Juniper Networks is expanding the security capabilities of a number of its appliances to better protect enterprises from remote attacks.
As part of what the company dubs its Adaptive Threat Management strategy launched earlier this year, it said Monday it is deepening protection on its application accelerators, virtual private network, unified access control and intrusion prevention lines.
“We’re reducing the [threat] vulnerability window from months to minutes or seconds,” said Michael Rothschild, Juniper’s senior solutions marketing manager.
Increasingly, attackers are trying to get into an organization’s data centre by attacking remote offices, he said. At the same time, organizations are increasingly making use of cloud-based or software-as-a-service applications. As a result, he said, there’s “an incredible gap in security.”
The way Juniper is meeting such challenges is by having many of its appliances work together on security.
Today the company revealed three improved capabilities:
— The WXC Application Acceleration series now has the ability to send a client to remote devices to optimize acceleration for each user. When someone logs on to the network the client checks the user’s security. The client can be manually deployed by IT staff in several ways when needed to a new user, or automatically downloaded by a Juniper SA Series SSL VPN appliance, which has provisioning capabilities. The capability is licenced by the number of simultaneous users.
–Not every authorized person accessing the network will have devices that meet the organization’s security policies. Staff will, of course, if they are using company-supplied equipment, but consultants, partners and others won’t. So Juniper’s SA series of SSL virtual private network appliances, working with the UAC Unified Access Control appliances are being given the ability to dynamically install anti-spyware and anti-malware on devices using an ActiveX control that checks the status of the new device. The software uses an engine licenced from Webroot, makers of desktop security products.
–Indentity prevention applications aren’t a new, but Juniper thinks the concept should be extended to “IPS everywhere” – in other words, tying it to who the user is and what the user is doing. So its giving its IDP intrusion appliances the ability to signal Juniper’s UAC appliances to shut off access to devices based on detected threats.
“So rather than have blanket policies that may not make sense, we tie it to the user and the application,” said Rothschild.
A theoretical example of how these three improvements could work, Juniper imagines a financial broker trying to access his company’s applications from a branch office after successfully logging onto the network. When he tries, against company policy, to share a file using a peer-to-peer application the Juniper IPS blocks the move, asks the UAC to identify the user, who is then quarantined until the P2P application is shut. Once that happens the UAC lets the user continue. Meanwhile Juniper’s Security Threat Response Manager correlates log files from the appliances to generate a custom report on the incident.
The overall strategy allows organizations to set up “global roaming policies,” said Rothschild. “We’re essentially saying it doesn’t matter where the [authorized] user is – New York today, in Chicago tomorrow, in Bangladesh the next day – the idea of having policies that follow the individual is something that makes sense, especially in the distributed enterprise.”