Networks are going mobile. The old system of terminals and servers is fading away to make room for smartphones, tablets and wireless devices of all kinds. This is great for users, but remains a security nightmare for IT administrators. Any of those devices could be compromised and ready to launch an attack against the network. The only solution is to police how devices behave on the network. Policy-defined security is one way of doing just that.

To learn more about policy-defined security, Dave Vellante (@dvellante) and Paul Gillin (@pgillin), co-hosts of theCUBE, from the SiliconANGLE Media team, visited the HPE Discover EU conference in London. There, they talked with Vinay Anand, VP and GM of ClearPass Security at Aruba, a Hewlett Packard Enterprise company.

Security through visibility

The first topic of discussion was the ClearPass system itself. Anand described it as a network policy administration platform, explaining that it can discover every device on the network, making them visible to security. From there, a defined policy covers where the device is supposed to connect and how it behaves.

The other side of the equation is enforcement. Anand mentioned that when a device misbehaves, the policy-defined platform recognizes the device has changed and can take appropriate action. The system can quarantine the offender, kick it off the network or respond in some other way.

Protection for the perimeter and the network

Preventing attackers from connecting to the system is a start, but not enough. Anand felt that perimeter security is not a lost cause, since it does stop the vast majority of attacks. Still, some will get through. He explained that the system needs other capabilities, such as breach detection. ClearPass is one of those other capabilities, giving admins the ability to step in when something misbehaves.

Analytics is also part of the solution. Anand related how once a system is compromised, attackers leave code to watch and gather data. If a company is tracking every byte of data, they can see a pattern of behavior that is not normal. Once detected, something can be done about it.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE and theCUBE’s coverage of HPE Discover EU. (*Disclosure: HPE and other companies sponsor some HPE Discover EU segments on SiliconANGLE Media’s theCUBE. Neither HPE nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo by SiliconANGLE