Let’s talk about ClearPass, the family of rock-solid network access control solutions from Aruba, a Hewlett Packard Enterprise company. Wait – you’ve never heard of ClearPass? It has been a bit of a hidden gem, quietly getting on with its job without skipping a beat while networks kept evolving from wired to wireless, from BYOD to IoT, and from the data centre to the cloud.
Officially, it provides uniform profiling, authentication and authorisation of your users, systems and devices seeking access to IT resources. Although, a more relatable description is that it makes sure NOTHING connects to your wired, wireless or VPN network without your permission – and what is allowed to connect can be secured and protected with very granular permissions and policies that govern access and use. That includes the new iPhone your CEO just bought and tried to connect themselves, or that Smart TV that your facilities manager connected to test out its features.
ClearPass is actually a family of products comprising of:
You also don’t need to be an Aruba customer to make use of ClearPass. While you do get some additional device insight capabilities if you have Aruba infrastructure, its hardware and software agnostic and works with any vendor and device.
What if you don’t want – or need – to introduce all the capabilities of ClearPass? Can you just install one or two? Absolutely. It’s designed to be modular with each capability working standalone, but if you have more than one, they are tightly integrated, sharing information for an even more powerful solution.
Given these details alone – and we’ve only just touched on what ClearPass can do – don’t let the fact that things have gone quiet on the ClearPass front make you think it’s not still working and evolving. If you peel back the layers of Aruba Edge Services Platform (ESP) and Central, its cloud-based network management hub, you’ll discover ClearPass plays a pivotal role.
So, whether you currently use Aruba products, or not, or whether you use ClearPass, or not, we want to look closely at ClearPass Device Insight and ClearPass Policy Manager – two solutions that go well beyond simple guest and device onboarding.
Cloud-hosted, ClearPass Device Insight is like having an all-seeing eye, monitoring and controlling all device connections on all networks.
It continuously scans the networks to detect and collect information about devices such as attribution, destination IPs and applications used. It then groups unknown and known devices into device clusters. Using user-defined device classification rules, it can also classify or reclassify devices that are discovered on the network that match the rule criteria. If a device or network activity changes, it catches that too. It also makes use of crowdsourcing technology to share new device information captured on networks across multiple ClearPass Device Insight customers’ sites. It is most powerful in the case of IoT devices where they are often just ‘plugged in’ and connected outside of IT. In short, all devices are authenticated or authorised – completely eliminating unknown devices from the network without the need for manual intervention.
IT can then use the Device Insight user interface to gain granular visibility into the devices on the network and make more informed network access control decisions.
If ClearPass Device Insight acts as your gatekeeper, profiling, authenticating and authorising every user and device, then ClearPass Policy Manager is the sheriff enforcing your rules on anything allowed in.
To put it more officially, ClearPass Policy Manager delivers role- and device-based secure network access control for all your IoT, BYOD and corporate devices plus all users including employees, contractors and guests – and this extends across your entire multivendor wired, wireless and VPN infrastructure. The entire solution includes a built-in context-based policy engine, device profiling, posture assessment, onboarding, and secure self-service capabilities for end users trying to access the network.
They say humans only use a small portion of our brains. It’s the same with ClearPass. Most customers use ClearPass for device onboarding and guest access, but there is plenty more functionality in the application. ClearPass is the foundational piece – as from there you can go in multiple directions. Here are some further avenues to explore:
It’s worth stating again that ClearPass supports a diverse and wide range of third-party systems and solutions, to provide a coordinated defence from one fully integrated system.
ClearPass has that covered too and can be natively operated in Microsoft Azure and Amazon AWS as a virtual platform.
As we hinted up front, ClearPass has been around for a while now starting life in the early 2000s as the AmigoPod solution. Since then, the platform has been constantly evolving to provide authentication, identity, security and policy management through every technology change and network evolution, right up to today where the influx of IoT has created havoc for network security (but more on that in our next blog). We highly recommend taking a look at this infographic, which provides a more detailed look at ClearPass’ rich heritage.
What we want you to understand here is that ClearPass has been innovating from day dot and continues to do so by leveraging technologies such as crowdsourcing, AI and machine learning algorithms. Need another example? It’s part of the corporate mainstream today, but ClearPass was using the concept of Zero Trust before the term was even in common usage. The ClearPass mantra has always been nothing is trusted or gets access until it is first authenticated – guest users, mobile devices, BYOD, IoT – any device, anywhere.
No matter how much the world moves to cloud and ‘aaS, we believe ClearPass will remain the most dependable, reliable and scalable way to secure what you’ve got, and to protect your network wherever you’re going next.