Juniper introduces Adaptive Threat Management

Technology relies on standards-based sharing of security data among devices

Juniper is this week introducing software that lets security platforms – even those made by other vendors – share and analyze log information in order to determine the root cause of network problems and fix them.

Called Adaptive Threat Management, the data-sharing software includes upgrades to its SSL VPN and Unified Access Control  devices that enable them to publish log information to a UAC server that shares the data with other platforms.

The interface between the SSL and UAC devices and the server is a standard known as IF-MAP, a communication interface for creating a two-way street between network devices and the server to which device data is published.

Adaptive Threat Management can support devices made by other vendors, but those devices must comply with IF-MAP. So if a security platform made by another vendor publishes data using the IF-MAP interface it can become part of an Adaptive Threat Management deployment, Juniper says.

A diagram of how Juniper's tool would work.

Customers that have a firewall in place from another vendor could potentially keep it, but enable it to publish log data to the central IF-MAP server where other devices could access it, analyze it and act upon it. And the firewall could subscribe to information from the server in order to respond to new threats.

It is important for Juniper to bring together its network and security offerings in order to make the case that its disparate gear can be deployed as a coordinated security system that embraces other vendors, says Phil Hochmuth, an analyst with the Yankee Group.

With Adaptive Threat Management, customers can create a single user-based policy that is pushed to devices in the network, saving administrative time on configuration. "You're not having to scramble around to push policy to 10 different boxes," Hochmuth says.

Adaptive Threat Management is reminiscent of Cisco's TrustSec, which uses centrally defined access policies enforced in the network — but Cisco uses its switches to enforce the policies, Hochmuth says. "It is a major architectural strategy to glue together the individual parts of access control," he says.

IF-MAP is supported by a handful of vendors including Aruba Networks, ArcSight, Infoblox, Lumeta and nSolutions.

Last year, Juniper revamped and renamed its management platforms to Network and Security Manager (NSM), which centrally manages policies for Juniper's network and security gear, setting the stage for different classes of devices sharing data.

The NSM platform has been upgraded to include more standard reports that map to the behavior of devices in the network that it deals with. These reports can be used as the audit trails necessary for some regulatory compliance or for internal audits to gauge network security, the company says.

Juniper gives an example of how the new capability could work. A user logged in via SSL VPN inserts a USB device into his computer that is infected with a Trojan. A firewall/intrusion-protection system detects the Trojan and that information gets shared with the SSL VPN device, which can interrupt the VPN session. It can then guide the user through remediation of the problem, then let the device set up a new VPN session.

The software for Juniper's SA series SSL VPN gateways also enables single sign-on, and remote access users are presented with a list of resources they are authorized to access and can go to them directly with out signing on for each one.

This is convenient for accounting consultants with Singer Lewak, an accounting-services firm headquartered in Los Angeles, says the company's CIO Rob Krumwiede. "The SSL VPN is a launchpad to the intranet, e-mail and internal applications," he says.

So a remote user can click on an icon to gain access to one of three e-mail options —Citrix thin-client-based, Outlook Web Access and full Outlook — all without having to authenticate again.

Juniper also is introducing two new models in its SRX series of security devices whose hallmark is that the individual security applications running on them can be integrated, and that processing power can be dedicated for each to insure performance.

The SRX 3400 and 3600 are the smallest members of this high-capacity family, whose biggest brother, SRX 5800, boasts being the fastest at close to 140Gbps. The models top out at 20Gps and 30Gbps on firewall throughput, respectively, but the hardware features the same modular architecture that enables expanding power by adding cards.

The devices also support both VPN and intrusion detection/prevention system (IDS/IPS) at 6Gbps on the SRX 3400 and 10Gbps on the SRX 3600. Starting price for the devices is $50,000 for the SRX 3400 chassis with a network-processing card, a routing engine and support for a 10Gbps firewall, 2Gbps VPN and 2Gbps IDS/IPS.

With dedicated processing per application, users can guarantee performance when additional load or applications are added. Because this is done internal to the chassis, such expansions require no new rack space and cost less than stacking appliances because there is less redundant hardware in a modular box than in a collection of appliances.

Learn more about this topic

Juniper consolidates network management software

Manageability problems

Trusted Computing Group broadens its NAC scope

Juniper SRX 5800: Biggest firewall ever

Juniper's answer to Cisco in the data center: Stratus Project

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Take IDG’s 2020 IT Salary Survey: You’ll provide important data and have a chance to win $500.