Watch on YouTube
Watch on Vimeo
Discover how the SRX firewall portfolio secures networks of any size. We’ll dive into AI-Predictive Threat Prevention (AI-PTP), which neutralizes zero-day attacks with a proxy-less, real-time, on-device AI engine. We’ll also cover how a Machine Learning detection pipeline continuously provides automatically generated signatures for emerging threats, delivering stronger security without compromising firewall performance.
The session outlines a security philosophy focused on making security easier to operationalize, from the user edge to the data center. The speakers explain that with the rise of device proliferation, distributed applications, and Gen AI, the threat landscape has become more complex. HPE’s approach is to use a comprehensive threat detection pipeline, heavily leveraging AI and machine learning, directly on their SRX firewalls. This strategy aims for a high detection rate and a very low false positive rate without sacrificing performance. The core of the presentation centers on a feature called AI-Predictive Threat Prevention (AI-PTP), which represents a shift from traditional reactive, signature-based models to a proactive approach for identifying both known and zero-day malware.
The AI-PTP system operates using a two-stage process. First, machine learning models are trained in HPE’s ATP Cloud using vast datasets of malicious and benign files. These trained models are then deployed to the SRX firewalls, where the “inference” or detection happens directly on the device. A key differentiator is its inline, proxy-less architecture, which analyzes just the initial portion of a file as it’s being downloaded to quickly determine if it’s malicious. This allows the firewall to block threats in real-time. This on-box capability is part of a defense-in-depth strategy, augmented by cloud-based analysis, including multiple sandboxing methods. During the demonstration and Q&A, it was clarified that this process has a negligible performance impact, can update threat signatures across all customers in minutes, and can automatically place an infected host on a blocklist that is shared across the entire HPE security ecosystem, including NAC and switching solutions.
Personnel: Kedar Dhuru, Mounir Hahad, Pradeep Hattiangadi
Thank you for being part of the Tech Field Day community! Our mailing list is a great way to stay up to date on our events and technical content, and we appreciate your signup.
We promise that we’ll never spam you, send ads, or sell your information. This list will only be used to communicate with our community about our events and content. And we’ll limit it to no more than one message per week.
Although we only need your email address, it would be nice if you provided a little more information to help us get to know you better!
