, it’s critical that key stakeholders work closely from the project outset, all the way to completion, rollout, and ongoing operation, to ensure that a great user experience is supported by great technology. End users should be intimately involved at all stages as well; without their buy-in, the most theoretically ideal approach can fail.

 

Applications, enabled by a smarter and more-connected workplace and workforce, are a key part of the picture. These applications, aided by an intelligent network, advanced sensors, and other infrastructure, can literally help each user throughout his or her day. Examples are advanced AV and collaboration technology in conference rooms; simpler methods for managing visitors; direction-finding within a facility; improved booking of conference rooms; and many others, some yet to be determined.

 

With this type of collaboration, workplace transformation can truly occur. At Aruba, a Hewlett Packard Enterprise company, we call this the Intelligent Edge, a set of modern digital experiences at the convergence of people, apps, and things.

 

When the workplace is everywhere, the IT infrastructure must be smarter, more capable, and more secure. The wireless and wired network must manage and secure many different types of devices, both devices associated with users and new kinds of devices like sensors. Any and all devices may be mobile and must be supported in a seamless, secure manner, so people have a consistently positive experience while security and other corporate policies are enforced. This approach allows end users to share contexts like each other’s location, which leads to more efficient utilization of space and people’s time. Advanced network analytics can provide true business insight, such as identifying popular and underutilized office spaces.

 

Modern Businesses Need to Focus on User Experiences

 

A great digital workplace combines great space design and great technology, with user experience at the core. But what does this feel like in real life, from the user’s point of view? It’s all about user experiences and making these experiences as seamless, efficient, and fulfilling as possible.

 

 

 

When enterprise-level advanced Wi-Fi is everywhere, people can work where and how they please. There are no dead spots in stairwells or at the far ends of hallways. There’s plenty of Wi-Fi on the patio for a working lunch. People can start a Skype for Business session in their workspace, and if they move into a teaming room or conference space, the session moves to the big screen without pause.

 

A digital workplace eliminates small hassles and inconveniences. When visitors arrive, they sign on to get connected to the Wi-Fi, and the next time, they have connected automatically. People book conference rooms using a mobile app, eliminating those persistent complaints about the meeting rooms always being busy. Indoor location services help people find their way across campus and even find other people. High-value assets can be tracked and found quickly.

 

Technology is transforming facilities management by allowing greater control of temperature, lighting and other comfort factors, as well as saving on energy and other costs. Advanced analytics are helpful here as well. Low-cost sensors, massively deployed, give a granular picture that serves both end users and facilities management.

 

Finally, the digital workplace can help protect workers’ safety and well-being, by providing better lighting and climate as well as enabling better emergency communications, registering employee safety, access control, and other aspects of corporate security. New technologies allow these enhancements to be offered in a seamless manner and don’t add to the complexity of the user experience.

 

All in all, the digital workplace is a worthwhile investment for all stakeholders, and thus is becoming the norm, representing the level of corporate support desired by workers as well as a major source of motivation and productivity.

 

See Aruba on the Innovation Tours

 

Our vision of the new digital workplace will be on full display at CoRE Tech on November 14 to 15. The Real Estate Tech Innovation Tours give attendees a unique opportunity to visit innovative companies.

Aruba is pleased to open our doors to show our mobile-first digital workplace in action, alongside other innovative workplaces such as LinkedIn and Google. The tour highlights Aruba’s flexible workspace, indoor location services, and integrations with building IoT solutions. Visitors will see intelligent collaboration tools, indoor wayfinding and asset tracking capabilities, space utilization analytics, smart furniture systems, and a location-enhanced real-time facility management system.

 

Join Us for an Expert Panel on Digital Workplaces

 

If you’re at the show, don’t miss the session, “The New Digital Workplace – Understanding Fads, Trends and Sustainable Expectations” on Wednesday, November 11 from 11:20am to 12:05pm in the Mission City Ballroom in the Santa Clara Convention Center. I’ll be there in good company with other workplace thought leaders from Colliers, iOffice, Herman Miller, and Fidelity Investments. And I hope to see you there too.

 

If you can’t make it to the show, you can still get a glimpse of the future. Watch the video: A look inside Aruba’s own digital workplace. 

 

Learn more about the Aruba Mobile First Platform.

