In today’s cloud-first world, WAN and network security are more intertwined than ever before. To achieve the full promise of digital transformation, work from anywhere, and the Secure Access Service Edge (SASE) model, enterprises can transform both WAN and security architectures to allow access from anywhere. You need to support hosting and accessible business applications. And from any device.
Zero Trust: Edge protection with application, user / device ID, and role-based context
With the proliferation of cloud applications, mobile devices, remote workers, and IoT-connected devices, companies need to adjust their security policies based on their business intent while pursuing consistency.Aruba ClearPass Integration with the Aruba EdgeConnect SD-WAN Edge Platform enhances application intelligence with user and device identity and role information. Additional identity-based contexts allow fine-grained segmentation and consistent security policy enforcement, which can be applied across the network from the edge to the cloud, while accelerating troubleshooting and problem resolution.
IoT is a use case for zero trust segmentation because these devices cannot run third-party VPN or ZTNA software clients. As a result, the SASE architecture does not fully address the security challenges posed by IoT devices in enterprise networks. The combination of Aruba ClearPass and EdgeConnect allows customers to segment IoT device traffic at the edge of the network and isolate it from other traffic in the network. This new context layer enables fine-grained segmentation without complicating the management of multiple VLANs. For example, fine-grained segmentation policies can prevent IoT security cameras from accessing credit card transactions and HVAC systems. Zero trust segmentation helps enterprises meet industry compliance requirements such as PCI, HIPAA, and SOX while isolating potential security threats by device type, role, and application.
Comprehensive edge-to-cloud security
today, SASE Is becoming the de facto model for explaining the integration of networking and security services. SASE is a cloud-first framework that provides an overview of both network and security capabilities for managing distributed enterprise networks.
WAN edge network function: This includes advanced SD-WAN, routing, branch firewalls, segmentation, network and application visibility, and WAN optimization.
Cloud security function: This includes cloud delivery security services such as FWaaS, CASB, ZTNA, SWG, browser isolation, DLP, sandbox and DNS security.
When customers consider deploying the SASE architecture, it depends on whether a single-vendor or multi-vendor solution meets their business requirements. Multi-vendor SASE uses the best strategies to provide customers with both freedom and flexibility now and for years to come. Working with a single vendor may provide more functionality under the same roof, but with a commitment to a single vendor and its roadmap, the long-term costs are also high. Become.
The Aruba EdgeConnect SD-WAN Edge Platform enables enterprises to intelligently and securely isolate traffic destined for the cloud locally from branch sites over the Internet. In addition, with micro-segmentation capabilities and support for fine-grained security policy enforcement, enterprises can protect their WANs, comply with compliance obligations, and protect against security breaches.
Automatic orchestration for seamless multi-vendor SASE deployment
Automatic orchestration of industry-leading cloud-delivered security services using application and identity-enabled Aruba EdgeConnect provides a powerful SASE solution without compromising network or security capabilities. Implementing a SASE architecture that combines cloud security with advanced SD-WAN eliminates both the cost and complexity of managing multiple on-premises next-generation firewalls.
EdgeConnect zone-based stateful firewalls with unified threat management (IDPS) protect branch sites from incoming malicious threats. The integration of Aruba Threat Defense and the Aruba EdgeConnect SD-WAN Edge Platform extends advanced intrusion detection and prevention (IDPS) capabilities to the SD-WAN fabric. Both physical and virtual instances of EdgeConnect can leverage the Aruba threat infrastructure and threat feeds from Aruba Central to provide enterprises with east-west lateral security and protect Internet breakouts from branch office locations. will do so. Threat logging provides network and security analysis to third-party SIEMs such as Aruba Central or Splunk, providing comprehensive edge-to-cloud UTM capabilities.
As the threat landscape continues to evolve, enterprises need to maintain the ability to remain agile as they adopt new security solutions quickly and cost-effectively. You need to evaluate platforms that avoid vendor lock-in and give you the freedom of choice to integrate the best cloud security services now and in the future.
NS Aruba EdgeConnect SD-WAN Edge Platform Is an important basic pillar of the best SASE architecture. Not only do you avoid being tied to your own single-vendor solution or settling on basic SD-WAN functionality, but important things like zero trust segmentation with ClearPass, unified threat management with embedded IDPS, and consistent end. It also supports branch security features. -Enforce end-to-end security policies across LANs, WANs, data centers, and the cloud.
For more information Overview of ArubaEdgeConnect segmentation solution..
Silverpeak was acquired by Hewlett Packard Enterprise (HPE) and is now part of the Aruba business.
Copyright © 2021 IDG Communications, Inc.
Zero Trust, UTM, and Best SASE – No Compromise!
Source link Zero Trust, UTM, and Best SASE – No Compromise!