Juniper Launches Adaptive Threat Profiling, New VPN Features
Juniper Networks has introduced three new capabilities to improve network visibility, access control and VPN-based remote working.
The three new features provide adaptive threat profiling for Juniper’s ATP Cloud, the integration of WootCloud HyperContext for device profiling, and Secure Connect VPN for remote working beyond the branch office. The purpose is to improve network visibility and provide consistent policy enforcement across all connected devices.
Samantha Madrid, VP of security business and strategy at Juniper Networks, sees security’s primary problem as one of visibility. “As a security industry,” she told SecurityWeek, “we have being doing a phenomenal job in understanding threats, and how threats take shape in networks — we’ve been great about ensuring the collective understanding of those threats. But one of the things I don’t think we have really scratched the surface on has been about how do we secure the network by providing customers with the visibility that allows them to not only understand their overall risk profile but also gives them the visibility to make any necessary changes — whether through technology, policy or whatever — so that they’re coming from a vantage point of knowledge versus reaction.” The new additions to the Juniper portfolio are designed to provide that visibility and control by bringing security to every point of connection and allowing CISOs to know who and what is on the network.
Adaptive Threat Profiling makes use of Juniper’s SRX series firewalls to act as sensors throughout the network. The result is a series of security intelligence feeds populated by data on potential intrusions. The intelligence can be shared with in-line devices that can enforce policy automatically in real time and at scale. “All of our firewalls,” explains Madrid, “through our ATP Cloud, have the ability to assess, in real time, changes to the environment, and can customize threat intelligence and distribute it not just to the firewalls, but to all the networking devices. As changes occur, whether that’s a new device or a new threat, we can automatically adapt to those changes with network-specific intelligence.” This is particularly relevant at a time when adversaries are customizing their attacks to specific targets. As soon as a targeted attack is recognized anywhere on the network, information on that threat is distributed to every Juniper device on the network, and the relevant response can be taken.
The WootCloud HyperContext integration provides visibility of all IoT connected devices, and their susceptibility to compromise. “Network visibility is an important issue that security teams have struggled with,” explains Madrid in an associated blog. “With each new connection, risk increases — especially when it comes to IoT devices. Not all connected devices can run secure operating systems, be patched or run endpoint agents.”
WootCloud is a company that provides agent-less device-focused segmentation, access control and threat response across the network. The system will automatically detect IoT devices and place them in separate VLANs to inhibit the propagation of any compromise. This segmentation can be used to enforce secondary authentication and limit access to high risk devices. “This allows us,” said Madrid, “to see any device that comes on the network, that is an internet-based device. So, think of soda machines, a casino slot machine, any internet connected IoT device — anything that has internet connectivity can be seen and risk assessed through behavioral analytics.” Policy can then automatically take action against any device that is indicating new or unacceptable risk. Segmentation can be used to effectively remove that device from the network. The point at which automated response is taken can be left to the baselines provided by the system, or can be modified by users according to their own risk tolerance.
The COVID-19 pandemic has thrown the increasing move to remote working into hyperdrive. The need for secure VPN connection from remote or home devices to the corporate network is not new, but now essential and immediate for more organizations. The new Secure Connect offering, which simply requires the installation of an app on the remote device, supports both IPSEC and SSL-VPN.
The new VPN allows remote users to stay securely connected to the corporate network. Juniper’s Mist AI on the network allows organizations to scale quickly and easily, adapting to changes to the network perimeter and attack surface. “This will enable a customer,” Madrid told SecurityWeek, “to extend the connected security capabilities and the threat aware network that we introduced two years ago to every user and device no matter where they are.”
“We’re extending security,” Madrid said, “in ways that turn ‘dumb pipes’ into intelligent sensors and enforcement points that are able to dynamically optimize protections as attacks are happening. We can provide comprehensive visibility across an organization into who and what is on the network and give our customers the means to limit their risk with minimal impact to their end users.”