Aruba plugs core enterprise SASE, SSE service protection directions

Aruba Networks is showing off some enhancements to its security platform – including new zero trust and sandboxing features – that promise to help customers advance fortification of their hybrid cloud and enterprise network environments.

Hewlett Packard Enterprise’s network subsidiary is also detailing the progress it has made in integrating the security technology from its March purchase of Axis Security into Aruba’s security service edge (SSE) platform with Aruba’s SD-WAN and Secure Access Services Edge (SASE) offerings.

Some of the new features and directions will be demoed and discussed as part of Aruba’s presence at this week’s Black Hat 2023 event which will focus on everything security including AI, automation and threat intelligence issues.

Aruba executives say in the security realm one of the vendor’s main efforts is around developing features that let enterprise customer extend protective services that extend beyond the data center to embrace the hybrid worker, edge and branch resources and the other devices connecting to the network.

“Some of the key initiatives are to secure hybrid work and make sure the internet is safe for work – we are working to have the right policy engine in place that lets customers have the right visibility and control to make those environments super safe given that a lot of the work is taking place outside the corporate network,” said Chris Hines, vice president of strategy for the Axis Security team which is now part of Aruba.

“The other focus is on bringing networking and security technologies closer together because we are seeing that take place and every customer account,” Hines said.

One of the technologies Aruba previewed is a new overarching centralized policy manager that will operate and control the entire enterprise networking and security system, said Larry Lunetta, vice president of portfolio marketing for Aruba. Such policy manager would stretch across Aruba’s EdgeConnect SD-WAN, SD-Branch and Microbranch offerings as well as its developing Aruba SSE platform and be centered on its ClearPass policy management platform and central management platform, Aruba Central.

“What we will be delivering over time is a single security policy that will operate across that entire estate, not just wired not just wireless, not just at the edge, but from edge to cloud, no matter how a user connects no matter where they’re located,” Lunetta said.

On the SASE/SSE front, Aruba is actively integrating the Axis SSE technology with its with SD-WAN and SASE offerings.

With SASE Aruba is moving toward a single, all inclusive package to compete in the so-called single vendor SASE arena that brings networking and security technologies together to offer customers the role-based control they need to protect users everywhere, Aruba stated.  The idea is to let enterprise customers buy a SASE package from one vendor rather than mix and match pieces from multiple vendors.

Gartner says the single-vendor SASE trend is a growing one, and that by 2025, one-third of new SASE deployments will be based on a single-vendor SASE offering, up from 10% in 2022. By 2025, 65% of enterprises will have consolidated individual SASE components into one or two explicitly partnered SASE vendors, up from 15% in 2021, the research firm predicts.

Aruba is also looking to be a big part of the SSE market as well.  According to Gartner, SSE combines several key security functions – including a cloud-access security broker (CASB), secure web gateway, zero-trust network access (ZTNA), and a next-generation firewall – into a cloud-based service to streamline management.

By 2026, 85% of organizations looking for a CASB, secure web gateway, or ZTNA will obtain these from a converged solution rather than from separate vendors, Gartner predicts.

One of the first new features the company will bring to the SSE package is support for technology that supports what the vendor calls locally deployed zero trust network access (ZTNA) that supports zero trust capabilities locally without requiring traffic to traverse a path to the cloud when accessing data center and private cloud resources, Hines said.

“So what we’ve done is create a local edge which is a lightweight virtual machine that sits in the customer’s environment and brokers traffic, so if your user working from home or grandma’s house or Airbnb, that a policy is allowing you to get access to only the specific apps you want,” Hines said.  “So if you’re on prem, it doesn’t always make sense to go out to the internet. The broker lets local users to connect to on premise applications extremely quickly.”

Another new SSE feature will bolster security protection against threats such as malware or ransomware.  The company is developing a new sandbox feature that will let organizations test suspicious files in a safe virtual environment and destroy malicious files before they cause damage, Hines said.

In addition the Axis team is developing a way to block risky websites through a new reputation-based blocking feature that uses AI tools to practically gather information and block those types of applications from being accessible by the user, Hines said. 

Next read this: