HPE Aruba Chief Melkote On AI-Based Network Security, Core Switching Sales Momentum, And Beating Cisco In Gartner’s Critical Capabilities Report

Stopping Hackers With AI-Based Network Security

Keerti Melkote, senior vice president, general manager and co-founder of HPE's Aruba Networks, says the company's artificial intelligence approach to security is stopping out-of-control threats with a focus on user and Internet of Things device network behavior patterns.

Aruba's new 360 Secure Fabric, which will be in the spotlight at HPE Discover in Madrid this week, is the "first" closed-loop control fabric aimed at preventing modern low-lying threats in the interior of the network, said Melkote.

"We call it a 360-degree fabric because we are on the one hand enabling policy-based access into the network and then on the other hand we are also monitoring the network constantly to ensure that there are no anomalous behaviors on both the user side as well the device side," said Melkote.

Aruba's acquisition of behavior analytics software provider Niara earlier this year is a critical part of the 360 Secure Fabric, said Melkote. "We saw this trend towards incorporating more machine-learning and artificial intelligence technologies and we are applying that to security on top of the network," he said. "There is no one I know that has taken this idea of user and endpoint behavior analysis and applied that to the network."

What is the Aruba security story with Clearpass and Niara artificial intelligence functionality?

Security has become central to pretty much everything we are doing, whether it is in the workplace, customer-facing environments or industrial environments. It has become very clear that the modern security threats are low-lying threats. They come in through the front door through the firewall and proliferate laterally through the network. Hackers are pretty smart. They are looking at targeting low-hanging fruit and a lot of that is in the IoT area.

We just launched a couple of months ago our Aruba 360 Secure Fabric, which is designed to address that need of ensuring no matter what digital experience you are trying to create within your enterprise you are secured and protected.

How does the Aruba 360 Secure Fabric differentiate HPE as it moves to drive a secure edge to core fabric?

If you look at the Aruba architecture from the very beginning, security has been a central element in our differentiation. We pioneered the idea of simplifying encryption and role-based access controls, giving our customers a very good idea of the who, what, where, when and how people are connecting into networks.

What we did was when the BYOD trend evolved in 2010 was created a product called Clearpass, which became very central to enabling network access control with policies for wired and wireless in our customer networks. Clearpass, plus the Aruba security capabilities built into the network itself, have created a very, very strong foundation to build upon.

But what is happening now is in addition to people connecting into networks there are a lot of things connecting into networks and, unlike people, things don't authenticate -- they just connect. What is happening is these IoT devices have become the target for hackers. What our customers are saying is that in addition to creating a security architecture that secures people, give me an architecture that secures my things.

How have you accomplished that user and device authentication with closed-loop technology?

What we were able to do is first connect these devices securely into the network and then also watch their behavior and see if the behavior is exhibiting anomalies and, if it does, then we can take action through Clearpass and quarantine the device that is exhibiting anomalous behavior. That is a closed loop. This is why we call it a 360-degree fabric because we are on the one hand enabling policy-based access into the network and then on the other hand we are also monitoring the network constantly to ensure that there are no anomalous behaviors on the user side as well the device side. If you do, then we can close the loop and take action right away. It is a closed-loop control fabric. It is I believe the first of its kind in the industry.

What has prompted that kind of closed-loop architecture?

The reason for that is a lot of the security controls and focus for our customers has gone to the front door of the network – the firewall, the intrusion prevention systems and so on. Those are important safeguards and they are still required from our partners like Palo Alto Networks and so on. But, as I said, the threat is now coming from the inside and it is coming through very, very targeted phishing attacks which install malware inside the network. The soft underbelly of the network is the interior network. Aruba Secure 360 Fabric is basically about securing your interiors.

What is the architectural advantage that Aruba Secure 360 Fabric brings to customers versus competitors?

Fundamentally, the network is not just about moving packets. It is about actually securing your enterprise. It has to serve both functions. Today you cannot be in the networking business without being in the security business and vice versa. What we have done with this architecture is instrumented the network to not only pass packets, but also observe and proactively block any security threats that emanate. The only way we could do that is by creating an architecture that incorporates very deep security controls on the one hand and very deep AI-based controls on the other hand – machine learning, analytics and artificial intelligence software that watches the traffic and picks out the needle in the haystack, which is really what the modern security threat is.

There is a ton of traffic in the network. Not everything is bad, obviously, but there is that one small flow that goes through the network that is actually malicious. How do you catch that? It is very difficult for humans to be able to look at all of the traffic and survey these threats.

