Juniper wants the network itself to be considered a tool for security enforcement. It’s similar to the network-as-security message Cisco put forth in 2015, describing the network as a security sensor.
Lacking a portfolio as broad as Cisco’s, and striving for openness, Juniper will need to enlist partners. The company has already been doing that through its Software-Defined Secure Networks (SDSN) platform, and today it’s adding a few more names: Aruba (now owned by Hewlett Packard Enterprise (HPE)), Carbon Black, CipherCloud, ForeScout and Netskope.
Juniper’s approach has the company using the network as a tool for security enforcement.
It’s one of three pillars to the security strategy the company launched last year. The first is detection, which Juniper expects will be tied to the cloud, where resources (particularly processing) can be expanded for functions such as machine learning. This is represented by the company’s Sky Advanced Threat Prevention.
The second is policy, which would be applied through intent-based architectures. Here, Juniper began shipping its Policy Enforcer at the end of 2016.
The network’s role would be to prevent problems from spreading. For instance, once a problem is detected, Policy Enforcer could push policies to the network to quarantine the offending device.
Partners such as Aruba’s can also extend that enforcement capability to non-Juniper switches, says Scott Miles, Juniper’s senior director of marketing for cloud, security, and enterprise.
Enlisting outside partners is important for infusing openness into Juniper’s security platform, he says. “If you have a proprietary cloud system, you lock your customer in — but worse, you don’t let them evolve as their needs evolve.”