Cloud-delivered secure web gateways (SWGs) and firewalls-as-a-service (FWaaS) are well-known components of SASE.
Many enterprises are deploying SWG and FWaaS solutions to protect users, applications, and even unmanaged endpoints such as OT and IoT devices from malware attacks and internet-based security attacks.
While traditional cloud-based security solutions rely solely on forwarding all traffic to the cloud for inspection, integrated SASE solutions offer a hybrid approach that leverages localized inspection and enforcement on-premises, at the right place and time.
A hybrid solution that combines locally installed secure SD-WAN and integrated cybersecurity capabilities with cloud-delivered SWG and FWaaS delivers the best of both worlds: minimizing latency and delivering an optimal user experience for all traffic.
Providing comprehensive on-premise branch security with secure SD-WAN.
In today's SASE environments, securing connections to users and applications, wherever they are, is paramount.
Endpoints and users at sites where SD-WAN gateways are deployed must be protected from a variety of cyber threats, regardless of their destination: the internet, systems within other branch offices, private apps, or business-critical cloud SaaS applications.
Enterprises can no longer rely on legacy models because employees and applications are no longer confined to the company, but are distributed across hybrid cloud environments, including external environments, remote locations, and cloud environments. The legacy model of backhauling traffic to the corporate data center and relying on a centralized firewall is inefficient.
Conversely, deploying standalone firewalls at every branch and edge site to enforce separate policies is also impractical, as it would require a significant increase in hardware and increase the complexity and cost of managing all remote firewall devices.
A better approach to implementing network security at scale is to use a secure SD-WAN solution that integrates advanced SD-WAN capabilities with comprehensive cybersecurity solutions into a single, integrated platform that can be scaled at scale to ensure consistent application and security policies across the enterprise.
The HPE Aruba Networking EdgeConnect SD-WAN platform is a certified secure SD-WAN solution that delivers all the key capabilities of a UTM, including L3-L7 awareness, zero-trust role-based and context-aware segmentation, DDoS protection and visualization, IDS/IPS, and web/URL, IP content, and reputation filtering.
All of this is managed consistently through the HPE Aruba Networking SD-WAN Orchestrator. By integrating robust branch security capabilities with SD-WAN, enterprises can simplify their branch architecture while reducing complexity and manage an integrated solution from a single pane of glass.
Integrated Cloud-Provided Security Service Edge (SSE)
Another key component of SASE is the Security Service Edge (SSE).
HPE Aruba Networking SSE delivers all elements of SSE—ZTNA, SWG, CASB, DLP, FWaaS, and Digital Experience Monitoring—in a fully integrated, modern, cloud-delivered platform available globally, ensuring secure access to all business resources.
The SSE platform provides single-pane-of-glass visibility and control across all security policies, making it easy to protect all endpoint types—from hybrid workforces to unmanaged devices like servers and IoT/OT—from malware and data breaches.
To protect unmanaged devices such as IoT/OT and servers at physical sites from advanced Internet threats, enterprises can leverage HPE Aruba Networking's SASE SWG bandwidth service to securely transport and protect aggregated traffic from all locations.
It protects your site from malicious websites and applications and includes a variety of cloud-delivered features, including dynamic threat protection, URL/IP classification and filtering, data loss prevention, and DNS filtering.
When deployed with EdgeConnect SD-WAN, this joint solution provides an easy-to-deploy, streamlined experience, delivering location-based SWG services with fully automated, end-to-end configuration via the EdgeConnect SD-WAN Orchestrator.
Additionally, for enterprises looking to further advance their journey toward unified SASE, additional SSE capabilities, including ZTNA and CASB capabilities, can be seamlessly added.
Hybrid Security: Combining the Best of Both Worlds
EdgeConnect Cybersecurity features built into the SD-WAN platformand HPE Aruba Networking Cybersecurity capabilities provided through SSEThis allows businesses to take advantage of both.
That is, network security policy decisions for EW traffic within or between sites can be made locally.
For NS site traffic destined for the Internet or cloud, it leverages logically centralized, cloud-native SWG capabilities to protect endpoints from Internet-based threats while delivering high performance and elastic cloud scalability to meet diverse needs as needed.
Additionally, you can apply additional cloud-delivered security features as your security requirements evolve.
For SASE administrators, deploying hybrid solutions and coordinating policies around local and cloud delivery enforcement is automated.
Pre-built, integrated application policies are tailored to optimize traffic shaping decisions, determining which traffic types to inspect locally or forward to the SSE cloud for inspection.
By distributing the load between distributed edge locations and cloud-hosted security stacks, enterprises can more cost-effectively leverage on-premises gateway solution resources to deliver other SASE capabilities while mitigating latency to optimize performance and improve the overall user experience.
The conclusion is...
The availability of a cloud-native SWG that can be deployed alongside the native security capabilities of EdgeConnect SD-WAN combines the benefits of distributed or centralized security enforcement, delivering a new level of hybrid protection and enforcement.
By combining the SWG security capabilities of HPE Aruba Networking SSE with the native network, role, and application-aware firewall and threat detection and prevention capabilities of EdgeConnect SD-WAN, customers can confidently replace their existing branch firewalls and benefit from a hybrid threat protection solution that combines optimal user experience with scalable, cloud-delivered security.
