HPE Aruba taps behavioral analytics to find network threats

HPE’s Aruba Networks continues to build out its enterprise security portfolio, adding support for behavioral analytics to its threat detection and response platform and moving zero-trust controls to its campus products.

The new network detection and response (NDR) solution uses telemetry from HPE Aruba Networking Central’s data lake to train and deploy AI models that can monitor and detect unusual activity in networked IoT devices. HPE Aruba Networking Central is the company’s flagship cloud-based network management platform that controls, secures and monitors wired and wireless networks and data center environments.

“We’re using the Networking Central data lake and AI analytics to find behavioral anomalies associated with IoT devices,” said Larry Lunetta, vice president of AI, security and networking product marketing at HPE. “We focused initially on IoT devices, because they’re becoming so ubiquitous, but they tend to come onto the network a lot of times outside the purview of the security or the networking teams, and they’re highly vulnerable.”

Aruba competitor Fortinet recently noted that cyberattacks on OT systems are rising; 73% experienced an intrusion that impacted either OT systems only or both IT and OT systems, up from 49% in 2023, according to Fortinet’s 2024 Global State of Operational Technology and Cybersecurity Report.

Aruba’s Data Lake contains fingerprints for hundreds of thousands of devices, and the analytics package can find and identify these elements – whether it’s a device, security camera or a temperature sensor – for organizations, Lunetta said. And the next step is to assign an access control policy to those devices, he said. “The idea is that we’re not only detecting anomalies that could indicate compromise, we’re also recommending policy changes that can help customers respond to those threats,” Lunetta said.

One important aspect of the NDR support is that it requires no new appliances in the network, as the support comes natively with Networking Central, Lunetta added.

In the zero trust realm, Aruba extended Networking Central’s capabilities to set security policies across the vendor’s edge LAN environments. Until now, such policy setting was relegated to Aruba’s security service edge (SSE) offering

“The idea is that the same security policies, the same enforcement and access control found in the cloud, will now be available on the campus, whether it’s in a data center or any other part of the campus network,” Lunetta said. “Customers don’t have to hairpin network traffic to the cloud to take advantage of the policy and enforcement that are provided by zero trust,” Lunetta said.

Ultimately, the idea is to create what’s known as universal ZTNA, which offers a single policy for network user, device and workload access and control, Lunetta said. “We aren’t there yet, but this is a major step forward on that vision,” Lunetta said.

The current announcements build on Aruba’s recent enterprise security announcements.

In May, the vendor added network security controls to help IT teams protect AI assets such as large language models from unmanaged device access. HPE said it will build new AI-powered security observability and monitoring features into its core HPE Aruba Networking Central management platform to help customers protect both AI-based and traditional resources from IoT security risks.

The goal is to enhance visibility and identification of devices connected to the network and provide continuous monitoring for unusual or rogue behavior, the vendor stated. In addition, HPE is adding firewall-as-a-service (FWaaS) support to its SSE package.

AI support is built into HPE Aruba Networking Central, which uses machine learning models to analyze dynamic device attributes, including traffic patterns and behavioral characteristics such as connection state and network residency, to accurately categorize and identify IoT and traditional enterprise devices.

Aruba has also added dashboards within HPE Aruba Networking SSE to enhance visibility into an organization’s security status. Dashboards include views into applications in use, user activity, security events, and ZTNA adoption. Security personnel can use this information to identify shadow IT applications and reduce the associated risk of unauthorized access.

Read more news from HPE Aruba