Close

HPE Aruba Networking Blogs

Uh Oh!

That page can’t be found.

Conflicting priorities between IT teams are a primary operational and governance gap in organizations, according to research independently conducted by leading security research firm Ponemon Institute, sponsored by Hewlett Packard Enterprise.

In the report, The 2023 Global Study on Closing the IT Security Gap: Addressing Cybersecurity Gaps from Edge to Cloud, 39% of organizations indicated that conflicting priorities were a primary gap, on par with challenges like insufficient budget and staffing shortages.[i]

Ponemon Who makes security solution architecture/product decisions in your organization?

“The number one challenge is not having the security solutions that can keep up with exponentially increasing amounts of data,” the report stated. “This is followed by the inability of IT and IT security teams to agree on the activities that should be prioritized to close the IT security gap.”[ii]

Why can’t network and security teams agree on priorities?

Team disagreement is not a new or unique phenomenon. In fact, researcher Behnam Tabrizi found that 75% of cross-functional teams are dysfunctional.[iii] According to Tabrizi’s research, published in part in the Harvard Business Review, cross-functional teams tend to fail on most of these project success criteria: delivering on budget, staying on time, adhering to requirements, meeting stakeholder expectations, and maintaining alignment on goals.[iv]

These types of issues are not uncommon to IT organizations. For example:

  • Budget challenges. Network and security teams may share the same pool of financial resources to support/implement projects. Teams may need to negotiate budget allocation or engage in “give/take” exercises that leave both sides unsatisfied.
  • Implementation delays. Digital transformation projects—especially those intended to deliver innovative results—often involve unforeseen issues related to technical and vendor inter-dependencies that can slow implementation.
  • Meeting requirements. While they may share common objectives for projects, teams may also have discrete network and security requirements that must be met, whether for reasons of compliance, user experience, or business need.

3 new opportunities for network and security collaboration

For many CIOs and CSOs, developing, maintaining, and improving supportive relationships between network and security teams is a top priority. And there are more ways than ever for teams to build bridges and enhance how they work together.

Opportunity #1: Centralize network and security investment decisions

Differences in plans, priorities, and measures of success can make it difficult not only to make investment decisions, but to realize and evaluate ROI. Centralizing investment decision making may help.

According to Ponemon Institute research, organizations that were more effective at closing security gaps were also more likely to centralize decisions about investments in security solutions and architectures.[v]

What team should own the budget? While every organization will decide based on their own dynamics, Ponemon noted that 60% of high performing organizations said the primary responsibility was with the networking or security team (30% each).[vi]

Ponemon What are the primary operational and governance gaps in your organization’s IT infrastructure?

Opportunity #2: Break down network and security siloes with shared tools

In examining how conflicting priorities contributed to gaps, Ponemon Institute noted how disparate products perpetuated misalignment. “Problems are exacerbated by the siloed or point security solutions in organizations,” indicated the report.

Security teams are often challenged by ecosystem complexity and solution sprawl from adding a new tool for every new compliance requirement or capability—a situation that is not only cumbersome and inefficient but can also lead to inconsistencies that widen security gaps.

Where should network and security teams start when it comes to shared tools? The most natural place for collaboration and cooperation is the network. This is because business innovation is often built on new models of connectivity, and infusing innovation with Zero Trust Security principles is key for both organizational protection and cybersecurity compliance. That means the network can now play an essential role as not just a connectivity enabler but also as a cybersecurity defender.

Opportunity #3: Choose the right network to improve network and security collaboration

Both network and security teams can benefit from using the network as a security solution. But not every network can satisfy both missions.

To enhance team collaboration, there are 4 requirements organizations should consider so network and security teams can achieve objectives using the same shared “toolbox.”

  • Zero Trust Security built in. By design, the network should deliver on the principles of no-implicit trust, least-privilege access seamlessly enforced from edge to cloud, and continuous monitoring.
  • Common policy framework. The right network simplifies policy expression and implementation so that both teams can define their desired outcomes and trust the results.
  • Integration with the security ecosystem. In its unique role as the touchpoint for all IT activities, network data can be the source of truth for both operating the network and delivering security-relevant information to other security solutions.
  • AI-powered analytics. AI can multiply the human capabilities of both network and security teams, so they can manage and protect at scale.

Here’s an example of how network and security teams can use the network to achieve shared objectives. Network and security teams are challenged by rogue devices that find their way onto the network. Not only are they a source of vulnerabilities, they also are not governed by any access control policy. By applying AI to network telemetry, devices are discovered and fingerprinted with a high degree of accuracy, allowing access control policies to be automatically applied.

Elevate network and security collaboration

Security-first, AI-powered networking from HPE Aruba Networking is built on Zero Trust principles, providing a common foundation for networking and security teams to power distinctive experiences and innovative business results—without sacrificing cybersecurity protection. With HPE Aruba Networking solutions, the network can now provide advanced visibility, insights, centralized policy management, data protection, threat defense, and access control in a single platform. Our AI-powered networking approach also helps network and security teams benefit from intelligent automation that reduces manual effort, improves visibility and anomaly detection, and enhances monitoring and diagnostics, all of which ensures the organization is not exposed to unnecessary risk.

Find out how HPE Aruba Networking security-first, AI-powered networking can help support network and security team collaboration:

 

-------

[i] Ponemon Institute. The 2023 Global Study on Closing the IT Security Gap: Addressing Cybersecurity Gaps from Edge to Cloud. March 2023.

