Aruba Dynamic Segmentation
Identity-based Access Control for Zero Trust and SASE security from edge-to-cloud at global scale
Aruba Dynamic Segmentation
Built-in identity-based access control to automatically apply consistent policies for Zero Trust and SASE security from edge-to-cloud.
Read the overview
What is Dynamic Segmentation?
Dynamic Segmentation establishes least privilege access to IT resources by segmenting traffic based on roles and associated access permissions. This is a fundamental concept of both Zero Trust and SASE frameworks where trust is based on identity and policies, rather than where and how a user or device connects.
A role is a logical grouping of permissions. Permissions can include applications and services that can be accessed, users and devices that can be reached, or even days of the week a particular user can connect to the network.
Because roles and policies define access and segmentation, Dynamic Segmentation eliminates the need to manually configure SSIDs, ACLs, subnets, and port-based controls. This reduces complex network segmentation, sprawling VLANs, and costly administrative functions.
Dynamic Segmentation utilizes policy-based access control across wired, wireless, and WAN infrastructure, ensuring that users and devices can only communicate with destinations consistent with their access permissions— foundational for Zero Trust and SASE frameworks.
Security challenges impeding digital acceleration?
As users become more decentralized and IoT devices flood the network, attacks are more sophisticated and present unique security challenges:
With IoT everywhere, limited visibility and inaccurate fingerprinting leads to network blind spots.
Manual, VLAN-based approaches to segment and enforce access control policies are resource-intensive and do not scale as your network grows.
Adoption of new network topologies like VXLAN and cloud for greater scale often involves extensive rip-and-replace.
Secure your network with Aruba Dynamic Segmentation
There’s a better way to simplify and secure your network with access policies that do not depend on how a user or device is connected.
Dynamic Segmentation establishes least privilege access to applications and data by segmenting traffic based on identity and associated access permissions. This is a fundamental concept of both Zero Trust and SASE frameworks.
Read at a glance
Aruba Central NetConductor offers cloud-native network security services that enable global policy management and automated network configuration with business-intent workflows. It uses an intelligent EVPN/VXLAN overlay to facilitate distributed Dynamic Segmentation at global scale with policies that are enforced inline and continuously monitored.
Read the overview
Dynamic Segmentation offers a choice of two enforcement models – centralized and distributed, that can co-exist and be flexibly adopted. Centralized Dynamic Segmentation uses GRE tunnel-based overlays and is enabled by Aruba Policy Enforcement Firewall that runs natively on Aruba infrastructure, along with ClearPass Policy Manager.
Read the PEF tech brief
Go beyond traditional identification and profiling techniques with Client Insights on Aruba Central. Client Insights is an agentless solution that uses native infrastructure telemetry and machine learning to detect and profile every connected client so you can assign appropriate policies.
Learn more
