Caffeinated thoughts about wi-fi and our world

Filtering by Tag: Analytics

Niara Represents a Strategic Shift in Network Security for Aruba

For years, network and security teams have faced an ever-vexing problem: Fighting threats using policy-based detection always in a permanently reactive posture. There is always a delta between the time a new threat is discovered and the time a policy can be deployed to guard against it. Heuristics have been used with varying degrees of success to help identify malicious files as they emerge in the wild, but this is an inconsistent approach in today’s context of ultra-mobile and IOT devices, BYOD strategies, and cloud computing. In fact, policy (think “definitions”) based approaches to security have become arguably less effective in recent years because of the contextual evolution of computing. Security Information and Event Management (SIEM) methodologies are increasingly adopted among larger and more sophisticated security teams as a result. A subset of SIEM solutions is one that focuses on gathering data about behavior of users and devices on the network and analyze them using machine learning and data analytics rather than attempting to match snippets of data streams against stored databases of fingerprinted threats. This is referred to as User Behavior Analytics (UBA).

The Niara dashboard

Until now, the mostly Hadoop-driven deployments of UBA solutions have been accessible only to organizations with deep enough wallets to deploy large, complex systems and employ large, erudite teams of security analysts. HPE aims to democratize information security with Niara, a which it acquired for an undisclosed sum within the last few months.

Niara differentiates itself from other UBA solutions with its ability to process network flows in real-time, rather than relying on log-file analysis after the fact. It’s analogous to detecting smoke from the ignition of a match versus scanning the call log from the fire department. In today’s security milieu, seconds can mean the difference between critical data being safeguarded or smuggled out the back door of the network. At Atmosphere 2017, I was part of a team privileged to attend several deep-dive sessions presented by HPE and Aruba business units, and Niara was one of the more impressive. It was apparent that their efforts to streamline, contextualize, and dynamically score network flows in a way that can be easily interpreted by employees who aren’t experienced security analysts will usher in a level of threat containment and data loss prevention to a much broader range of organizations. Niara’s dashboard presentation of individual user behavioral scores, along with the ability to quickly take action on them via ClearPass, was demonstrated during an entertaining keynote session as well.

HPE is already a consensus leader in network access control with ClearPass; additionally, the ability for Niara to natively integrate with the Aruba mobility components lays a peerless foundation for a consistent and actionable security posture--desperately needed as our devices become more diverse and less centrally manageable and the borders of our networks become more nebulous. As the integration of Niara with Aruba’s MobileFirst platform matures, we’ll soon see smaller organizations with leaner security teams deploying world-class SIEM solutions that would have recently been out of reach. Learn more about Niara here, and post back with comments if you’d like to discuss this topic further.

Machine Learning and the Future of Wi-Fi Management

While attending Aruba Atmosphere 2017, I was privileged to be a part of a team of Atmosphere Insiders who attended several deep dive sessions on emerging technologies within the Aruba Mobile First platform. Machine learning and analytics were on full display at Atmosphere, and it’s clear Aruba considers them to be central to the future of their formula for success.

One of the sessions that stood out most to me (as well as several of the other engineers in our group) featured RASA, a recent acquisition that started out as a company that deployed sensors to aggregate critical data points about the RF environment form disparate locations within a building or campus in order to make recommendations about controller and AP settings to improve performance. After being acquired by Aruba last year, the RASA team gained access to analytics gleaned from direct integration with the access point hardware itself, and the results should give pause to every enterprise Wi-Fi competitor in the market.

Why? For years, Wi-Fi manufacturers have developed and refined algorithms to gather and process data points about physical layer performance seen from the perspective of the access point (and to some degree, from associated client devices) in order to make decisions about radio transmit power and channel selection. In the Aruba world, this is known as Adaptive Radio Management (ARM). While ARM works really well in many scenarios, its decisions are based solely on the viewpoints of individual access points. As we know, that’s really only part of the equation when it comes to tuning RF parameters. Client devices often see things very differently down among the bodies and furniture where they operate, and those characteristics can change dramatically as the clients move around through the coverage cell. Good wireless engineers are adept at looking at the network from the perspective of client devices as well, and making further adjustments to compensate. Engineers also can begin to aggregate info from multiple APs and cells, but that data and resulting decisions are only valid until the environmental or situational variables change. It doesn’t take long for a new source of interference or a new usage pattern by a group of end users to invalidate many hours of predictive modeling by an engineer.

RASA offers to not only automate the data gathering and decision process that takes an engineer hours of manual work, but to aggregate it constantly and simultaneously across broad swaths of real estate and wireless spectrum. With millions of data points to examine, much better decisions can be made at both a local cell level and more macro levels as well. Of course, this kind of analysis and feedback is only possible with advanced levels of machine learning, and Aruba has positioned itself to do some pretty incredible things in the near future as a result of its forward-thinking investment in RASA.

As the 802.11x standard emerges in the coming months, the hardware and software will be asked to make increasingly granular decisions in order to benefit from the performance potential that will be no doubt be heavily marketed. Only manufacturers who embrace the promise of machine learning and analytics will be able to truly deliver on them. Aruba is demonstrating its leadership in this realm, and I can’t wait to see what’s next.