 

Predictive Analytics and Why It’s the Way Forward

Tue, 11/07/2017 - 16:05

 

A slide from Gartner analysts Avivah Litan and Tony Bussa's presentation at the annual Gartner Security and Risk Management Summit struck me as so relevant to how security ought to evolve. In her presentation on analytics, Avivah highlighted a framework to think about analytics. The application of analytics for cybersecurity and insider use cases can be viewed as a spectrum comprising:

  

  • Descriptive analytics: Analytics to explain anomalous events that are happening. For example, malware communicating on the endpoint.
  • Diagnostic analytics: Analytics that can help identify why something happened. For example, user Joe clicked on an email attachment or often long after the incident may have happened.
  • Predictive analytics: Analytics that can help predict stuff before damage is done. For example, user Joe is starting to behave very strangely and likely to be putting your data at risk.

 

Figure 1: Gartner Presentation, "The Fast-Evolving State of Security Analytics 2016”, Avivah Litan and Toby Bussa, Gartner Security and Risk Management Summit, 13-16 Jun 2016

 

The part about “predictive analytics” caught my attention, given the lack of focus thus far by security solutions on more proactively helping customers identify security incidents in their environment before the damage is done. Traditional systems have focused on either detecting the infection (IDS or specialized threat analysis and protection solutions) or exfiltration (DLP products) stages.

 

There is increasing evidence that just focusing on the infection stage is insufficient for many of the cyber threats of today. The issue with looking at detecting incidents that are in the exfiltration stage is that it may be too late for these detections at this stage to stop the threat before the damage is done. After all, what good is it if the security analyst just found out that a user has uploaded a bunch of sensitive documents to their personal Dropbox account? Would he/she be in a better position if there would have been advance warnings to the possibility of this happening?

 

Most modern attacks are typically multi-stage, involving many of the activities along with numerous dimensions and often involve many stages prior to the eventual exfiltration phase as shown in Figure 2 below.

 


Figure 2: Diagram showing the stages of infection and data loss as well as the data sources needed for analytics to accurately detect the various stages

 

This is why predictive analytics offers much promise to detect many of these attacks and security incidents prior to the exfiltration phase and stop them before the damage is done. What if there were ways to rapidly identify situations in a proactive manner? For example:

 

  1. Michele is likely to be exfiltrating data in the near future because her account appears to be compromised.
  2. Joe is likely to be walking away with your firm’s sensitive information because he accessed sensitive information in a very unusual manner.
  3. Bob is at risk of leaving the company because the sum total of his behavior inside the network looks very different compared to how he normally behaves. For example, he is more active on job sites or appears to be checked out.

 
This could potentially help analysts detect, investigate and stop these incidents before sensitive data leaves your network and the damage is done. The predictive analytics detection scenarios could cover the early detection of compromised users who are under the influence of an attacker as well as insiders who may be acting in a negligent or malicious manner.

 

Given the likelihood of several stages during most attacks/security incidents between the infection and exfiltration stages, detecting as many of these stages as possible will best position your organization to thwart these threats. Raising an alert based on detection of only one activity or one stage will generate excessive false positives. What’s needed to ensure that only high fidelity incidents are escalated to an analyst for resolution require the ability to thread a needle through anomalous behavior across multiple stages and paint a comprehensive, macro picture into what may be truly happening to the user or host. This would give a tremendous leg up to security analysts to stop attacks before the damage is done.

 

Interested in learning more? Learn how Aruba IntroSpect predictive analytics uses behavioral techniques to help detect and stop advanced threats before the damage is done.

 

 

Aruba continues to be a Leader in the Gartner Magic Quadrant for Wired and Wireless LAN Access

Tue, 11/07/2017 - 15:14

Aruba Excels in Completeness of Vision

 

We are excited to share that, once again, Gartner has recognized Aruba, a Hewlett Packard Enterprise company, as a Leader, positioned furthest overall for its completeness of vision, in the 2017 Magic Quadrant for the Wired and Wireless LAN Access Infrastructure. [1]

  

The Magic Quadrant for the Wired and Wireless LAN Access Infrastructure gives Gartner’s view of the market based on the vendors’ ability to anticipate and integrate transformational technologies or approaches delivering on the future needs of end users. This spans networking components from the infrastructure hardware (APs, switches, controllers) to the software layer (network service applications that span security, management, monitoring, location services, network assurance and beyond).

