The latest moves by HPE Aruba Networking are aimed at bolstering coordination among security and networking teams to more effectively protect access to enterprise resources. At RSA Conference 2025, the vendor announced a variety of updates, including a new policy manager for network access control (NAC), tighter integration between Aruba Networking Central and HPE OpsRamp, and new security components for its SD-WAN and SSE packages.
“The network is increasingly looked at by both the networking team and the security team as a security system, and we continue to build coverage into the network in support of the rest of the security ecosystem,” said Larry Lunetta, vice president of AI, security and networking product marketing at HPE.
HPE Aruba has a security platform, an AI platform and a network services platform, and it’s all integrated within HPE GreenLake, “which we think is a unique capability that we offer compared to other networking vendors,” Lunetta said.
Enhanced policy manager and OpsRamp integration
HPE Aruba is expanding its NAC capabilities via a new policy manager called HPE Aruba Networking Central Network Access Control in its flagship network management platform. It enables precise access policies — such as application-to-role, role-to-subnet, and role-to-role — across the entire network and enforces more detailed policies from the edge to the cloud, Lunetta said. Access functionality is now woven into the network workflow. When a new switch or gateway comes online, the predefined policies for users, devices, and applications are automatically implemented on that device; no manual CLI commands or additional steps are required from the network administrator, Lunetta said.
The new policy manager is basically the next generation of the company’s ClearPass NAC system, he said.
“ClearPass is still there, and it’s still an important part of the portfolio,” Lunetta said. But the new features are cloud-based policy tools that extend zero-trust principles across the platform and look at every user, device and application as untrusted until authenticated, he said. Customers can propagate policies across the entire network infrastructure for consistent enforcement from edge to cloud.
In addition, HPE Aruba tightened the integration between HPE Aruba Networking Central and HPE OpsRamp, the technology HPE bought in 2023 to manage hybrid and multicloud environments. OpsRamp monitors elements such as third-party switches, access points, firewalls, and routers. Tighter integration expands the ability to natively monitor third-party devices from vendors such as Cisco, Arista, and Juniper Networks. In addition, new application profiling, classification, and risk assessment abilities in HPE Aruba Networking Central will allow enterprises to establish application access policies based on risk preferences, the vendor says.
EdgeConnect SD-WAN and SSE updates
The vendor is also adding distributed denial of service (DDoS) protection to its EdgeConnect SD-WAN appliances.
“We’re leveraging machine learning-based behavioral analytics to establish traffic baselines and automatically detect anomalies that could indicate a DDoS attack,” Lunetta said. “When a potential DDoS attack is detected, we offer a range of remediation options directly within the SD-WAN appliance – reducing bandwidth for the affected connection or blocking it entirely,” Lunetta said. The idea is to build a layer of intelligent self-defense directly into the network’s edge.
In addition, the vendor’s zero-trust-based Private Edge offering is now available within HPE Aruba Networking EdgeConnect SD-WAN and can be activated with an HPE Aruba Networking SSE ZTNA license with no additional fees or additional setup by operators, the company stated. With ZTNA Private Edge, organizations can implement zero-trust policies locally, mirroring those defined in the cloud, providing consistent secure access to resources, the company stated.
The company also added high-availability mesh support to its SSE offering. Mesh connectivity routes traffic via the most expedient path possible, providing secure alternative data paths and automatic failure handling to reduce downtime and securely connect devices without requiring intervention from enterprise IT departments, the company stated.
HPE GreenLake capabilities
Related to cloud security, Lunetta said the company added a digital circuit breaker or “kill switch” to its HPE Private Cloud Enterprise managed package to temporarily disconnect from the public internet when network threats are detected and isolate critical data, operations, and infrastructure.
“If a security threat is detected in the cloud, the security team can break the connection between the cloud and the on-premise infrastructure until they resolve that threat,” he said. The workloads and infrastructure behind the break continue to operate until a connection is reestablished with the cloud, Lunetta said.
In addition, HPE Private Cloud Enterprise can now be run as an air-gapped system on-prem without connecting to an external network, Lunetta said. “Unlike public cloud offerings, HPE Private Cloud Enterprise with air-gapped management is delivered by HPE security-cleared personnel and offers the ability to operate air-gapped in perpetuity without validation to an external cloud platform,” the vendor stated.
Source:: Network World