[ii] Ponemon.

[iii] Tabrizi, B. “75% of Cross-Functional Teams Are Dysfunctional.” Harvard Business Review. June 2015.

[iv] Tabrizi.

[v] Ponemon.

[vi] Ponemon.

Atmosphere 2024

Few things are more exciting for the Airheads Community than gearing up for Atmosphere each year, and this year is no exception. As you may already know, there is even more to look forward to now that Atmosphere is a part of HPE Discover 2024. You’ll get even more bang for your buck with twice as many benefits and more opportunities to learn how to get the best out of edge, hybrid cloud, and AI.

The opportunity to expand your skillset and knowledge while connecting in person with your peers is larger than ever before. Here are the top 5 things to look forward to at Atmosphere 2024:

  1. The Airheads Track. Gain insights from a variety of deep dive sessions on HPE Aruba Networking technology, better understand emerging technologies and design principles, learn how to optimize your existing infrastructure, expand your skills, and add more expertise to your IT organization—all in an immersive learning environment. The Airheads Track at Atmosphere includes over 100 technical sessions led by our product managers and technical marketing engineers, highlighting the latest innovations in today's evolving network edge.
  2. In-person technical training. Complement your Airheads Track attendance with technical training by signing up for one of 17 courses, now with expanded training hours. These in-depth sessions combine lectures and hands-on lab time to expand your skillset and validate your knowledge, skills, and ability through onsite testing in the exam center. One certification exam is included with your conference registration.
  3. Endless networking opportunities. You can always interact through the Airheads online community, but the opportunity to connect, share ideas, and network in person with your fellow Airheads and HPE Aruba Networking developers cannot be replicated. Whether it’s after a breakout session or passing by someone through the hallways, conversations with peers are always a highlight of the annual event.
  4. One-of-a-kind experiences. Airheads members will experience behind-the-scenes sneak peeks and tours, participate in fascinating discussions with HPE Aruba Networking engineers, experts, and executives, and visit the Airheads lounge for a snack and some battery power for your phone or laptop.  Details are coming soon, but you can expect an even more extraordinary, one-of-a-kind celebration event for all attendees.
  5. Elevated demo experience. Experience a larger technology showcase, where you can explore solutions that will power valuable experiences and innovative business results with AI insights, integral security, cloud-based networking services, sustainability initiatives, and as-a-service deployment models. And you’ll have the chance to speak to the product managers and technical experts behind the products.

And if that didn’t convince you, here’s what some of the Airheads MVPs said when asked why someone would want to attend Atmosphere:

“Stay up to date with latest technology knowledge and network with Peers. Atmosphere

- @mkk (MVP, Airheads Member, 7yrs., 4X ATM Attendee)

“It is one of the most amazing conferences, where you can benefit from a lot of technical workshops, have access to a lot of Aruba engineers to discuss deep dive technology concepts, integrations and also technology trends.” 

- @shpat (MVP, 10-year Airheads Member, 2X ATM Attendee)

"Getting firsthand information and talking with PLMs, engineers, trainers, and most of all customers and peers from other partners really make such an event extremely valuable. Sharing experiences, success stories, and failures is extremely valuable. You can see so many possibilities and ways to improve and solve your problems and maybe help others solve theirs or find unexpected solutions."

-@GorazdKikelj, (MVP, 5yr Airheads member, 2x Atmosphere attendee)

Register now.

 

Federal IT leaders have been making substantial progress consolidating data centers and shifting to the cloud to improve agility to support mission outcomes, protect against sophisticated threats, and prioritize cost savings. But cloud migration isn’t always the answer, and the Federal Data Center Enhancement Act of 2023 addresses the government’s evolving need for secure, reliable, and protected private data centers.

As agencies support hybrid work, modernize their application portfolios, and meet the intense demands of AI and other data-driven applications, many federal IT leaders also need to take their data center architectures to the next level to improve performance, strengthen security, and improve agility.

Evolve your data center architecture with HPE Aruba Networking

Federal IT teams can evolve to a next-generation data center architecture with HPE Aruba Networking to scale network performance, extend Zero Trust security from the edge to the data center, and simplify IT operations, gaining both the cloud-like agility and tight controls they seek.

With HPE Aruba Networking data center solutions, IT teams can:

  • Optimize network bandwidth and performance. The HPE Aruba Networking CX 10000 Distributed Services Switch Series with AMD Pensando™ is the next generation of switching architecture, with hyperscale DPU technology to deliver cloud, network, storage, and security services at cloud scale. The CX 10000 delivers 800G of stateful firewalling, secure segmentation, and DDoS protection, with deep flow-based session-level telemetry and logging natively enabled.
  • Simplify the architecture and limit appliance sprawl. Today’s data center architectures require traffic to be diverted to centralized security appliances for security inspection and policy enforcement. The CX 10000 overcomes these limitations by delivering advanced security and network services at scale at the access layer edge, where the applications and workloads are running. With the CX 10000, IT can reduce the racks of centralized network and security appliances, simplify the architecture, improve application responsiveness, and lower cost.
  • Extend Zero Trust to the data center. Modernizing the architecture enables IT teams to protect workloads and reduce risk of operational disruption from data theft, lateral movement of threats, and denial-of-service attacks. The CX 10000 allows operators to extend leaf-spine networking with 800G of distributed microsegmentation, east-west firewalling, network address translation, encryption, and telemetry services—delivered inline and across every port.
  • Simplify operations with software-defined automation and orchestration. HPE Aruba Networking Fabric Composer allows IT to simplify the configuration, operations, and troubleshooting of the switch fabric within a single data center—or across multiple data centers. Security and firewall policies are unified across the fabric. Automated workflows reduce the risk of human error for complex configurations and allows IT to speed migrations. With the ability to manage resources cohesively, IT can accelerate delivery of network services to support growing application and workload needs faster and without over-provisioning.
  • Evolve at your own pace. Data center modernization doesn’t need to be a risky rip-and-replace, either. The CX 10000 can be deployed as a top-of-rack, leaf, or access switch for a non-disruptive evolution to support growing application, security, and operational requirements.

