Networking equipment vendor Juniper Networks is aiming
to give its users greater visibility and control into what exactly is
running over their networks. It will come by way of the company’s latest ScreenOS 6 and IDP (Intrusion Detection and
Prevention) version 4.1 operating systems for its networking gear.
In the modern networked enterprise, most traffic crosses network-routing
equipment that does not provide visibility into what applications are
running and who is running them beyond just providing port and IP address
information. That changes with ScreenOS 6.
“What we’re focusing on with this release is Layer 7 application
intelligence into our products,” Sanjay Beri, senior director of product
management at Juniper, told internetnews.com. “It is the ability to
identify a broad set of applications and actions within those applications, including things like IM, p2p and enterprise applications.”
The Layer 7 granularity will also enable the network to determine the difference between someone using enterprise vs. public IM, whether they are just conversing or transferring files. It will also provide visibility into other application usage ranging from YouTube on the consumer side to enterprise apps by SAP or Oracle.
The new ScreenOS 6 capabilities will run on Juniper’s existing product portfolio, which, according to Beri, has traditionally
only been considered a Layer 3 or 4 product.
Firewalls have normally just provided port and IP information on users and
applications making it sometimes difficult for network administrators to
accurately identify what is running on the network and who is running what.
Beri explained that with ScreenOS 6, Juniper is moving the model to users
from IPs and from ports to applications, which ultimately makes it easier
for enterprises to control and monitor their networks.
With greater network application visibility, the idea is that threats can also
be more easily identified, and scanning for application threats is possible at
the network layer.
Though Juniper identifies the applications running and what they are doing,
for virus scanning ScreenOS 6 will take advantage of Juniper’s partnerships
with virus scanning vendor Kaspersky. Juniper has been partnering with
Kaspersky since at least the ScreenOS 5.4 release.
With the new release, Juniper claims that it is addressing a key challenge
that enterprises face when dealing with network security.
“The biggest thing that people want to do is business level policies for
their enterprise,” Beri said. “They don’t want to translate to networking
terms.”
Juniper plans to do even more
linking on the user identity piece with more UAC and NAC integration in future releases of ScreenOS.
Improved management and reporting to provide even better views of what is
state of a network is on the roadmap as well.
That process of providing even greater visibility will not come at the expense
of vendor choice for end users, according to Beri. Juniper has been a staunch
supporter of open networking standard such as Trusted Network Connect
from the Trusted Computing Group and sees that effort as being
critically important.
“We want to make sure that devices communicate even if they are not from the
same company.”
Juniper Peeks Through The Screen With New OS
