Juniper Rounds Out Security Play
Juniper's adaptive threat management solution set aims to offer real-time threat defense with networkwide visibility.
First, Sunnyvale, Calif.-based Juniper added two new models to its line of SRX Services Gateways, the SRX3400 and SRX3600, a pair of JUNOS-running 10-Gbit Ethernet boxes that extends the reach of the SRX line.
According to Brian Lazear, Juniper's director of product management for high-end security, the SRX 3000 series offers a modular approach that delivers firewall services, Intrusion Prevention, Denial of Service protection, Network Address Translation, policy and control, identity management and QoS. The boxes provide security to applications and key services running on the network, Lazear said.
The SRX series falls into Juniper's Dynamic Services Architecture, a design that can scale integrated services and network capabilities into one architecture to reduce risks on the network.
The 5 RU SRX3600 can support up to 30 Gbps of stateful firewall, up to 10 Gbps of VPN, 10 Gbps of IPS and 175,000 new connections per second, while the 3 RU SRX3400 can support 20 Gbps of stateful firewall, up to 6 Gbps of VPN, 6 Gbps of IPS and 175,000 new connections per second.
"In a single box we can do all three servers at 10 gig," Lazear said.
Lazear said both new gateways are based on a mid-plane design and offer the scalability of services processing cards and input/output cards for scale of Ethernet ports and services processing. Both are available now, with the SRX3400 chassis starting at $50,000 and the SRX3600 chassis starting at $60,000.
Along with rolling out the new SRX 3000 series, Juniper also enhanced its adaptive threat management product set with a new release of its network access control product, Unified Access Control (UAC); new Secure Access (SA) SSL VPN 6.4 technology with new standards-based interoperability and functionality; and updates to its Security Threat Response Manager (STRM) and Network and Security Manager (NSM).
According to Sanjay Beri, vice president and general manager of access solutions at Juniper, the new SRX 3000 series works with UAC for application access control across data centers with tying in identity-based firewall policies.
Meanwhile, enhancements to SA SSL VPN 6.4 and UAC 3.0 software work together for local and remote access to ensure consistent enforcement of global policies for users or roles, while also offering support for mobile devices and endpoint assessment.
The solutions also add in automatic remediation. In addition, UAC now supports the IF-MAP protocol from Trusted Computing Group's Trusted Network Connect to support standardized, dynamic data interchange among a variety of networking and security components, letting users implement multivendor systems for increased defense.
The new models of UAC and SA are also FIPS compliant, meaning government agencies can provide secure remote access. The updated NSM 2008.2 and STRM 2008.3 automate and correlate attack responses.
Dominic Grillo, senior security consultant for Atrion Communications Resources, a Branchburg, N.J.-based solution provider, said Juniper's security updates illustrate that Juniper is offering a full breadth of solutions, tying together routing, switching and security under the JUNOS operating system umbrella. The ability to offer a wide swatch of products from one vendor gives solution providers a sales edge," he said.
"It's not a multivendor sale," he said. "Customers want a one-vendor solution."
And fusing together the components to create the adaptive threat management architecture, Grillo said, helps him bring Juniper to the table of more deals and compete with large incumbent vendors. Wrapping a host of security services into one appliance, he said, is also a strong selling point.
"Firewalls are at the point where they're almost a commodity," Grillo said. "Being able to protect the other layers -- layer 7 and the application layer -- from attacks makes a difference. And being able to do it on one box and in hardware, not software, lets you do it at high speeds."