At HPE Aruba Networking, secure networking is our mission

HPE Aruba Networking has consistently been a leader in delivering secure network connectivity and services to all parts of the federal government. We are proud of our ability to offer secure, scalable network solutions to support military and civilian agencies. As agencies continue to close aging, inefficient data centers and build modern, flexible, and efficient data center infrastructure to support growing application and data needs, HPE Aruba Networking is committed to delivering high-performance, scalable, and efficient network solutions to help agencies accelerate IT service delivery and meet their missions.

Learn more about HPE Aruba Networking intelligent data center solutions.

 

 

VPN still relevant?

As we embark on 2024, the digital revolutions within businesses, led by Cloud, XaaS solutions and now AI, are accelerating. Add in a new trend which emerged in 2020, the hybrid workforce, and IT leaders have their hands full. Underpinning much of this change is a foundational technology which was born in the mid-1990s: remote access VPN.

Originally designed to provide employees and IT support staff access to the private data center, this same technology now connects the workforce to private and public applications—and supports critical third-party resources. Why is this and what is the current state of remote access VPNs? HPE Aruba Networking sponsored a survey with Cybersecurity Insiders to understand the current landscape, how it is being utilized in 2024, and where the future of this critical technology is heading. The full VPN Risk report can be accessed here, providing some interesting results from 593 cybersecurity experts and IT professionals.

Let’s start with usage. Currently 96% of organizations are still leveraging VPN. While a strong majority, 80%, use secure remote access for both private and public applications, 33% also use VPN for connecting critical third-party resources. Unsurprisingly, 92% use this technology once a week, with 58% of end users saying they depend on VPN for daily activities. With all this activity, you would think the solution would be easy to use, but the opposite is the case. 65% of respondents reported their companies host up to 3 VPN gateways, with 39% hosting 4 or more. This impacts both the employee who must select the right gateway and the IT admin who must manage, patch, and troubleshoot increasing complex system designs. This is likely one of the reasons 81% of users reported dissatisfaction with the solution. Top complaints included slow connection speeds, drops, constant authentications issues and worse, inconsistent user experience across different devices.

How about security? 92% of respondents expressed apprehension regarding VPN security. 24% had a high level of concern with 68% at a moderate level and only 8% were not concerned at all. This aligns with other studies on remote access VPNs that found a 270% increase in social engineering attacks in 2021, a 1500% increase in attacks against remote access VPNs, and 71% concerned the technology will compromise their businesses. Top vulnerabilities include phishing at 43%, malware at 42%, and, ransomware at 47%. Additionally, there is lateral movement, the ability of the attacker to move around the business network in search of critical data and corporate secrets. 43% of respondents stated they lacked confidence in the efficacy of VPN to assist in segmenting the network from cyber actors roaming their network.

With extreme dissatisfaction for the employee experience, increasing security threats and a low bar of security, what does the future hold? Here, there are several bright spots. First, businesses are seeking new solutions to solve this 30-year-old problem. 56% of respondents are in the process of seeking or have already implemented alternative solutions, that are increasingly based upon Zero Trust. These technologies place identity first and then run the request for an application or data through a series of adaptive risk-based tests including: who is asking for the resource, what is the state of the device, what is the location, what time of day, how critical is the data to the organization? Built on business policy, these new solutions also account for the employee experience. In fact, they can measure and report back the state of the connection and even take action to include “smart routing” technologies to resolve issues before they become a problem. Complexity can also be reduced as these platforms are software solutions delivered from the Cloud is a SaaS-like manner. Based on the report, 59% of organizations responding are prioritizing what are called Zero Trust Network Access (ZTNA) alternatives to traditional VPN in the next 24 months. Said another way, the migration to ZTNA is on and picking up speed.

While ZTNA is critical technology and a cornerstone of implementing an overall Zero Trust strategy, 83% reported they are taking it a step further and considering a Secure Service Edge (SSE) solution. SSE builds off an ZTNA foundation by protecting the company from Internet threats with Secure Web Gateway (SWG), securing SaaS solutions with Cloud Access Security Broker (CASB), locking down data with Data Loss Prevention (DLP) and understanding the employee experience with Digital Experience Monitoring (DEM). With SSE, what were previously point solutions are bundled together in as a unified platform to reduce the management burden, uplevel security, and provide IT and the business with a solid return on investment (ROI).  For more details about the risks of VPN and choosing a secure alternative, read the full 2024 VPN Risk Report.

For more information

HPE Aruba Networking ZTNA solution

Why the City of San Jose, California chose HPE Aruba Networking SSE

2024 VPN Risk Report

This post coauthored with Alan Ni 

Organizations around the world are embracing AI faster than expected as a force multiplier for improved ITOps productivity.  To support this change in networking, GenAI LLM technology will soon appear in HPE Aruba Networking Central's AI Search feature as part of our existing AIOps suite of capabilities.  This post highlights how cutting-edge GenAI techniques will enhance the accuracy and response of search and navigation, along with additional details on how our LLMs are responsibly implemented and differentiated from earlier GenAI implementations within the networking space. 