 

According to Gartner’s Magic Quadrant positioning, as a leader, HPE (Aruba) executes well against our current vision and is well positioned for the future.

 

 

(Source: Gartner, October 2017 [1])

 

This is now the 12th consecutive year [2] that Aruba has been positioned as a Leader in the market, including the prior Gartner Magic Quadrant for the Wireless LAN Access Infrastructure. We believe this consistency, unmatched by any other vendor, is proof of Aruba’s innovation, vision, and ability to deliver peace of mind for our customers. We also believe that our Customer First, Customer Last philosophy has enabled us to stand apart from our competitors, delivering robust solutions that our customers appreciate. Our customers’ positive experience is reflected in HPE Aruba’s position.

 

The Aruba Mobile First Architecture provides customers with market-leading networking, location services, analytics, and security solutions that allow them to extract new insights and drive more business value from IT assets.  These solutions not only help to securely connect users, devices, and things with speed and scale, but the data from these interactions is also used to drive these contextual experiences, and automate responses and remediation.  Aruba’s solutions aren’t just for the mobile workforce, but also for addressing how people and businesses interact with connected “things”, across wired and wireless access networks, to deliver better experiences for customers, IT, operational technologists and the digital workplace.  Aruba’s solutions help IT move beyond being a cost center to becoming a business asset. Extending our portfolio with machine learning, analytics and automation are key factors that will enable customers to scale their networks into the future. With the influx of mobile and IoT devices, we are seeing the need for innovation across both the wireless and wired networks, and are applying our knowledge from the wireless network  into wired access switches so they can effectively meet the challenge of new applications and wired IoT devices.

 

 

Figure 2:  Aruba Mobile First Architecture

 

Our Mobile First networking strategy, which focuses on delivering contextual experiences for the digital workplace in the union of people, places and things, drives our leadership in vision. The Customer First, Customer Last approach throughout our organization has enabled us to accelerate our execution in the market and help our customers succeed in their businesses.

 

 

The reprint of the full 2017 Gartner Magic Quadrant for the Wired and Wireless LAN Access Infrastructure is available to  »» download here ««

 

 

[1] Gartner Magic Quadrant for the Wired and Wireless LAN Access Infrastructure, Tim Zimmerman, Christian Canales, Bill Menezes, 17 October 2017.  This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Aruba, a Hewlett Packard Enterprise company. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

 

[2] Aruba’s 12 years of placement includes HPE (Aruba) in the Magic Quadrant for the Wired & Wireless LAN Access Infrastructure from 2015-2017 (3 years), Aruba Networks in the same Magic Quadrant from 2012-2014 (3 years) and in the Magic Quadrant for Wireless LAN Access Infrastructure from 2006-2011 (6 years). 

 

 

The reprint of the full 2017 Gartner Magic Quadrant for the Wired and Wireless LAN Access Infrastructure is available to  »» download here ««

 

 

Spend Considerations for Cloud-Managed Networking

Thu, 11/02/2017 - 13:48

 

During a recent discussion with a friend about leasing versus purchasing a vehicle, it ultimately came down to initial upfront spend. Because he wanted to live a little and didn’t plan on keeping the vehicle for more than three years, he opted for leasing and the convenience of a lower down payment, as well as the lower monthly spend.

 

Interestingly, cloud-managed networking has me discussing a similar line of thinking with customers at an accelerating pace. The established organizations want to know how cloud-managed networking can help offload the IT team, and the newer companies ask about technology value, and their desire to preserve cash. I think saving cash actually works for both, so let’s start there.

 

 According to Gartner, while 42% of CIOs report to CFOs, 75% of CFOs are actively involved in making IT decisions for their companies. As IT professionals, it helps to understand what drives the decision makers. Knowing their motivation can be the difference between getting the budget for a new management solution, or management plus something else that’s more user-facing during the same timeframe if the numbers add up.

 

Going OpEx with Cloud-Managed Networks

 

Instead of an upfront investment in appliances and software that some feel only benefits IT (we all know that management affects the user experience for everyone), customers can leverage a cloud-managed solution to shift from a CapEx to OpEx model, and pay for it on a monthly or yearly basis. No appliances, no racking and stacking, no software upgrades.

