Juniper Unveils Adaptive Threat Management ApplianceBy Lawrence Walsh | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
The SRX 3000 series are expandable appliances that contain multifunction, open-standard security software features that Juniper says provide policy enforcement with greater levels of confidence.
Juniper Networks is continuing its push to create greater interoperability with its products with the release of a new threat management platform in its SRX 3000 Services Gateway appliance.
Over the last several months, Juniper has rolled out several initiatives and products designed around the themes of ease of management, ease of use, and open standards and interoperability. To date, those initiatives involved data center architecture and network optimization. The SRX 3000 is the first iteration of Juniper security products based on this evolving set of themes.
"Not every vendor is going to select our products, and we want to make sure they can adapt our products with other vendors’ adaptive threat management products," says Sanjay Beri, vice president and general manager of access solutions at Juniper.
Based on open standards and built with interoperability in mind, the SRX 3000 provides solution providers with a product with multiple security functions in one expandable appliance that can work within existing heterogeneous infrastructures. Juniper says this will make it easier for its solution provider partners to sell the appliance into any environment and, in the future, expand Juniper sales among existing customers.
Juniper calls the SRX 3000 the first among adaptive threat management solutions, or multifunction security products that not only perform different tasks but are able to share intelligence among disparate security functions for greater levels of policy enforcement confidence. By comparison, conventional unified threat management devices often perform multiple security tasks in a single appliance, but the tasks are not coordinated and external security measures cannot be integrated.
"Dynamic threat information can be fed into this framework, and you can use anyone’s firewall and you can still use this," says Beri.
"Supporting open standards help us to plug in and complement—and perhaps replace—other products. It allows partners to plug in other vendors products and bring Juniper into the deal," he adds.
Juniper is the latest security vendor to unveil a new product that provides solution providers and their customers with multi-role products.
Last month, Check Point Software Technologies unveiled its Software Blades architecture, which enables solution providers to custom-build security systems with different applications that are certified for their interoperability and performance.
Earlier this week Fortinet released FortiOS 4.0, which includes new identity-based policies, giving organizations the ability to assign access and rights to users based on individual identities, groups or roles; and an endpoint compliance module that checks connecting devices for policy compliance. The FortiOS, which is the platform that powers Fortinet's appliance, includes multiple applications such as SSL VPN, intrusion prevention, data loss prevention and firewall.
A couple of things make the SRX 3000 different from recent competitive releases. First, the SRX 3000 series comes with variable-sized appliances. The 3400 model is a 3U appliance and the 3600 is a 5U appliance, and each has multiple card slots for inserting more processing and throughput capacity.
Juniper says its adaptive threat architecture enables different applications to share information and make intelligence decisions on policy enforcement. For instance, if the SSL inspection engine detects a problem with decrypted packets, it can alert the intrusion prevention system to correlate the analysis with event activity for further action.
Following a general industry trend, the SRX 3000 is making greater use of identity management as a means for policy enforcement. Tying into an organizations existing IDM platform, such as Microsoft’s Kerberos, the SRX 3000 will match an individual’s identity or a device MAC address for more granular enforcement of access rights and privileges.
With the proliferation of social networking and Web 2.0 tools in the workplace, the SRX 3000 gives administrators the ability to block or throttle user access to sites such as Facebook, YouTube and LinkedIn.