The use of multiple LLMs within Central allows us to advance its conversational and summarization capabilities faster, more accurately, and more securely than ever before resulting in an even stronger search experience.  Best of all, the roll out of these new production-grade capabilities started earlier this month, with an anticipated completion across our global footprint by April. 

See GenAI in action

AI Search LLM enhancements 

Over the past 2 years, our AI Search tool has been universally found at the top of the Central GUI, designed for users to easily find answers to questions about their environments leveraging advanced natural language processing technology.   

HPE Aruba Networking Central AI Search 

With the incorporation of multiple HPE trained and tuned LLMs, we are performing an “engine-swap” for AI Search.    You'll get the latest and greatest in search engine accuracy, response times, and data privacy, with no change to the look and feel of interacting with AI Search. 

Improving search accuracy with user intent: We’re utilizing proprietary trained and tuned LLM transformers to better understand the intent of questions entered into AI Search.  Accurately understanding the intent of a user’s question is paramount for better responses and improved user satisfaction.  Since its introduction, AI Search has been asked over 3 million questions, and we have trained our LLMs on this extensive base dataset.  (Read more about the importance of AI training and data lakes from our fellow colleague and AIOps lead Jose Tellado.)  As a result, AI Search understands and answers network jargon questions better, provides type-ahead autocomplete capabilities, and introduces search-driven navigation to other parts of the GUI directly from the AI Search interface. 

Document summarization: TL; DR (‘too long; didn’t read’) our 20,000+ pages of technical publications on our products?  Don’t worry, we’ll forgive you for that and have you covered!  One of the most common question types that AI Search receives are questions regarding “how to” configure or activate certain functions within our networking products.  AI Search’s GenAI functionality now generates human-like, summarized answers for many of those queries, in addition to providing links to the foundational documents its generative output is created from. This can be a significant time saver for network operators trying to find a documentation answer they’re looking for.  

Response times: Anyone that has used ChatGPT, Gemini, or Copilot will understand that each query has a trade-off.  That trade-off can be the multiple seconds ChatGPT takes to respond to your answer, the “contribution” of your question data to Gemini’s data lake for future learning, or the large amount of compute needed to continually train Copilot’s models.  We’ve designed and are leveraging multiple purpose-built LLM transformers to reduce or eliminate these trade-offs for our users.  Having our LLMs self-contained allows us to provide faster response times and greater search performance. 

Data privacy comes first 

Security-first and data privacy principles are core to what we do. They are also fundamental to good AI. Use of tools like ChatGPT have created grave concerns regarding privacy and security with many enterprises, and rightfully so.  Any corporate intellectual property entered into these tools creates significant privacy and ownership issues.  Our engineering teams thought very deliberately about this issue and designed a solution that takes advantage of GenAI advancements without violating our security-first principles.  With HPE Aruba Networking Central, we have implemented multiple locally trained and hosted LLMs to take advantage of the human understanding and generative qualities of GenAI without the risk of data leaks via external API queries to and from our data lake.  Specifically, we have a dedicated language model that identifies PII/CII (personal and corporate identifiable information) on the platform.  This function allows AI Search to better understand device and site names queries entered, for more accurate answers.  And the function obfuscates that identified data from our training data lakes.   

Coming to a network near you! 

Generative AI is incredibly powerful, and the industry is just scratching the surface in terms of real-world AIOps applications.  We are really excited about LLM-powered AI Search, as it represents a huge benefit for today’s HPE Aruba Networking Central users but is also the first of many GenAI use cases we are working on as we move to the next generation of Central. 

 Stay tuned! 

Want to experience our LLMs in action along with the other security, scaling, automation, and orchestration features HPE Aruba Networking Central has to offer?  Sign up here for a future test drive.  

Artificial intelligence and security share parallel trajectories in the manufacturing realm. While both have been part of manufacturing processes for decades, their full potential is yet to be realized. AI networking, for example, is a new term introduced to specifically target how artificial intelligence for IT operations (AIOps) applies to Wi-Fi, switching, and WAN environments. Using AI for networking is one application for manufacturing, but certainly not the only one. AI has historically been employed in regression models for process controls, while security measures were often confined to the IT environment. However, watershed moments like the Stuxnet attack and the recent surge in generative AI since late 2022 have brought heightened awareness to operational technology (OT) security and the transformative capabilities of artificial intelligence within manufacturing organizations.

Cybersecurity challenges in manufacturing

Security challenges persist in manufacturing, particularly in dealing with a diverse installed base and the ongoing struggle to keep assets up to date. The unique nature of production assets, from legacy machine tool controllers running on outdated operating systems to the latest-and-greatest laptops in the corporate environment, presents challenges in terms of updating and maintaining security. In addition to the traditional risks, manufacturing companies are becoming cloud-first and stretching their compute power from the edge (shop floor) to the cloud. A good example for manufacturing is that machine learning models are usually trained in the cloud whereas deployment is often on the edge. So, there is data to be protected across many locations.

