During the RSAC 2026 Conference in San Francisco, we talked to no fewer than three representatives from HPE. More specifically, all three of them work for HPE Networking. The reason for their presence is simple: HPE considers the network to be a security sensor and a security enforcement point. With the recent acquisition of Juniper Networks that sentiment has become even stronger. What is HPE Networking’s security strategy? How much does it want to pull into its own platform? And what does the newly formed HPE Threat Labs bring to the table?
The network has always been an important layer to apply security controls. After all, it is able to ‘see’ a lot of what happens inside an organization. Virtually everything is connected to a network in one way, shape or form. This means that there will be network traffic. And where there’s network traffic, this traffic can be monitored for packets organizations don’t want there.
One might even argue that the network occupies a unique position in the security stack. That is, the network continuously sees all traffic patterns and can detect anomalies through behavioral analysis. When threats use polymorphic signatures or AI-generated code variations, each customer receives a customized attack that only they will encounter. That makes anything signature-based or otherwise statically functioning rather powerless.
HPE Networking’s security story from three perspectives
For this story (and more importantly the videos we have embedded in this story), we sat down with David Hughes, SVP SASE and Security to talk about the overall vision that HPE Networking has when it comes to security. We also talked to Mounir Hahad, who runs HPE Threat Labs. Finally, we had a chance to exchange ideas with Madani Adjali, VP of Product Management SASE and Security, to learn a bit more about some more practical things around HPE Networking’s security vision, including what it means for customers.
The strategy
In our conversation with David Hughes, we talk about HPE’s strategy of leveraging network telemetry across switches, access points, and gateways to establish baselines of normal behavior and detect anomalies. By collecting and anonymizing data across their entire customer base, HPE can rapidly identify when IoT devices or other endpoints deviate from expected patterns. Hughes also addresses the evolving challenge of identity management for AI agents, the importance of hybrid enforcement models that work both on-premises and in the cloud, and how HPE bridges the gap between networking and security teams through shared visibility and unified policy management.
Key takeaways:
- Network infrastructure provides comprehensive visibility for detecting behavioral anomalies and command-and-control patterns that signature-based systems miss
- Hybrid enforcement models are essential. Cloud-based security works for remote users, but on-premises enforcement is critical for east-west traffic and sovereignty concerns
- AI agents require new identity frameworks that link non-human identities to their human supervisors
- Shared telemetry between networking and security teams enables better collaboration through common data and visibility
- HPE focuses on security areas that overlap with networking, like SASE, SD-WAN, ZTNA, hybrid mesh firewall, and data center microsegmentation, while partnering for deeper security capabilities
Watch the entire conversation with David Hughes below:
The security power behind the products and solutions
When we read through the press release for the new SRX400 Series Firewalls that HPE launched during RSAC 2026 Conference, one particular, somewhat casual addition somewhere in the text stuck with us. That phrase was ‘powered by HPE Threat Labs’. In other words, new products and solutions are powered by whatever it is that HPE Threat Labs does. That was a good reason for us to have a conversation with Mounir Hahad, who runs this newly formed unit within HPE. To be clear, HPE Threat Labs is a new name, but it consists of the security units from HPE and Juniper. So in that sense, it’s more of a rebrand.
Whatever the ontology HPE Threat Labs, it is clear that it’s an important part of the network security puzzle that HPE wants to solve. So, we go in-depth with Hahad on how HPE’s machine learning-based predictive threat prevention engine operates at firewall speed without performance degradation. Hahad also sheds some light on how the company’s threat intelligence approach goes beyond traditional signature-based detection, using ML models to identify zero-day threats and predict future attack campaigns before they execute.
Key takeaways:
- HPE Networking Threat Labs combines expertise from both Juniper and HPE security teams
- New SRX400 Series Firewall runs the same software as enterprise firewalls, albeit at different throughputs
- AI-powered threat prevention inspects traffic at firewall speed without latency
- Predictive threat intelligence identifies infrastructure used in attack preparation months in advance
- ML models detect zero-day malware without requiring complete file transfer
- Cloud-based security services augment on-device protection for DNS, sandboxing, and encrypted traffic analysis
- Future focus includes securing AI workloads and east-west data center traffic
Watch our conversation with Mounir Hahad below:
The customer perspective
The final piece of this triptych on how HPE Networking wants to position the network as a security solution has a more practical angle.
In our interview with Madani Adjali, we get into how HPE Networking intends to maintain its “leave no customer behind” philosophy while integrating the Aruba and Juniper portfolios. We also dive deeper into the company’s approach to cross-pollination of technologies between Aruba Central and Mist, leveraging APIs and microservices to avoid bolt-on solutions. The discussion covers cloud-native capabilities, dual-platform hardware strategies, and how telemetry provides insights into customer usage patterns without explicit feedback requests.
Key takeaways:
- Security must be integral to product design from day one, not bolted on afterward
- APIs and containerization enable rapid post-acquisition integration
- Cloud deployments provide native telemetry for understanding customer workflows
- Dual-platform hardware extends product lifecycle across different management systems
- Open integration philosophy maintains best-of-breed compatibility
- Build-once-use-many approach delivers customer value without development burden
- On-premises and cloud solutions maintained in feature parity
Watch the conversation with Madani Adjali below:
Conclusion: HPE Networking brings network and security together
After speaking to Hughes, Hahad and Adjali, one thing stands out for us. HPE is not your typical security player. When it comes to networking it knows exactly where its strengths lie. That is what it focuses on. Not that it’s doing too little or not enough. The network is a very important piece of the foundation of any organization, and is not seldom layered, complex and a big piece of its infrastructure. Securing that is extremely important.
On the one hand there’s a deep understanding at HPE of what it’s like to build enterprise networks, which has obviously only increased after the acquisition of Juniper. On the other there is the know-how coming out of the security labs from both companies, now merged into HPE Threat Labs, combined with all of the telemetry that comes off of the network. HPE Networking is putting those components closer and closer together in order to make the network more secure, network operators more security-aware, and security practitioners more network-aware.
Also read: HPE embeds security in network even more with SRX400 and AI governance