UPDATED 12:00 EDT / SEPTEMBER 18 2017

INFRA

Aruba integrates machine learning into behavioral analytics-based security suite

Hewlett Packard Enterprise Co. subsidiary Aruba Networks is expanding its footprint in the security market with the announcement today of the Aruba 360 Secure Fabric, an analytics framework for attack detection and response.

The software combines machine learning with existing products and new technology that HPE acquired when it bought Niara Inc. earlier this year. The suite has been expanded to include an entry-level version of its Aruba IntroSpect user and entity behavioral analytics product, which uses based behavior detection to spot changes in user behavior that may indicate inside attacks.

Aruba has been one of the bright spots in the HPE portfolio since HPE acquired it two-and-a-half years ago.  Aruba sales grew more than 30 percent in the most recent quarter on the back of 70 new large customer wins, HPE said in its most recent earnings announcement.

The new products are specifically oriented toward detecting attackers who have already penetrated perimeter defenses, as well as authorized users whose credentials have been compromised or that have turned against their employers. The emerging consensus in the security world is that most organizations have already been breached and that the biggest new challenge is isolation and containment.

“Hackers are taking advantage of the expanded attack surface created by [bring your own device], cloud and the Internet of Things, so you have better attackers on a more and more vulnerable environment,” said Larry Lunetta, vice president of marketing security solutions at Aruba. “This is a strategic initiative for Aruba with its unique position at the confluence of connectivity, analytics-driven insights and control.”

Suspicious acts

The behavior analytics piece comes from the Niara acquisition. Renamed Aruba IntroSpect, the product line has been broadened with an entry-level edition that uses machine learning to detect changes in user and device behavior that can indicate impending or ongoing attacks. “The objective is to find the [Edward] Snowden type of attacks, the ones that use legitimate credentials,” Lunetta said, referring to the former U.S. government contractor who leaked classified information on extensive surveillance activity by the National Security Agency in 2013. “The only way you can find them is to look for changes in behavior.”

Although behavior analysis usually requires large amounts of baseline data, IntroSpect Standard can be used with as little as three initial data sources comprising identity, authentication and activity. IntroSpect ingests data from common sources like Microsoft Active Directory or Lightweight Directory Access Protocol, as well as firewall logs from Check Point Software Technologies Ltd., Palo Alto Networks Inc. and Aruba.

Algorithms generate a risk score based on the severity of an attack, and response can be automated using Aruba’s ClearPass, a network policy administration platform that enforces rules under which devices connect to the corporate network. “With Introspect and ClearPass, we can close the loop between detection and response,” Lunetta said.

Aruba also has an IntroSpect Advanced addition that works with a broader range of data sources and includes more than 100 supervised and unsupervised machine learning algorithms for analyzing elements such as packets, flows, logs, alerts and endpoints. Artuba announced several enhancements to that package, including customizable analytics, chaining of machine learning models, peer grouping of similar devices  and integrated attack response using ClearPass.

Aruba’s network-focused approach to security is similar to that of rival Cisco Systems Inc., but Lunetta said Cisco’s approach is a closed model that lacks the machine learning component. “We’ve been an open, multisystem vendor since day one,” he said. “We will operate just fine with other vendors’ infrastructure.” The company has more than 120 technology partners, he said. Pricing was not disclosed.

Image: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU