Juniper Incorporates Third-Party Security in SSL VPNs

Juniper expands users' security options by opening new interfaces that allow integration of third-party tools with Juniper's line of SSL VPNs.

Juniper Networks Inc. is expanding users security options by opening new interfaces that allow integration of third-party tools with Junipers line of SSL VPNs.

Junipers new Endpoint Defense Initiative works with all NetScreen Secure Sockets Layer VPN appliances, according to officials in Sunnyvale, Calif.

Juniper is targeting for integration such endpoint security offerings as anti-virus and personal firewalls; compliance-checking software, which ensures that required security clients are installed on PCs; malware scanners; and virtual environments.

A handful of security vendors are already taking advantage of the new interface. InfoExpress Inc., McAfee Inc., Microsoft Corp., Sygate Technologies Inc., TrendMicro Inc. and WholeSecurity Inc. have been certified to work with the interface, and several more are lining up to do the same, according to Juniper officials.

The server-side interface can exploit endpoint security agents already installed in PCs, or third-party agents can be downloaded from Junipers SSL VPN appliance.

Downloadable endpoint scanning agents can be used to supplement Junipers host-checking capability when its not possible to require that programs such as McAfee anti-virus software be running—as in the case of kiosks or partner extranets.

"Its a new breed of agent-based scanners that scan for certain policies or create virtual environments," said a Juniper spokesperson.


For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog.

One user working with both Juniper and Sygate said he was "pleasantly surprised" to see the integration work. Desmond Lee, project manager at Partner Reinsurance Co. Ltd., in Zurich, Switzerland, who has seen a demonstration of the integration, is working to consolidate the number of access points from which users can enter the companys network.

"Weve integrated solutions from Sygate and Juniper that will allow us to concentrate and secure access based on the same entry points we set up," Lee said.

To date, most SSL VPN vendors have chosen to OEM or partner with one particular best-of-breed endpoint security provider, said Robert Whiteley, an analyst at Forrester Research Inc., in Cambridge, Mass.

"What Juniper has done well is to make it more an API approach so you dont have to go with any one vendors security solution. That allows you to maintain the best-of-breed mentality. Juniper will tie in a centralized point for those policies to be implemented and handed over to the end user," Whiteley said.

The updated host-checking API is available now on all NetScreen SSL VPN appliances.


Check out eWEEK.coms Security Center for the latest security news, reviews and analysis.


Be sure to add our developer and Web services news feed to your RSS newsreader or My Yahoo page