About the Author
Karan Singh Dagar是惠普(Hewlett Packard)企业公司Aruba的产品营销经理。Karan具有广泛的计算机网络和云背景,并负责推动产品营销,...
全文
In today’s cloud-first world, the WAN and network security are more intertwined than ever before. To realize the full promise of digital transformation, work from anywhere, and the Secure Access Service Edge (SASE) model, enterprises must transform both their WAN and security architectures to support business applications hosted and accessed from anywhere, by anyone authorized to access them, and from any device.
零信任:通过应用程序,用户/设备身份和基于角色的上下文来确保优势
随着云应用程序,移动设备,远程工人和物联网连接设备的增加,企业必须基于业务意图对其安全策略进行调整,同时还要努力保持一致性。阿鲁巴ClearPass与Aruba EdgeConnect SD-WAN EDGE平台集成,并通过用户和设备身份和角色信息增加应用程序智能。基于其他身份的上下文可以实现细粒度的细分和一致的安全策略执行,可以从边缘到云进行网络范围内强制执行,同时还可以加速故障排除和解决问题。
IoT is a use case for Zero Trust segmentation since these devices don't allow third-party VPN or ZTNA software clients to run on them. Because of this, a SASE architecture doesn't fully address the security challenges posed by the IoT devices in the enterprise network. With the combination of Aruba ClearPass and EdgeConnect, customers can segment IoT device traffic at the network edge and isolate it from other traffic in the network. This new layer of context enables fine-grained segmentation without the complexity of managing multiple VLANs. For instance, a fine-grained segmentation policy can prevent IoT security cameras from accessing credit card transactions or HVAC systems. Zero trust segmentation helps enterprises isolate potential security threats by device type, role, and application while helping them meet industry compliance requirements such as PCI, HIPAA, and SOX.
Comprehensive Edge-to-Cloud Security
今天,Sase正在成为描述网络和安全服务收敛性的事实模型。SASE是一个云领先的框架,概述了管理分布式企业网络的网络和安全功能。
WAN Edge Network Functions:这包括高级SD-WAN,路由,分支防火墙,细分,网络和应用程序可见性,WAN优化。
Cloud Security Functions:这包括云传递的安全服务,例如FWAA,CASB,ZTNA,SWG,浏览器隔离,DLP,沙盒,DNS安全性等。
当客户着眼于部署SASE体系结构时,这取决于单个供应商还是多供应商解决方案将满足业务的要求。多供应商SASE不仅为今天,而且在未来很多年内为客户提供自由和灵活性,以提供自由和灵活性。与单个供应商合作可能会在同一屋顶下提供更多功能,但这也意味着您承诺要向单个供应商及其路线图做出更高的长期成本。
Aruba EdgeConnect SD-Wan Edge平台使企业能够从Internet上的分支网站智能地牢固地策划云的交通。另外,它支持微分割能力和颗粒状安全政策执法,使企业能够确保其WAN,遵守合规任务并防止安全违规。
自动化Orchestration for Seamless Multi-vendor SASE Deployments
具有应用程序和身份感知的Aruba EdgeConnect的行业领先,云交付的安全服务的自动编排提供了强大的SASE解决方案,而不会损害网络功能或安全功能。实施将云安全性与高级SD-WAN相结合的SASE体系结构消除了管理多个本地下一代防火墙的成本和复杂性。
具有统一威胁管理(IDP)的基于EdgeConnect区域的国家防火墙可保护分支机构免受任何传入的恶意威胁。Aruba威胁防御与Aruba EdgeConnect SD-WAN边缘平台的集成将高级入侵检测和预防(IDPS)功能扩展到SD-WAN织物。EdgeConnect的物理和虚拟实例都利用Aruba威胁基础架构和Aruba Central的威胁供应,使企业能够从分支机构办公室提供东西方的横向安全和安全的Internet突破。威胁日志记录将网络和安全分析返回到Aruba Central或第三方SIEM,例如Splunk,以提供全面的边缘到云的UTM功能。
随着威胁格局的不断发展,企业必须保持敏捷的能力,以迅速和成本效益地采用新的安全解决方案。他们应该评估避免供应商锁定的平台,并提供选择自由,以整合现在和将来的最佳云安全服务。
这阿鲁巴EdgeConnect SD-WAN edge platformis a crucial foundational pillar of a best-of-breed SASE architecture that not only avoids being locked into proprietary single-vendor solutions or settling for basic SD-WAN features and capabilities but also supports essential branch security functions such as Zero Trust segmentation with ClearPass, unified threat management with built-in IDPS, and consistent end-to-end security policy enforcement spanning the LAN, WAN, data center, and the cloud.
有关更多详细信息,请阅读Aruba EdgeConnect分割解决方案简介。
Related Resources
