Juniper Pushes Security Into Network Interior

The networking vendor extends its security platform to go beyond guarding the network edge to automate enforcing policies at the switch level

Mitch Wagner, Executive Editor, Light Reading

October 4, 2016

4 Min Read
Juniper Pushes Security Into Network Interior

SANTA CLARA, Calif. -- Juniper Networks has introduced updated security technology designed to allow network operators to protect networks inside the perimeter, at the switch level.

Kicking off Juniper Networks Inc. (NYSE: JNPR)'s NXTWORK 2016 customer conference here, Juniper enhanced its Security Director management platform with a new Policy Enforcer, to automate enforcement of security policies across the network and quarantine infected endpoints at both firewalls and switches. Security Director communicates with a cloud-based malware detector, Sky Advanced Threat Prevention, which uses information from Juniper and third parties to inspect files traversing, exiting, and entering the network to detect malicious content. The new policy enforcement component can push filters down to hosts and switches to filter for newly detected malware as well as quarantine infected hosts, Scott Miles, Juniper's senior director for cloud and enterprise product marketing, tells Light Reading.

"It's the first solution to use the entire network as an enforcement point, rather than embedding enforcement in specific security devices," Miles says. The technology extends security throughout the network, rather than just on perimeter devices such as firewalls.

Juniper also extended its Sky Advanced Threat Prevention cloud service to its vSRX Virtual Firewall and SRX Series gateways, to protect both virtual and physical firewalls. And the company introduced new midrange SRX4000 series firewalls optimized for hybrid cloud and enterprise campus environments.

Juniper's technology is designed to automate security protection, reducing the need for manual updates and automatically applying security policies and enforcement rules to drive down the cost of managing network security, Juniper says.

Security is a pillar of Juniper's strategic direction, and it faces tough competition from Cisco Systems Inc. (Nasdaq: CSCO), Huawei Technologies Co. Ltd. as well as specialized providers such as Palo Alto Networks Inc. and Fortinet Inc. .(See Light Reading Evaluates Cisco's Threat-Centric Security Solutions , Huawei's New Acting CEO Key to Global Expansion and Palo Alto Networks on Expanding in the Carrier/Service Provider Market.)

Juniper got a spectacular security black eye late last year when researchers disclosed security vulnerabilities in its firewalls that critics claimed left the devices open to serious attacks, and were likely planted by government agencies with Juniper cooperation. Juniper says it has updated its software to eliminate the vulnerability. (See Juniper to Remove Controversial Security Code.)

Miles and Jonathan Davidson, Juniper's executive vice president and general manager of development and innovation, both tell Light Reading that Juniper's customers respected the company for the forthright way that it dealt with the security problem, by disclosing information and updating promptly.

"Our customers are appreciative of the way we are open and transparent with them," Davidson says.

That sounds self-serving, but we're not hearing anything to the contrary.

Juniper claims to distinguish itself from its security competition by providing an open framework to integrate with third-party products.

"There are a few companies today that are saying, 'trust me for all your security needs,' but in reality there is no single company on the planet that can solve all your security problems," Davidson says. "What we believe at Juniper is we need an open ecosystem for the detection of attacks and attackers."

He adds, "And the second part, which is very important, is you need to make sure you are able to extend the enforcement of your security policy beyond firewalls." Today, most security is enforced at firewalls and proxies -- the edge of the network -- but malware can infiltrate the heart of the network and needs to be stopped at the connection point inside the network -- the switch -- which is what Juniper's new capabilities can do, Davidson says.

Want to know more about security? Visit Light Reading's Security content channel.

Juniper is not alone in looking to guard the interior of the network. VMware Inc. (NYSE: VMW) touts microsegmentation -- breaking up the network into myriad subnetworks, with security controls between them -- as a key feature of its NSX software-defined networking overlay. Cisco, Nuage, cloud security provider ZScaler, and cloud application controller Avi Networks also support microsegmentation. (See Cisco Rewrites Enterprise Networking DNA in 'Monumental Shift', VMware Looks to NFV to Crack SP Market, Nuage Signs China Mobile for Developer SDN , Zscaler Offers Per-App Security and Avi Boosts Container Support for ADC.)

Davidson said Juniper's approach is more effective than breaking up the network into many segments and putting firewalls between the segments.

Interior network security is also a focus for Masergy Communications Inc. , which offers security as a managed service.

Related posts:

— Mitch Wagner, Follow me on TwitterVisit my LinkedIn profile, Editor, Light Reading Enterprise Cloud

About the Author(s)

Mitch Wagner

Executive Editor, Light Reading

San Diego-based Mitch Wagner is many things. As well as being "our guy" on the West Coast (of the US, not Scotland, or anywhere else with indifferent meteorological conditions), he's a husband (to his wife), dissatisfied Democrat, American (so he could be President some day), nonobservant Jew, and science fiction fan. Not necessarily in that order.

He's also one half of a special duo, along with Minnie, who is the co-habitor of the West Coast Bureau and Light Reading's primary chewer of sticks, though she is not the only one on the team who regularly munches on bark.

Wagner, whose previous positions include Editor-in-Chief at Internet Evolution and Executive Editor at InformationWeek, will be responsible for tracking and reporting on developments in Silicon Valley and other US West Coast hotspots of communications technology innovation.

Beats: Software-defined networking (SDN), network functions virtualization (NFV), IP networking, and colored foods (such as 'green rice').

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like