Juniper Networks has introduced in its Advanced Threat Prevention appliance the ability to collect, filter and...
analyze logs from third-party security devices, such as firewalls and web and email gateways.
This week, the vendor also introduced a midsize-enterprise version of the Juniper Advanced Threat Prevention (ATP) appliance. The new JATP400 appliance is a scaled-down version of the JATP700 for larger enterprises.
Meanwhile, in other Juniper news, the company announced last Friday the acquisition of HTBASE, which provides an infrastructure abstraction tool. HTBASE's product, called Juke, creates a control and data fabric for applications running in multiple public clouds.
In the latest announcement, Juniper has made it possible for a Juniper ATP appliance to collect logs from security devices through their system logging facility, or syslog. To separate security-related log events, an administrator would go to the JATP user interface and create a log filter using one of its supported formats, such as XML, JSON and CSV.
The admin can then create a parser that maps the log field from a firewall, for example, into the JATP's event fields to look for possible security threats, a Juniper spokesperson said in an email.
Also, through the JATP UI, admins can see statistics on incoming logs and delete unneeded logs.
Before the syslog support, easily collecting security data was limited to Juniper's SRX firewalls and devices made by the company's partners, such as Fortinet and Palo Alto Networks.
"With the custom data collector capability, the integrations can be created from within the product by security personnel via an easy-to-use UI," the spokesperson said.
Juniper plans to release the new capabilities in a software upgrade scheduled for release this month.
The JATP400 is available as a virtual appliance or as a 1RU system targeted at branch offices and midsize enterprises, such as law firms and brokerages. Juniper's JATP appliances inspect packets for malware before forwarding them to their intended destinations. The product stems from Juniper's 2017 acquisition of security analytics company Cyphort.
How Juniper plans to use its latest acquisition, HTBASE, is unclear. The company declined to discuss the deal beyond a blog post that said HTBASE technology "neatly complements" the company's Contrail portfolio, particularly its virtualized networking technology for connecting to applications running in multiple clouds.
In a blog post, Tom Nolle, president of technology consulting firm CIMI Corp., said Juniper's apparent focus on companies with applications running on multiple clouds was misguided, given the majority of businesses are connecting private data centers to cloud providers -- an architecture called a hybrid cloud.
"Abstract infrastructure for application deployment, if tied to hybrid cloud, is very smart," Nolle said. "If tied to multi-cloud, it's a niche, particularly since multi-cloud in nearly all cases is a special case of hybrid cloud ... Juniper's positioning targets the niche, not the market."