Juniper introduces Adaptive Threat Management

Juniper is this week introducing software that lets security platforms – even those made by other vendors – share and analyze log information in order to determine the root cause of network problems and fix them.

Called Adaptive Threat Management, the data-sharing software includes upgrades to its SSL VPN and Unified Access Control  devices that enable them to publish log information to a UAC server that shares the data with other platforms.

The interface between the SSL and UAC devices and the server is a standard known as IF-MAP, a communication interface for creating a two-way street between network devices and the server to which device data is published.

Adaptive Threat Management can support devices made by other vendors, but those devices must comply with IF-MAP. So if a security platform made by another vendor publishes data using the IF-MAP interface it can become part of an Adaptive Threat Management deployment, Juniper says.

Click to see: A diagram of how Juniper's tool would work.

Customers that have a firewall in place from another vendor could potentially keep it, but enable it to publish log data to the central IF-MAP server where other devices could access it, analyze it and act upon it. And the firewall could subscribe to information from the server in order to respond to new threats.

It is important for Juniper to bring together its network and security offerings in order to make the case that its disparate gear can be deployed as a coordinated security system that embraces other vendors, says Phil Hochmuth, an analyst with the Yankee Group.

With Adaptive Threat Management, customers can create a single user-based policy that is pushed to devices in the network, saving administrative time on configuration. "You're not having to scramble around to push policy to 10 different boxes," Hochmuth says.

Adaptive Threat Management is reminiscent of Cisco's TrustSec, which uses centrally defined access policies enforced in the network — but Cisco uses its switches to enforce the policies, Hochmuth says. "It is a major architectural strategy to glue together the individual parts of access control," he says.

IF-MAP is supported by a handful of vendors including Aruba Networks, ArcSight, Infoblox, Lumeta and nSolutions.

Last year, Juniper revamped and renamed its management platforms to Network and Security Manager (NSM), which centrally manages policies for Juniper's network and security gear, setting the stage for different classes of devices sharing data.

The NSM platform has been upgraded to include more standard reports that map to the behavior of devices in the network that it deals with. These reports can be used as the audit trails necessary for some regulatory compliance or for internal audits to gauge network security, the company says.

Juniper gives an example of how the new capability could work. A user logged in via SSL VPN inserts a USB device into his computer that is infected with a Trojan. A firewall/intrusion-protection system detects the Trojan and that information gets shared with the SSL VPN device, which can interrupt the VPN session. It can then guide the user through remediation of the problem, then let the device set up a new VPN session.