 

IT still manages the infrastructure in the example above. They are still at the center of configuration changes, policies, and reporting. They’ve just shifted the spend, where the appliances sit, and how much time is spent performing late-night upgrades to the management solution itself. The extra time and savings could then be used to deliver a new location services app, for example…

 

What I’m also seeing are organizations that want to look at an OpEx model for infrastructure as well. Even though the hardware is often considered a capital expense with a useful life of greater than one year, the rate of change within wireless technology has people thinking of ways to hold on to equipment for shorter periods. One customer I recently spoke to was still using APs they purchased from a competitor in 2009!

 

Taking the OpEx Model Further with Managed Network Services

 

Customers can opt for moving to a Network-as-a-Service model where everything that is deployed is shifted to an OpEx model. The customer pays the provider a monthly or yearly fee, where wireless, wired and the management solution are considered an operating expense. The equipment is not owned by the end customer.

 

The provider is responsible for deploying and maintaining the infrastructure, and any required management changes, in most cases. The customer’s IT resources are then tasked with developing new services, and applications that ride on the network. How much the provider is involved in is up to the customer to determine.

 

How Aruba helps

 

If you’re considering a shift to an OpEx model, talk to your Aruba account representative or take a look at Aruba Central to see what’s available today.

Understanding IntroSpect’s Modular, Data-Agnostic and Scalable UEBA Architecture

Tue, 10/31/2017 - 09:00

In a recent blog, I made the process for selecting a user and entity behavior analytics (UEBA) solution easy. Simply evaluate solutions along three axes—scalability, multi-dimensional analytics, and the integration between human and machine intelligence. 

 

Guided by these considerations, Aruba has designed a UEBA solution with a flexible architecture that delivers varying levels of machine assistance to complement analysts’ needs for behavioral analytics. 

 

Four Layers of Abstraction

 

As shown in Figure 1, IntroSpect’s UEBA is built with four layers of abstraction—use case definition, feature selection, baseline profiling, and anomaly detection.

  • Use Case Definition. The first layer defines a behavioral use case (e.g., suspicious access to critical servers) that generally requires local context. 
  • Feature Selection. The second layer is about the selection of meaningful feature categories(e.g., time, data volume, or counters) for each use case. While feature selection is mostly a human-driven effort, deep-learning algorithms (e.g., convolutional neural network) that can automatically extract discriminative features from a large volume of unlabeled training data also can be used. 
  • Baseline Profiling. The third layer learns the “normal baseline” for each entity (i.e., user or host) for each use case along two dimensions of behavior: historical and peer group. The former uses the entity’s own historical behavior, while the latter uses common behaviors across a peer group, which can be flexibly defined (e.g. from Active Directory or user-provided input) or derived through self-learning. IntroSpect also uses adaptive learning to incorporate analyst feedback into its behavioral models. 
  • Anomaly Detection. The fourth layer detects behavioral anomalies for each entity through the deviation from their baselines. This part is totally automated and machine driven. Given different dimensions and types of feature vectors selected in each behavior use case, Aruba built different unsupervised machine learning models with corresponding distance(i.e., deviation) calculations to automatically detect anomalies.

Three Critical Design Choices

 

Building a flexible behavioral analytics solution requires deliberate design choices and significant investment during product implementation. It’s well worth it as IntroSpect’s analytics identify threats that evade other simplistic approaches. This payoff is enabled by three critical design choices.

 

Modular

 

As described above, Aruba has abstracted and decoupled the use case layers (the first and second layers), which are security-context-driven, from the detection layers (the third and fourth layers), which are machine-learning-driven. In addition, we have done all the heavy lifting to pre-tune and self-tune these machine-learning models, so that security analysts can start benefiting from the solution without a deep understanding of machine learning.

 

All four layers are built in a totally modular fashion, so that security analysts – no matter whether they come with security or data science backgrounds – always can interact and influence the results of UEBA with their own expertise to improve its overall accuracy. 

 

Data-Agnostic

 

As explained in my “Three Considerations When Selecting a UEBA Solution” blog, a multi-dimensional UEBA solution that combines anomalous signals from different data sources can highly improve its effectiveness. IntroSpect’s UEBA solution is built in a data-agnostic way. This means an analyst can add UEBA support for a new use case from existing or new data sources with some simple schema and use case-specific configurations. 

