INTEROP - Juniper targets Cisco with security strategy

Jaikumar Vijayan schreibt unter anderem für unsere US-Schwesterpublikation CSO Online.

Looking to ratchet up its competition with Cisco Systems Inc. in the corporate networking market, Juniper Networks Inc. next week will introduce a set of security tools designed to help IT managers more efficiently enforce access-control and usage policies on their networks.

Juniper, which is expected to make the announcement at the Interop show in Las Vegas, will also outline a broad network security framework that it plans to fill out over the next few years. The Enterprise Infranet initiative is designed to give users a comprehensive, policy-based approach to securing networks, applications and end-user devices, said Rod Murchison, the Sunnyvale, Calif.-based vendor"s director of product management.

The framework planned by Juniper gives IT managers a potential alternative to Cisco"s emerging Network Admission Control (NAC) technology and the Network Access Protection offering that Microsoft Corp. is developing.

Overall, the move to integrate security functions into the network layer is a good thing, said Hugh McArthur, director of information systems security at Online Resources Corp., a Chantilly, Va.-based online bill-processing firm.

But companies that have already invested in firewalls, intrusion-detection systems and network monitoring tools have little reason to dump their current technologies for the integrated functions, McArthur said. "I also feel that there are still advantages to using diverse products for providing multiple layers of protection that aren"t vendor-dependent," he added.

The security functions being delivered at the network layer also need to mature more before many users will feel confident enough to enable the automated responses to network threats and attacks that the technologies support, said Eric Beasley, senior network manager at Baker Hill Corp. in Carmel, Ind.

"Right now, it wouldn"t be something that I would let loose on my networks," he said.

David Flynn, vice president of products for Juniper"s security tools and network-access routers, acknowledged that completely delivering on the Enterprise Infranet vision will be a multiyear process. In addition, many users will have to more tightly integrate their IT security operations in order to fully embrace Juniper"s planned offerings, he said.

"It does change the way they need to think about how they operate," Flynn noted.

Juniper"s new tools for controlling network access and usage are based on technology from its acquisition of NetScreen Technologies Inc. last year and are due for release in the third quarter. They"re similar to the initial NAC products that Cisco released last year. But the tools also provide continuous monitoring of devices, instead of simply deciding whether they should be able to access a network, Flynn said.

Another key difference is that Cisco is integrating the security into its networking equipment, while Juniper is offering its tools as an "overlay solution" designed to work with a mix of network gear, said Robert Whiteley, an analyst at Forrester Research Inc.

Jim Slaby, an analyst at The Yankee Group in Boston, agreed. "Cisco"s approach really anticipates that you have an all-Cisco network and that you have updated your network infrastructure to versions of the Cisco operating system that support NAC," he said. "For a lot of customers, that"s going to take quite a while and be rather expensive."

(Craig Stedman contributed to this story.)