Hewlett Packard Enterprise Co. today is expanding its security portfolio across its Aruba Networking and GreenLake cloud families, aiming to close gaps in zero-trust network access and private-cloud protection for regulated industries and multinational enterprises.

Today’s announcements include new policy-based controls in Aruba Networking Central, updates to EdgeConnect software-defined wide-area network, a high-availability mesh for the company’s security service edge platform, threat-adaptive safeguards for HPE Private Cloud Enterprise, and a set of advisory services focused on sovereign-cloud and AI security.

The updates reflect a strategy of embedding layered security controls throughout HPE’s networking and hybrid cloud stack rather than selling them as stand-alone add-ons. By extending zero-trust principles into access control, SD-WAN, secure access service edge and private cloud management, HPE is positioning its portfolio against rivals offering consolidated security frameworks tied to edge and cloud consumption models. Although the company did not disclose pricing, most features will be delivered as cloud subscriptions through HPE GreenLake or as software licenses bundled with existing networking contracts.

Aruba Networking Central Network Access Control is getting cloud-based policy tools that treat every user, device and application as untrusted until authenticated, a strategy called zero-trust network access. The precision policy manager allows granular rules — such as application-to-role, role-to-subnet and role-to-role – to be enforced consistently from the access layer to the data center. The NAC service augments existing intrusion detection, intrusion prevention, micro-segmentation and observability features already in Central NAC.

AI protection

“You can state that a data scientist can access only certain models,” said Larry Lunetta, vice president of artificial intelligence, security and networking product marketing. “We’ve made the ability to protect AI much more granular so if someone is infected the blast radius is greatly reduced.”

Integration with HPE’s OpsRamp operations management platform has been tightened to extend monitoring to third-party switches and routers from vendors such as Cisco Systems Inc., Arista Networks Inc. and Juniper Networks Inc.. New application-profiling, classification and risk-assessment functions let administrators create access rules based on software behavior rather than static attributes.

“The network is becoming a security solution,” Lunetta said. “It includes SSE, ZTNA and network access control. We also embedded firewalling, intrusion detection and intrusion prevention as part of the network, which means that the security team can look to us to provide functions that typically have been add-ons.”

On the SD-WAN front, Aruba Networking EdgeConnect is getting additional SASE hooks into HPE’s SSE portfolio, plus an adaptive distributed-denial-of-service defense feature that uses machine-learning models to dynamically adjust mitigation thresholds. Every ZTNA purchase is now bundled with a complimentary license for Aruba Networking Private Edge.

HPE also added a mesh architecture to the SSE platform that automatically selects the fastest path across the company’s global points of presence. The design is intended to minimize downtime by automatically rerouting traffic if a link fails.

Offline private cloud options

Enhancements to HPE’s private cloud offerings are aimed at strengthening security and enhancing compliance for organizations that are subject to data sovereignty restrictions. Data sovereignty requires that digital information be governed by the laws and regulatory frameworks of the country or jurisdiction in which the data are created or physically stored.

A new “digital circuit breaker” feature can instantly disconnect workloads from the GreenLake cloud when suspicious traffic is detected and reconnect once the risk subsides. The capability is primarily aimed at financial services customers who need to meet the requirements of the European Digital Operational Resilience Act.

“If a customer detects a ransomware attack or breach and wants to sever the connection, we give them a software-defined method to declare an emergency, break the connection to the external GreenLake cloud and go into offline mode,” said Rajeev Bhadwaj, chief product officer for GreenLake Private Cloud. “We also give them runbooks to continue running on premises.”

For organizations that must keep control-plane traffic entirely onsite, HPE is making air-gapped cloud management generally available. Deployed by security-cleared HPE personnel, the option allows private- and sovereign-cloud operators to manage infrastructure without external network dependency. Any activity that occurs while the private cloud is disconnected is synchronized with the GreenLake cloud upon reconnection.

“We make sure there’s no dependency on external clouds,” Bhadwaj said. “We bring all capabilities that are resident on an external cloud, such as access control, logging and metering, on prem. There is no connectivity at all.”

HPE is also introducing two related advisory practices. The first helps customers integrate sovereign-cloud security controls into enterprise risk frameworks to ensure alignment with local regulations. The second targets companies adopting artificial intelligence, offering help with governance, risk and compliance programs and guidance on building detection workflows for AI-enabled attacks.

Photo: Wikipedia