The risk is that, if we react by "locking-down" our IT environments, we lose the benefit of the agility and flexibility of virtualised cloud environments. At Juniper Networks, we believe we are putting in place some of the industry's most comprehensive network protection [http://www.juniper.net/us/en/products-services/security/ that also allows you to use your private cloud infrastructure to innovate.
There are many ways in which we can help secure your environment, but there are two innovations that we believe are particularly relevant to the flexible, agile IT environments that we know you are building. The first is our strategy of building firewalls that help you to manage security in virtualised cloud environments, and the second is our commitment to an open platform for enforcement of threat intelligence.
Firefly Perimeter [http://www.juniper.net/uk/en/products-services/security/firefly-perimeter/], our virtual firewall, is – like all other Juniper firewall products, from the smallest to carrier-grade devices - based on the Junos operating system. It is, in all functional respects, identical to Juniper's SRX firewall series. By mid 2015 we will have integrated all features that you will find in our physical firewalls.
The case for a virtualised firewall depends on your environment, and we still expect the physical firewall infrastructure to dominate for some time. But as more data centres use virtual networks and we become accustomed to spinning up services in minutes (often integrating resources from more than one location) a virtual firewall offers many advantages.
It offers all the benefits in terms of fast implementation, space and power saving that virtual machines have always offered, but it also offers management benefits: the ability to quickly deploy and enforce an integrated security policy close to the VM when application or tenants deployments change, and manage them through a single management interface Juniper Security Director [http://www.juniper.net/uk/en/products-services/security/security-director/], which integrates policies in physical and virtual environments.
At present the throughput for virtual firewalls cannot match that of our high-end physical devices: but in many use cases organisations will find that this isn't a constraint, and that the flexibility benefits far outweigh any performance limitations.
Our strategy is to take our firewalls, whether physical or virtual, and make them more intelligent, which is why Juniper has also created Spotlight Secure [https://www.juniper.net/us/en/products-services/security/spotlight/]: this is a cloud-based hacker device intelligence service, a global database with intelligence on locations where known threats originate from or communicate with, delivered through a connector to Security Director [http://www.juniper.net/uk/en/products-services/security/security-director/]management platform and on to the SRX firewall platforms being managed. Juniper Threat intelligence data within Spotlight is comprised of a vast number of sources; from own research and also working with other vendors providing known bad IP addresses and compromised URLs’. All potential entries to the Spotlight database are comprehensively vetted by Juniper Networks security research team. Also, via an open API, we can also collect information directly from our customers Security Operations Center (SOC) or other best of breed security vendors and thereby enabling a level of customized security intelligence that beats our competitors.
Today, everybody is vulnerable to attack. The approaches we take should be forward thinking, and so that is why Juniper is investing in a flexible, agile security infrastructure that allows you to innovate in your cloud data centre with confidence.
See network security in a different light. To learn more about how Juniper can help protect your networks, watch our presentation and download the Ponemon report into the latest security threats, and how to defeat them [http://www.juniper.net/uk/en/dm/spotlight/].