HPE Infuses AI Into Network Detection and Response Platform
Hewlett Packard Enterprise (HPE) this week at the Black Hat USA 2024 conference extended its network detection and response (NDR) capabilities that make use of artificial intelligence (AI) models to enable behavioral analytics.
In addition, HPE is also now providing the option to deploy its zero-trust network access (ZTNA) control plane in on-premises IT environments.
Larry Lunetta, vice president of portfolio and communities marketing for HPE Aruba Networking, said the NDR capabilities provided via HPE Aruba Networking Central will ultimately converge security and network operations in a way that strengthens cybersecurity by relying more on the networking layer to thwart threats. HPE Aruba Networking Central can now also surface policy recommendations that network operations teams can also preview before a change is implemented.
HPE is leveraging a data lake it gained with the acquisition of Aruba Networks to train and deploy classification and predictive AI models that monitor and detect unusual activity. The same data lake provides the foundation for additional generative AI capabilities that HPE provides, noted Lunetta.
Collectively, AI technologies combined with behavioral analytics will, over time, reduce the dependency cybersecurity teams have on signatures that vendors create and provide to identify specific types of attacks.
In general, HPE, which is in the process of acquiring Juniper Networks, is making a case for enabling network operations teams to assume more responsibility for security. In an era where there is a general shortage of cybersecurity expertise, the more these tasks are incorporated into IT workflows the less stress there is for cybersecurity teams.
For example, while the attack surface that needs to be defended continues to expand, it’s becoming easier to centrally defend endpoints distributed across an IT environment using a cloud service. The challenge, of course, is finding the budget required to upgrade networking infrastructure to alleviate the level of stress that cybersecurity teams are currently experiencing.
Ultimately, it’s only a matter of time before networking and security operations become more unified, a shift that might be accelerated by the rise of AI. For example, it’s becoming a lot easier for networking specialists to use AI tools that explain in plain language how to remediate an issue once a threat is discovered.
Cybersecurity teams will, as a result, need to release more control over security operations to other IT teams as more convergence is enabled. The expectation is the less time cybersecurity professionals spend on operations the more time there will be to discover and remediate vulnerabilities before they are discovered. Security teams should be creating an inventory of tasks they perform today that might be better managed by networking or software engineering teams.
One way or another, the way security operations have been managed in the enterprise is about to fundamentally change. The only thing left to determine is to what degree that transition will be embraced versus resisted. After all, the only thing harder than convincing someone to take on a new task is getting them to give it up.