Network segmentation emerges as a crucial compensating strategy, allowing manufacturers to apply differentiated network policies based on the risk profile and the vulnerability surface of each asset. Traditional segmentation measures like physical segmentation and VLANs were quick to be adopted, but they tend to fall short in mitigating the risks posed by advanced persistent threats to an acceptable level. The modern approach involves pervasive network segmentation, incorporating microsegmentation, and identity-based access controls found in Dynamic Segmentation and Zero Trust Security frameworks. These controls, applicable to both IT and OT spaces, assume a Zero Trust stance, looking at every asset instead of a more traditional perimeter defense based on stacking network firewalls. This approach enables greater flexibility in assigning permissions. For instance, third-party contractors can service machines under contract remotely more efficiently than with traditional VPNs, while simultaneously bolstering the network with granular least-privilege role-based access, which can protect against malicious actors attempting lateral movement through the corporate and process networks. The picture below shows how Zero Trust policies can be applied for access to OT environments considering different sources of contextual data, such as geographic location, current time and destination application (including industrial automation applications running on the process control layer) using HPE Aruba Networking SSE.

HPE Aruba Networking Security Service Edge SSE

The emerging role of AI networking

With those new controls, much more data is generated. And this is where artificial intelligence steps in. While manufacturing companies are increasingly adopting AI for various business processes, like forecasting and quality assurance, its application to security and network management is equally transformative. Leveraging the vast data produced by the network and network security controls, machine learning models can identify anomalous behaviors, self-tune network configurations, and flag potential issues whether related to performance or security threats.

HPE Aruba Networking Central provides some interesting examples on how machine learning models can be applied to network management and security for manufacturers. For example, Client Insights—available with an HPE Aruba Networking Central Foundation license—leverages native infrastructure telemetry from access points, switches, and gateways, as well as clients, to accurately profile devices connected to the network without requiring installation of physical collectors or agents. ML-based classification models are used to fingerprint, identify, and accurately profile a wide variety of clients across the entire wired and wireless infrastructure. This AI networking capability provides up to 99% profiling accuracy of known clients with <5% rate of unknowns, giving manufacturers enhanced visibility that can even span IoT and OT devices.

The network: A new driver of manufacturing innovation and protection

Whether enabling hybrid work or advancing new business models, the network plays an increasingly critical role in driving the business forward. Whether via traditional on-premises connectivity or the Internet and the cloud, the network’s mission is to collect, secure, and deliver data and IT resources to users, devices, and applications wherever and whenever it’s needed. Given the ubiquitous nature of the network, it is only natural that it is now considered a bridge between connectivity and security.

With security-first, AI-powered networking, the network becomes a Zero Trust Security solution that can help manufacturing organizations achieve their connectivity and security objectives. Now networking and security teams can gain a common Zero Trust foundation to power innovative business results—without sacrificing cybersecurity protection.

HPE Aruba Networking stands at the forefront of this security-first, AI-powered networking evolution, offering a comprehensive solution for manufacturing companies seeking to minimize security risks across both IT and OT environments. By combining robust network segmentation strategies and Zero Trust Network Access (ZTNA) in a unified SASE portfolio with the power of HPE Aruba Networking Central AI networking capabilities, HPE Aruba Networking provides manufacturing entities with the tools needed to navigate the complexities of the modern threat landscape, ensuring not only operational efficiency but also the resilience needed to face the challenges of the future.

Explore resources related to manufacturing and AI networking

AI-powered tools that work with you

AI networking for an enhanced IT operator experience—featuring Henkel

Securing the Industrial Internet of Things Infrastructure | HPE Aruba Networking

 

We are honored to share that GigaOm has recognized HPE Aruba Networking as a “Leader” in their inaugural 2024 Secure Access Secure Edge (SASE) Radar report. HPE Aruba Networking is one of only five vendors to be named a Leader in this report.

The GigaOm Radar Report for SASE examines 18 of the top SASE single-vendor solutions in the market and compares offerings against capability and business criteria. The report includes a summary of each vendor’s solution and an assessment of their strengths and challenges. HPE Aruba Networking is positioned as a Leader and Outperformer, which validates our vision and product roadmap for our unified SASE offering.

Click here to obtain a complimentary copy of the full report.

SASE helps organizations transform

Organizations continue to pivot to a cloud-centric architecture, simply because more of their applications reside in the cloud. At the same time, hybrid and remote work have become a permanent component of the corporate environment—which in turn means security requirements have to evolve to support applications, users, and devices from anywhere without compromising the user experience. Implementing the right SASE architecture can help enterprises with their digital transformation journey. SASE, with its cloud-native stack applies and integrates security and networking policies by combining SD-WAN with SSE (Security Service Edge) and integrating management of these services.

Organizations can choose between single-vendor and multi-vendor SASE approaches, depending on where they are in their SASE transformation journey. Single-vendor SASE solutions provide simplified management and enhanced security outcomes via a unified approach with ease of deployment, simpler licensing, and easier customer support from one company. A previous blog outlined five reasons why enterprises may adopt a single-vendor SASE. In the next few years, many industry analysts predict that the market will shift towards single-vendor SASE solutions because they provide simplified management and enhanced security outcomes via a unified approach.

HPE Aruba Networking unified SASE simplifies your SASE adoption

HPE Aruba Networking offers a single-vendor unified SASE solution designed to enforce universal least privilege access to applications, protect against malware and data leakage, modernize and secure branch networks, and enable hybrid working by securely connecting users from anywhere and any device.

HPE Aruba Networking’s unified SASE platform

HPE Aruba Networking’s unified SASE platform

GigaOm based their Radar report assessment on the HPE Aruba Networking unified SASE solution, which integrates the HPE Aruba Networking EdgeConnect SD-WAN platform with the HPE Aruba Networking SSE platform:.

