Edge to Cloud Security: Harnessing NAC, SASE and ZTNA

See new Central cloud native NAC; SASE with SSE, SD-WAN & NAC; new ZTNA natively in SD-WAN Gateways. Adam Fuoss, VP of Product for EdgeConnect SD-WAN, outlined HPE Aruba Networking’s integrated SASE portfolio, comprising SSE (Security Service Edge) for cloud-based security focused on ZTNA (Zero Trust Network Access), EdgeConnect SD-WAN for connecting diverse locations, and ClearPass/NAC (Network Access Control). He highlighted the challenge of traditional ZTNA connectors, which often rely on virtual machines in data centers, leading to inefficient traffic hair-pinning when applications reside in branches. To address this, HPE Aruba Networking has integrated the SSE connector as a container directly into the EdgeConnect SD-WAN appliance, allowing users to connect to cloud security services and then directly to branch applications without backhauling traffic, significantly improving efficiency for distributed applications and remote contractors.

Mathew George, a Technical Marketing Engineer, then provided an overview of Central NAC, HPE Aruba Networking’s cloud-native NAC offering. This solution aims to simplify user and device connectivity by leveraging cloud-based identity sources like Google Workspace, Microsoft Entra, and Okta for authentication and authorization. Central NAC uses Client Insights for advanced device profiling, combining fingerprints with traffic flow information and AI/ML models for accurate classification. It integrates with third-party systems like MDM and EDR solutions to pull compliance attributes, which are then used in NAC policies. Central NAC also supports certificate-based authentication (including “Bring Your Own Certificate” with external PKI), MPSK (Multi-Pre-Shared Key) for user-based or admin-based device authentication, and various guest workflows. A key feature demonstrated was the real-time re-authentication and policy enforcement based on changes in the Identity Provider (IdP), showcasing true Zero Trust in action.

The presentation underscored HPE Aruba Networking’s commitment to a unified Zero Trust posture across their entire portfolio. The vision is for a single policy engine to enforce security from Wi-Fi and IoT devices all the way through switches, access points, gateways, and the SSE cloud. This includes multi-vendor support, allowing for VLAN enforcement on third-party switches like Cisco. While Central NAC streamlines simpler use cases, ClearPass continues to address more complex, on-premise requirements. The overall message emphasized leveraging telemetry-based networking and AI-driven insights to enhance security, improve endpoint experiences, and provide engineers with the necessary data to maintain optimal network performance, ultimately enabling a truly integrated security and networking approach from edge to cloud.