Aruba ClearPass Review

Makes it easy to require robust user authentication for both wired and wireless endpoints


What is our primary use case?

ClearPass is the best Network Access Control "Swiss army knife" out there right now. It can do 802.1x (WPA2-Enterprise) for WiFi and LAN. It also has one of the slickest guest captive portal experiences and workflows out there, along with an easy, drop-in BYOD application.

I have not had too much experience with OnGuard, the endpoint integrity feature, but it does that too. With all of the ClearPass integrations and RADIUS Change of Authorization (CoA), it is possible to login wired or wireless endpoints based on a variety of identity stores, then create and associate security policies, e.g., DACLs, based on a device. 

Dynamically provision VLAN assignments, i.e., no more "color-coded ports", write Palo Alto Networks (PAN) NGFW policies that are associated with a specific user (rather than IP address), and quarantine or drop an endpoint off the network in an automated manner if an incident is detected.

All of this, naturally, comes with a lot of details in implementation, but my experience was, like all things InfoSec, implementing the controls is easy if you already have a clear, documented, executive-supported policy that you are using as the control to enforce. Otherwise, the control gets blamed for what is really a lack of clarity and leadership regarding the underlying business policy.

How has it helped my organization?

It makes it easy to require robust user authentication for both wired and wireless endpoints, including BYODs.

What is most valuable?

Access Tracker is definitely the feature that I use the most. It is invaluable for troubleshooting access control incidents and quickly getting to the root cause.

What needs improvement?

It should be clearer in the pre-sales stage that clear, documented, executive-supported InfoSec policy is the key to success.

For how long have I used the solution?

Less than one year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email