Juniper Universal Services Framework for Security = Operational Consistency
The internet’s greatest feature – its openness – is also its biggest vulnerability. Borderless communication on top of open protocols, without government interference (mostly) has facilitated robust economic growth and global collaboration. However, all technology can be used for malicious purposes and the inherent openness of the networking stack can leave it vulnerable to attacks. Furthermore, the threat surface continues to grow as more and more users and IoT devices connect to the internet. Additionally, the latest disaggregation and virtualization trends in IT and networking continue to add complexity and generate new entry points that can be exploited.
In the face of these trends, many network operators have become resigned to the belief that the network is a liability when it comes to security; but at Juniper we view it as an asset. The Juniper approach is Connected Security, leveraging the entire network as a threat detection and enforcement tool. Juniper Connected Security safeguards users, applications, and infrastructure by extending security to all points of connection across the network, instead of merely bolting on security features separately as an afterthought. Our vast experience building best-in-class technology responsible for connecting service providers, large enterprises, and cloud services to the rest of the world, coupled with our cybersecurity expertise puts us in a unique position to cohesively provide visibility, advanced protection, and automation to every corner of the network, from endpoint to edge and every cloud in between.
Universal Services Framework Means Operational Consistency for You
Today, we announce a new component of this solution with the SPC3 security services card now available on the MX240, MX480 and MX960 Series routing platforms. The MX-SPC3 supports capabilities such as carrier-grade network address translation (CGNAT), stateful firewall, intrusion detection system (IDS), traffic load balancing (TLB), domain name system (DNS) sink-holing and aggregated multiservices (AMS) traffic distribution.
Importantly, the SPC3 card introduces the Juniper Networks Unified Services Framework (USF), which yields tremendous operational benefits for our customers. Service providers typically struggle when migrating or introducing additional devices to their networking infrastructure. For example, adding the same security capabilities in different deployment models is tedious because most vendors’ features are inconsistent across different implementations. Distinct data models often exist for the same capabilities. Services and infrastructure are developed and tested twice.
This lumbering process duplicates effort and has the potential to impact quality, but the operational quagmire ends with USF from Juniper. The SPC3 security services card for the MX is the same SPC3 security services card for our SRX5000 Series firewalls. A common services code base provides a foundation for consistent set of features across the MX, SRX, vSRX, and cSRX as the network evolves. The single architecture and single code base facilitates code reuse and improves the quality of feature implementation.
Security integrated with networking devices has implications beyond just the box. Engineering teams can now operate more efficiently and collaborate more effectively across the organization. Deployments and decision cycles are simpler and faster for the same functional outcomes. Beyond initial deployments, customers also gain solution portability as their businesses grow and their technical needs evolve. Security is not an impediment to business, it’s a facilitator.
The SPC3 capability on the MX Series routers is just the latest in a series of steps that we have taken to fulfill our vision of Connected Security integrated with the network:
- In August, we announced the integration of Juniper Networks’ Security Intelligence (SecIntel) with MX Series routers to deliver real-time threat intelligence with automatic and responsive traffic filtering.
- At the end of 2018, we launched the Juniper/Corero solution for real-time, volumetric DDoS attack defense on MX Series routers.
- Juniper now offers in-line MACsec on Juniper custom silicon across our MX, PTX, QFX, EX and SRX Series product portfolio, providing security without a performance penalty
Networking and security must be inextricably intertwined. When vendors and network operators attempt to architect their networks using only point solutions they open themselves up for risk. Do you really want to “opt out” of security or do you want to get it integrated with your networking infrastructure?