 

 

If you compare these two different behavior use cases in the above pictures – suspicious access to critical servers (Figure 1) and suspicious access to buildings (Figure 2), you’ll find that the main difference between them is the data source, i.e., the first is from either server logs or network packets and the second is from badge reader logs. Except that both use cases are monitoring the same temporal features (plus some other behavior-specific features) and detecting similar behavioral anomalies. 

 

Scalable

 

IntroSpect’s behavior analytics platform is built using a big data architecture, leveraging Apache Hadoop and Spark-based technologies. For data persistence, we use a mix of NoSQL key-value, columnar, and time-series databases to store a high-volume of both raw and derived data in the most efficient format for different analytics uses. 

 

A hierarchical data processing approach enables us to break and embed different analytics requirements, such as feature extraction and aggregation, into all stream and batch processing layers, thus minimizing the data read-write cost to achieve the best scalability. 

 

Achieving Automatability

 

In “The Five Characteristics of an Intelligence-Driven Security Operations Center,” Gartner’s Neil McDonald and Oliver Rochford make a central point about how they see the enterprise security operations center (SOC) evolving. 

 

“Rather than seek full automation of all SOC activities, enterprises should seek ‘automatability’ — the capability of being automated as higher levels of confidence is achieved. Even then, analytics-driven, human-augmented security decision support systems will be used to provide the SOC analyst with the context of the recommended action, along with the details behind the verdict and recommended action.” 

 

This is the foundation of IntroSpect’s product vision. By designing a behavioral analytics solution that’s modular, data-agnostic and scalable, we enable organizations to achieve that “automatability.” 

 

IntroSpect ships with a broad range of behavioral use cases, developed by our own security experts, leveraging the modular architecture. This enables organizations to get value from IntroSpect immediately upon deployment. Analysts also can influence and improve the quality of behavior detections in many different ways. Plus they can define their own behavior use cases, allowing them to extend IntroSpect to fit their specific requirements. 

 

With IntroSpect, it’s not about replacing security analysts with automated systems (which is what resonated with Drew Conry-Murray of Packet Pushers who wrote this article about IntroSpect). Rather, it’s about enabling organizations to make optimal use of scarce SOC resources. 

 

Ready to learn more? Get the CISO’s guide to machine learning and user and entity behavioral analytics.

Aruba’s 2nd Annual Location Services App Developer Challenge

Mon, 10/30/2017 - 11:12

Are creating mobile apps a passion? Are you up for a fun and rewarding challenge where you could walk away with a new iPhone X?

 

At Atmosphere 2017 in Nashville, we held our inaugural mobile app development challenge and as hinted, we are excited to announce that it’s back for 2018! Like last year, the focus is on creating a new mobile app that uses location to improve an existing user experience, like looking for a conference room or finding a valuable asset. In addition to the Meridian Mobile Engagement solution, this year we are expanding the scope of tools at your disposal to include Aruba’s asset tracking solution, Analytics and Location Engine (ALE), ClearPass, and Aruba Central as available components that you can leverage.

 

To participate in the challenge, submit an abstract of your idea (500 words or less) to meridiancontest@hpe.com by Thursday, November 30. If selected as a first-round finalist, you will have until February to implement your idea. We will provide access to required Aruba hardware and software at no cost based on the abstract.

 

Three semifinalists will receive airfare, hotel, and a pass to Atmosphere 2018 to present their idea to peers and Aruba team members and walk away with some additional prizes.

 

Below are all of the details. Good luck and hope to see you in Las Vegas!

 

Tim

@tvaneven

 

---

 

The Contest Challenge: Using a combination of Meridian, Aruba Beacons, Aruba Tags, Aruba Analytics and Location Engine (ALE) and/or other Aruba products, like Aruba Central or Aruba ClearPass, build a mobile app that uses location to improve an existing use case by introducing your mobile workflow. Use one tool or a combination.

 

Example apps:

  • Smart office printing based on proximity
  • Automated attendance taking
  • Food and beverage ordering/pickup
  • Smart office efficiency through automation of lighting/heating
  • Location sharing of employees with visitors

Participation: Open to all US and Canadian Aruba Airheads and Aruba Partners (resellers and Meridian Engage). Note: Aruba employees and their families are not eligible.

 

Prizes: The top three entries will receive flight, hotel, and entry to Aruba Atmosphere in Las Vegas, NV from March 27-29, 2018. At Atmosphere, the semifinalists will present their design to a live audience and panel of judges. The panel of judges will select one winning entry that will receive an Apple iPhone X. Second and third place entries will each receive an Apple Watch 3.

