Juniper Tech Summit 2017: the 5 most important takeaways
Last week, I went to the Juniper Tech Summit in Madrid together with all System Engineers and EMEA Partner Professionals. During this event, automation, big data analytics, and machine learning were central themes.
In this blogpost, I will give you an overview of the 5 most important takeaways:
- Juniper’s Software Defined Secure Network (SDSN) 2.0
When it comes to the enforcement of a security policy, the Juniper SDSN approach does not focus on the firewall alone. The entire network is considered as a ‘secure fabric’: a compromised endpoint on the access layer will be isolated based on detected security events (IPS, SkyATP sandboxing, security feeds…). This is regardless of where this detection took place. Security events are converted into actionable intelligence thanks to the SDSN Policy Enforcer Component.
The first version of the SDSN platform could enforce security mitigation on the Juniper L2 (switched) infrastructure and on the firewall (L3). The new 2.0 version also incorporates support for third-party vendors and expands the zero-trust model to VMware NSX virtualized environments.
- Juniper Secure Analytics (JSA) offers you fully automated threat intervention
Juniper Secure Analytics (JSA), Juniper’s SIEM platform, can directly be integrated into the SDSN policy enforcer. This allows fully automated intervention in response to threats. This intervention is not only triggered by singular security events, but by correlated analysis as well.
- Elastic hybrid and multi-cloud interconnectivity with Juniper SRX
Juniper’s virtual SRX platform (vSRX) provides elastic hybrid and multi-cloud interconnectivity using automation to provide rapid deployment and scaling. It is available both in Amazon AWS and in Microsoft Azure. Leveraging a transit VPC (Virtual Private Cloud), Juniper is able to stitch multiple clouds environments together, while keeping all traffic secured in transit.
- Important improvements to Security Management
The central management platform, Security Director, is getting support for the Change Management workflow through role-based administration control (RBAC). The platform will also be outfitted with a tool to create your own custom application signatures. Juniper Secure Analytics can now be used as the log collection facility for Security Director. This means you can consolidate firewall log analytics on the same appliance that is used for network event correlation (SIEM).
The on-box web-based user interface on the SRX firewall got a graphical overhaul to get it more aligned with Security Director. Thanks to the Solid-State Disks in the newest generation of firewall platforms, the user experience (including on-box log inspection) is much more fluent.
- The introduction of Logical Domains
Support for system-level virtualization through Logical Systems (lsys) has been removed in the newest generation of SRX data center hardware. Instead, Juniper is developing a feature called Logical Domains (ldoms). This complete update to the internal processing architecture will make the platform fully multi-tenancy aware with the added benefit of extreme scalability.
The changes mentioned above have contributed towards achieving most (if not all) of the development goals that were set out last year. Juniper’s technology is still ideally positioned as a rock solid, future-proof backbone for your data center. The shift in approach from ‘network security’ to ‘secure networks’ (SDSN) takes the concept of security and makes it pervasive throughout your entire network stack.