Speed and security are the watchwords for Juniper Networks’ new Adaptive Threat Management rollout — a product launch aimed at biting into growing demand for technology like network access control (NAC) and WAN acceleration.
Juniper (NASDAQ:JNPR) is introducing new NAC, IPS
Juniper’s rollout follows rival Cisco (NASDAQ: CSCO)’s latest Self Defending Network update, which added new botnet and cloud security services.
“We’re basically dynamically provisioning connectivity and acceleration to the end user based on role,” Sanjay Beri, general manager for Juniper’s access solutions unit, told InternetNews.com. “When users connect to network assets, they’re guaranteed a degree of performance, connectivity and security and that’s the use that we’re going after with this new functionality.”
As part of the new technology rollout, Juniper is introducing its first desktop WAN acceleration client, called the WX Client. The new client works with Juniper’s existing hardware-based WXC WAN acceleration gear to provide remote workers with application acceleration capabilities.
Juniper is a bit late to the desktop WAN acceleration game with solutions from Blue Coat, Citrix already in market.
Beri said Juniper’s WAN acceleration client is identity-based and directly integrates security. The WAN acceleration client will also integrate with existing SSL-VPN deployments from Juniper, so that a user will get connectivity, WAN acceleration and security based on their role and policy.
On the security side, Juniper is now integrating anti-malware directly into its remote-access solution. The technology comes by way of a partnership with anti-malware vendor Webroot and will detect malware prior to a user getting access to the network.
Pre-admission security posture detection is a key feature of Juniper’s UAC (unified access control) NAC technology, though the new Webroot piece is different than what Juniper previously offered its users.
“In the previous versions [of UAC], we were taking data from other software installed on the endpoint,” Beri said. “So we were communicating with the installed antivirus and firewall software.”
The previous pre-admission check queried existing that installed software to perform a state-of-health check to ensure that an endpoint had valid, up-to-date security software installed.
“The difference here is … for the use cases where you’re not guaranteed there is pre-installed security software,” Beri said. “Now we’re actually integrating the actual malware and spyware detection and removal function into the VPN client.”
IPS for NAC
As part of the security rollout, Juniper is now more tightly coupling its IPS with its UAC network access-control solution.
“With our UAC product, we’ve always supported switches as enforcement points,” Beri said. “Now, what we’ve added is enforcement on IPS devices.”
The new UAC 3.1 release builds on inter-device communication for threat correlation that Juniper first debuted in its UAC 3 release earlier this year.
Beri explained that with the new IPS and UAC releases, IPS data can now not only map threat data to users so that actions can be taken, but also that it enables enterprises to detect that someone is using a non-business critical application and are exceeding bandwidth.
In such a case, the IPS talks to UAC and the UAC can take actions like limiting users’ bandwidth rates or restricting access.
“The integration of UAC with our SSL-VPN and IPS products sets up more rich and robust policy beyond just threats to include quality of service,” Beri said.
When rival Cisco updated its security software suite earlier this year, one of the key items it included was botnet detection. Though Juniper has not specifically branded botnet detection as being a key feature of its new release, Beri said that it can in fact help users detect botnets by way of policy.
Beri explained that the Juniper solution collects data from multiple sources across the enterprise and then correlates that data and enforces policy. A botnet could just be one such policy identification point.
Overall, NAC — or UAC as Juniper calls it — can solve many enterprise security concerns, according to Beri. Often the biggest challenges, in his view, is just getting people to understand what it is that NAC policy can actually offer.
“Many people don’t make the connection — they talk to us about insider threats but there isn’t a direct link [or] the understanding that a policy system like UAC that connects into network devices can be the solution,” Beri said.