  1. The HPE Aruba Networking EdgeConnect SD-WAN portfolio enables secure data access wherever it resides and provides a secure network foundation for Zero Trust and SASE. It includes an advanced SD-WAN paired with integrated next-generation firewall functions to support a better quality of experience and advanced security for all applications in a hybrid, multi-cloud environment.
  2. HPE Aruba Networking SSE is a Security Service Edge (SSE) platform that uses 500+ cloud edge locations to elegantly connect users and devices to the business resources needed for work. The platform brings together the power of ZTNA, SWG, CASB, and DEM into one, cloud-delivered platform that feels weightless, and is controlled by a single pane of glass.

HPE Aruba Networking unified SASE improves network performance, efficiency, and cost savings with award-winning HPE Aruba Networking SSE and industry-leading EdgeConnect SD-WAN integrated into a single solution—HPE Aruba Networking unified SASE. Unifying security and networking simplifies infrastructure, reduces costs, improves app performance, and delivers secure user access with one comprehensive solution.

Customer journey with single-vendor SASE

Bethesda Health Group is one example of an organization that is embracing SASE as part of its multi-year transformation. Bethesda provides senior care at 16 residential facilities and 24-hour services to senior at homes with over 1,100 caregivers. It connects several thousand residents to their care teams, families, and friends. In support of its increasingly mobile and tech-savvy workforce and resident population, Bethesda has transformed its operations to adopt a cloud-first strategy. It leverages high-performance SD-WAN connectivity with EdgeConnect SD-WAN at the 16 sites to deliver services, provide access to a host of applications, and enable residents to stay in touch with their care teams, family, and friends with a cost-effective network.

To meet the increasing need for secure hybrid and remote work connectivity for mobile caregivers, Bethesda modernized their network security to provide employees with fast, secure access to private and externally managed applications—as well as improving IT staff visibility into user access events—with cloud-delivered HPE Aruba Networking SSE. The added SSE capabilities include Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG) and Cloud Access Security Broker (CASB).

Mike Keller, Director of Technology, shares his perspective: “Adding HPE Aruba Networking SSE to our networking infrastructure to gain a full SASE solution is critical to securing our cloud-first organization and meeting evolving customer expectations.”

Bethesda is excited about the benefits of standardizing on a complete unified networking and security solution from HPE Aruba Networking. “We’ve gained comprehensive networking infrastructure that is cost-effective to own, easy to maintain, and scalable for meeting our future needs,” said Keller. “In short, it enables us to administrate a large footprint that is distributed across state lines with a lean IT staff—all without breaking the bank.”

Whether you are an IT business leader, a networking professional, or a security expert, you can learn more about how your organization can benefit from SASE and learn how to embark on your own journey to SASE, via our interactive customer SASE web experience.

 

Technology innovation is essential to enhance agility, productivity, and resilience. But with innovation happening faster than ever, IT teams need to possess ever more knowledge about technologies from artificial intelligence to edge-to-cloud architectures.

Atmosphere 2024, held June 17-20 in Las Vegas, is a great opportunity for IT professionals to get ready for what’s next by exploring new technologies, refreshing learned skills, and earning new certifications while attending the conference.

Elevate your career with certifications

Earning technical certifications benefits you as an IT professional as well as the business.

Research from Pearson VUE shows that 92 percent of IT-certified professionals are more confident in their abilities, and 72 percent are more efficient.(1) Investing in IT certification benefits the business managers too, with an estimated $30,000 return on investment for a credentialed employee.

Even more valuable to a business is that fully certified teams meet 95 percent of their client objectives, according to IDC.(2) Fully certified teams are 35 percent more likely to finish projects ahead of schedule too.

Get certified at Atmosphere

HPE Aruba Networking certifications can help you level up your networking game. IT professionals attending Atmosphere can choose from in-depth training tracks designed to enrich your knowledge and skills, whether you are a seasoned engineer or early in your career. You will benefit from an array of lecture topics and hands-on labs to learn new skills and experience real-world scenarios. One certification exam is included with each  conference pass!

Network architects attending Atmosphere can learn to design security-first, AI-powered networks to meet their customers’ needs more effectively. The Airheads Technical Track, designed by engineers for engineers, provides unmatched opportunities to learn from your peers in the trenches. Dive deep into the deployment, integration, management, and troubleshooting of wired, wireless, SD-WAN networking and security. Administrators can hone their skills for operating, monitoring, and optimizing the network.

Technical certifications underscore your commitment to keep up with cutting-edge innovation and prove you understand how best to deploy and manage secure networking to deliver maximum value for your organization.

Certifications help this IT pro expand his knowledge and deliver more value

Marcel Koedijk, an Airheads MVP and a consultant at Axians, has earned multiple Aruba Certified Professional designations, which have allowed him to deliver more value to his clients.

“The HPE Aruba Networking certifications have helped me get to know the products better and feel comfortable with both installation and troubleshooting,” Koedijk says. “In the past I have done the design (Aruba Certified Design Professional), mobility (Aruba Certified Mobility Professional), and ClearPass (Aruba Certified ClearPass Professional) certifications, which makes me an Aruba Certified Edge Professional. More importantly, with this knowledge, I am able to help customers end-to-end with the design, implementation, maintenance, and troubleshooting of their network infrastructure.”

