Exclusive: Aruba security VP on IoT security, encryption, and UEBA
Network architects are looking for simpler and more intuitive applications to manage increasingly complex network infrastructures.
At the same time, new encryption standards are disrupting how network firewalls function and IoT is introducing more wild cards onto the network.
TechDay spoke to Aruba security VP and chief technologist Jon Green about how the changing trends are affecting the way networks are secured.
What are the challenges in the security space that you see with IoT?There are two problems. The first is that IoT devices are showing up in corporate and enterprise environments without IT knowing they're there.
The nature of these devices is such that if you can find a Wi-Fi network to connect them to, or if you can find a wired port to plug them into, it's not beyond the average consumer
People will bring in devices just for their own personal use, or you might see facilities department that says, 'We're going to put flat-screen televisions on the walls of all of our conference rooms - oh, well, let's network those because there's already an Ethernet port sitting there' – and they don't talk to IT.
And that's a problem because of the lack of control, lack of visibility - those devices don't necessarily need to be sharing the same networks with financial systems and employee laptops.
The second problem is the quality of the devices themselves, and the amount of security the device vendors want to build into those products.
Some of them are fine, but some are really bad and there are lots of trivial vulnerabilities that give people a foothold into the network.
Those are really the two types of problems we're trying to address with IoT.
What are some of the solutions Aruba is coming up with for these problems?Fundamentally, the Aruba security architecture has always been about authentication – who are you, what type of devices are you connecting, and should you be allowed on the network?
Then our security technologies like our Introspect product monitors that to check – are you doing the thing that you're supposed to do? Or are you doing something different?
ClearPass is used as a discovery tool to figure out what's on the network and that's going to determine as devices connect in what should they be allowed to do.
And then the personal firewall, the per user firewall, that's implemented inside the network infrastructure, which is going to enforce those access rights.
What's Aruba's progress on gaining global security certifications?Within our cloud technologies, we've really focused on engineering and on feature velocity quickly. And we have good security DNA in the company.
But when you go into cloud services, it's all about being able to prove that to somebody else - and that's where these certifications really come in.
So it's somebody coming in and auditing what kind of standards we have followed, what kind of practices we have around security.
FedRAMP is probably one of the more difficult ones to achieve, and that's why we focused on that one first.
Because we think other ones like SOC 2, ISO, and PCI, those are much easier to achieve if we've already done the hard work on FedRAMP – it is simply something that qualifies us to be used as cloud solution in the US government, and a lot of other industries recognise that certification as well.
We're looking at probably early 2020 to have the bulk of the federal work completed.
A little bit of that depends on the schedule of auditors, but that's the goal.
Do Aruba and HP share cybersecurity teams?So within Aruba Cloud, for example, there are some specific product security people in that team because it's unique to that particular product.
But the policies that guide what we do come from HP and we share them with the overall company.
Anything dealing with privacy and things like GDPR, we've got a chief privacy officer, and they've made the rules for what we need to follow on those sorts of things.
How is Aruba growing the security component of its offerings and what are the developments influencing that?TLS 1.3 became ratified this year, so that's is a new encryption standard that is going to be used by browsers and all kinds of other applications and it has the property that you can't break it in the middle for doing an inspection.
So a lot of enterprises right now will use their firewalls and things like that to stop TLS and then to restart it on the other side, but it lets them inspect the traffic in clear text in the middle.
They're using that for enterprise security to see what's inside the encrypted traffic that's on the network.
When you go to TLS 1.3, you can't do that anymore.
So if you can't see the traffic in the network, you're left with behavioural analytics, which is what Introspect is focused on.
The only thing left is to say, I still know a lot about what's happening just by looking at traffic patterns to say, this device used to communicate six times a day, to this destination with this type of a traffic pattern.
And now it's continuously talking to a site in another part of the world every 15 seconds.
We don't need to be able to necessarily see what's happening inside to know, that's anomalous, that's different than it was before.
So we still see it as a key security capability for us.
I think what we'll find with Aruba Introspect, though, is once we move that to the cloud, once we have the analyser piece of that into a cloud offered service, it's going to be much easier for our customers to consume.
Right now, because of the volume of data that that system has to process, the hardware requirements are demanding – it's a large system - and that adds to the cost.
Of course, if we can centralise that into a cloud-offered service, it's going to be much more reasonable for customers, so I think we'll see growth of the of the service at that point.