Securing networks for the hybrid cloud is now more crucial than ever. That’s why HPE Aruba is placing an emphasis on security and aims to offer a universal security policy across all connection methods.

“We have always prospered in the intersection of networking and security,” Larry Lunetta, VP of portfolio solutions marketing at HPE Aruba. “We are now very aggressively doubling down on the security side of our business.”

“And what we're going to be offering is a single security policy enforced, no matter how you connect and where you go,” he added.

Aruba Networks plans to continue investing in its existing on-premises network security services, such as the policy management platform ClearPass and dynamic segmentations, while adapting to hybrid-cloud environments. Lunetta emphasized the need for consistent security policies.

“You don't want to have to redo your security policies every time the workload moves, and that's the value of the single policy,” he said. For example, “GenAI [generative artificial intelligence (AI)] may be built and trained in the cloud, but it's probably going to get deployed in various places on-prem for inference. So that's a perfect example of where you want to have the same policies, no matter where the workload is operating.”

The vendor’s networking market growth vision involves expanding Aruba's wired and wireless business, data center networking, and private 5G services based on its recent Athonet acquisition.

“But the common denominator for all of those is security,” Lunetta said. “We can be a great source for security information and event management systems. And it's not that we will just raise an alert, we'll give you the best context because we see the traffic all the way down to the Packet level.”

As networking and security continue to converge, “that's where a single policy and a single set of controls becomes very powerful,” he said, adding Aruba’s edge in this trend is “we build security into the infrastructure, not bolted on trying to sell you a bunch of different boxes.”

One of the ways Aruba delivers on this vision is through its secure access service edge (SASE) offerings.

The vendor’s portfolio is based on its SD-WAN platform, which it acquired for $925 million from Silver Peak. It integrates with almost all of the major security services edge (SSE) vendors for SASE, including Palo Alto Networks, Cloudflare, Netskope, Zscaler and Check Point.

Riding on the vendor consolidation trend, HPE acquired Axis Security to offer a unified SASE solution where SD-WAN and SSE are tightly integrated into a single technology stack. The acquisition enables Aruba to offer a “plug and play” disaggregated SASE approach, allowing Enterprise customers to choose whether they procure their networking and security stacks from separate vendors or from Aruba alone, Aruba Chief Security Officer Jon Green said in an earlier interview with SDxCentral.

Axis Security provides a cloud-native SSE platform, Atmos, which delivers authenticated user access to private applications at the network edge, a secure web gateway (SWG) to safeguard user access to the Internet, and a Cloud Access Security Broker that provides secure in-line access to Software-as-a-Service apps, and digital experience monitoring (DEM) to provide insights into the user experience.

“We need to replicate the kind of control and identity-based access that ClearPass provided for us. And that's why we bought Axis,” Lunetta said. “So this is a  deliberate strategy of being the dominant player in the intersection between security and networking. And it's not only dominating it, [but] it’s expanding the overlap.”

Despite still being in the early stage of the Axis Security integration, Aruba has already seen an increase in larger SASE deals. “We're seeing more seven-figure deals than we've ever seen for this solution because we just touch more customers. They're more at-bats for us,” he touted.

To enhance its SASE and SSE portfolio, Aruba and Axis Security unveiled the local deployment capabilities for its zero-trust network access (ZTNA) solution at the Black Hat USA 2023 event.

The idea is to extend granular policy-based ZTNA controls that protect cloud applications to all workloads without requiring an on-premises user to “hairpin” traffic to the cloud when accessing data centers and private cloud resources.

“When we designed Axis, we knew that we wanted to fully get rid of the VPN and VDI. The only way to do that was to support all ports and protocols,” said Chris Hines, VP of strategy at Axis Security.

The ZTNA local deployment also extends the brokering capability on-premises as well, he added. “If I'm a local user, trying to get access to an Application that is also local, it probably doesn't make logical sense to go out to the Internet nurse to be brokered. I want to do it locally on the network. So the local edge provides a much faster end-user experience.”

The local edge also better supports hybrid and global workforces. “Local edge allows for business continuity because even if the Internet connection goes down, we will still continue to broker their connection, a specific user with a specific Application. But once the Internet connectivity is reestablished, the local edge will pull down any new policies,” Hines said.

“If people are working from home or an Airbnb or grandma's house, for example, and they come into the office, there's only one policy that ever manages that,” he added.

When paired with Aruba’s ClearPass Network Access Control, this ZTNA solution is designed to ensure that users, devices, applications and data, along with IoT devices, remain under the zero-trust access control policies, the vendor claims.