Formulating and managing online identity and access control
A comprehensive collection of articles, videos and more, hand-picked by our editors
Juniper Networks recently expanded the capabilities of its next-generation firewalls to include an updated application identification engine and integration with Active Directory, which will enable administrators to create network security policies based on user roles -- without the need for additional agents or devices -- in addition a more centralized management approach across all Juniper's firewalls and security platforms.
Juniper firewall: New insight into users, applications
Juniper is releasing these software updates for its line of hardware-based SRX Series Services Gateways. In addition to centralizing management of essential security features -- such as intrusion prevention and role-based policies -- the company has also expanded the reach its Application identification engine (AppID).
The new AppID engine will provide IT teams with insight into not only what applications employees are using but also which parts of the application are being accessed, such as games within social media applications like Facebook, said Alex Waterman, senior director of product management at Juniper.
"Applications -- especially peer-to-peer social and video apps -- are evolving over time and are becoming able to get through security perimeters. So [the firewall] needs to evolve over time to provide the identification capabilities for those [apps]," Waterman said.
And increased capabilities for the Juniper AppID engine is an advancement that customers have been looking for from Juniper, said David Lesser, founder and CEO of Nexum Inc., a Chicago-based IT security and networking service provider and systems integrator. Nexum is a Juniper partner that offers training services for SRX appliances.
Along with greater application visibility, the SRX line can now be integrated with Active Directory repositories for enterprises that want to fuse user identity, along with application information, into their security strategy, Juniper's Waterman said.
The alternative to Active Directory integration is to put agents on every desktop, which is not an attractive option to IT, said Jon Oltsik, senior principal analyst for Milford, Massachusetts-based Enterprise Strategy Group Inc (ESG). Juniper users previously had to use a separate appliance for establishing user identity.
The update intends to eliminate such workarounds, according to Juniper's Waterman.
"Juniper is integrating identity with the SRX in an agentless manner, allowing Active Directory identity repositories and the SRX to communicate together to share user role-based information for security policies ... which reduces the number of boxes from two to one," he said.
Firewalls should help enterprises base security policies on information about applications, users and the network for a more individualized approach to security, according to ESG's Oltsik.
"IT may not want users to be able to access Facebook from the corporate network, or only want you to be able do certain things on Facebook," he said. To accomplish that, "[IT] would have to recognize Facebook in use and who the user is to be able to take action based on that information, which Juniper users can now do thanks to the tie-in with Active Directory." he said.
The native integration with Active Directory and the updates to the AppID engine put Juniper on a competitive level with Palo Alto and Check Point, which have had these capabilities for some time, said Nexum's Lesser. "It's extremely important [for IT teams] to be able to have advanced firewall capabilities in one box that is able to talk to Active Directory and look at specific application activities, and be able to apply those policies across the entire enterprise from a single point," he said.
Traditional firewalls that look at ports and IP addresses are no longer good enough for most businesses, large and small, ESG's Oltsik said. Next-generation firewalls are becoming more necessary, "Businesses need to be able to enforce policies on a much more fine-grain level. All traffic might be coming in over the same port, so you need to understand what that traffic is and who is accessing that application," he said.
Juniper next-generation firewall simplifies security management
New capabilities and deeper visibility often come at the expense of the burden of adding more appliances and creating, by extension, a more complicated security management process for IT. The new enhancements to Juniper's firewalls also attempt to remedy this issue. The company has added logging and reporting capabilities to its Junos Space Security Director application, now allowing both the physical SRX Juniper firewall product and the virtual Firefly Perimeter platform to be centrally managed from one Web-based interface using Junos Space Security Director.
These latest Juniper firewall updates address the missing pieces the vendor had within its security portfolio, ESG's Oltsik said.
"These updates address requirements like scale, application support, and usability and simplicity for Juniper customers, who [have been looking] for security and operational efficiency," he said.
All of the new features and capabilities, including the Active Directory integration and AppID updates, are available in the latest release of Junos Space Security Director.
Juniper Firefly Perimeter: A virtual firewall based on SRX gateways
Product review: Juniper SRX series
Juniper upgrades vGW virtual gateway security tool