spainter_vfx - stock.adobe.com

Aruba SD-Branch gets intrusion detection, prevention software

The latest update of the Aruba SD-Branch includes intrusion detection and prevention software built into the product's gateway appliance.

Wireless LAN vendor Aruba has strengthened security in its software-defined branch product by adding intrusion detection and prevention software. The vendor is aiming the latest technology at retailers, hotels and healthcare organizations with hundreds of locations.

Aruba, a Hewlett Packard Enterprise company, also introduced this week an Aruba SD-Branch gateway appliance with a built-in Long Term Evolution (LTE) interface. Companies often use LTE cellular as a backup when other links are temporarily unavailable.

The latest iteration of Aruba's SD-Branch has an intrusion detection system (IDS)  that performs deep packet inspection in monitoring network traffic for malware and suspicious activity. When either is detected, the IDS alerts network managers, while the new intrusion prevention system (IPS) takes immediate action to block threats from spreading to networked devices. The IPS software takes action based on policies set in Aruba's ClearPass access control system.

Previously, Aruba security was mostly focused on letting customers set security policies that restricted network access of groups of users, devices and applications. The company also provided customers with a firewall.

"But this IDS and IPS capability takes it a step further and allows enterprises that have deployed Aruba to quickly detect and prevent unwanted traffic from entering and exiting their networks," said Brandon Butler, an analyst at IDC.

The latest features bring Aruba in line with other vendors, Butler said. In general, security is part of a "holistic" approach vendors are taking toward SD-branch.

Other features vendors are adding include WAN optimization, direct access to specific SaaS and IaaS providers, and a management console for the wired and wireless LAN. Software-defined WAN (SD-WAN) technology for traffic routing is a staple within all SD-branch offerings.

Aruba IPS
Aruba's intrusion prevention system seen through the company's Central management console.

Aruba LTE gateway

The new gateway appliance is a key component of Aruba's SD-Branch architecture. The multifunction hardware includes a firewall and an SD-WAN.

The device integrates with Aruba's ClearPass and its cloud-based Central management console. The latter oversees the SD-WAN, as well as Aruba access points, switches and routers.

The new SD-Branch gateway with an LTE interface is the latest addition to the 9000 series Aruba launched in the fourth quarter of last year. The hardware is Aruba's highest performing gateway with four 1 Gb ports and an LTE interface that delivers 600 Mbps downstream and 150 Mbps upstream.

Certification of the device by all major carriers will start this quarter, Aruba said.

Other network and security vendors providing SD-branch products include Cisco, Cradlepoint, Fortinet, Riverbed and Versa Networks. All the vendors combine internally developed technology with that of partners to deliver a comprehensive SD-Branch. Aruba, for example, has security partnerships with Zscaler, Palo Alto Networks and Check Point.

The vendors are competing for sales in a fast-growing market. Revenue from SD-branch will increase from $300 million in 2019 to $2.6 billion by 2023, according to Doyle Research.

Next Steps

Aruba product integrations advance its SASE strategy

Dig Deeper on Network infrastructure