The SolarWinds hack put a fine point on the importance of network security. While the full scope of the supply chain attack remains under investigation, it brought network visibility and the need for security enforcement at every point of connection into sharper focus. According to Juniper Networks VP of Security Business and Strategy Samantha Madrid, the SolarWinds breach validated Juniper’s “Connected Security” strategy.

“It took the industry off guard,” she said about the attack that hit at least 100 U.S. companies and nine federal agencies. “It also validated our strategy that the network and security technologies need to be somewhat consolidated, and that convergence is happening. Your network plays an active role in how you can secure it.”

Customers want more network visibility, “and I’m not talking about network analytics,” Madrid said. “I’m talking about how can the network and network infrastructure take a more active role in decision making.”

Juniper’s answer to this is SecIntel, which it launched in 2019. This security intelligence feed provides threat intelligence to all of the connection points on a customer’s network including firewalls, routers, wireless access points, and switches. It connects to Juniper’s global threat intelligence hub, Advanced Threat Protection (ATP) Cloud, and allows customers to block malicious traffic.

“There’s constant, closed-loop information sharing that’s taking place,” Madrid explained. “For example, when an IP address that’s known bad, or could be associated with malicious activity [tries to connect to the network], then that gets communicated out to all of our network infrastructure to be aware of and to take action if needed.”

Last fall, the vendor also updated its portfolio to let organizations use ATP Cloud’s Adaptive Threat Profiling to automatically create security intelligence threat feeds based on who and what is currently attacking the network, and who the attack is targeting. Adaptive Threat Profiling uses Juniper Security Services to classify traffic based on the endpoint operating system, and it builds custom threat intelligence feeds that can then be used for further inspection or blocking at multiple enforcement points.

Meanwhile, Juniper’s firewalls act as sensors throughout the network on tap ports, identifying threats, sharing intelligence to in-line devices, and automating real-time enforcement.

“The example I like to use: we basically turned our firewalls into a TSA no-fly list,” Madrid said. “So if one point on the network — let’s say it’s your containerized firewall — gets an indication that someone is attempting to breach or gain access to a back-end system, that will automatically alert every firewall deployed on the customer’s environment.”

Last month Juniper’s SRX Series firewalls received an “AA” rating from CyberRatings.org, an independent testing company led by the founders of NSS Labs.

Additionally, Juniper is investing in supply chain security, and post SolarWinds has been having these types of conversations with customers about how to secure the full stack, Madrid added. “In terms of how data traverses your network, we’re not just layer 7, which is an advantage of working with Juniper,” she said.

One of the ways Juniper invests in supply chain security involves posture assessment and posture management of all of the technologies that sit on the network. This includes “routers, switches, access points, firewalls, and being able to make sure the box itself has not been tampered with,” Madrid explained.

Under this program, called Trusted Platform Module, Juniper puts a secure certificate on the hardware and uses this to ensure it hasn’t been compromised from the time it ships from the supplier to the point at which it connects to the customer’s network.

“Most customers are concerned about compromise at layer 2 and having zero visibility into that,” Madrid said. “So having that be closed loop with everything else we see in the network all the way up through layer 7 really gives them a true threat-aware network and that true visibility into everything that’s happening at every point of connection, which has been the whole premise behind Connected Security.”