This blog will focus on Plixer’s current capability to extract flow from the different solutions Aruba has to offer today. I will go over the integration steps with Aruba ClearPass and the role we play in an automated role-based access monitoring setup using ClearPass.

Wireless monitoring

It’s no secret that Aruba has a fantastic suite of solutions. Most notably their wireless solution is always where my mind goes when I think “Aruba.” Plixer’s own Scott Robertson covered the benefits of wireless network visibility using NetFlow in his blog; start there if you want a primer on what flow collection benefits can be gained when you start collecting from your wireless infrastructure.

In Aruba’s documentation they note that any device running ArubaOS 8.0.1.0 supports wireless attribute exports that provide deeper details into:

  • MAC
  • IP
  • SSID

IPFIX support

If you’re looking for instructions on where to set up the flow information export, start with our Aruba IPFIX support blog. This blog covers the observations our team had while performing this setup in our lab. The Aruba write-up on monitoring network traffic using IPFIX is what we followed during our setup, so you’ll likely find it helpful as well.

sFlow support

If you have switching infrastructure, you will also need to look at Aruba’s configuring sFlow page, as many of their switching solutions use sFlow. Plixer Scrutinizer is a well-established NetFlow-, sFlow-, and IPFIX-collection platform, so regardless of the export type, we can ingest and report on the traffic.

ClearPass

The ClearPass platform is a native NAC solution that gives administrators agency over their device access policy. Plixer is known for integrating with solutions like ClearPass to allow administrators access to that rich metadata on multiple monitoring solutions. The way we would currently integrate into this fabric is two-fold:

Plixer Beacon

Plixer Beacon has some NAC-like qualities of its own; it ties into the ClearPass architecture through RADIUS accounting and can kick off event notifications into ClearPass via syslog. Coupled with the many sources of data collection (DNS, DHCP, SNMP polling, SNMP traps, NetFlow/J-Flow/sFlow, Active Directory, RADIUS accounting, port mirroring etc.), Beacon can fact-check alerts that teams might not see natively in ClearPass.

Scrutinizer & machine learning

Beacon’s insights are already delivered to Scrutinizer in the form of an endpoint summary directly within Scrutinizer’s interface. But this summary is only a portion of that integration; using machine learning Beacon will inform the ML models created by the data within Scrutinizer to create very high-fidelity alerts. These alerts can then be fed back to ClearPass, where policy action can be taken.

Integration and the future

In a not-so-distant future, Plixer Scrutinizer backed by Beacon and the machine learning engine will ingest custom IPFIX data from the ClearPass platform for use in event creation and report building. Enhanced visibility on the endpoint events comes via Scrutinizer and Beacon, which work together to deliver the risk, location, and possible policy matches for a given host on the network. All of these then feed into the model creation engine of the ML platform. The result is an automated policy and access management alerting system built to act when specific security and network anomaly detection events are generated and verifiedby the ML engine. These alerts will then be delivered to ClearPass via syslog or custom scripted API and ClearPass will then take a specific action based on the type of alert being sent. In a week’s time we can have machine learning models up and delivering insights about your network traffic, so why not kick of an evaluation to start 2021?

This concept is exciting and gives us another glimpse into the future where automation will continue to play a larger and more important role in the day-to-day operations of the enterprise network. Subscribe to our blog and look out for a follow-up blog that will walk through more of these details in the near future. Reach out to us if you want to see the Plixer platform in action, and make sure to download the new Network Detection and Response Market Guide from Gartner.

Stephen Tutterow

Stephen is a Field Engineer with Plixer based in Atlanta, GA. He especially enjoys breaking down complex subject matter into simple steps and working with customers on implementation strategy and design. When he’s not on the job, Stephen spends his time listening to podcasts, making puns, and enjoying the company of friends and family.

Related