Juniper links its NAC, IDP platforms

Microsoft Vista support added to network-access control

Juniper Networks is linking its intrusion-detection platforms to its NAC gear, making it possible to restrict devices that manage to gain network access by passing health checks but then pose a threat once they are on.

With a new version of its Unified Access Control (UAC) software -- Juniper’s name for NAC -- data gathered from the company’s Intrusion Detection and Prevention (IDP) platforms can trigger its UAC gear to block potentially malicious traffic at its source. Operating alone, IDP drops suspect packets, but doesn’t deal with where they come from.

This integration gives Juniper a flavor of postadmission NAC by supplying its UAC Infranet Controller with data about application traffic. The controller can correlate the anomalies and threats IDP finds with specific users. Then it can apply policies to mitigate threats. So if a device is the source of a threat, it can be quarantined or have malicious sessions cut off. If the event is less severe, the controller can just log it.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Juniper Networks is linking its intrusion-detection platforms to its NAC gear, making it possible to restrict devices that manage to gain network access by passing health checks but then pose a threat once they are on.

With a new version of its Unified Access Control (UAC) software -- Juniper’s name for NAC -- data gathered from the company’s Intrusion Detection and Prevention (IDP) platforms can trigger its UAC gear to block potentially malicious traffic at its source. Operating alone, IDP drops suspect packets, but doesn’t deal with where they come from.

This integration gives Juniper a flavor of postadmission NAC by supplying its UAC Infranet Controller with data about application traffic. The controller can correlate the anomalies and threats IDP finds with specific users. Then it can apply policies to mitigate threats. So if a device is the source of a threat, it can be quarantined or have malicious sessions cut off. If the event is less severe, the controller can just log it.

Before, the NAC gear simply wouldn’t know about threats found by IDP.

Enterasys integrated its IDP with its intrusion-detection gar in January, and other NAC vendors, such as ConSentry, ForeScout, Insightix and Tipping Point, already offer postadmission NAC.

The new software supports only integration with Juniper’s IDP, so customers with IDP gear from another vendor don’t gain from this feature, says Andrew Braunberg, an analyst with Current Analysis. He says demand from customers may ultimately push the company toward third-party integration.