Aruba Networks Reins In The Security Risks Of Mobile Devices

Aruba Networks most recent announcement regarding NAC interoperabilityverification and a product announcement repeat a common anthem of thisvendor's emphasis on security.

The three major NAC groups are Cisco, Microsoft NAP, and the TrustedComputing Group (TCG); the first two are clearly vendor driven, while thelast is standards-based and enjoys broader industry support. Unable todrive a standard of its own, Aruba has not hitched itself to any singlegroup, but has verified NAC interoperability with three technology industryheavyweights: Cisco, Juniper, and Microsoft. Working with network equipmentmarket share leader Cisco is almost a de facto requirement, and Microsoft isAruba's largest customer, if not most significant. This shouldn't beconsidered Aruba's first fore into NAC: they have partnerships withBradford, FireEye, Fortinet, InfoExpress, Snort, and as well as Symantec(via Sygate, though this is end-of-sale).

In addition to their partnerships, Aruba has also announced a new appliancefor "targeted industries". To date Aruba has built most of the products itsells, preferring to partner where necessary. Ash Chowdappa, director ofmobility management system, stated in a briefing, that Aruba will wait untilthe NAC market shakes out before considering to develop somethinginternally. This time around Aruba OEMed their Aruba Endpoint ComplianceSystem (ECS) appliance from a vendor that has significant success in thehigher education market. According to Chowdappa, higher education isAruba's number one vertical, and they expect ECS to gain traction inhealthcare and hospitality, markets where there are significant numbers ofguest users. Aruba makes the point that many NAC vendors are targetedtoward managed devices such as desktops and laptops, while ECS is able todeal with unmanaged and transient devices such as Vo-Fi phones, and theoccasional Sony Wii, that may not be able to run an agent. For devices inthis latter group Aruba's ECS can work in tandem with their mobilitycontroller to implement more restrictive traffic policies leveraging Aruba'sstateful firewall. And this appliance isn't restricted to just wirelessproducts, as the appliance can take trunked wired traffic, such as guestVLANs, and enforce policy on those, too.

Aruba is making the right moves in offering its customers multiple NACoptions resulting in great stickiness for their core wireless LAN products.One of the challenges that Aruba faces is that organizations may look firstto their wired networking equipment vendor for a NAC product, giving Cisco anatural leg up. Aruba appears to have chosen to OEM a mature product thatintegrates with systems in both mediums, and with eventual implementation of802.11n, may take a larger and larger portion of IT's mindshare andnetworking budget.