HPE SRX Series Next-Generation Firewalls & Threat Prevention

Discover how the SRX firewall portfolio secures networks of any size. We’ll dive into AI-Predictive Threat Prevention (AI-PTP), which neutralizes zero-day attacks with a proxy-less, real-time, on-device AI engine. We’ll also cover how a Machine Learning detection pipeline continuously provides automatically generated signatures for emerging threats, delivering stronger security without compromising firewall performance.

The session outlines a security philosophy focused on making security easier to operationalize, from the user edge to the data center. The speakers explain that with the rise of device proliferation, distributed applications, and Gen AI, the threat landscape has become more complex. HPE’s approach is to use a comprehensive threat detection pipeline, heavily leveraging AI and machine learning, directly on their SRX firewalls. This strategy aims for a high detection rate and a very low false positive rate without sacrificing performance. The core of the presentation centers on a feature called AI-Predictive Threat Prevention (AI-PTP), which represents a shift from traditional reactive, signature-based models to a proactive approach for identifying both known and zero-day malware.

The AI-PTP system operates using a two-stage process. First, machine learning models are trained in HPE’s ATP Cloud using vast datasets of malicious and benign files. These trained models are then deployed to the SRX firewalls, where the “inference” or detection happens directly on the device. A key differentiator is its inline, proxy-less architecture, which analyzes just the initial portion of a file as it’s being downloaded to quickly determine if it’s malicious. This allows the firewall to block threats in real-time. This on-box capability is part of a defense-in-depth strategy, augmented by cloud-based analysis, including multiple sandboxing methods. During the demonstration and Q&A, it was clarified that this process has a negligible performance impact, can update threat signatures across all customers in minutes, and can automatically place an infected host on a blocklist that is shared across the entire HPE security ecosystem, including NAC and switching solutions.