Aruba strengthens Zero Trust segmentation, unified branch security, with Silver Peak SD-WAN integration

Aruba sees major new opportunities for channel partners in the new integrations between the old Silver Peak platform, now Aruba EdgeConnect, and both ClearPass Policy Manager and Aruba IDS/IPS Threat Defense.

Aruba Central Security Dashboard

Today, at the start of the Aruba Atmosphere ’21 virtual event, Aruba is announcing the expansion of their Zero Trust identity-based access control, through an integration of the ClearPass Policy Manager in Aruba ESP [Edge Services Platform] with the Aruba EdgeConnect SD-WAN edge platform, as the SD-WAN technology that came from last year’s acquisition of Silver Peak has been rebranded. Unified branch security has also been enhanced with the extension if the integration of the Aruba IDS/IPS Threat Defense to EdgeConnect. Aruba has also extended its strategic vendor ecosystem, with the addition of Netskope.

“This is the first fruits of our acquisition of Silver Peak last year,” said Larry Lunetta, VP of Portfolio Solutions Marketing for Aruba. “We are also expanding our security element from Zero Trust to Zero Trust and SASE.”

Aruba, like the other vendors covering the edge market, has been wrestling with the dual challenges posed by both digital transformation and the COVID-19 pandemic and its creation of a new Work From Anywhere environment.

“The Work From Anywhere market is driving a new set of security challenges, which is why we are expanding into the SASE Edge, delivering the edge to cloud security and best of breed solutions,” Lunetta said. The market, he stated, wants conventional data centres and MPLS-centric and VPN-based networks to be transformed into a cloud-native SASE architecture, with dynamic, secure  provisioning of secure network services, and it wants this without being locked into a single vendor.

“The SASE edge hasn’t really addressed the challenges of IoT,” said Derek Granath, Senior Director of SD-WAN Product & Technical Marketing for Aruba, who came to the company with the Silver Peak acquisition. “We have traditionally used assigning devices to specific VLANs to manage things, but you would need thousands of VLANs for a large organization. It just doesn’t scale.”

Integrating ClearPass Policy Manager Integration with the Aruba EdgeConnect SD-WAN edge platform solves this problem by adding Zero Trust dynamic segmentation, which adds identity knowledge of users, IoT devices and roles, so that users and devices can only communicate with application devices that are consistent with their role.

“For example, cameras can’t access transaction processing,” Granath said. “It doesn’t even allow cameras to talk to cameras, only to the surveillance headend. It’s a better approach to Zero Trust dynamic segmentation.” Integrating ClearPass Policy Manager with EdgeConnect provides a consistent and automated definition of roles that can be enforced network-wide from the user’s device, through the LAN, and across the WAN.

“In addition, while before there was coarse-grained segmentation of devices, ClearPass adds a whole new layer of context to deliver a fine-grained process around role and device type, without managing thousands of VLANs,” he noted.

Granath said that the second pillar of the announcement is that Silver Peak Unity Edge Connect, now rebranded as Aruba Edge Connect, now provides another layer of security at the WAN edge to strengthen the Aruba Threat Defense.

“It utilizes the common Aruba UTM framework, with automated threat feeds and threat analysis from Aruba central, and threat logging to Aruba Central or a third-party SIEM,” he said. “A new inspect capability has been added to Aruba Edge Connect, through integration with a zone-based firewall. If the customer wants to inspect traffic going to Box or Dropbox where it makes sense for their business, they can now do that.”

Granath said that new adaptive Internet breakout capabilities leverage third party vendors’ service orchestration to steer apps to the right place, much faster.

“With the cloud driving the shift to SASE to avoid the latency that comes with backhauling, the enterprise security perimeter dissolving, and as apps move to the cloud, security must follow,” he stated. “We want to be able to steer the app intelligently on the first pass and direct it to the appropriate place. You can do it with a router, but each branch has to be configured, which is about 30-60 minutes per branch. “The automated third-party service orchestration we now provide eliminates this. In 15 minutes, you can set up all the IPsec connections for hundreds or even thousands of connections.”

Aruba’s strategic partners here include AWS, Azure and Google, Salesforce, Dropbox and Microsoft Office 365, and CheckPoint, Zscaler and Prisma. A new vendor has also been added to the last group of security service providers, Netskope.

Extending this complete edge to cloud Zero Trust SASE capability across the entire portfolio will provide new opportunities for channel partners.

“This best of breed Zero Trust and SASE provides partners with opportunity to identify security services and networking capabilities that best suit their business, and provides tremendous opportunity for partners to provide those services,” Granath said.  “The UTM capability will be another license on the platform, and the third party services provide additional revenue opportunities.”

“Zero Trust and SASE are buzzwords, but partners know what their customer requirements are and what is required,” Lunetta added.