Juniper bolsters effort to combat encrypted malicious threats
25 February 2020 | 0
Juniper is filling out its enterprise security portfolio this week by integrating support for its Mist wireless customers and adding the capability for customers to gain better visibility and control over encrypted traffic threats.
With the new additions, Juniper is looking to buttress its ability to let users secure all traffic traversing the enterprise network via campus, WAN or data centre. The moves are part of Juniper’s grand Connected Security platform that includes a variety of security products including its next-generation firewalls that promise to protect networked resources across infrastructure and endpoints.
“In the past two years, Juniper has made significant strides to advance its technology and reposition itself as both a capable competitor to network security rivals like Cisco and Fortinet, but also an innovator in key areas of need that are often overlooked. ETA [Encrpted traffic analysis] is one example,” said Eric Parizo, a senior analyst at Omdia.
“Another is the features it has added to its mature SRX Series NGFWs, placing them at the center of its new ‘Connected Security’ vision, emphasising superior visibility, automated enforcement and remediation, and streamlined security operations.”
A key part of that strategy was the purchase of Mist last year for $405 million for its artificial-intelligence-based wireless platform that makes Wi-Fi more predictable, reliable and measurable. Since then it has been bringing the Mist technology into the Juniper product line.
In this case. Juniper is extending the Mist technology into its Networks Security Intelligence (SecIntel) package. SecIntel includes threat-detection software, security intelligence information and a next-generation firewall system. SecIntel provides curated, verified threat intelligence from Juniper Networks’ Advanced Threat Prevention (ATP) Cloud, Juniper Threat Labs and industry threat feeds to its MX Series routing platforms, SRX Series Services Gateways and NFX Series Network Services Platform. Together they block attackers’ command-and-control communications at line rate, according to Samantha Madrid, vice president of Juniper’s Security Business and Strategy.
“Mist customers can now get threat alerts detected by Juniper SRX Series Firewalls and ATP Cloud, letting administrators quickly assess security risks when users and devices connect to wireless networks and take appropriate action via the Mist cloud or APIs, such as quarantining or enforcing policies,” Madrid said.
Beyond the Mist integration, Juniper is adding encrypted-traffic analysis to its ATP Cloud and SRX Series firewalls.
“Encrypted-traffic analysis is a new feature that enables organizations to get a handle on traffic that is ‘going dark’ via encryption,” Madrid said. “Encryption is frequently used by malware to obscure communications with command and control servers, making a percentage of active malware – and especially botnets – difficult and sometimes impossible to detect via deep packet inspection.”
Omdia estimates that as much as 70–80% of enterprise inbound network traffic is now encrypted, which is up approximately 20% from three years ago, thanks in large part to the pervasive use of HTTPS on the Web in recent years.
That’s a good thing for the security of individuals, but it’s an increasing challenge for enterprises seeking to discern whether threats are hidden in the encrypted traffic flows entering their networks, Parizo said.
While enterprises would like to decrypt and inspect this traffic, the cost of next-generation firewalls and other point products costs too much and can introduce latency and performance problems, Parizo said.
“To that end, alternative solutions like Juniper Encrypted Traffic Analysis are showing early potential for helping organizations infer with high confidence whether certain encrypted traffic flows may pose a danger to the organization,” he said. “While Juniper’s solution today is focused on identifying known botnet traffic, Juniper is seeking to differentiate by making this a no-cost add-on to ATP, with a long-term objective of positioning ETA as a cloud-delivered value-add along the lines of malware sandboxing,”
Other vendors, including Juniper competitor Cisco, support encrypted-traffic analysis.
IDG News Service