Juniper is set to launch software to allows security products from competing vendors to share and analyse log information in order to determine the root cause of network problems and fix them.
Called Adaptive Threat Management, the data-sharing software includes upgrades to its SSL VPN and Unified Access Control devices that enable them to publish log information to a UAC server that shares the data with other platforms.
The interface between the SSL and UAC devices and the server is a standard known as IF-MAP, a communication interface for creating a two-way street between network devices and the server to which device data is published.
Adaptive Threat Management can support devices made by other vendors, but those devices must comply with IF-MAP. So if a security platform made by another vendor publishes data using the IF-MAP interface it can become part of an Adaptive Threat Management deployment, Juniper says.
Customers that have a firewall in place from another vendor could potentially keep it, but enable it to publish log data to the central IF-MAP server where other devices could access it, analyse it and act upon it. And the firewall could subscribe to information from the server in order to respond to new threats.
It is important for Juniper to bring together its network and security offerings in order to make the case that its disparate gear can be deployed as a coordinated security system that embraces other vendors, says Phil Hochmuth, an analyst with the Yankee Group.
With Adaptive Threat Management, customers can create a single user-based policy that is pushed to devices in the network, saving administrative time on configuration. "You're not having to scramble around to push policy to 10 different boxes," Hochmuth said.
Adaptive Threat Management is reminiscent of Cisco's TrustSec, which uses centrally defined access policies enforced in the network- but Cisco uses its switches to enforce the policies, Hochmuth said. "It is a major architectural strategy to glue together the individual parts of access control," he said.
IF-MAP is supported by a handful of vendors including Aruba Networks, ArcSight, Infoblox, Lumeta and nSolutions.
Last year, Juniper revamped and renamed its management platforms to Network and Security Manager (NSM), which centrally manages policies for Juniper's network and security gear, setting the stage for different classes of devices sharing data.
The NSM platform has been upgraded to include more standard reports that map to the behaviour of devices in the network that it deals with. These reports can be used as the audit trails necessary for some regulatory compliance or for internal audits to gauge network security, the company says.
Juniper gives an example of how the new capability could work. A user logged in via SSL VPN inserts a USB device into his computer that is infected with a Trojan. A firewall/intrusion-protection system detects the Trojan and that information gets shared with the SSL VPN device, which can interrupt the VPN session. It can then guide the user through remediation of the problem, then let the device set up a new VPN session.
The software for Juniper's SSG series SSL VPN gateways also enables single sign-on, and remote access users are presented with a list of resources they are authorized to access and can go to them directly with out signing on for each one.
With dedicated processing per application, users can guarantee performance when additional load or applications are added. Because this is done internal to the chassis, such expansions require no new rack space and cost less than stacking appliances because there is less redundant hardware in a modular box than in a collection of appliances.