Aruba on Tuesday announced a new set of security integrations for Aruba ESP (Edge Services Platform), furthering its aim to deliver “edge-to-cloud” services. The new ESP capabilities include enhancements to Aruba EdgeConnect — the SD-WAN edge platform Aruba acquired last year when it purchased Silver Peak.
Aruba integrated Silver Peak’s SD-WAN capabilities into ESP — and added the new security features — to help organizations safely embrace two trends: dispersed workforces and the growth of IoT devices.
“When we talk to customers, they’re fighting battles on two fronts,” Paul Kaspian, Aruba’s senior marketing manager for Enterprise Security, said to ZDNet. “One is this exodus from the office… That’s created a lot of challenges from a networking standpoint, from a security standpoint.” Next, he said, “growth of IoT at the edge continues to be a huge security problem for customers.”
There are three components to Aruba’s new ESP security capabilities. First, Aruba is integrating ClearPass Policy Manager into EdgeConnect — bringing in dynamic zero-trust segmentation capabilities to secure IoT devices.
IoT devices are vulnerable because you can’t install a zero trust agent onto devices like surveillance cameras or medical devices, explained Derek Granath, senior director of SD-WAN product & technical marketing for Aruba. He cited the infamous 2013 Target breach, in which hackers gained access to customer credit card information by compromising an HVAC system.
“What we need to do is identify those devices, identify that traffic and isolate it… so if a hacker does get into the HVAC, they cannot get access to to the credit card transaction processing applications or devices,” Granath said.
That’s where zero trust dynamic segmentation comes in, segmenting traffic based on the identity of the device or the user, and the role it plays in the organization, as well as its security posture. The ClearPass integration automates the process of identifying all those variables and providing the appropriate access.
Next, Aruba is bringing unified threat management (UTM) capabilities to EdgeConnect with the integration of Aruba Threat Defense into the platform. This integration extends advanced intrusion detection and prevention (IDS/IPS) capabilities to EdgeConnect physical and virtual appliances. It allows EdgeConnect to share critical threat information with Aruba Central, the cloud-based network management platform.
“It’s providing more visibility of what’s going on in the network and automating the ability to thrwart potential attacks or breaches or attacks on the network,” Granath said.
Finally, Aruba is introducing a new service orchestration capability, so customers can easily connect to popular third-party cloud security services offering secure access service edge (SASE) security components. The new Aruba Orchestrator management console, formerly Silver Peak Unity Orchestrator, effectively sets up connections between the branch and third-party cloud security providers based on geolocation information.
The orchrestrator, Granath said, makes it easier to set up connections and define security policies. Rather than taking 30 to 60 minutes per branch to configure the connection, a customer could use the orchestrator to configure hundreds or thousands of branch connections in just 15 minutes.