When integrated with Aruba ClearPass, IoT Security provides it with accurate IoT device identities and notifies it whenever a security threat arises and device behavior veers from what is expected and safe. IoT Security does this by discovering IoT devices on the network, identifying and profiling them, and then reporting them through Cortex XSOAR and an on-premises XSOAR engine to your ClearPass system. IoT Security also checks for security risks and anomalous behavior, and when it discovers any, it sends alerts to ClearPass for automated policy enforcement.

IoT Security populates custom endpoint attributes on your ClearPass instance with device data. ClearPass then uses this data in NAC (network access control) policies to segment endpoints into VLANs for reduced risk exposure. In addition, with just a couple of clicks from the IoT Security portal, you can manually quarantine compromised devices identified by IoT Security alerts and later remove them from quarantine.

Make sure your XSOAR engine can form an HTTPS connection to your ClearPass instance on TCP port 443.

Integrating with Aruba ClearPass requires the purchase and activation of a third-party integration add-on. The basic integration plan includes a license for three integration add-ons, one of which can be used for Aruba ClearPass. The advanced plan includes a license for all supported third-party integrations.