It's not often you hear corporate executives admit that their company fell short. But at Juniper's NXTWORK user conference Tuesday, executives said that while the networking vendor was focusing on advancing its switching and routing lines, it had fallen behind on the security front.
"In the area of security, you could say we were a bit more like General Motors," Jonathan Davidson, EVP and GM of development and innovation at Juniper, said in a keynote that began by recounting GM's turnaround from a struggling auto maker with quality problems into a leader on electrical vehicle innovation. Juniper hadn't been meeting customer requirements in security and was behind in the transition to next-generation firewalls, he said.
So for the past two years, Juniper has been ramping up its security efforts, developing a framework it calls software-defined secure networks (yes, another software-defined something). The firewall-centric, hardware-defined era of security is giving way to one in which problems are solved with software and cloud-based technologies, Davidson said.
"We need to move from perimeter-based security to having pervasive security -- every element in the infrastructure participates in the enforcement of policy," he said.
Over the past 15 months, Juniper has released new products to enable its software-defined security networks (SDSN) vision across the data center, campus, and branch. "The team has been extremely busy building the building blocks for this vision," Davidson said. New products include a containerized firewall he touted as an industry first and Sky Advanced Threat Protection, a cloud-based service for the vendor's SRX firewalls that uses multiple techniques and third-party intelligence to thwart attacks.
The company also worked to upgrade its network security management software after complaints from customers and partners on its old system, Davidson said. It hired a new user experience team and started from scratch, producing Security Director, which is designed to automate and streamline security policy management. On Tuesday, Juniper announced a new component for Security Director, Policy Enforcer, which Davidson called a key part of SDSN.
"We knew we needed to create additional enforcement points in your infrastructure, close to the point of attack -- that's the access layer switch," he said. He showed a video that demonstrated how Policy Enforcer applies security policies and extends threat protection down to the switch level, and can isolate infected endpoints.
"SDSN is, in our opinion, the future of security. It solves the fundamental problem we as an industry are facing," Davidson said. "This is the networking industry's electric-car moment."
Dan Conde, an analyst at Enterprise Strategy Group, told me in an email interview that Juniper's SDSN is a good way to closely integrate security and networking that differentiates it from its competitors.
"In other words, they are not layering on security on top of networking or inserting it to an existing networking deployment," he said. "Other companies have some similar approaches such as VMware's NSX with security via micro segmentation and Cisco ACI with its micro segmentation, but Juniper seems to view this as a way to enforce security across the entire network either with its own hardware or via third parties in an open approach along with its cloud-based threat prevention (Sky ATP)."