Juniper aligns its security portfolio with the SASE model

The conga line around secure-access service edge (SASE), continues to grow with Juniper this week becoming the latest to join the dance.

Just as other big networking players with extensive security portfolios including Cisco and VMware have recently done, Juniper says it will build off its offerings to address the SASE blueprint.

As defined by Gartner in 2019, SASE features a wide variety of components that Juniper summarized and includes:

• Cloud-hosted architectures, so that services can be easily deployed on-demand and at scale.
• Identity-driven policies, whereby network access and security can be customized based on individual user requirements.
• Localized policy inspection/enforcement to deliver applications and services as close to users as possible to minimize latency.

“By integrating network and security elements together in a single platform, Juniper customers can seamlessly and cost effectively take advantage of advanced security services like Application Security for broader visibility and control, Advanced Threat Prevention, Intrusion Detection and Prevention along with Data Loss Prevention. All with no additional hardware or software required,” wrote Samantha Madrid vice president of product management in the Security Business & Strategy business at Juniper Networks in a blog about the vendors SASE directions.

“SASE customers can identify and defend against new zero-day malware and targeted attacks, mitigate risks by updating existing security controls to defend against identified and unknown threats, reduce the time and cost to remediate threats and, overall, reduce exposure to advanced threats.”

Juniper has a variety of security goods under its Connected Security architecture to make a serious SASE play. For example, its cloud-based Advanced Threat Prevention (ATP), offers advanced malware protection. In addition, Juniper SRX and vSRX firewalls offer remote configuration and security, networking and application policy monitoring.

Another key component will include Juniper’s effort to incorporate artificial intelligence  in its key security components as well as its MX Series routers, and its EX and QFX Series switches.  

The company bought wireless and AI-software maker Mist in 2019 for $405 million and has been integrating the technology across its portfolio ever since. Most recently, Juniper said it would integrate its Security Intelligence (SecIntel) security package to the Mist platform for wireless access. SecIntel includes threat detection software, local and cloud-based security-information and control software with a next-generation firewall system. 

With the SecIntel integration, Mist customers can receive threat alerts detected by Juniper SRX Series Firewalls and ATP Cloud, letting administrators quickly assess security risks and take appropriate action, Juniper said.

A future area of Mist AI integration will include Juniper’s SD-WAN technology, Juniper’s CEO Rami Rahim told Network World recently. 

“Customers need the ability to assure solid connectivity across the entire path of network – that includes wireless and wired connections – and the path traffic takes from a particular location – be it at home or the data center or to the cloud – and it would be a natural extension to include the SD-WAN. That’s a work in progress,” Rahim said.

Juniper uses AI-driven automation, insight and actions across the LAN, WLAN and WAN to optimize the end-to-end user experience, Madrid stated. This includes customized Service Level Expectations, event correlation across the LAN and WAN for rapid fault isolation and resolution, AI-driven support with proactive notifications and an interactive Virtual Network Assistant (VNA) called Marvis to provide recommended actions and/or keep the network humming autonomously, Madrid stated.

Juniper’s SASE plans come on the heels of recent announcements by other key players in what is expected to be a hot market. 

For example, VMware in June said it was advancing secure access for remote and mobile workers by mixing its Workspace ONE offering with its SD-WAN package. The resulting VMware SD-WAN Zero Trust Service promises to help enterprises  handle growing distributed workloads for remote workers. The service also represents a big step toward SASE, the company said.

“Speed and data are two of the most valuable business currencies in today’s rapid growth environment, both of which have rendered traditional security deployments insufficient and ineffective,” VMware stated. “Enterprises need to take advantage of SD-WAN technology without falling prey to increased threats. The ability of cloud-delivered security solutions can combat the increasing sophistication of security threats while reducing latency and costs.”

In May Cisco said it was embracing the SASE architecture with plans to upgrade some of its existing products to reach the goal of delivering access control, security and networking to cloud services. The enterprise shift to SASE will be gradual as they figure out the best way to connect their growing remote workforce to distributed resources delivered from corporate data centers and as cloud services, Cisco says.

“Flexibility will be fundamental as IT chooses among multiple security and networking capabilities that best fit their operations, regulatory requirements, and types of applications,” said Jeff Reed, senior vice president of product, Cisco’s Security Business Group in a blog post.

“The rapid adoption of SD-WAN for connecting to multi-cloud applications provides enterprises with the opportunity to rethink how access and security are managed from campus to cloud to edge,” Reed stated. “With 60% of organizations expecting the majority of applications to be in the cloud by 2021 and over 50% of the workforce to be operating remotely, new networking and security models such SASE offer a new way to manage the new normal.”

READ MORE HERE