Close

HPE Aruba Networking Blogs

Cutting Through the Security Mist: Wi-Fi That Works Has Zero Trust Built In—From the Edge to the Cloud

By Larry Lunetta, VP HPE Aruba Networking, Portfolio and Communities Marketing

Cutting Through the AI MistSometimes it takes a while for the market to put a name on what you have doing for a long time. We feel that way about Zero Trust. For those not following the latest in security trends, Zero Trust is simply defined as not trusting either the endpoint or the network in terms of granting IT access.

When Aruba was founded in 2002 we identified security as one of the key challenges for organizations adopting wireless connectivity. That’s why we introduced the Policy Enforcement Firewall (PEF), a Layer 7 stateful firewall that enforces role-based access control across the network, independent of the method of connection. At that time, the market didn’t call it Zero Trust, but essentially that is what it was: the user or device must be authenticated and once that happens, application-layer IT access is granted based on the role of that endpoint. PEF is the enforcement point.

We’ve shipped millions of Policy Enforcement Firewalls that run on both Aruba access points and gateways.  As such, they are embedded in our network infrastructure and protect not only wired and wireless LAN connections, but also anchor the Zero Trust security in our edge-to-cloud SD-Branch solution. Our Zero Trust protection is so effective that in September 2019 PEF was the only firewall designated by the insurance industry as Cyber Catalyst℠ based on its demonstrated ability to reduce risk.

For some network vendors security is an afterthought. Their networks are the opposite of Zero Trust: wide open, uncontrolled and vulnerable. They try to cover their lack of access control by outsourcing the problem via paper partnerships with standalone security vendors. It’s left up to the customer to patch together some level of protection with multiple vendors and it is a far cry from built-in Zero Trust.

PEF is the critical component for Aruba Zero Trust that works in conjunction with other elements of the Aruba network ecosystem to implement the management and visibility needed by both the operations and security teams. ClearPass Device Insight automatically discovers and profiles everything that is connected to the network and is integrated with ClearPass Policy Manager for assignment of a role and the associated IT access rights.  To close the loop, the policy is passed to PEF for control of wired, wireless and WAN traffic via Aruba Dynamic Segmentation. Built-in Zero Trust.

It doesn’t take a security expert know that spearfishing, ransomware and denial-of-service attacks are an ever-present danger. To deal with this threat environment, Zero Trust is a must-have foundational element in any enterprise security system. But, you can’t paste on Zero Trust, which means network vendors that have taken security shortcuts will leave you critically unprotected.