Juniper delivers distributed data-center security protection, firewalls

Juniper Networks has expanded its security portfolio with an architecture design that includes AI-based predictive threat support and a new family of firewalls, all designed to protect distributed data center resources.

The central piece of the expanded portfolio is the new Juniper Connected Security Distributed Services Architecture. It’s implemented in a new version of the vendor’s core Junos operating system (version 23.4) and enables a variety of security features from zero trust policy enforcement to intrusion detection and prevention across distributed data center networks.

Since Junos runs across Juniper’s entire product family, including QFX Series Switches, MX Series Universal Routers, SRX Series firewalls and more, all of those systems can be included in the Distributed Services Architecture. This enables customers to set up universal protection and policies for networks, data, and applications, and it’s all controlled by the vendor’s Security Director Cloud for setting and managing security policies.

The key point is that new and existing customers just need to run the Junos code that supports the Security Distributed Services Architecture, said Mike Spanbauer, a technology evangelist with Juniper Security. “It isn’t going to be a licensed feature. It’s going to be part of what it means to secure your network environment with Juniper.”

“Many of these data center environments have grown so incredibly sprawled and complex that it has become difficult to ensure security for the distributed applications that those network and security teams are responsible [for managing and securing],” Spanbauer said. “What we are trying to do with Security Distributed Services Architecture is greatly simplify data center operations and offer a path to solving some of the most complicated and challenging issues within the data center.”

A key part of the new architecture is an AI-predictive threat prevention feature that ingests data from a variety of sources, including Juniper devices and its own research as well as third-party applications, to update its threat signature database and detect behavior anomalies. The idea is to help customers and partners to predict and identify real threats faster, Spanbauer said.

As part of the new architecture and AI support, the Juniper SRX series of firewalls can detect malicious threats within encrypted traffic without decryption by using AI/ML behavior analysis, according to Juniper. Additionally, it automatically broadcasts with all other SRXs when a new threat is detected and now can automatically generate custom signatures that are unique to the customer’s environment, Spanbauer said.

Four new Juniper SRX firewalls

Also in the SRX realm, Juniper rolled out four new 1U firewalls: the SRX1600, SRX2300, SRX4300 and SRX4700. The boxes support a variety of link speeds from 25G to 400G, and throughputs range from 24 Gbps to 1.4Tbps. The SRX Series platforms include embedded Trusted Platform Module (TPM) 2.0 chips and unique, cryptographically signed device IDs for standards-based Secure Zero Touch Provisioning (SZTP). In addition, all of the new devices include EVPN-VXLAN Type 5 support so customers can embed security across the entire EVPN-VXLAN fabric.

“With full fabric awareness, security operators possess the situational awareness to respond to threats faster and reduce the blast radius of an attack to the smallest possible area using everything available to them, including the network,” Juniper stated.

Juniper’s announcement will go a long way toward keeping existing customers and attracting prospects, particularly in the way it couples networking and security with the Distributed Services Architecture, said Mauricio Sanchez, senior director for enterprise security and networking research with the Dell’Oro Group. “Compared to the bigger players, like Palo Alto Networks, Cisco, or Fortinet, Juniper is a smaller player, so having something to distinguish from the big boys is always good.”

The Distributed Services Architecture is interesting because it combines Juniper’s existing networking devices to improve the performance of Juniper’s SRX firewalls, Sanchez said. “Customers get more bang for the buck from existing firewalls by taking advantage of this new combo.”

With the AI-predictive threat feature, Juniper may not be the first to leverage AI, but it’s far from being the last. AI is making the solutions more usable and improving security effectiveness, Sanchez said.

“The new firewalls are interesting because it keeps Juniper in the hunt for new firewall business,” Sanchez said. “The firewall market is all about speeds and feeds, together with more features. These new boxes give the competition a good run for their money.”

“Firewalls are still foundational to enterprise network security hygiene. Case in point is that the firewall market, according to my analysis, was still over $12 billion in 2022 and still growing,” Sanchez said.

The SRX 1600 and the 2300 are going to be available by the end of the year, and the 4300 and 4700 will follow shortly thereafter, Spanbauer said. The Junos 23.4 software will be available by the end of the year.