A pervasive security solution that makes practical sense
Jun 6, 2017
Many vendors require that customers purchase everything from them in order to provide a complete, end-to-end security solution. However, the reality is that most enterprises are multivendor environments. Any solution that requires swapping out existing infrastructure during a refresh cycle, or locks customers into a single vendor, imposes significant restrictions with respect to introducing new capabilities and adopting new technologies.
Another major challenge for IT departments is the need to formulate their hybrid and multicloud strategies. If your business is like most enterprises, continuously fine-tuning your cloud strategy may be necessary as new technologies and cloud players enter the market.
Juniper understands this. That’s why our Software-Defined Secure Network (SDSN) takes an open approach that accommodates multivendor ecosystems while transitioning to a more secure network. Today, Juniper announced Phase 2 of its SDSN strategy, extending the platform to include support for third-party switches as well as deployment modes ranging from on-premise physical deployments to private clouds deployed through VMware NSX.
Figure 1: SDSN Building blocks
“If you can't explain it simply, you don't understand it well enough” – Albert Einstein
So what does this mean to security administrators or business decision makers?
First, the SDSN platform’s automated threat remediation capability enforces security all the way down to the network layer, including end clients or data centers populated with switches and wi-fi access points from different vendors. With the SDSN platform, you can still quarantine or block infected hosts in a multivendor environment, without swapping out your existing infrastructure. Imagine not having to write off the thousands or even millions of dollars in equipment investments while taking your security game to the next level. It’s a solution that makes practical sense.
The decision to migrate workloads to clouds, or determining what applications run on which cloud, should not break your network’s security posture. SDSN goes one step further, not only enforcing consistent policies in all the deployments but also interoperating with native cloud technologies to maintain the same level of enforcement granularity available in physical networks.The following scenario illustrates SDSN in a private cloud deployment with VMware’s NSX manager. By leveraging NSX security groups (Layers 2 -4), Policy Enforcer, a component of Junos Space Security Director, opens a new paradigm in how to implement security as a whole across your network.
Figure2 : SDSN in private cloud deployment
At Juniper, we believe security intelligence is not only spread across the network, it is spread across all vendors as well. To truly leverage this collective intelligence, different elements in the network need to exchange information and extend their capabilities. One major addition is the flexibility to insert your own threat feeds into Policy Enforcer via REST APIs. Customers with existing subscriptions to other threat feed providers can be plugged in to Policy Enforcer, adding another source of intelligence for automated threat remediation.
By taking an open approach to security and partnering with other network and security vendors, Juniper’s SDSN platform continues on the path towards realizing its collaborative security vision. To learn more, please check out this solution brief.and visit our security pages on juniper.net.