LAS VEGAS—While Cisco Systems Inc. played catch-up with rivals such as Juniper and others in the security space with a multi-function security appliance, Juniper Networks was not standing still.
The Sunnyvale, Calif., rival at Interop this week outlined a new architectural vision for its customers and introduced a new Enterprise Infranet Controller and Infranet Agent designed to provide endpoint intelligence for deciding how applications traffic is allowed to use the enterprise network.
On Monday, Juniper Networks Inc. will also introduce its own multi-function security hardware, a new firewall/VPN device as well as six new Intrusion Detection and Prevention appliances and an IDP software upgrade.
Junipers Enterprise Infranet architecture is intended to rationalize the range of products and technologies it has built and acquired.
It also provides a framework for coordinating intelligence across networks, applications and endpoints.
The architecture calls for a service layer that resides on the existing network. In the service layer, elements that reside at the end points, in the applications and in the network collaborate to control how applications use the network, how applications are delivered across the network and how threats are controlled.
In support of that architecture, Juniper announced the new Infranet Controller and Infranet Agent, which work together to provide endpoint defense technology and host checking.
Together they combine functions from Junipers SSL (Secure Sockets Layer) VPN, firewall and IPSec offerings to provide more comprehensive malware protection than traditional scan and block models.
Based on user authentication and a real-time check of an endpoint devices security parameters, the Enterprise Infranet Controller allows conditional access to the enterprise network.
The Infranet Agent, which is dynamically provisioned by the Infranet Controller, accepts user credentials, does the host check and gives optional authenticated and encrypted transport to enforcement gateways.
Those gateways, dubbed Infranet Enforcers, are made up of Junipers NetScreen firewall offerings that use a new software upgrade to execute their enforcement function.
The system is designed to allow users to start with small deployments and phase it in over time without requiring an infrastructure upgrade, according to David Flynn, vice president of Products in Junipers Security Products Group in Sunnyvale.
The Infranet Enforcer is used to help deploy agents and make sure the endpoint accessing the network is in compliance with security policies so that it cant attack resources on the network if it is infected, he added.
The system can be used to protect servers, WAN routers and peers with self-protection.
The Infranet Controller, Agent and Enforcer software, which Flynn said complement Junipers work with Microsofts Network Access Protection and the Trusted Computing Groups Trusted Network Connect, are due in the third quarter.
On Monday, Juniper will release the multi-function ISG 2000, which integrates firewall, VPN and intrusion prevention, and the ISG 1000 firewall/VPN.
The network-friendly ISG 2000, which provides up to 2G bps throughput for intrusion prevention, implements the ScreenOS dynamic routing for Open Shortest Path First, Border Gateway Protocol and Routing Information Protocols. It also implements the ScreenOS implementation of Network Address Translation.
The IDP integration with the firewall/VPN operating system allows IDP attack protection to be deployed across virtual systems and security zones to prevent attacks from propagating across the enterprise network.
The just-released ISG 1000 firewall/VPN provides 1G bps of throughput for firewall and VPN functions, no matter what size packet.
It uses Junipers newest application-specific integrated circuit, the GigaScreen programmable ASIC.
The high-performance firewall/VPN is intended for data centers and large-scale networks running latency sensitive applications such as VOIP (voice over IP) and streaming media.
Juniper also on Monday will launch six new IDP appliances that provide a range of performance options from 50M bps to 1G bps.
Juniper will also extend its existing VOIP protection by adding Session Initiation Protocol anomaly detection in version 3.1 of its IDP software. All are available now.