How does traffic analysis change with artificial intelligence technology like Niara?

Traffic analysis has been mostly around signatures. We look at signatures and if we find anomalous signatures and anti-virus signatures, we create a fix. Those are fine for those threats, but how do you survey threats that are still unknown? There are no signatures for that. The only way to do that is to really start to watch for behaviors over a period of time and then, as we start to see behaviors trending into the wrong direction, those become our windows into substantial anomalies, which security teams can investigate further to see if there are in fact threats there or not.

The only way to do that is to put machines to work because there is so much traffic on the network. To me, the modern advances in machine learning and AI and doing it at very high speeds is what we have been able to innovate. This is why we acquired Niara earlier this year. We saw this trend towards incorporating more machine-learning and artificial intelligence technologies and we are applying that to security on top of the network. There is no one I know that has taken this idea of user and endpoint behavior analysis and applied that to the network.

How are customers putting Aruba 360 Secure Fabric into action to stop breaches?

I was just talking to one of our super-large customers and they were going through their security architecture for their internal network, and they have instrumented their network to start to incorporate this machine learning and AI to protect their critical assets.

In this case, it was a technology company so for them their intellectual property is their software. It's about preventing that intellectual property from falling into the wrong hands. So they are taking all of the safeguards and not only ensuring proper access controls, but also watching the traffic at wire speeds. That is key.

You can't simply watch and sample the traffic because if you just sample you are going to be missing a lot of data. With security, you have to watch everything. So they are using Niara as fundamentally core to an architecture of the future that watches traffic on their internal network and using it to do threat hunting and deep security analysis on those networks.

What is the plan to take the Aruba security software prowess from the edge to the core of the HPE next-generation software-defined infrastructure?

Aruba is a software company. We sell, obviously, access points and switches and SD-WAN security gateways, etc. But our differentiation is really in the software. It allows customers to make it super easy to deploy and secure this equipment. The network itself is going to be increasingly about generating insights, being proactive about delivering the insights, and being more and more automated in terms of how the whole thing actually runs, as with Aruba 360 security where security threats are handled by closing the loop.

This idea of secure, open, proactive, insightful and automated is at the heart of what it means to be software-defined. What we are doing at Aruba is bringing this technology at the edge with campus networks, branch office networks and industrial sites and, as we deploy networks at the edge, what we are increasingly learning is that in a lot of these sites computing is becoming a requirement at the edge, especially with IoT.

There are a lot of new requirements emerging, which shifts compute from the data center to the edge to create that real-time insight. As a result, what is happening is we are seeing the emergence of a new architecture that connects the edge and the core.

What kind of trends are driving the edge to the core architecture?

This industry always goes through multiple transformations. Initially, we centralized with mainframes. Then we became distributed with PCs. Now we are centralized again with cloud.

The next big shift is going to be back to the edge. But this time around the shift is going to be hybrid. We are not saying the cloud goes away. There is a place for what happens at the core and a place for what happens at the edge, and those two have to work together.

The difference is the edge has to be a lot more real time and the core is a lot more about long-term trending, long-term analytics and long-term business outcomes. So those two elements – the core and the edge – have to work well together. What we are doing is bringing the software-defined architecture that we pioneered at the edge to the core of the network. You will see a lot more of that software-defined thinking come out from the data center team and the hybrid IT team at HPE. That will be a big part of what we will be talking about at Discover.

How important is the Aruba edge to core architecture as the edge compute market trend accelerates?

We take a customer-first, customer-last approach to this. What our customers are telling us is their data center is now getting distributed. It is no longer a central single place. It is going to be a private data center. It is going to be applications hosted in clouds like either Amazon, Google or Microsoft, and it is going to be SaaS services that they are going to consume. It is a combination of all three. That is the modern data center, if you will. And the people and the users are all over the place and they are moving about. They are mobile. There is no enterprise that I know of that is not embracing digital. Fundamentally, that is the next great industrial revolution, in my opinion -- embracing digital to make things a lot more intelligent. That digitization is starting at the edge. That whole trend is starting at the edge.

In this context, we have to start to think about what is the enterprise architecture of the future going to look like and, if you start to embrace digital, it means most of your enterprise is going to be powered by IT – not just the workflow of employees or simple things like office productivity, but the core of the business.

Can you give an example of that digital transformation of the business and the impact it is having on customers?