 

Judging of the top three will be based on:

  • 30% Creativity
  • 30% Use of location services within the solution
  • 30% Execution/Implementation of mobile app
  • 10% Live presentation

Timeline:

  • All abstract submissions (500 words or less) are due by November 30, 2017.
  • Up to 10 first-round finalists will be notified by December 4, 2017.
    • First-round finalists will receive access to required Aruba hardware and software at no cost based on the abstract.
  • Semifinalists’ submissions (a 3-5-minute video of their idea in action) are due by February 2, 2018.
  • The Top 3 finalists will be notified by February 9, 2018.
  • The winner will be chosen at Atmosphere 2018 March 27-29, 2018.

See the official rules here.

 

Tinkering with mobile apps a passion? Are you up for a fun and rewarding challenge?

Submit your abstract (500 words or less) to meridiancontest@hpe.com by November 30!

What I learned from attending Gartner Symposium

Mon, 10/30/2017 - 09:00

I almost didn’t attend Gartner Symposium this year. Coming off the heels of Hurricane Irma, my West Coast mind perceived Florida as a moor that needed TLC and FEMA support before tourists entered its borders. I was wrong. Driving from the Orlando International Airport to “The Happiest Place on Earth”, I realized that even 100-plus mile-per-hour winds and rain couldn’t keep people from learning what new trends will transform tech forever.

 

Gartner Symposium unites a global community of IT leaders with the tools and strategies to help them lead the next generation of IT and achieve business outcomes. More than 7,500 attendees gathered for the insights needed to ensure that IT initiatives are key contributors to and drivers of enterprises’ success.

 

While I’m not an IT guy, I did find tremendous value in the extensive breakout sessions. There were a couple of recurring themes I’d like to share.

 

  

 

 

If there was one term that was used more than any other, it was likely artificial intelligence, or AI. AI, also known as machine learning, is the hot topic in the industry. And for good reason, as making our current technology smarter so that we can, ultimately, deliver on an end goal, is the nirvana of tech. Whether your roots are planted deep as a networking hardware vendor, or you’re a trendy app company, the term AI is likely a topic of discussion around the mahogany boardroom table.

 

Symposium taught me that AI can be broken down into nearly 40 different technologies ranging from virtual reality to autonomous vehicles. And despite all the hype, we are really in its infancy. While the term AI was born 60 years ago in a workshop at Dartmouth University, we really hadn’t been able to start to realize its potential until computers became pervasive in the late 90s, and AI didn’t gain steam until after 2008 when mobile devices entered the pockets of the general population. 

 

Hype isn’t always a bad thing. It can spur innovation and drive early adoption which is often needed to get new technologies off the ground. The Gartner Hype Cycle for AI tracks the maturity of different technologies to help senior IT leaders understand the scope, state, value and risk of technologies in the AI marketplace.

 

Discussions at Symposium made it clear that technology won’t render all job functions obsolete, instead AI will augment human intelligence. Gartner analysts believe that AI does not need to be created in a human form or present itself as a human to generate business value. Ultimately, AI will make us mere mortals superheroes by performing routine tasks – like identifying patterns and predicting outcomes – at lightning speeds. 

  May I have another, please?

 

I’m not talking about jalapeno poppers or buffalo wings either. I’m talking about those glowing squares with rounded edges on your smartphone screen. Thanks to global powerhouses like Apple and Google creating the app economy, software is now delivered in pocket-sized packages.

 

At Symposium, I learned that apps aren’t just synonymous with Instagram or Skype. App technology is influencing how we interact with what we thought were humans. There was a great deal of discussion around chatbots, computer programs that conduct a conversation or send instant messages designed to convincingly simulate how a human would behave as a conversational partner, thereby passing the Turing test.

 

The benefits of chatbots, and the blueprints available to engineer them can apply to businesses. Contributing to the onset of the post-app era is the availability of open-source bot frameworks, which will lead to an explosion of readily available chatbots to build bots that are both customer- and employee-facing. These will ultimately power the creation and use of microapps to enable fast responses to actionable information, while minimizing disruption to existing processes.

 

While AI may not take the form of a human in the early years of machine learning, the next time you’re chatting away with a helpful customer service rep on your favorite retail site at 2:00 AM, remember, it just may be a chatbot.