Hewlett Packard Enterprise (HPE) Aruba’s latest security product uses technologies acquired from HPE’s Niara purchase to provide analytics-based attack detection and response.
HPE acquired Niara earlier this year. The security startup specialized in user and entity behavior analytics (UEBA). Its technology uses artificial intelligence (AI) and machine learning to establish a baseline for normal behavior, then looks for anomalies that could indicate intrusions.
HPE this week said it rebranded the Niara portfolio — it’s now called IntroSpect — and integrated it with Aruba networking products. The resulting security framework is Aruba 360 Secure Fabric.
“It’s a core strategic initiative for Aruba in the security space at the intersection of connectivity, analytics-driven insight, and control — that’s where this idea of 360 degrees of protection comes in,” said Larry Lunetta, HPE Aruba VP of security solutions marketing. “Given our position as a leading networking provider, we can do that from the edge to the core to the cloud.”
Aruba 360 Secure Fabric
The security framework includes three key components.
The first is the new Aruba IntroSpect UEBA software, which includes continuous monitoring and attack detection. It uses machine learning to detect changes in user and device behavior that can indicate attacks that have evaded traditional security defenses. Machine-learning algorithms generate a risk score based on the severity of an attack to speed up incident investigations for security teams.
In addition to the regular version of the IntroSpect product, HPE Aruba is offering a starter version for enterprises, called IntroSpect Standard. HPE’s goal is to eventually bump them up to the version with more advanced security and machine learning capabilities.
The second piece of the 360 Secure Fabric is Aruba ClearPass. This is an existing network access control (NAC) and policy management security product. It profiles bring-your-own-device (BYOD) and Internet of Things (IoT) users and devices, enabling automated attack response. “Think of ClearPass as the gatekeeper for the network,” Lunetta said.
This software can also be deployed on any vendor’s network.
The final piece of the framework is Aruba Secure Core — the hardware component. This embeds security capabilities across Aruba’s WiFi access points, wireless controllers, and switches. “The Secure Core represents those core capabilities as well as a new opportunity to integrate our network with very deep insights,” Lunetta said.
Security Partners Program
Companies can piecemeal the fabric so it doesn’t require an entire security overhaul. To this end, HPE has verified more than 100 other vendors’ security and infrastructure products to ensure they will play nice with Aruba offerings. The partner program includes software from McAfee, Palo Alto Networks, AirWatch by VMware, IBM and others.
“You can take IntroSpect out and plug in any of our 120 vendor partners,” Lunetta said. “While clearly we believe this process is better with all of the pieces enjoined, if you don’t have them all it still works perfectly well. That’s the value of the open architectures.”