Koedijk continues: “The new HPE Aruba Networking Certified Associate - Campus certification responds to these [needs] by providing new courses, so that you immediately gain basic knowledge of switching, wireless, design, and security. In this way, you gain good basic knowledge that you can immediately put into practice end-to-end with the customer.

I think it is important for every network consultant to continue to gain knowledge in the field of cloud-based network management (like Aruba Central), like JSON, Python, or PowerShell."

Discover more opportunities with HPE Aruba Networking certifications

HPE Aruba Networking solutions are widely deployed across businesses, education, and government. Ninety percent of Fortune 100 companies and 80 percent of Fortune 500 companies use HPE Aruba Networking. Having a solid understanding of HPE Aruba Networking solutions and what’s coming next for networking boosts confidence, improves job satisfaction and effectiveness, and provides opportunities for personal and professional growth.

Visit the Atmosphere 2024 website to learn more about technical training, the Airheads session, or to register for certification exams.

 

Sources:
(1) Pearson V LIE Survey 2023, Value of IT Certification Report
(2) IndoBrief, Benefits of Certification for IT Partners and Consultants, 2021

We're pleased to announce that our technology has been recognized as the first quantum-secure 5G network and honored with two prestigious Glomo Awards at MWC 2024—Best Mobile Security Solution and the CTO Choice Award—bringing the total awards Athonet, a Hewlett Packard Enterprise acquisition, has received to seven.

The Glomo Awards, hosted by the GSMA, represents the highest level of achievement in the mobile industry, spotlighting innovation, excellence, and impact on a global scale. This recognition not only validates our commitment to innovation but also underscores the critical importance of securing digital infrastructure against evolving threats.

Quantum threat to wireless networks

For governments, enterprises, and citizens, data security represents a major global challenge today. With large-scale data breaches happening daily, today’s communications are highly vulnerable to store-now, decrypt-later attacks using quantum computing. In our view, this represents the most significant and urgent global threat to network security, yet it is not commonly understood.

As the world moves from wireless first to wireless only, end customers are increasingly concerned with the security of highly sensitive and mission critical information that they are moving to wireless networks, which are seen as inherently less secure than wireline.

The problem is two fold: 1) creating quantum-secure solutions that can be massively deployed across billions of endpoints ranging from the sophisticated 5G devices to simple sensors and 2) doing it without introducing significant complexity, cost, or technological overhead.

Our quantum 5G solution meets both these requirements.

Athonet’s joint approach with Arqit and Ampliphae to address quantum security needs

Leveraging the expertise of Athonet and innovation from Arqit and Ampliphae, we have developed a comprehensive approach to securing mobile networks against quantum threats. According to IDC, the quantum computing market is projected to reach $7.6 billion in 2027 and our solution is strategically positioned to address this burgeoning demand.

 Quantum-safe solution overview

As shown in the diagram below, the solution is comprised of a radio-access network (RAN) from Athonet at Arqit’s London campus that can be connected back to an Athonet mobile core in a remote data center or central site (in this particular case, AWS cloud). The Arqit quantum-safe encryption platform as a service protects the communication channel between these endpoints from quantum attacks whether by store-now, decrypt-later or direct quantum agents. We deployed the active endpoints from Arqit in both the small cell and on the core network infrastructure. In addition, the Ampliphae probes monitor all network interfaces in real time to ensure that they are using quantum-safe cryptography at all times.

The Athonet quantum-safe 5G network leverages Arqit and Ampliphae innovation to ensure secure communications at all times.

The solution offers versatile deployment options, allowing customers to choose between public, private, telco, or government clouds, as well as data centers or COTS hardware. Streamlined APIs on both Athonet’s and Arqit’s platforms facilitate seamless integration with customers' applications, workflows, and control systems.

Its adaptability not only ensures ease of deployment in public mobile networks but also makes it exceptionally suited for governmental and private mobile networks. This flexibility enables highly customized deployments aligned with the specific needs and use cases of each customer, serving as a pivotal competitive advantage in the value creation segment for 5G.

Quantum security innovation

The solution uses symmetric key distribution, unlike previous deployments which required keys to be physically distributed whether on software or hardware and created unnecessary cost, complexity, and scale. Physical key distribution also made it difficult to rotate keys and certificates in the field, whether as a preventative measure or when they have been compromised. The footprint and energy consumption of traditional solutions means that they are largely not usable for the vast number of small footprint, low-cost IoT devices.

In contrast, our joint solution overcomes these challenges with a software-based, affordable approach. The patented technology uses software endpoints to distribute quantum-secure symmetric keys to be dynamically created, renewed, rotated, and refreshed in real time every 30 seconds. While each key is intrinsically quantum safe, our ability to renew them every 30 seconds makes the platform virtually impossible to compromise across the range of form factors, platforms,  and devices in today’s hyperconnected world.

Implementation is simple since the solution is based on ISO/IEC 11770-2, RFC 8784, RFC 9258 standards and can integrate easily with existing protocols such as IPSEC and TLS Dynamic real-time key rotation for enhanced security.

With our combined and pre-integrated solution, mobile operators, governments, enterprises, and consumers finally have a simple, scalable solution to deploy quantum-safe networks for all.

Learn more about our private 5G solution:

Private 5G solutions from Athonet, a Hewlett Packard Enterprise acquisition

 

 

Healthcare providers face increasing pressure to deliver efficient and secure services—while dealing with vast amounts of patient data across diverse locations and in the cloud. Hospitals, regional clinics, and healthcare systems require secure, reliable, high-speed connectivity to support critical operations, patient care, and administrative tasks. Traditional networking solutions cannot meet the demands of modern healthcare infrastructures, leading to inefficiencies, security vulnerabilities, and limited scalability. However, solutions like software-defined wide area networks (SD-WAN) and secure access service edge (SASE) can transform connectivity and security within healthcare systems.

