A SIEM in Every Switch: Aruba’s Zero Trust Strategy

By Jennifer Minella, VP of Engineering and Security, Carolina Advanced Digital
Share Post

Zero Trust Security was a big topic at Aruba #ATM Digital, and it’s not surprising. We’re in an era of heavy data privacy regulations and mounting concerns of both insider and external attacks.

I was fortunate to have participated in the Networking Field Day Experience at ATM Digital and therefore was able to ask some probing questions during demos. As the Aruba product managers and system engineers leading security sessions uttered phrases like "full traffic visibility", "risk scores", and "behavioral attributes", bells went off. But there wasn’t any direct mention of Aruba IntroSpect, its user entity and behavioral analytics (UEBA) and network traffic analysis (NTA) product.

It’s sounded like all of the juicy goodness of IntroSpect was integrated into Aruba's Zero Trust Security approach, including its profiling engine (ClearPass Device Insight), NAC (ClearPass Policy Manager), and dynamic segmentation components.

Impact on Customers

What does this mean for customers? The overall strategy of Aruba ESP (Edge Services Platform) does not mean just less operational overhead, but a fully integrated security solution that permeates the entire network—wired and wireless, centralized and remote.

The power of behavioral analytics overlaid on traditional profiling and NAC solutions, combined with granular access policies and dynamic segmentation, means customers are one step closer to a solution set that will actually deliver on the promises of micro-segmentation and the granular controls required by today's complex, sprawling, and IoT-laden networks.

A More Technical Look

Terms like "zero trust networking" can be a bit buzzwordy, so let’s look at specific examples of why I’m unusually optimistic about this integration. UEBA and NTA solutions (such as IntroSpect) rely on full network visibility, specifically through things like span/tap ports on the network that send traffic to collectors or aggregation points. (In fact, with Aruba’s new architecture, the network devices themselves can act as the collectors – but that’s a blog for another day.)

Having full visibility of what every endpoint is doing, what it’s communicating with, how, where, and when is extremely powerful. It’s SIEM-powerful. It’s UEBA-powerful. It’s Master of the Universe-powerful.

As an immediate use, this data is an immense help when it comes to tasks like discovering and identifying users and devices on the network, specifically with device profiling. As someone who’s worked with NAC technologies for more than 15 years, I’ll share with you that while manufacturers do a great job with marketing fluff and demos that show you how easy and wonderful network visibility and profiling is – the truth is that profiling is the hardest, messiest, least accurate, and most time-consuming part of a NAC or segmentation project.

And it’s garbage-in-garbage-out. If you skimp on the profiling effort, you’ve just knocked your security posture down several notches. The ability of a network to add the context of traffic and data flows with other profiling methods is huge and it is one area customers will notice a marked difference if this product suite works as advertised. That’s just one example.

Looking into the future, ultimately, integration of security into the network also has the power to feed the AIOps features for automation of network operations. Imagine automating better traffic paths and QoS more dynamically. Something reminiscent of SDN but without the extra mess and fuss.

What to Expect

Aruba’s new ESP platform and Zero Trust Security strategy certainly feels like a big step in the right direction, and out of all the announcements from #ATMDigital, I think this has the potential to be one of the most impactful to organizations seeking to improve their security posture through thoughtful and meaningful network visibility and control.

The proof though will be in the customer outcomes. Demos don't necessarily show all the complexity or limitations of a product. But having seen these solutions a la carte already, I'm optimistic and very eager to see this suite in action!

Watch ATM Digital sessions on AIOps, Unified Infrastructure, and Zero Trust Security.

See more highlights from this year's ATM Digital.