HPE Aruba SD-WAN & SASE Netify Review

• Intrusion Detection Service (IDS)/Intrusion Prevention Service (IPS): HPE Aruba offer their First-packet iQ Application Classification security product, which is designed to identify applications on the first packet and deliver trusted SaaS and web traffic directly to the internet, whilst diverting unknown and suspicious traffic to the data center firewall or IDS/IPS.
• Zone-Based Stateful Firewall: is a firewall-based granular security policy, which is able to create end-to-end zones that can be used for multiple application groups, users and virtual overlays. This allows HPE Aruba to push configuration updates to sites in line with business intent, using simple templates to create unique zones that enforce granular perimeter security policies across LAN-WAN-LAN and LAN-WAN-Data Center user cases.
• WAN Hardening: HPE Aruba offers WAN hardening to secure branch offices. This means that each WAN overlay is secured edge-to-edge via 256-bit advanced encryption standard (AES) encrypted tunnels - with the option to deploy Aruba EdgeConnect direct to the internet without the need for multiple dedicated firewalls.
• IPSec: the Aruba EdgeConnect product offers Automated integration and orchestration. This enables enterprises to automate and accelerate the integration of HPE Aruba security partner’s advanced services, that include: Check Point, Forcepoint, McAfee, Netskope, Palo Alto Networks, Symantec, Zscaler, and secure DNS (e.g. Infoblox), all of which utilize private secure encrypted IPsec tunnels.

• Local Internet Breakout: HPE Aruba’s First-Packet iQ product is designed to eliminate wasted bandwidth and performance bottlenecks, by enabling intelligent traffic steering. 
• Cloud Intelligence: offers clients real-time updates on the best performing path to reach a wide range of Software-as-a-Service (SaaS) applications. The platform chooses the most efficient way to connect users into the SaaS, whilst also providing automated daily updates of the application, IP address database. Because of this, Aruba EdgeConnect makes sure appliances can keep pace with SaaS and web address changes. 
• Path Conditioning: designed to boost application performance, path conditioning creates performance levels similar to a private-line, delivered over the public internet.
• High Availability: Aruba EdgeConnect provides fault tolerance on both WAN (network) and equipment sides. These appliances are connected using a High Availability (HA) by allowing tunnels over each underlay.

What is the HPE Aruba SASE security solution?

Aruba offer their Aruba Edge-to-Cloud Security service, which offers clients zero trust and SASE frameworks. The Aruba SASE service offers clients Unified Threat Management and Dynamic Segmentation, with web filtering, IDS and application-aware firewalls for SD WAN and integration with cloud security vendors. The Aruba EdgeConnect SD WAN solution (see, What is the HPE Aruba SD WAN solution?) integrates with cloud security vendors to make cloud-based security services easier to introduce to pre-existing network and security infrastructures. SASE also includes Zero Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), Firewall as a Service (FWaaS), Secure Web Gateway (SWG), obfuscation/privacy services and threat prevention/detection. Further security products include:

• Zero Trust Security: Aruba Zero Trust Security is designed to enforce the same controls for campus and branch networks and extend them to remote workers. The solution allows clients to enable IT access using identity and roles, whilst customizing access privileges as needed based on real-time threat data and offers visibility into the network. Zero Trust Security for SD WAN extends from the Edge to the cloud and offers clients security for branch locations with dynamic segmentation, Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS) and a built-in firewall.
• Edge Services Platform (ESP): Aruba ESP allows organizations to adopt an end-to-end network architecture with SD WAN, switching, AIOps and WLAN with built-in security. The solution leverages SASE and Zero Trust security foundations. 
• Aruba ClearPass Policy Manager: The Aruba ClearPass Policy Manager is designed to integrate with third-party security architectures, with the ability to automatically update solutions and change access rights when a user or device connects to the network. ClearPass Policy Manager is also designed to secure IT resources using role-based access policies, continuous attack response and centralized user and device authentication. 
• Unified Threat Management for SD WAN: Offers Edge and cloud-based security controls for improved performance and lowered costs for cloud and broadband connections. 
• Device Discovery and Profiling: ClearPass Device Insight offers visibility into unidentified and unmanaged devices accessing a client’s network. 
• Policy Enforcement Firewall (PEF): Aruba offer clients their next generation role-based user, device and application PEF. This offers users automated Dynamic Segmentation functionality in ant Aruba environment for wired and wireless access security. 
• Aruba Central: Aruba Central is a cloud networking solution that serves as a central management and orchestration console for Aruba ESP. The service provides visibility into branch, campus and remote office locations. The solution includes a security dashboard with threat intelligence data, IDS/IPS alerts and the capability to correlate with incident management capabilities.