UPDATED 07:45 EDT / FEBRUARY 02 2022

CLOUD

Juniper adds cloud firewall to growing SASE line

Juniper Networks Inc. is extending its presence in the secure access service edge or SASE market with a cloud-based firewall-as-a-service offering introduced today.

The cloud service can be managed by its Security Director Cloud, a single portal for on-premises, cloud-based security and cloud-delivered security. It exactly duplicates the functions of the company’s on-premises and virtualized firewalls.

SASE is a term coined two years ago by Gartner Inc. to describe an architecture that combines software-defined wide-area networks with a simplified portfolio of cloud-based security tools —including cloud access security brokers, secure web gateways and firewall-as-a-service — all wrapped up in a zero-trust network access framework. The intent is to shift from traditional perimeter protections to identity-based controls so that people can access data and applications from any device and location, even when they aren’t on a virtual private network.

“As people come back to the office, consistent security is important with policies that follow them wherever they go, on and off the network,” said Kate Adam, senior director of security product marketing at Juniper.

Unified management

Juniper Secure Edge provides for unified policy management from a single user interface. The Security Director Cloud can manage existing on-premises Juniper SRX firewalls both in the data center and at branch locations. Policies for user- and application-based access, intrusion prevention, anti-malware and secure web access need only be created once and can then be applied across the network, the company said.

“Customers have visibility from the edge through to the data center,” Adam said. ”They can take the policies they have deployed in the branch and at headquarters and apply them to a secure edge.” Security policies are applied at the user rather than the device level.

Dynamic zero-trust segmentation maintains data security around identity- and risk-driven policies that automatically adapt based on new risk and attack vectors and apply automated access controls to employees and contractors at a granular level, the company said.

“Customers can apply policy based on groups and individual users and as their status changes we can see if those users have been compromised or are likely to be compromised and can automatically move them to a different policy set,” Adam said. “We can see that a user went to a website that was allowed but that now exhibits signs of infection and dynamically change the policy set to auto-deploy multifactor authentication or set access to guest level.”

Migrate at will

Juniper’s suite of modular products lets organizations transition to a SASE architecture at their own pace. The firewall had previously been available in physical and virtual versions and is now a cloud-based service that fits within a single policy framework.

The product line is compatible with identity and access management systems from Microsoft Corp., Okta Inc. and any that support security access markup language 2.0. Juniper doesn’t plan to enter the IAM business, Adam said: “Customers have typically already found an identity provider that they like.”

Juniper said the effectiveness of its security products has been validated by third-party testers and that it has achieved a 99.5% effectiveness rate from CyberRatings.org compared to leading security vendors for enterprise firewall, and 100% effectiveness with zero false positives in ICSA Labs’ Advanced Threat Defense test. ICSA Labs is a U.S. federal government-accredited test lab.

Most experts agree that the transition to a full SASE environment can take years at large enterprises. Organizations typically start with the security components and then migrate to a software-defined wide-area network more gradually. Juniper intends to support whatever path customers want to take, Adam said.

“We’re not deliberately forcing a customer to go all-in with Juniper,” she said. “If they already had another SD-WAN provider, we can connect directly via a [generic routing encapsulation] or IP-Sec tunnel.”

Photo: Juniper Networks

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU