Table of Contents
- Why do we need to monitor network security?
- Network security metrics
- What is Aruba Clearpass?
- Clearpass functional modules
- What is Grafana?
- Using Grafana dashboards for monitoring network security
- What is Graphite and Grafana?
- How to integrate Aruba Clearpass with Grafana?
- Using MetricFire for hosting Graphite and Grafana
In this article, we will explore why it is imperative to constantly monitor network security metrics, what Aruba Clearpass is, and how it helps us manage network security. Then we will look at what Graphite and Grafana are and how to analyze metrics with their help. Finally, we will learn how MetricFire can make it easier for us to work with Graphite and Grafana.
Why do we need to monitor network security?
Monitoring network security metrics is important so that we can manage network security. With the help of various metrics, we can assess the effectiveness of network protection measures against cyber threats. Now there are a lot of cyber threats, and new ones appear pretty often. Therefore, it is important to update tools to protect against new threats constantly. Monitoring the metrics will help to identify security problems in time.
By monitoring the metrics, we can analyze the key risk indicators and the network’s security status. This allows us to understand how our security system works over a period of time and what processes need to be improved. Another reason for monitoring metrics is that they can be used in cybersecurity reporting because they provide quantitative information.
Network security metrics
Let’s take a look at the basic network security metrics that can be monitored.
- Mean-time-to-detect (MTTD). The time it takes to learn about security threats.
- Mean-time-to-respond (MTTR). The time to respond to a cyberattack after it is detected.
- Mean-time-to-contain (MTTC). The time it takes to eliminate the identified attack.
- Several systems with vulnerabilities. It is imperativepluginspluginsate and patch systems to eliminate vulnerabilities that can be exploited for an attack.
- The volume of data that is transported through the corporate network. If a large volume of data passes through the network, especially if the data is downloaded from dangerous sites, then there is a high probability of downloading malware.
- The number of users with admin access. It is good practice to separate users by levels of access to files and systems and grant users only those rights that they need to work.
- Frequency of access by third parties. If, when working with third parties, to perform some tasks, they were given access to your system, you must remember to close access after the tasks have been completed. This is important to prevent third parties from taking over your confidential data, as well as to prevent intruders from gaining access to your system through third parties.
- The number of intrusion attempts. How many times the attackers have tried to gain unauthorized access.
- Medium Vendor Security Rating. Your network’s security depends not only on you, but also on the vendor’s trustworthiness, so it is very important to track the performance metrics of your vendor’s security.
- Average vendor response time to attacks. The longer vendors respond, the higher the likelihood of data leaks.
What is Aruba Clearpass?
Aruba Clearpass is a policy management platform that allows corporate and personal devices to connect to your network in accordance with your security policies. It allows you to grant different levels of access to devices based on user roles, device type, and cybersecurity state.
Clearpass functional modules
For ease of use, Aruba Clearpass is divided into four functional modules: Policy Manager, Onboard, Onguard, and Guest.
The Policy Manager allows you to create role-based or device-based access policies for wired, wireless, and VPN networks. Policy Manager simplifies and automates device configuration, checking for compliance with security policies, and supports the ability to emulate and monitor the created policy to check the health and correct settings.
Onboard is part of Policy Manager and is a plugin for automating device connectivity on Windows, Mac OS X, iOS, and Android.
Onguard is a software agent that allows you to ensure that a device connected to a network is checked while meeting security requirements. This module blocks or restricts access to the corporate or guest network for devices or users that violate security policies.
Guest allows you to automate the process of obtaining guest access and, at the same time, ensure the security of your corporate network. Guest will enable you to create tens of thousands of connections without IT staff involvement.
What is Grafana?
Grafana is an open-source tool that allows you to visualize various metrics of your system using beautiful graphs and diagrams. Grafana allows you to create custom dashboards and display data on them that can be downloaded from various sources. With Grafana, you can analyze data over a period of time, which allows you to better understand the behavior of the system, errors type, and frequency, plan future activities.
Let’s list some of the features of Grafana.
- Dashboard Templates. You can design your dashboard in templates as if you were writing code. This can be very useful as templates allow you to reproduce the same design in several different environments.
- Annotation. Grafana not only allows you to create annotations manually but also to set up automatic annotations. This means that when a specific event occurs, a customized annotation will be added to its mark.
- Custom plugins. Grafana has the ability to install additional plugins if you want to expand its capabilities.
- Alert. Grafana lets you customize alert criteria and decide who you want to send it to.
- SQL Support. With SQL support, you can flexibly retrieve metric data from a variety of database sources.
- Different data sources support. Grafana can connect to a lot of different data sources such as MySQL, PostgreSQL, ElasticSearch, Influx DB, Prometheus, Graphite.
Using Grafana dashboards for monitoring network security
Grafana dashboards consist of a set of widgets, but they can also contain variables, folders, and other functions. The basic element for data visualization is the panel. You can change the style, format, size, and position of the panel. After creating the panel, you need to select a data source and create a query. We will use Graphite as the data source.
Grafana has JSON-based dashboards. You can export your customized dashboard to a JSON file. This file contains a list of charts used in the dashboard and their settings. It is also possible to generate an external link to the dashboard or create a screenshot of it.
What is Graphite and Grafana?
Graphite is a monitoring tool that makes it easy to store time-series data and has basic tools to display this data. It also has math functions that allow you to process data in real-time. Grafana allows you to connect to Graphite and use it as a data source. In this case, Graphite data visualization tools are replaced with more advanced Grafana dashboards.
How to integrate Aruba Clearpass with Grafana?
First, you need to save your network metrics with Graphite. Then create a Grafana dashboard and connect to Graphite to get metrics and display them on a Grafana dashboard.
Using MetricFire for hosting Graphite and Grafana
MetricFire is an open-source platform that provides tools for monitoring infrastructure, systems, and applications. MetricFire offers Graphite as a service and Grafana as a service so you don't have to worry about installing, configuring, and maintaining them.
Benefits of using MetricFire:
- You have complete control over your data and you can access it at any time.
- Reliable technical support. If you have any questions, our technical team will be happy to help you.
- Transparency. MetricFire works transparently, you can always view its system metrics on the status page.
In this article, we looked at what network security metrics are, why it is important to monitor them, and how to do it using Aruba Clearpass, Graphite, and Grafana. We also learned that MetricFire is the best choice for hosting Graphite and Grafana.