HPE Buys SSE Firm Axis Security to Obtain Single-Vendor SASEDeal Comes as Pressure Increases on Pure-Play Vendors to Deliver Native SASE Stack
Hewlett Packard Enterprise will soon offer its customers single-vendor SASE after agreeing to purchase a security service edge startup founded by a Symantec security researcher.
The Houston-based technology giant will combine the cloud, web and data security technology acquired from Dallas-area Axis Security with its SD-WAN product purchased from Silver Peak in 2020 to deliver a unified secure access service edge platform. The deal comes as pressure increases on pure-play SD-WAN or SSE vendors to have the ability to deliver a full SASE stack natively rather than through partnerships (see: Fortinet, VMware, Cisco Drive SD-WAN Gartner Magic Quadrant).
"Several customers said, 'We can't handle the complexity of having two different vendors here,'" HPE Aruba Chief Security Officer Jon Green tells Information Security Media Group. "We want something that we can get from one place with one tech support line to call and one set of documentation. And this is trying to fulfill that customer request."
Axis Security was founded in 2018, employs 134 people and has raised $100 million in outside funding, according to LinkedIn. The company was co-founded by Dor Knafo and Shuky Chen - who both joined Symantec through its acquisition of browser isolation startup Fireglass - and by Gil Azrielant, who served as a team leader in the intelligence unit of the Israel Defense Forces. All Axis staff will join HPE.
Calcalist reported Thursday that HPE has agreed to pay $500 million to purchase Axis Security. An HPE spokesperson tells ISMG that $500 million is "substantially higher than the actual figure" but declined to disclose the deal price. Calcalist on Friday removed the $500 million figure from its story, saying instead the transaction is worth "an estimated hundreds of million of dollars."
What's Unique About Axis' Approach to SSE?
Green says HPE was impressed by Axis' ability to deploy on physical hardware and its relationships with Amazon Web Services, Microsoft Azure, Google Cloud and Oracle Cloud. Axis' bare metal model offers cost savings and latency advantage in dense metropolitan areas with lots of customers, Green says.
"Several customers said, 'We can't handle the complexity of having two different vendors here.'"
– Jon Green, chief security officer, HPE Aruba
HPE started looking two years ago to acquire a zero trust network access vendor to serve as a VPN replacement but ultimately decided to go for a full-service SSE vendor that could deliver secure web gateway, cloud access security broker and data loss prevention technology, according to Green. The deal comes seven months after Netskope expanded from SSE into SD-WAN through its acquisition of Infiot (see: Netskope Expands Into Cloud Networking With Infiot Purchase).
"Once you're in line with traffic, there's a lot you can do with it," Green says. "Why squander that opportunity by going just for a ZTNA player?"
Axis had already been integrated into Silver Peak prior to the HPE acquisition, which allows customers to orchestrate tunnel receivers from SD-WAN gateways, he says. HPE had previously pursued a partnership with Axis due to its technologically advanced cloud architecture, which Green says is automatically built for multi-cloud architectures without having to manually construct a matrix of tunnels.
Existing Axis customers will benefit from HPE's scale and deep pockets, which will result in more high-end enterprise feature sets for them, according to Green. Axis customers will be allowed to stick with their existing SD-WAN vendor and won't be forced to switch to Aruba or Silver Peak, Green says.
"Interoperability and customer choice have always been part of what Aruba has been about," Green says. "There's not going to be any forcing customers down a particular pathway, but it is going to open up additional opportunities for them."
Will HPE Make Additional Security Acquisitions?
In a similar vein, Green says HPE will continue to support SD-WAN customers that want to capitalize on the company's extensive technical integration work with Zscaler and obtain their SSE capabilities there.
"The partnership approach is not going to change because that's really customer-driven," he says.
Once the acquisition closes, expected by April 30, the cloud orchestration component of Axis will be embedded in HPE's GreenLake hybrid cloud platform, which Green says means clients will only have to manage a single set of credentials and devices. Axis can be deployed on either an agent or agentless basis and ties in easily to GreenLake's private data centers, according to Green.
HPE Aruba's security footprint was up until now limited to on-premises network security, and Green says the Axis purchase will enable the company to deliver zero trust capabilities across both networks and applications. SASE has up until now emphasized securing remote users, but the combination of Axis and Aruba means the SASE architecture can be applied to workloads within a company's own data center.
HPE sees itself as a secure connectivity company rather than a security company, meaning which means it will shy away from acquisitions in spaces such as endpoint detection and response and intrusion detection systems where there's no network connectivity tie-in. Green plans to closely track the number of HPE sales, support and technical personnel trained on Axis since that will help drive significant revenue growth.
"If people have not looked at the zero trust, SASE or SSE architecture, this is the time to be looking at that," Green says. "I think this acquisition speaks to us seeing it as important."