HPE SD-WAN Gateways & Advanced Services

Explore how the HPE secure SD-WAN portfolio helps protect branch locations against cyberthreats while embracing the flexibility of cloud-first architectures. Discover how the new HPE Networking Application Intelligence Engine (AppEngine), strengthens security with real-time defense, leveraging aggregated application security insights such as risk, reputation, vulnerability, and compliance.

In this session, HPE introduced its newly combined SD-WAN portfolio, which includes Aruba SD-Branch, EdgeConnect (formerly Silverpeak), and the Juniper Session Smart Router. The presentation focused on a key security challenge in branch networks: the lateral movement of threats once a bad actor gains entry. Presenters argued that while identity-based segmentation was an improvement over static VLANs, it is insufficient without a deep understanding of the applications traversing the network. To address this gap, HPE unveiled its Application Intelligence Engine (AppEngine), a new service running within the Aruba Central management platform. The engine’s primary goal is to provide a comprehensive application posture, enabling more effective dynamic segmentation to protect against internal threats.

The AppEngine works by ingesting, correlating, and normalizing application data from multiple sources, such as deep packet inspection (DPI) and URL filtering, into a single, unified application catalog. This process creates a rich, contextual profile for each application, complete with security scores, known vulnerabilities, compliance data, and encryption details. From the central dashboard, an administrator can define global, role-based security policies based on this application intelligence. The AppEngine then automatically distributes the appropriate signatures and policies to the relevant enforcement points, like gateways or access points. The demonstration showcased an administrator identifying high-risk applications and creating a policy to block them for specific user roles during business hours, all without touching individual device configurations. Currently, this functionality is available for the SD-Branch solution managed by Aruba Central, with plans to extend its capabilities across the broader portfolio in the future.