The branch office has always been one of the most difficult parts of your network to secure. Why? Because it's remote! Managing remote sites can be trivial if you have a handful of sites. Making changes is easy when you only have to remote into 10 or 20 devices and make some config changes. It’s hardly trivial if you have hundreds or thousands of sites. Deploying a new security measure, making changes to allow for new enterprise apps, or something even more complicated. The list can go on and on. Then, of course, there are the users. Remember that one site you never quite got around to enabling 802.1x on? Now someone's gone and brought in a personal laptop, stuck it on the corporate network and the latest flavor of ransomware is now making its way through the network.
Some SD-WAN solutions put security in the name to make you think they might be more security-focused than others. Then others might make you buy a ton of extra licensing just for their security features to be added on, and they don't always play nice with other security vendors that you might already be using and are invested heavily in. Switching to a new security vendor is hardly a trivial task regardless of the size of your organization.
Separating out traffic is essential, too. Sending all the traffic from a remote site back through a central location wastes bandwidth. With any good SD-WAN solution you can separate out the unnecessary stuff, like wireless guest traffic, and traffic destined to social media sites. Or, if you’re using cloud applications, you can offload that traffic directly to the local Internet connection rather than traversing the MPLS network or IPSec tunnels back to corporate headquarters. The traffic can egress directly to the cloud from the branch, saving bandwidth and allowing it to be better utilized for user access to corporate resources.
With Aruba SD-Branch, security is built in from the ground up. It starts with the Aruba SD-Branch gateways themselves. They have this really cool feature called Secure Boot where the device is extremely restricted until it gets its configuration from Aruba Central. There are other great features packed in them too like deep packet inspection, and web content and reputation filtering.
Aruba’s SD-Branch is tied into Aruba’s security framework. For network access control you have Aruba ClearPass. If you didn't know, with ClearPass you can dynamically assign security policies based on the user or device, rather than the old way of doing it—by port or IP address. For everything else, there's a huge list third-party security solutions that integrate directly. So, that Duo subscription you’re paying for? You can keep using that for your multi-factor authentication. Already an Infoblox user for your IP address management? No sweat, you can integrate that too. The list goes on and on with top solutions from AirWatch to Zscaler. There are more than 100 vendors that partner with Aruba to bring the best-in-class of security to SD-Branch.
If you want to learn more about all the security that’s packed into SD-Branch then I’ve got a few links you check out.
First, you can learn more about Aruba security framework. There you can learn more about all of the security vendors that partner with Aruba, and I bet the ones you're using are on the list.
Next, check out this Aruba SD-Branch Hardening Guide. In it, you'll learn about all the security features that Aruba has packed into these gateways.
Then, you've got to learn more about Aruba ClearPass. There's no better place to do that than the Airheads Community Learning section. Just drop ClearPass into the search and you’ll find tons of rich content. There’s an entire Getting Started series of videos in there that will show you everything from installing the ClearPass VM, setting up WPA2 Enterprise and so much more.
Securing remote sites from threats is more important than ever and with SD-Branch it is also easier than ever!
Read My Other Blogs
SD-Branch Changes Your Perspective of Remote Offices