HPE Aruba Networking, after first migrating the on-premises management environment to Aruba Central and then integrating Aruba Central into HPE GreenLake, can again fully focus on building out the functionality of the platform. Security plays an important role in this build-out. In this article, we take a closer look at what we can and should expect from HPE Aruba Networking (hereafter HPE Aruba) in this area.
HPE Aruba has clearly been working on its security offerings in recent years. Last year’s acquisition of Axis Security, a Security Service Edge (SSE) player, was a clear example. Its integration is now complete, HPE told us at the RSA Conference earlier this year. During that conference, HPE Aruba also revealed how it plans to combat AI threats with AI as well as focus on IoT with the new Secure Web Gateway capabilities in EdgeConnect.
At Black Hat in Las Vegas this week, HPE Aruba confirms its strong focus on security. It announced NDR capabilities for Aruba Central and it has an important announcement around ZTNA (both are part of the Aruba Central license, so not part of an extra add-on module or something like that). As Larry Lunetta, VP of AI, Security and Networking Product Marketing at HPE puts it to us, “the network is a security solution.” That’s what HPE Aruba wants to make abundantly clear this year. We discuss the two new announcements below and give our take on this news along the way.
HPE Aruba Networking Central gets NDR capabilities
Network Detection and Response (NDR) is an important security component for organizations. After all, the network is the one place where all traffic, including traffic from attackers, must and does cross at some point. So it’s not very surprising that HPE Aruba today announced NDR capabilities for Aruba Central. Rather, it may seem surprising that it has taken so long. On the other hand, HPE Aruba has been busy with other things in recent years, as we pointed out above. Those things had to be taken care of before further expansion could take place.
In any event, there is now a new NDR solution within the HPE Aruba platform. This solution uses AI models, which HPE Aruba trains based on telemetry from its own data lake. This is a rather common theme in the security market. According to Lunetta, using a data lake in this fashion is part of AI Networking 2.0, as he calls it. The models that HPE Aruba is creating with it should enable the timely detection of unusual activity on the network.
NDR with much emphasis on IoT
Lunetta calls the new NDR solution a classic example of NDR. That is, “we use AI to detect anomalies and make recommendations to remediate them,” he explains. However, there is a strong emphasis on IoT. IoT plays an increasingly important role within organizations, if only to fill data lakes that in turn are used to train AI models. Keeping an eye on network traffic to and from IoT devices is becoming more important as a result. Analyzing that and the connection status or other properties of IoT devices can point to a successful attack on one of those devices, and as such on the entire network.
Why does HPE Aruba only use data from its own data lake?
Lunetta returns to the proprietary data lake several times during our conversation. That, he says, is not just any data lake, but forms what he calls a “strong foundation” for HPE Aruba’s NDR capabilities. It doesn’t only contain data or telemetry based on the analysis of standard network traffic, HPE Aruba can also monitor a lot of applications, among other things. The extensive capabilities in this area give Lunetta and, by extension, HPE Aruba great confidence in the results the AI-models come up with.
We note at this point in the conversation that this does feel very closed. HPE Aruba is only using its own data lake for this new NDR service. That goes a bit against market trends. The trend there is for data lakes to also ingest telemetry from third-party sources. Lunetta says that HPE Aruba’s data lake is so well-stocked, however, that at the moment they certainly dare to enter the market with the new solution with confidence. “We see more data than companies like Darktrace can see,” he indicates. On the other hand, Darktrace uses the data it has in a somewhat different way, so that in itself may not say much about the capabilities of HPE Aruba’s NDR solution.
Mind you, it’s a piece of cake for HPE Aruba to open up the data lake to data streams from other sources. As such, Lunetta certainly does not rule that out. In fact, we expect it to happen. HPE Aruba may be able to see a lot of data, but what if it misses just that one piece of telemetry needed to repel an attack? HPE’s acquisition of Juniper will also immediately give a big jump in telemetry. Juniper’s security capabilities include next-gen firewalls, something HPE Aruba does not have. In addition, Juniper in general is already much more advanced in security than HPE Aruba. That is, at Juniper, security has been playing a leading role for much longer than at HPE Aruba.
Universal ZTNA for the local network
The second announcement HPE Aruba is making today at Black Hat has to do with ZTNA. Zero-Trust Network Access has been a much-used (some would say overused) term for years. It is part of the SSE offering already mentioned, and if you draw a somewhat wider circle also of Secure Access Service Edge (SASE). ZTNA was therefore already part of HPE Aruba’s cloud-based SSE offering. Today, the company announced that it is also bringing ZTNA to the LAN. That means extending the policies defined in the cloud to the local network.
With the addition of local ZTNA, HPE Aruba can now provide a universal ZTNA offering to organizations. It can do this with a single policy manager in Aruba Central. It reminds us more than a little bit of ClearPass, but from the cloud toward the local network, while ClearPass is and remains an on-prem solution. By the way, the local component continues to work as usual if the cloud should unexpectedly go down. With more than 100 Points of Presence (PoPs) for the SSE offering and now nearly 20 for Aruba Central, that chance is not very high. Still, it’s nice to know that employees can continue to securely access the network if central management from the cloud fails.
The network as the basis for security
HPE Aruba is increasingly adding security to its offerings. After the acquisition of Juniper, this will only play an even greater role. HPE will have to, because main rival Cisco is not sitting still in this field either. Indeed, that company is also throwing huge investments into becoming the standard security platform. Just think of the big HyperShield launch earlier this year.
That both HPE Aruba (and Juniper) and Cisco, as major networking players, are strongly committed to security, however, is definitely a good thing. As Lunetta also points out “you have to start with the network” when it comes to security. He does add, however, that HPE Aruba will stay close to itself and wants to build the network as the foundation for security. “We want to stay where we are strong,” in his words. This clearly differs from Cisco, which takes a very broad approach to the security issue. HPE Aruba’s approach may be a bit more modest, but it has the advantage of being a lot easier to execute in the marketplace. That’s also worth a lot at a time when security issues for organizations are only increasing and growing.
Also read: HPE Aruba is working on “Aruba Central Next Gen”: what is that?