If you are manufacturing things – that whole manufacturing process is going to be digital. So your core business is going to be digital and in that world IT has to play a very significant role. In fact, IT is in the driver's seat of the transformation for our customers. So what they need to do is to figure out how to put all these different capabilities to work in a manner that is easy to consume and digest and ultimately gives them the business outcomes that they desire. What we are here to tell them is we have obviously the mobile-first, cloud-first IoT-enabled solutions at the edge paired with a security model that secures the enterprise from the edge to the core and the core itself as it starts to proliferate away from the data center to these other locations. We are tying it all together with a single software-defined architecture and delivering that with a services motion.

How do partners play in that services digital transformation world?

Pointnext, which is our services organization, will be a leader in creating the recipes partners can consume to deliver these value-added capabilities to our customers. Ultimately, for our partners, that is where I see the huge opportunity to enable that digital transformation to happen with our customers. It is not just about fulfilling demand for boxes – selling servers, switches and access points. The real value, in my opinion, is to take this together, infusing it with software and creating that next level of value for our customers and becoming a lot more sticky beyond the transaction to enable that value to come to life.

How does it feel to have swept Cisco for the first time ever in the Gartner Critical Capabilities report for Wired and Wireless LAN?

We are obviously very, very excited. This is a significant recognition, and I think it is a reflection of the momentum we are experiencing in the market. We have been very fortunate to have the greatest partners with us on this journey. Those are the partners driving and benefiting from this momentum. As you know, we are a partner-first business with 95 percent of our business through partners. The momentum partners are experiencing is a big result of what we have done with our partners.

One of the big things Gartner talks about is not just the technology that we create here at Aruba, but how it is actually deployed and how customers experience it. That credit ultimately goes to our partners because they have invested their time and energy in educating themselves about the technology and bringing it to life for our customers.

It is one thing to innovate. It is yet another thing to bring the innovation to life for our customers. I am really thankful for having a great partner base. I am looking forward to continuing the momentum in fiscal year 2018.

The challenge for us obviously is to keep it going, to keep that innovation mind-set alive and bring it to life with our partners.

Talk about the multivendor capabilities of Aruba where you scored No. 1 versus Cisco at No. 11 in the Gartner Critical Capabilities report.

That is fundamental to Aruba. I don't know a single customer that is end to end one vendor. Every vendor in their secret dreams thinks it would be great if they could do that, but that is simply not a reality. Multivendor is going to be the reality for a long time to come, and best-of-breed is another reality. What our customers want is best-of-breed technologies. So how do you do that? How do you enable best-of-breed architecture to come to life? The only way to do that is through a multivendor strategy. So what we have done with Aruba is embraced multivendor as a core tenet of our differentiation. It is, in fact, that first thing. What we tell our customers is being software-defined means being open and being multivendor.

If you take any of our assets on the software side, whether it is AirWave or Clearpass or Introspect with the Niara acquisition, they are all multivendor assets. And our wireless LAN will work on Cisco wired and vice versa. We embrace multivendor. That shows in the overall architecture and what we can do to deliver value to our customers. Multivendor is a reality that they deal with all of the time.

What kind of sales ramp have you seen on your first-ever core switch – the Aruba 8400 with the ArubaOS-CX operating system?

We announced the 8400 back in June. We have now added another member to the core switch family – the Aruba 8320, which is a 1RU switch for smaller buildings. We expect that to actually do very well. We are now shipping those products. We have had a ton of interest.

We have a lot of orders already from a global standpoint. We have seen customers embrace the Aruba 8400 on a worldwide basis. Every customer that we talk to loves the OS-CX operating system that we have built from scratch. It is built on modern cloud principles. It is built to be modular, but they love the fact that it can be scripted using modern scripting interfaces and it is fully automated. They also love the analytics capabilities. I have been very pleased with the reception of the 8400. Frankly, at this point, we are supply-chain-bound rather than demand-bound, which is a great place to be. We are continuing to ramp up production of those units as demand continues to accelerate.

The ramp was faster than we expected, which is phenomenal. The switching business is doing really, really well. We just have to figure out how to ramp faster. We have plans to get there before the end of the year.

Were you surprised by the out-of-the-gate demand for the 8400?

I was surprised. The reason for that is customers don't change out their core switch every day. There is a very strong shelf life for a core switch. Customers buy a switch when they move into a building and they never typically touch it again. To me, I expected a good reception but a slow ramp. I was very surprised to see that the ramp exceeded our expectations. That tells me there has been a latent need here that has been unmet for a very long time. Now that there is a really good viable alternative, we see customers jumping at the opportunity.