From where we came…

Typically, healthcare networks relied on legacy infrastructure characterized by hardware-centric setups, rigid configurations, and decentralized management. This approach posed substantial limitations in terms of flexibility, agility, and security, hindering the seamless exchange of patient information and collaboration among care teams. Furthermore, the proliferation of cloud-based applications, telemedicine platforms, and IoT devices further strained traditional networks, exacerbating performance issues and compliance concerns.

…to where we are now and where we’re going:

SD-WAN technology emerged as a transformative force in the networking landscape, offering centralized control, dynamic traffic routing, and optimized application performance over geographically dispersed locations. By decoupling network hardware from its control mechanism and leveraging software-defined policies, SD-WAN empowers healthcare organizations to prioritize critical applications, ensure Quality of Service (QoS), and streamline network management tasks.

SASE combines SD-WAN with advanced cloud-delivered security functionalities (SSE or Security Service Edge) to support the dynamic, cloud-driven needs of modern healthcare organizations. With elements such as Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), and Cloud Access Security Broker (CASB), SASE provides comprehensive protection against evolving cyber threats while enabling secure access to cloud-based resources and applications. This holistic approach to networking and security aligns with the needs of healthcare systems, where safeguarding sensitive patient data and maintaining regulatory compliance are paramount concerns.

In addition, leading enterprises will adopt Zero Trust Architectures where the network’s job is defined not in terms of connecting anything to anything, but rather as being an enforcement layer for security policy based on the principle of least privilege access. We will continue to experience a rapid integration of technology in healthcare settings, and implementing a Zero Trust approach will ensure that individuals and IoT devices only have access to what is necessary for their roles.

Top five reasons to implement SD-WAN and SASE for healthcare:

1. Enhanced performance and reliability:
- Optimized connectivity: SD-WAN dynamically routes traffic based on application requirements, ensuring consistent performance, and minimizing latency for critical healthcare applications including Electronic Health Records (EHR) and Picture Archiving and Communication Systems (PACS).
- High availability: By leveraging multiple transport technologies such as MPLS, broadband, and LTE, SD-WAN enhances network resilience and uptime, reducing the risk of service disruptions that could impact patient care delivery.

2. Improved security posture:
- Unified threat protection: SASE consolidates security functions into a unified platform, providing seamless protection across the entire network infrastructure. This approach simplifies security management and reduces the attack surface, mitigating risks associated with data breaches and ransomware attacks.
- Granular access controls: With SASE, healthcare organizations can implement fine-grained access policies based on user identity, device posture, and contextual factors. ZTNA enables remote healthcare specialists, and authorized third parties, such as the many contractors in this industry, to access internal resources securely, in the cloud or on-premises, replacing legacy VPNs that are no longer adapted to the needs of modern cloud-centric healthcare organizations. Users are protected against web-based threats that can make their way into the network environment with SWG, and sensitive data hosted in SaaS applications is securely monitored to prevent data loss with CASB, and to discover shadow IT.

3. Cost efficiency and scalability:
- Operational savings: SD-WAN and SASE solutions enable centralized management and automation, reducing the overhead associated with manual network configurations and troubleshooting. This operational efficiency translates into cost savings for healthcare providers, allowing them to allocate resources more effectively.
- Scalable architecture: As healthcare systems expand their reach and accommodate growing patient populations, SD-WAN and SASE offer scalable architectures that can adapt to evolving requirements without sacrificing performance or security.

4. Simplified telemedicine and remote work:
- Telemedicine enablement: SD-WAN and SASE support the seamless integration of telemedicine platforms, facilitating virtual consultations, remote patient monitoring, and telehealth services. This enables healthcare providers to extend their reach beyond traditional care settings and deliver personalized services to patients, no matter their location.
- Remote workforce support: Healthcare organizations can leverage SD-WAN and SASE to enable secure access for remote employees, allowing clinicians, administrative staff, and nonclinical staff to collaborate effectively while maintaining compliance with privacy regulations.

5. Compliance and regulatory alignment:
- Regulatory compliance: By implementing robust security controls and encryption mechanisms, SD-WAN and SASE solutions help healthcare systems achieve compliance with regulations such as Health Insurance Portability and Accountability Act (HIPAA), as well as other regulatory requirements, governing patient data protection and privacy.
- Audit trail and reporting: SD-WAN and SASE solutions offer centralized visibility and reporting capabilities, enabling healthcare organizations to monitor network activity, generate compliance reports, and demonstrate adherence to regulatory standards during audits and assessments.

The adoption of SD-WAN and SASE technologies represents a transformative shift in the way healthcare systems approach networking and security. By providing enhanced performance, robust security, scalability, and regulatory compliance, these solutions empower healthcare systems to deliver high-quality care in an increasingly interconnected world. As healthcare organizations continue to embrace digital transformation, SD-WAN and SASE will play a pivotal role in shaping the future of healthcare delivery, ensuring seamless connectivity, and a better experience for all.

To learn more about unified SASE for healthcare, check out our latest Solution Overview.

Other resources:
- HPE Aruba Networking unified SASE webpage
- HPE Aruba EdgeConnect SD-WAN
- Introduction to SD-WAN Use Cases for Healthcare (Video)