Overview of Aruba IDPS

Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on live updated rules. These actions include alerting based on and blocking traffic flows. Aruba IDPS has the capability to inspect data packets that enter the network and act quickly to prevent threats in real time. All identified threats are logged for correlation and analysis.

Why Aruba IDPS?

In today's network environments, which are much larger and more complex than those in the past, applications and connections are vulnerable. In order to address these challenges, Aruba introduces IDPS that adds an additional layer of security that focuses on users, applications and network connections, integrated with your existing Aruba SD-Branch, WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance., or ArubaOS 10 ArubaOS 10 (AOS 10) is the distributed network operating system working with Aruba Central that controls Aruba Access Points (APs) and optional gateways. solution. Aruba IDPS proactively prevents and protects the network from intrusions. This is a policy-driven intrusion prevention technology that operates efficiently with minimal manual intervention. IDPS protects the network from real-time attacks with an additional advanced security dashboard that provides Security Analysts with everything they need to manage an end-to-end zero trust, edge-to-cloud environment providing network-wide visibility, multi-dimensional threat metrics, threat intelligence data, correlation, and incident management.

Key Features and Benefits

The following are some of the key features and benefits of Aruba IDPS:

How does Aruba IDPS Work?

Aruba leverages an open source IDPS engine which is integrated as a Virtual Network Function (VNF) with the SD-Branch Gateway and VPNC gateways. This engine detects and prevents intrusion based on rules set by the user.

The following process describes the Aruba IDPS workflow to detect and prevent intrusions:

  • Download Threat Rulesets—Aruba IDPS downloads threat rulesets from the cloud repository.
  • Enable Aruba IDPS—Enable IDPS and configure an IDPS policy in Aruba Central.
  • Stream Realtime Events—The events are streamed real-time based on preset event category.
  • Enrich EventsAruba IDPS enriches events with host, application, and location details.
  • Send Alerts and Block Traffic—Sends alerts and notifications if IDS is selected and blocks traffic if IPS is selected as the mode of inspection.
  • Monitor Threats—Monitor and move threats to the Allow List in the IDPS dashboard in Aruba Central.
  • Share Threat Data—The threat data recorded in Aruba Central is shared with the SIEM server and the supported third-party integrations through Central Alert framework, if configured.

Figure 1  Aruba IDPS Architecture Diagram