PP105: Cybercrime Has Gone Industrial: Insights from HPE Threat Labs (Sponsored)
HPE's VP Mundani Adjali discusses the formation of HPE Threat Labs from the merger of Juniper and HPE Aruba threat research teams. The conversation covers cybercrime professionalization, AI's impact on threats, network visibility challenges, and the critical need for better patch management across enterprise systems.
Summary
This sponsored episode features Mundani Adjali, VP of Product Management for SASE and Security at HPE Networking, discussing the newly formed HPE Threat Labs. The team combines Juniper's threat research capabilities with HPE Aruba's product security focus following their July 2025 acquisition. Adjali explains that while Juniper focused on external threat research, HPE Aruba concentrated on product security and vulnerability testing.
A major theme from their threat research is that many attacks exploit old, unpatched vulnerabilities rather than new threats. Organizations struggle with patch management, leaving systems vulnerable to attacks using exploits that are 10-15 years old. AI is accelerating threat actors' capabilities, making them more efficient and enabling smaller teams to launch more sophisticated attacks, though humans remain essential for targeting decisions.
The discussion covers HPE's device fingerprinting technology, evolved from behavioral analytics acquired through the Neara company. This technology identifies devices based on behavior patterns rather than static classifiers, addressing challenges like MAC randomization and generic DHCP signatures. The telemetry from access points, switches, firewalls, and cloud services provides comprehensive network visibility.
Adjali emphasizes the blurred lines between networking and security teams, noting that network engineers often implement security policies without receiving proper credit. He advocates for intent-based configuration tools that help administrators express goals in natural language rather than complex technical commands. The conversation also touches on the persistent need for network access control despite the rise of endpoint agents, particularly for headless devices and IoT systems.
About this episode
Threat actors are behaving more like professional organizations in an effort to launch more effective and profitable attacks. We explore this and other themes from the latest Threat Labs report from HPE, our sponsor for today’s Packet Protector episode. We also look at how older vulnerabilities are still contributing to today’s exploits, why security organizations<a class="excerpt-read-more" href="https://packetpushers.net/podcasts/packet-protector/pp105-cybercrime-has-gone-industrial-insights-from-hpe-threat-labs-sponsored/" title="ReadPP105: Cybercrime Has Gone Industrial: Insights from HPE Threat Labs (Sponsored)">... Read more »</a>
Key Insights
- HPE Threat Labs was formed by combining Juniper's external threat research team with HPE Aruba's product security team, creating complementary capabilities that were previously separate
- Organizations typically underestimate their device count by 25-50%, with unknown devices including shadow IT, printers, and sensors that weren't properly inventoried
- Many current cyber attacks exploit vulnerabilities that are 10-15 years old rather than new threats, indicating widespread patch management failures across enterprises
- AI is making threat actors more efficient and enabling smaller teams to launch sophisticated attacks, though human decision-making remains essential for targeting and strategy
- Network engineers are actually implementing most security policies in organizations but don't receive credit for their security work, creating an artificial separation between networking and security teams
- Device identification has evolved from static classifiers to behavioral analysis due to MAC randomization and generic DHCP signatures making traditional methods ineffective
- The convergence of networking and security telemetry across access points, switches, and firewalls enables better threat detection for both north-south and east-west traffic flows
- Intent-based configuration tools are needed to help administrators express security goals in natural language rather than requiring mastery of complex technical syntax and acronyms
Topics
Transcript
Hey, everybody, welcome to Packet Protector, the podcast at the intersection of networking and security. I'm Drew Connery-Murray here with JJ. We are on site at RSA 2026. We have a sponsored episode today with HPE Networking. Our guest is Mundani Adjali. You are VP of Product Management for SASE and Security at HPE Networking? Yes, I am. Okay. So apparently, this is new for HPE, right? You guys are doing some threat research, and you've just put out a new report? So I'd actually, you know, phrase it a little differently in the sense that Juniper Networks had a threat research team. And that's not to say that HPE didn't, but I think our focus was very different, right?…
Full transcript available for MurmurCast members
Sign Up to AccessMore from The Everything Feed - All Packet Pushers Pods
HW083: Inside the WLAN Pros Toolbox – A Free, Multipurpose App
Keith Parsons introduces the WLAN Pros Toolbox, a free cross-platform app containing over 100 Wi-Fi tools, calculators, and references available on iPhone, iPad, Mac, Android, and web browsers. Built using Flutter and AI-assisted development, the app is intentionally free with no ads, subscriptions, or data collection because Parsons believes essential professional tools should be accessible to all engineers worldwide.
NB582: Infoblox Adds Network Observability with Kentik Buy; Satellite Data Centers vs. the Environment
Network Break covers major tech news including Infoblox's acquisition of Kentik for network observability, alarming electricity consumption by data centers (especially in Ireland), security advances in AI agent detection, and developments in space infrastructure including Rocket Lab's acquisition of Iridium and environmental concerns about orbital data centers.
TCG079: Why Your State File is Actually a Distributed Systems Problem
Malcolm Matalka argues that Terraform's value lies not in its HCL syntax but in its state management, which is fundamentally a distributed systems problem inadequately solved by file-based locking. He discusses how StateGraph reimagines infrastructure state as a database rather than a JSON file, enabling concurrent operations, better queryability, and solving the scalability issues that plague teams as they grow.
NAN126: Fine-Tuning Open Source LLMs for Network Engineering
Edward Tuharu, founder of VXpert AI, discusses his career pivot from pursuing CCIE certification to building AI-powered NOC/SOC systems after recognizing the transformative potential of transformer architecture in 2022. He outlines the progression of AI technologies from prompting to RAG to fine-tuning to agentic systems, drawing parallels with networking protocol evolution and emphasizing the importance of domain-specific knowledge and fundamentals.
D2DO306: Platform Engineering in the Agentic Era (Sponsored)
Jad Elzane and Miles Gray from VMware by Broadcom discuss how platform engineering evolved from DevOps to address developer cognitive overload, and how Platform Engineering 2.0 must now accommodate AI agents as consumers alongside human developers, requiring new security guardrails and observability controls.