Dynamic Segmentation

What is Dynamic Segmentation?

Businesses are accelerating their digital transformation initiatives to deliver new user experiences, support hybrid work, implement new business models, and achieve greater IT efficiency. This gives rise to increasingly complex, globally distributed networks with unique visibility and security challenges that are driving adoption of Zero Trust and SASE network security frameworks. Organizations need to segment traffic more efficiently, control access to sensitive applications, and ensure data privacy.

In addition, IT needs more visibility and control of endpoint clients that are on their network. The reality is that most IT managers simply aren’t aware of all the devices connected to the network—and with the growing adoption of IoT and hybrid work, this problem is only going to get worse. IT needs visibility into what clients are on their network to effectively segment traffic and control access in real-time.

HPE Aruba Networking Dynamic Segmentation is the one solution that simplifies the adoption of Zero Trust and SASE architectures at global scale, regardless of the size and complexity of the network.

• Enhanced endpoint visibility: Discovering, profiling, and monitoring devices on the network is a critical component of Dynamic Segmentation. AI-powered Client Insights on HPE Aruba Networking Central is agentless and leverages native infrastructure telemetry from access points, switches, and gateways to identify and accurately profile a wide variety of clients with ML-based classification models.
• Cloud-based management and automation of authorization and access control: Leverage intent-based, easy-to-use workflows for policy definition and network configuration with Central NetConductor. Ease security operations and simplify the creation of overlays with push-button automation, automatic updates, and continuously enforced policy.
• Global policy enforcement without performance compromise: Group policy identifiers (GPIDs) allow the network to carry access control information via the traffic for inline policy enforcement by fabric-capable switches and gateways, enabling optimal security and performance.
• Flexibility of adoption: Organizations currently using centralized policy enforcement approaches for Dynamic Segmentation can continue with that approach and adopt over time a distributed approach in which enforcement is done by access devices, without rip and replace of existing infrastructure.