Juniper to Buy Funk for $122M to Boost NAC

Juniper plans to use Funk's technology to boost its network access security products. The deal will bring Juniper into more direct competition with Cisco in the market for NAC solutions.

Just weeks after announcing its first dedicated product for network access control, Juniper Networks Inc. on Monday said it was buying Funk Software Inc. to boost its network access security products.

Juniper will pay $122 million for Cambridge, Mass.-based Funk in an all-cash transaction that must still be approved by the companies shareholders.

Juniper plans to use the Funk technology to extend enforcement of network access control from the companys Net Screen firewalls to Layer 2 switches.

The move will bring Juniper into more direct competition with chief competitor, Cisco Systems Inc., in the market for NAC solutions, but some experts worry about integrating Funk, and its plans for Funks other products, such as the Steel-Belted Radius Server.

Funks technology will help Juniper provide a comprehensive network enforcement architecture that is based on open standards, such as the TNC (Trustworthy Computing Groups Trusted Network Connect) standard, said Hitesh Sheth, vice president of Enterprise Products and Solutions at Juniper, in a conference call to discuss the acquisition.

The acquisition is expected to close in December.

Most of Funks approximately 140 employees will remain in the companys Cambridge headquarters, and CEO Paul Funk will be named senior executive of Junipers Security Products Group, said Bob Dykes, Junipers CFO and executive vice president of Business Operations.

/zimages/3/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Funk made its name providing access control technology such as RADIUS (Remote Authentication Dial In User Service), which allows organizations to validate the credentials of users who are trying to access a network.

The company was an early supporter and adopter of the TNC open-source NAC technology.

In May, the company announced new versions of the Steel Belted Radius server and 802.1x Odyssey client that supported TNC standards for client integrity checks and user quarantining.

Funks ability to interoperate with TNC-compliant technology from third-party vendors like Check Point Software Technologies and McAfee was attractive to Juniper, which wants to build a unified architecture for access control that supports "best of class" products from third parties, rather than requiring customers to change their infrastructure just to acquire network access control features, Sheth said.

"We want an enforcement strategy that secures the infrastructure customers already have with standards-based applications," he said.

Juniper will integrate Funks endpoint control technology with the Juniper Enterprise Infranet Controller.

That product, which Juniper announced in October, uses a hardware appliance and desktop agent to coordinate policy enforcement across enterprise networks through the companys NetScreen firewalls, Sheth said.

/zimages/3/28571.gifClick here to read more about a security flaw affecting Cisco and Juniper products.

Using switches to enforce security policy allows enterprises to stop infected hosts before they get access to a corporate LAN, by blocking communications ports or transferring machines to quarantine areas.

In contrast, NetScreen firewalls can only block access at the boundaries between network zones, such as subnets, said Eric Maiwaldof Burton Group Inc.

In October, Cisco unveiled an update to its Network Admission Control program that extends NAC features from the companys routers to its Catalyst switches and enterprise wireless gear, including the Catalyst 6500-, 4500- and 4900-series platforms; Aironet access points; and wireless LAN controllers.

Cisco has promised to submit its NAC technology for approval as an open standard.

However, the company has been criticized for excluding other network equipment makers from the NAC program and forcing customers to standardize on Cisco hardware to take advantage of NAC features.

Juniper plans to offer similar kinds of protection as Cisco NAC, but based on open standards.

"Our customers tell us they want open standards based approach for NAC, TNC and [Microsofts] NAP [Network Access Protection]," Sheth said.

The company will work with vendors like Microsoft to make sure that its products integrate with NAP and other architectures, as well, he said.

Funks Steel-belted Radius server will also fit well into Junipers Enterprise Infranet Controller architecture and could become a standard part of that solution for managing interfaces to user stores like LDAP, Active Directory and RADIUS, Maiwald said.

However, analysts who were briefed on the acquisition expressed skepticism about Junipers plans, especially after Bob Dykes, Junipers CFO, said that the company didnt expect Funks current quarterly revenue of between $5 million to $7 million to continue in the future, and didnt expect Funks products to add to Junipers net quarterly revenue going forward.

"What were doing here is adding important technology to technologies and solutions weve previously announced so that the overall growth of [Junipers] security group will continue at a strong level," Dykes said.

"Looking at Funks growth isnt appropriate," he said.

Juniper will continue supporting Funks customers.

However, Juniper executives said that their main interest was in integrating Funk into the Juniper product line, rather than continuing to develop Funks products.

"Our intention is to add Funk to our products," Sheth said.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.