HPE Aruba ClearPass Integration with ArcSight for Automated Remediation

Summary:

This document discusses the integration of HPE ArcSight with Aruba ClearPass, aimed at improving network security by automating the blocking of unauthorized devices or users on both wired and wireless networks. The integration allows ArcSight ESM to manually or automatically block access from unauthorized entities, enhancing protection against cyber threats like infected machines or malicious users. It supports various network environments and offers cross-vendor support for device and user base access control. The integration provides detailed event, user, and device context via CEF (Common Event Format) and includes features such as ultra-scalable AAA with RADIUS and TACACS+, contextual data based on user roles, device types, app usage, and location. This solution also supports various network equipment from different vendors and offers an API for automation and integration along with a command line interface. HPE ArcSight and Aruba ClearPass are part of Hewlett Packard Enterprise's (HPE) security management software offerings, which includes updates, patches, and integration details with other systems like Logger, ConApp, and ArcMC Gen 8.

Details:

HPE ArcSight has integrated with Aruba ClearPass to enhance network security by providing automated remediation capabilities for blocked devices or users. This integration allows the SIEM (Security Information and Event Management) tool ArcSight ESM to manually or automatically block unauthorized access from both wired and wireless networks, protecting organizations against potential cyber threats such as infected machines or malicious users. The integration offers several benefits: 1. Cross-vendor support for device and user base access control across different network environments. 2. The ability to send events in the Common Event Format (CEF) to ArcSight ESM, providing detailed event, user, and device context which is crucial for effective security management. 3. Enhanced functionality compared to the discontinued ArcSight TRM, offering a more robust solution for managing access control and network security. More information about this integration can be found in the provided documentation links, including a document on how to set up ClearPass for CEF (Common Event Format) which is applicable for both the Logger and ESM tools within ArcSight. HPE Aruba ClearPass Policy Manager also offers ultra-scalable AAA with RADIUS and TACACS+ features along with contextual data based on user roles, device types, app usage, and location to cater to modern mobile network requirements. HPE ArcSight and HPE Aruba ClearPass is a network access control (NAC) solution that supports various network equipment from different vendors, not just Aruba. It provides support for wired, wireless, and VPN access while including endpoint security option OnGuard to verify the security posture of end nodes. The system also offers an API for automation and integration as well as a command line interface. For more information, you can visit the ClearPass home page or contact HPE ArcSight and HPE Aruba ClearPass product management. This is a page of information about various products and updates from Hewlett Packard Enterprise (HPE) related to their ArcSight security management software, including patches, new versions, end-of-sale notices, and integration with other systems like ArcSight Logger, ConApp, and ArcMC Gen 8. It also mentions the availability of official backup and recovery guides for specific ArcSight products, a patch for vulnerabilities (CVE-2016-0728), and announcements about the end of life for some features in Threat Response Manager (TRM) and Network Security Platform (NSP). The page includes links to other sections like privacy policy, terms and conditions, and site feedback. The software version is Jive Software Version: 2016.1.0.0 , revision: 20160301103719.6b9730c.release_2016.1.4.