The HPE Aruba Networking team put GREYCORTEX Mendel to the test in a live attack demo. Mendel detected and automatically blocked the attack in under two minutes.
HPE Aruba Networking recently published a hands-on technical demonstration on their YouTube channel Airheads Broadcasting, showing GREYCORTEX Mendel working alongside the HPE CX10000. The demo is built around a real attack scenario: Mendel receives telemetry data from the CX10000, identifies an ongoing port scan, and automatically updates the switch security policy with a blocking rule, with no manual intervention required.
About Airheads Broadcasting
Airheads Broadcasting is HPE Aruba Networking’s official YouTube channel for network engineers, IT architects, and security professionals around the world. It publishes hands-on guides, technology explainers, and real-world configuration walkthroughs focused on the HPE and Aruba Networking portfolio. It is a practitioner-first community, and that makes the feature meaningful: this audience knows their tools inside out.
Inside the Demo
The demonstration is built around a realistic attack scenario: one machine on the network launches an Nmap port scan, a classic reconnaissance technique used by attackers to map out vulnerabilities, against another machine. The question is: how fast can Mendel detect it, and what happens next?
This is where the combination of the HPE CX10000 and GREYCORTEX Mendel proves its value.The CX10000 continuously collects deep flow data from every connection passing through it and exports that telemetry to Mendel. Mendel analyzes the data, recognizes the scan behavior, and automatically triggers a response: a script that connects to the switch’s management system and inserts a blocking rule into the active security policy. The attacker is cut off automatically in about two minutes from the moment the attack begins.
Watch the Full Demo
The best way to understand this integration is to see it in action. The full video covers every step: the initial setup and filter configuration in Mendel, the live attack, and the moment the blocking rule appears automatically in the CX10000 policy.
Categories
- Company News (36)
- Product News (27)
- IT/OT Security (40)
- Webinars (6)