Aruba Extends Grid to Interior Security

By Ed Sutherland

November 15, 2004

The switch vendor's wireless grid will tackle perimeter defenses with help from network security companies.

Aruba Wireless Networks today unveiled an extension of its wireless grid concept, this time reaching into the inner sanctum of enterprises to cure crumbling security.

"The entire perimeter is disintegrating," claims Jon Green, Aruba's director of technical marketing. Traditional perimeter security is founded on the belief that threats come from the outside. Just as intruders could burrow under castle walls, Aruba claims simple firewalls aren't enough in increasingly mobile enterprises. The core of corporate networks – so-called interior security – is now under attack.

"Like the Internet, interior corporate networks have become untrusted due to sophisticated new threats that bypass perimeter firewalls," according to the Sunnyvale, Calif.-based switch maker.

"When perimeters were built, mobility wasn't around," says Green.

Along with bolstering the interior security of enterprise networks, Aruba's announcement is aimed at reducing the duplication of security services throughout far-flung deployments. An agreement with security firms Fortinet and Sygate aims to reduce costs.

"This eliminates having to distribute discrete security products in every wiring closet, causing massive disruption, network complexity and added operational and capital cost," according to the company.

At the heart of the wireless grid is Aruba's grid controller. The company's Grid Controller 6000 updates the Aruba 5000 WLAN switch for use in a grid environment. The new grid controller provides centralized authentication, encryption and policy enforcement.

The Aruba Grid Controller 6000 series comes with a two-port Ethernet card and is capable of encrypting up to 3.6 Gbps of traffic. The 6100 grid controller can support up to 7.1 gigabits of traffic, and comes equipped with two Ethernet cards and two supervisor modules.

Customers using Aruba's 5000 WLAN switch can upgrade to the 6000 grid controller series by hot-swapping the switch's supervisor modules.

The grid controller 6000 series includes the grid service interface (GSI) that can redirect network traffic such as Web pages or e-mail attachments to network-based virus-scanning applications. The GSI also works with endpoint remediation services to quarantine devices infected with viruses or worms, requiring the devices to get rid of the security problems before being allowed back on the network.

As part of the centralized security role, Aruba announced the integration of Fortinet's FortiGate anti-virus firewall along with Sygate's endpoint security product.

"To solve our information assurance and security problems today, we need to buy a lot of expensive boxes, embed them all over the network, and spend hours trying to manage them," said Dr. Hank Dardy, chief scientist at the Naval Research Laboratory in Washington, DC.

"It takes only a single infected laptop plugging into a network port to threaten enterprise-wide operations," said Don LeBeau, president and CEO of Aruba.

"Instead of trying to plug every hole at the edge, enterprises can now direct all traffic at every point in the network to a security core or clearinghouse, thereby providing a much more efficient and cost-effective way to deploy and scale network security," said Ken Xie, founder, president and CEO of Fortinet.

While today's announcement focuses on Fortinet, Green says, "We are not locking people into Fortinet," and that enterprises can integrate other third-party systems.

Along with the grid controller, Aruba introduced the company's new Aruba 2E grid point. Acting as a "security checkpoint," the grid point funnels network traffic back to the grid controller. The grid point operates across existing Ethernet or Internet networks. The new grid point takes advantage of the power over Ethernet standard to make placement more flexible.

Aruba, known primarily for its work with wireless switches, was "dragged kicking and screaming" by its customers into supporting wired networks, according to Green. While working on the wireless side of enterprise networks, Aruba discovered that wireless networks were actually more secure than their wired counterparts, he says.

The grid controller and grid point will be available in the first quarter of 2005, according to Aruba. No pricing is available.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.