PP105: Cybercrime Has Gone Industrial: Insights from HPE Threat Labs (Sponsored)
HPE's VP Mundani Adjali discusses the formation of HPE Threat Labs from the merger of Juniper and HPE Aruba threat research teams. The conversation covers cybercrime professionalization, AI's impact on threats, network visibility challenges, and the critical need for better patch management across enterprise systems.
Summary
This sponsored episode features Mundani Adjali, VP of Product Management for SASE and Security at HPE Networking, discussing the newly formed HPE Threat Labs. The team combines Juniper's threat research capabilities with HPE Aruba's product security focus following their July 2025 acquisition. Adjali explains that while Juniper focused on external threat research, HPE Aruba concentrated on product security and vulnerability testing.
A major theme from their threat research is that many attacks exploit old, unpatched vulnerabilities rather than new threats. Organizations struggle with patch management, leaving systems vulnerable to attacks using exploits that are 10-15 years old. AI is accelerating threat actors' capabilities, making them more efficient and enabling smaller teams to launch more sophisticated attacks, though humans remain essential for targeting decisions.
The discussion covers HPE's device fingerprinting technology, evolved from behavioral analytics acquired through the Neara company. This technology identifies devices based on behavior patterns rather than static classifiers, addressing challenges like MAC randomization and generic DHCP signatures. The telemetry from access points, switches, firewalls, and cloud services provides comprehensive network visibility.
Adjali emphasizes the blurred lines between networking and security teams, noting that network engineers often implement security policies without receiving proper credit. He advocates for intent-based configuration tools that help administrators express goals in natural language rather than complex technical commands. The conversation also touches on the persistent need for network access control despite the rise of endpoint agents, particularly for headless devices and IoT systems.
Key Insights
- HPE Threat Labs was formed by combining Juniper's external threat research team with HPE Aruba's product security team, creating complementary capabilities that were previously separate
- Organizations typically underestimate their device count by 25-50%, with unknown devices including shadow IT, printers, and sensors that weren't properly inventoried
- Many current cyber attacks exploit vulnerabilities that are 10-15 years old rather than new threats, indicating widespread patch management failures across enterprises
- AI is making threat actors more efficient and enabling smaller teams to launch sophisticated attacks, though human decision-making remains essential for targeting and strategy
- Network engineers are actually implementing most security policies in organizations but don't receive credit for their security work, creating an artificial separation between networking and security teams
- Device identification has evolved from static classifiers to behavioral analysis due to MAC randomization and generic DHCP signatures making traditional methods ineffective
- The convergence of networking and security telemetry across access points, switches, and firewalls enables better threat detection for both north-south and east-west traffic flows
- Intent-based configuration tools are needed to help administrators express security goals in natural language rather than requiring mastery of complex technical syntax and acronyms
Topics
Full transcript available for MurmurCast members
Sign Up to Access