Skip Links

Juniper's "device fingerprinting" security technology gets mixed reviews

IT security teams may be reluctant to abandon IP-based reputation services; Cisco weighs in, too

By , Network World
February 27, 2013 10:46 AM ET

Network World - Detection and blocking of security threats against organizations often is done through IP address-based methods and reputation services, but Juniper this week launched an effort to encourage security managers to abandon IP-based detection in favor of the "device fingerprinting" its security gear now supports to pinpoint devices used in online attacks. The idea is getting mixed reviews so far.

Bullet Hottest products at RSA Conference 2013
Bullet Do enterprise security teams want "Big Data Security"?
Bullet HP unveils 'Big Data Security' strategy
Bullet Weatherford outlines 'cyber 9-1-1' plan

Juniper's device fingerprinting pinpoints attacks from specific devices and identifies them in a way that can be disseminated through its Junos Spotlight Secure global attacker database and shared among Juniper customers where this threat intelligence can be put to use in Juniper security products that guard web applications and other gateways.

Juniper customers Forbes and Revlon backed the approach in public statements made this week. "Current protections need to evolve beyond IP-based blocking to definitive attack prevention and we see Juniper's new products as a step in the right direction," said David Giambruno, senior vice president and CIO at Revlon.

[Background: Juniper security products use "device fingerprints" to way to detect, block attacks]

[NEWS: Stuxnet was attacking Iran's nuke program a year earlier than thought]

The idea of pinpointing devices known to be used in attacks and automatically detecting and blocking them is so compelling, that Art Coviello, executive chair of RSA, the security division of EMC, alluded to the Juniper announcement during his keynote yesterday at the RSA Conference, saying RSA would be contacting Juniper to find out about possibly including this type of device fingerprinting in its own threat-intelligence feeds.

Device fingerprinting — it's not an entirely new technology by any means — appears to have appeal to security professionals though they have qualms about abandoning IP-based threat detection. And they wonder if Juniper's device fingerprinting technology might raise the same old issues about vendor lock-in.

When a panel of four chief information security officers (CISO) at the RSA Conference here this week was asked their reaction to the idea of abandoning IP-based detection in favor of what Juniper is proposing, their reaction was mixed.

Carter Lee, CSO at e-commerce company, said he was interested in the idea of device fingerprinting as an additional form of threat intelligence, but he was hesitant on the idea backed by Juniper that enterprises abandon IP-based detection altogether. He also expressed concern about whether device fingerprinting might be subject to vendor lock-in, as some technologies are. And he wondered about how resistant to malware attack such a device fingerprinting technology might be. "Would some malware figure out a way to defeat that?" Lee said.

Asked for its reaction to the Juniper announcement, Cisco also weighed in.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News