HPE Aruba looks to fight AI threats with AI weapons

HPE Aruba continues to steep its management software with AI features, now by adding network security controls to help IT teams protect AI assets such as large language models from unmanaged device access.

Specifically, HPE will build new AI-powered security observability and monitoring features into its core HPE Aruba Networking Central management platform to help customers protect both AI-based and traditional resources from IoT security risks. The goal is to enhance visibility and identification of devices connected to the network and provide continuous monitoring for unusual or rogue behavior, the vendor stated. In addition, HPE is adding firewall-as-a-service (FWaaS) support to its Aruba security service edge (SSE) package.

Customers will be able to fight AI and other security threats with AI tools and security controls and protect the AI-based resources many enterprises are accumulating, said Jeff Olson, director of product and technical marketing for HPE Aruba. 

“If customers have a number of data scientists building out AI models, and they come to the network with all of this data, and they need to move it or store it in the cloud, and they need to bring some devices with them to do that – they are focused on the problems they are trying to solve with AI, not necessarily the security of the data or the network,” Olson said. 

“We are providing AIOps tools that let the security and networking teams detect anomalies and control security around these AI resources,” Olson said.

On top of that, much AI training data comes from unmanaged IoT devices, which are prone to web-based threats when they communicate with cloud services for updates, telemetry, or other purposes, wrote Jon Green, HPE Aruba’s chief security officer, in a blog about the HPE tools. “In addition, BYOD and line-of-business devices often appear on the network outside the purview of the IT organization and can become compromised without any alert or signal, which can result in entry points for attack and AI poisoning from corrupted or manipulated data,” Green wrote.

New AI support is built into HPE Aruba Networking Central, which uses machine learning models to analyze dynamic device attributes, including traffic patterns and behavioral characteristics such as connection state and network residency, to accurately categorize and identify IoT and traditional devices, Green stated.  

“HPE Aruba Networking Central AIOps has a long history of building automated network activity baselines for troubleshooting and remediation, and now we are using AI to extend that capability to individual devices,” Green stated. “This enables not only more precise, automated fingerprinting to support Zero Trust Security, but also the ability to use behavior baselines to spot anomalies that can indicate compromise and attack.”

In addition to the AI-powered profiling, HPE Aruba is adding other AI-driven capabilities to improve security. For example, HPE Aruba Networking uses AIOps and machine learning models to intelligently hibernate APs during periods of low activity, eliminating potential entry points for malicious activity and reducing attack surface, Green noted.

On the SSE front, Aruba is integrating technology from its 2023 purchase of Axis Security into its SSE, SD-WAN and SASE offerings. According to Gartner, SSE combines several key security functions – including a cloud-access security broker (CASB), secure web gateway, zero-trust network access (ZTNA), and a next-generation firewall – into a cloud-based service to streamline management.

The new Firewall-as-a-Service (FWaaS) fills out HPE Aruba’s SSE package, which already includes ZTNA, CASB and other key SEE components. The FWaaS is tied to a variety of components within the HPE Networking SSE service so security teams can secure and manage networked resources from a single UI and set global policies. centrally, Green stated.

In addition to the FWaaS, Aruba added dashboards within HPE Aruba Networking SSE to enhance visibility into an organization’s security status. Dashboards include views into applications in use, user activity, security events, and ZTNA adoption. Security personnel can use this information to identify shadow IT applications and reduce the associated risk of unauthorized access.

New FWaaS capabilities within HPE Aruba Networking SSE extend protection to wherever data and devices are, without the complexity of an appliance. Joining on-premises security controls delivered by built-in firewalls in HPE Aruba Networking switches, wireless access points, gateways, and WAN appliances, FWaaS completes edge-to-cloud firewall protection by providing policy enforcement in the cloud. And since FWaaS capabilities are integrated with ZTNA, CASB, SWG, and DEM in the HPE Aruba Networking SSE service, security teams can manage all SSE services using a single UI and global policy.