CRN Exclusive: Aruba Leader Sounds Off On Cisco's Weak Spot, ClearPass-Niara And Why Partners Need To Enhance Their Security Practice

Aruba Networks Leader Talks Cisco, Niara Acquisition

Following Aruba Networks' acquisition of security startup Niara this week, Aruba leader Keerti Melkote spoke to CRN about the importance of the purchase and why it will give the vendor an advantage over networking rival Cisco.

"We go further than Cisco or any other vendor in security at the edge, even without the Niara acquisition. What Niara does is enhances that with the latest and greatest machine learning capabilities," said Melkote, senior vice president and General Manager of Aruba Networks, a subsidiary of HPE.

Melkote also dives into the current state of the integration process between Niara technology and its ClearPass platform, and explains why channel partners need to expand their HPE-Aruba security practice.

With your strategic acquisition of Niara, did you see a weak spot in Cisco at the intelligent edge of the network?

Yes. Absolutely. If you look at the market share numbers, we have added five points of market share over the past four or five quarters in the wireless LAN market alone. We have taken this very focused mobile-first approach to the intelligent edge. What that allows us to do is have a conversation around what the next generation digital experience looks like at the workplace. It allows us to envision these open offices, more collaborative tools including things like Microsoft's Skype for Business. It is that vision that is driving the development of the intelligent edge business. It's in pretty direct contrast to Cisco, which is taking a much more "infrastructure up" approach as opposed to user "experience in" approach.

What do you mean by Cisco's 'infrastructure-up' approach?

Their typical approach is first build out a wired network and layer on telephony and VoIP on top of it; then layer on wireless LAN, mobility on top of it and security on top of it. It's a multi-layered approach which over time ends up being quite expensive and brittle, because you can't really change a lot. By reducing the dependence of a wired foundation and we're basically saying, "The world is naturally mobile now, so retired the wired. Make it more of a supporting function to the wireless, which becomes a primary, then layer on the software richness on top of it which gives you the agility."

Is this strategy working for Aruba and its channel partners?

That's a vision that is really resonating with our customers and our partners are clearly benefiting from that. They're able to drive this vision better and monetize it better as well.

Just how important is the intelligence edge for HPE-Aruba and where does Niara fit in?

Within HPE is an organization known at the Intelligent Edge Organization, where our responsibility is to drive technology at the intelligence edge. Think of the intelligent edge as infrastructure that goes outside the data center -- going into the campus network, branch offices, factor floors, oil and gas, indoor and outdoor, etc. We are layering in a software-defined infrastructure – that's what Aruba has always been, a highly software-defined company. And security is a built-in element of the software-defined architecture. Niara is now enhancing the security analytics capability … and just like Niara, the acquisitions that we've done historically have been additive to this software model.

How does the Aruba ClearPass now with Niara stack up against Cisco and Meraki security-wise?

Security has been a differentiator for us from the beginning. We go further than Cisco or any other vendor in security at the edge, even without the Niara acquisition. What Niara does is enhances that with the latest and greatest machine learning capabilities and applying that to the security space.

A lot of the attention today and the spending goes to perimeter security – next generation firewalls, intrusion detection systems, etc. That's very valuable, you need that to protect your enterprise, but it is also becoming very clear there are threats that have penetrated the firewall and are inside your network … Once you're inside the enterprise it's very soft – that's a big problem. We have a very hard perimeter with great security technologies, but once you penetrate that, the inside of the network is very wide open. You can go anywhere pretty much.

How is Aruba solving this 'soft' interior defense better than other vendors?

What we're trying to do is bring technologies that allow you to detect those threats and really reduce that time to detect when your already under attack. I call this interior network security as opposed to perimeter network security. This is an emerging space. ClearPass was the first attempt at addressing this issue in the market called network access control, or NAC, and with Niara we are adding to that capability. It's the first solution that combines the detection with the protection capability that ClearPass already has.

What are customers telling you about why they choose Aruba ClearPass over Cisco?

ClearPass is the front and center platform for us in security and we are winning deals at the high end with a lot of very large enterprise deals. The reason why we're winning against Cisco is because our customers tell us we are more scalable. They've tried both platforms. These are super large Fortune 50-type customers that have told us, at scale, ClearPass performs better. Whether it's for policy enforcement, whether it's for BYOD support and onboarding, or device health checking and so on.

Why else are customers jumping on the ClearPass train?

