Juniper Networks has extended its campaign to tightly couple security and networking by first making it possible to block threats at the router level using alerts generated by threat feeds and then integrating a containerized firewall with the Juniper Connected Security framework.
Oliver Schuermann, senior director for enterprise product marketing at Juniper Networks, said rather than continuing to treat cybersecurity as a bolt-on, Juniper Networks is embedding cybersecurity capabilities across both its software-defined network (SDN) overlay and network infrastructure underlay.
At the network infrastructure layer, Juniper MX Series routers now can block command and control traffic at the hardware level using either custom third-party threat feeds or threats discovered by the Juniper Sky Advanced Threat Protection (ATP) service or Juniper Threat Labs. That capability extends an ongoing effort to extend threat feed intelligence to all points of the network, said Schuermann.
At the software level, the cSRX Containerized Firewall from Juniper Networks now can be managed centrally regardless of where its deployed. That’s critical because containerized firewalls will play a major role in securing applications running on multiple clouds as well as in edge computing environments involving, for example, internet of things (IoT) applications, Schuermann said.
Instead of acquiring companies and then trying to stitch together various incompatible technologies, Juniper Networks is leveraging investments in its JUNOS operating systems to integrate networking and cybersecurity in a way that is more cost-effective to deploy and manage, said Schuermann.
Schuermann said that strategy, in turn, enables Juniper networks to deliver higher levels of automation that will have significant implications on the evolution of DevSecOps strategies going forward. Many of the controls that organizations today attempt to embed in applications increasingly will be embedded into the network. That approach should reduce some of the increased cybersecurity burden shifted on developers as organizations seek to make cybersecurity a natural extension of the application quality assurance process.
It’s not at all clear right now precisely how responsibilities for cybersecurity will devolve across cybersecurity, networking and application development teams. On the plus side, everyone now recognizes they are responsible for cybersecurity. Less clear is the degree to which any one initiative might obviate the need for another team to duplicate the same capability. Of course, given the current state of cybersecurity, duplication of efforts may be the most immediate concern.
In the meantime, cybersecurity teams will need to come to terms with the fact that the attack surface is expanding. Developers are increasingly deploying applications on various clouds, while at the same time pushing more code to the network edge. The single biggest common denominator across all these environments is the network these applications rely on to access and process data. As such, the larger the number of cybersecurity controls that can be enforced at the network level, the less likely it becomes organizations will need to duplicate those controls across multiple IT platforms and application environments.