Overview of Gateway IDS/IPS

Gateway IDS/IPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on live updated rules. These actions include alerting based on and blocking traffic flows. Gateway IDS/IPS has the capability to inspect data packets that enter the network and act quickly to prevent threats in real time. All identified threats are logged for correlation and analysis.

Why Gateway IDS/IPS?

In today's network environments, which are much larger and more complex than those in the past, applications and connections are vulnerable. In order to address these challenges, HPE Aruba Networking introduces IDPS that adds an additional layer of security that focuses on users, applications and network connections, integrated with your existing HPE Aruba Networking SD-Branch, WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance., or AOS-10 solution. Gateway IDS/IPS proactively prevents and protects the network from intrusions. This is a policy-driven intrusion prevention technology that operates efficiently with minimal manual intervention. IDPS protects the network from real-time attacks with an additional advanced security dashboard that provides Security Analysts with everything they need to manage an end-to-end zero trust, edge-to-cloud environment providing network-wide visibility, multi-dimensional threat metrics, threat intelligence data, correlation, and incident management.

Key Features and Benefits

How does Gateway IDS/IPS Work?

HPE Aruba Networking leverages an open source IDPS engine which is integrated as a Virtual Network Function (VNF) with the SD-Branch Gateway and VPNC gateways. This engine detects and prevents intrusion based on rules set by the user.

  • The following process describes the Gateway IDS/IPS workflow to detect and prevent intrusions:
    • Download Threat Rulesets—Aruba IDPS downloads threat rulesets from the cloud repository.
    • Enable Gateway IDS/IPS—Enable IDPS and configure an IDPS policy in HPE Aruba Networking Central.
    • Stream Realtime Events—The events are streamed real-time based on preset event category.
    • Enrich EventsHPE Aruba Networking IDPS enriches events with host, application, and location details.
    • Send Alerts and Block Traffic—Sends alerts and notifications if IDS is selected and blocks traffic if IPS is selected as the mode of inspection.
    • Monitor Threats—Monitor and move threats to the Allow List in the IDPS dashboard in HPE Aruba Networking Central.
    • Share Threat Data—The threat data recorded in HPE Aruba Networking Central is shared with the SIEM server and the supported third-party integrations through Central Alert framework, if configured.

Figure 1  Gateway IDS/IPS Architecture Diagram