HPE Aruba Networking Blogs

Expanded application-aware access control and traffic segmentation capabilities ease Zero Trust and SASE adoption

By Larry Lunetta, VP, HPE Aruba Networking, Portfolio and Communities Marketing

As Cybersecurity Awareness Month wraps up, it’s important to focus on its key principle of staying safe online. Now, more than ever, keeping your employees safe online means the network must be vigilant about what traffic is flowing and where it should go.

Building security into network infrastructure is deep in our roots at HPE Aruba Networking. This tradition continues with built-in support for Zero Trust and Secure Access Service Edge (SASE) via the HPE Aruba Networking Central cloud-delivered network and security management solution. Today, we take that one step further, announcing expanded capabilities within HPE Aruba Central NetConductor, the industry’s only full-stack unified policy and fabric orchestration solution to span campus, branch, data center, and SD-WAN domains, and enhancements to our campus switch and SD-WAN solutions. As organizations implement unified access policies from edge to cloud, these innovations will increase both IT efficiency and cyber protection.

The newly announced HPE Aruba Central NetConductor and network infrastructure capabilities are:

Application visibility and policy enforcement in every HPE Aruba Networking CX 6300 and CX 6400 switch, expanding Zero Trust Network Access to campus and WAN fabrics

Zero Trust Security requires consistent enforcement of least-privilege access throughout the distributed organization, yet comprehensive global policies can be difficult to define and maintain across multiple locations and disparate infrastructure. Complexity and inconsistency can lead to performance inefficiencies that impact user experience as well as security gaps that can expose the organization to greater cybersecurity risk.

With the new stateful application-aware role-based policies defined within HPE Aruba Networking Central NetConductor, organizations can simply define and “one-button” propagate granular L2-L7 network access policies. Policy definition within the global policy manager is based on easily expressed business rules and enforcement occurs inline within HPE Aruba Networking CX switching infrastructure, effectively adding application firewalling capabilities to every HPE Aruba Networking CX 6300 and CX 6400 switch without additional hardware. No more wrestling with VLANs and ACLs.

Multisite connectivity and security enhancements via SD-WAN

In addition to campus switches, role-based application-aware access policies are also propagated throughout the distributed enterprise via HPE Aruba Networking EdgeConnect SD-WAN and SD-Branch solutions. With standards-based EVPN-VXLAN support for SD-WAN gateways, organizations can define policy once and enforce everywhere, from the edge to the cloud.

Regardless of where a user or device is connecting from, the same role-based application-aware access control policy can be globally enforced. And adding enforcement capabilities within the campus switching and WAN infrastructure eliminates unnecessary transit of data through central policy enforcement points, effectively bringing policy enforcement closer to the user and optimizing network performance and end-user experience in the process.

Let’s not forget IoT when it comes to Zero Trust and SASE

HPE Aruba Networking Central NetConductor also can enhance Zero Trust protection for IoT devices, which represent an expanding attack surface. With Central NetConductor, which includes AI-powered Client Insights, network and security teams can discover, fingerprint, define, and enforce policies for IoT devices in a manner analogous to user access control.

The intersection of security and networking is growing more prominent, and HPE Aruba Networking is bringing those technologies closer together in the new Central NetConductor capabilities and in single-vendor SASE—consistently enforcing granular application access policy at the edge and enabling Zero Trust Security protections without added hardware or operational complexity.

Enhancements to HPE Aruba Networking Central NetConductor, including application-aware policy enforcement in campus switching, allow network and security teams to work together to enhance protection and optimize user experience.

These innovations continue HPE Aruba Networking’s long-standing leadership in security-first networking that embeds Zero Trust and SASE Security capabilities in networking solutions. Customers and partners benefit from the common foundation that HPE Aruba Networking provides for network and security teams to enable shared goals of universal visibility, global policy management, and end-to-end enforcement without compromising performance or end-user experience.

Explore Zero Trust and SASE in depth

Take the opportunity during Cybersecurity Awareness Month to boost your understanding of how Zero Trust and SASE can keep your employees safe online. Check out these resources to expand your knowledge.