The topic of network and security convergence has been front and center in the industry over the last year. The line between networking and security continues to blur, with collaboration increasing across traditionally siloed IT functions and technologies used by these teams continuing to inch closer together. One of the more notable initiatives is secure access service edge (SASE), and both enterprises and vendors alike are now embarking on their SASE journey.
My colleague Bob Laliberte and I had the opportunity to attend Juniper’s recent analyst event presenting its Connected Security vision, which focused exactly on this trend. The key to understanding Juniper’s SASE story lies in its broader “Experience-First Networking” mantra. Juniper is focused on ensuring that network and security teams can ensure a continuous management policy, supported by automation, regardless of the underlying architecture or environment. Juniper believes that maintaining consistent security across highly distributed environments requires the ability to seamlessly migrate controls from on-premises to the cloud without having to rewrite policies and will be critical to accelerating the journey towards a SASE architecture. While many elements are still under embargo, it is clear that Juniper has made significant progress on its SASE journey.
We can share that Juniper’s SASE vision includes building a more threat-aware network in order to secure every point of connection from the endpoint, through the edge, and to the cloud by protecting users, devices, applications, and infrastructure. In support of this initiative, Juniper has made multiple enhancements over the last year, including:
- Encrypted Traffic Insights – This ATP Cloud and SRX feature identifies malicious activity in encrypted connections without terminating and decrypting the traffic through the analysis of the initial TLS handshake and the metadata of the connection (including the certificate used). By providing insights into whether the traffic is malicious or not without decrypting, Encrypted Traffic Insights can help organizations limit the amount of traffic they have to decrypt, helping to improve performance and reduce costs and ensuring user privacy is maintained.
- Adaptive Threat profiling – Also part of ATP cloud, this service acts as an internal intelligence feed by aggregating security events generated by IDS services running on SRX gateways and creates signatures or block lists that are enforced across other SRX gateways, whether running IDS or not. Further, when combined with SecIntel Juniper can push enforcement to other parts of the Juniper network infrastructure, including MX routers and EX switches.
- Secure Connect – Correcting a misstep from years ago, Juniper recently reentered the secure remote access market with its Secure Connect VPN client. This service connects remote employees on Windows, macOS, and Android systems to the corporate WAN through SRX gateways on campus, in data centers, or in the cloud.
- Security Director Insights – Juniper sees a need for useable, correlated visibility across the network to augment the capabilities of enterprise SIEMs. Security Director Insights aggregates telemetry from ATP Cloud, Juniper Gateways, and detections made from other vendor's products to correlate everything to a point in the attack and then mitigate the attack through single click IPS signature updates, AV rules, URL filtering, and other rule and policy modifications.
- 128 Technology - Juniper recently acquired this session smart SD-WAN technology with hyper segmentation to enable organizations to securely connect distributed cloud environments (defined as on-premises data centers, multiple public clouds, and edge/WFH). The 128 Technology solution leverages secure vector routing that denies by default, utilizes hop-by-hop authentication, and enables selective encryption and distributed firewall capabilities to provide trusted applications direct internet access.
While no announcements were made at the event, there are a few areas Juniper must focus on moving forward to continue to accelerate its business. Specifically:
- Increased enterprise focus - Juniper has historically focused on the service provider market and must continue to make inroads with enterprises. Enterprise penetration is certainly an overall Juniper priority, and the AI-Driven Enterprise campaign (reinforcing a number of recent acquisitions) is showing clear signs of momentum. Building off that, Juniper has created a narrative around Connected Security to serve as the connective tissue between network capabilities, meaning that broader Juniper success here should pay dividends on the security side.
- Zero Trust – Juniper is currently focused on segmentation with regards to zero trust, augmented through the Session Smart capabilities of 128 Technology. While this has historically been table stakes for zero trust, the reality is that there is lower-hanging fruit many organizations have prioritized for easier wins, specifically around secure access and zero trust network access (ZTNA). Juniper may ultimately see broader segmentation success where others have stagnated, but an expansion of Secure Connect to add more zero trust capabilities would seem to be in the cards as well.
- Session Smart SD-WAN – Again, the 128 Technology acquisition looms large here and provides an innovative SD-WAN solution to combine with Juniper’s expanding security capabilities. Juniper is clearly being thoughtful in this area to ensure it comes to market with the appropriate capabilities to compete in the dynamic SASE space. If SASE is about the convergence of security and networking and Connected Security views that consolidation as inevitable, it only makes sense that Juniper will make a big push into this market.
One of the real differences I notice in Juniper’s recent announcements is the fact that so many of these important enhancements are features of existing products. That’s important for end-users so as not to have to add another box or service every time a new capability is needed, and one I think will pay dividends for Juniper over time. There is little question that Juniper is better positioned now than it was four or five years ago from a security perspective. After divesting Pulse Secure and seeing its firewall business decline, some wondered whether Juniper would fully exit the security market. Today, Juniper continues to make headway in re-establishing itself as a security brand and appears poised to make strides in 2021 with converged network and security solutions.