Juniper Networks is countering rival Cisco's advanced malware protection architecture with cloud-based technology...
aimed at protecting the corporate network at the access layer.
Juniper unveiled on Tuesday a more advanced version of Sky Advanced Threat Prevention at its NXTWORK user conference in Santa Clara, Calif. The company has extended the reach of the malware detection service from physical SRX Series firewalls to virtual versions and access switches. The company plans to release the improved Cisco AMP competitor this year.
Sky ATP and the Cisco AMP architecture provide cloud-based security intelligence, said David Monahan, an analyst at Enterprise Management Associates, based in Boulder, Colo. Both offerings provide the highest level of security to companies using the vendors' respective networking technology.
"Both the Juniper and the Cisco architectures have a common weakness," Monahan said. "If you are not all Cisco or all Juniper and you are not on a very recent version of the (switch) operating system, you cannot invoke some to any of the features."
On the flip side, the benefit of integrated technology from Cisco or Juniper is a better method for identifying malware on mobile devices and PCs at the network access layer, Monahan said.
Sky ATP machine learning
Sky ATP provides traffic inspection, inline malware detection and reporting. The service uses several techniques to identify threats. The methods include identifying known malware through signatures stored and updated in a lookup cache and machine-learning algorithms that can spot malware-like behavior.
David Monahananalyst, Enterprise Management Associates
"What distinguishes Juniper's Sky ATP from some of its competitors is the use of machine-learning algorithms to perform static and dynamic analysis of potentially malicious content," said Mark Hung, an analyst at Gartner. "Traditional methods use human-curated methods to analyze potential threats."
Sky ATP-detected malware can trigger Juniper firewalls and switches to block infected devices trying to access the corporate network. How the Juniper technology stops the threat depends on policies deployed through Juniper's Junos Space Security Director software.
Security Director had only worked with Juniper firewalls. With the Sky ATP release, Juniper added a software component called Policy Enforcer that extends Director's capabilities to the vendor's EX and QFX Series Ethernet switches.
Sky ATP can block malware in several file types, including executables, PDFs, Microsoft Office, Java, Flash and DLLs. The service is available to Juniper customers with an SRX Series firewall support contract. A premium version, which inspects more file types, requires a separate subscription license.
Enforcer is licensed separately from Security Director. Juniper bases pricing on the number of networking and security devices managed through the software. Contracts are available for 50, 100, 500 or 1,000 devices.
Juniper unveils firewalls for hybrid clouds
Lastly, Juniper introduced two firewalls, the SRX4100 and SRX4200. The former has a throughput of 20 Gbps, while the latter has 40 Gbps. Both support Juniper's latest security technology.
The firewalls are best suited for campus and data center edge deployments where companies will connect to public clouds, such as Amazon Web Services or Microsoft Azure, according to Juniper. Both firewalls are 1U appliances.
Deploying cloud-based security services
Benefits, risks of security as a service
Features to look for in cloud security as a service