The other big reason we're [winning over Cisco] is multi-vendor. We offer a solution that is agnostic to the hardware that is there. A lot of customers are going multi-vendor. These days, it's very difficult to find an enterprise that says, 'I'm going to be all-in on one vendor.' They might use Cisco for the wire, Aruba for the wireless, Palo Alto Networks for the firewall and so on. So how do you integrate these best of breed solutions into one security architecture? That is where ClearPass excels at. We have spent a great deal of energy putting together integrations and customers love that, right out-of-the-box, you can integrate ClearPass with what they have already.

What's the integration roadmap for Aruba ClearPass with Niara technologies? When can partners start seeing the benefits of this acquisition?

The integration is already done at the product level. How this happened was through our technology integration program called the ClearPass Exchange Program, which we use to integrate with the security ecosystem as well as IT ecosystem in general -- so with partners like Palo Alto Networks and a whole bunch of other ecosystem partners that we look into for integrations. One of the integrations that we pursued was Niara. So that piece is already done.

So can partners already start selling Niara solutions?

It's a product already in the market. Niara already has customers. So our plan is to continue to offer the standalone product to the market. We still need to build this for our partners through our channel programs. It's going to take a short number of months in terms of the integration and putting it on the price list and getting it to partners, but we aim to bring that as soon as we can.

Does Niara fit into Aruba's best of breed, multi-vendor strategy?

Yes, we acquired Niara also because of that. With Niara you get the same benefits – it scales, it horizontally scales, it's built from the ground up to be a cloud-scale solution and has elastic scale capabilities for machine learning and it's multi-vendor … With Niara we're going to add even further to machine learning capabilities.

Why else did HPE-Aruba decide to acquire Niara?

It's fairly simple. If you look at ClearPass and what it does today, it is a policy management and policy enforcer platform. So when you connect to a network, it applies policies based on knowledge about the user, about the device, the location and such. It can also apply policy on any third-party infrastructure, like on Cisco infrastructure.

Customers are concerned, especially with the proliferation of (Internet of Things) devices in the network, about the security vulnerabilities that have increased and what they want is a system that allows them to do a discovery and a vulnerability assessment of threats that may already be inside of the network. There's very few tools today that can do that. We introduced the ClearPass Universal Profile – it crawls the network and finds everything connected to the network. Niara allows us to take it to the next level.

How does Niara take it to the next level?

It lets us analyze the traffic that we're seeing on the network and basically digesting all the traffic and apply machine-learning and [artificial intelligence] techniques to advise the security folks, 'Here are the vulnerabilities' – it's a detection function and then the action function closing the loop is ClearPass.

Do you think enough Aruba partners have built-out a security practice looking at 2017?

I would love to see more action here. I have seen partners who have made the transition and their business has grown dramatically by the ClearPass practice alone. With Niara now, we are expanding the addressable market. So there's more opportunities they can target … For VAR's that today are network-centric, security is a very large TAM to target.

What is your advice to channel partners to enhance their Aruba security practice and business?

My advice to partners is, security as a business is as much as a consulting business as a product business. You need to be able to work with your customers to understand their needs and requirements, then you need to customize the product to the needs of the customer. That's the value-added service opportunity. We'll have the best offers and support, but the conversations and the depth of conversation are immensely valuable to customers. The first thing I'll tell our partners is to build a practice around security to be able to proactively attack this market.

How can a partner start to build up an Aruba security practice?

A lot of successful partners who made the transition … have engineers that go to our Airheads [Community sessions] to really understand now to apply these technologies and make that security consultation happen. It's a very high-value conversation and they can monetize and capture new opportunities. My recommendation is to first get yourself trained and build out a security practice to be able to take advantage of this new offering.

Are there channel initiatives to help Aruba partners enhance their security practice?

Yes. There are specific security incentives that we're putting in place here. So the answer is yes and they'll be a lot more details at [Aruba] Atmosphere [2017 conference] in Nashville this month.

Can you give us any hints of new partner initiatives that will be unveiled at the Aruba Atmosphere partner conference?

One of the biggest things we rolled out earlier and we are in the process of rolling out – and we'll have more details at Atmosphere – is a single channel program for all of our products. When the HPE acquisition happened, HPE had its legacy partner program and Aruba had its legacy partner program, we got it all today under a single umbrella. All these new products will be available through those new programs. We'll have one set of programs, one set of incentives that can help drive business.