Juniper’s SDSN consists of three key pillars with user intent policy, unified detection and comprehensive enforcement. It leverages user intent-based policy frameworks that enable organizations to define rules and enforcement for all network devices and applications in a unified, centrally managed security ecosystem. “Clients can specify security policies in a simplified manner using business intent as opposed to cumbersome IT constructs,” explains Maniar. “In case of an attack or threat, it can utilize detection capabilities with Juniper Networks’ cloud-based Sky Advanced Threat Prevention (ATP) malware defense or integrate external threat intelligence as part of the SDSN ecosystem.” By correlating the threat information from these mechanisms, it provides insight into the actions that need to be taken once the attack is discovered. Finally, the third pillar—enforcement—automatically applies the necessary action to the enforcement points based on the new policy, without manual intervention.
For instance, an organization can create a group comprised of all IoT devices on the network. The first user-intent policy defines that the IoT group can only access the IoT control application on the network; while the second policy can be specified to block all communication with an IoT device in case of an attack.
Our SDSN platform provides a holistic security solution that transforms and strengthens our customers’ defense
The system will automatically stop communications from the infected group, per the policies. This ensures that a compromised device does not spread laterally across the entire network and infect other devices or applications. “Typically, organizations have numerous vendors for security detection, but each of them have individual portals. Our SDSN detection framework can collect and correlate the information from these vendors and provide a single pane of glass to view and act on the actionable threat landscape,” points out Maniar.
Juniper’s customizable solutions have assisted customers from various industries ranging from distributed enterprises such as retailers and hospitals to large enterprises, cloud providers and service providers. In one instance, a large retail vendor with over 10,000 stores worldwide required a solution encompassing routing services, firewall functions and advanced anti-malware capabilities coupled with automation. Juniper Networks’ SRX300 and SRX1500 with zero-touch capability gave them a fully automated firewall portfolio and unified policy management required to seamlessly operate all of the stores. With SDSN, the client was able to easily detect an attack at a single store and immediately take defensive action across other stores.
Treading ahead, Maniar says that SDSN is a journey and Juniper will continue to focus and invest in the three pillars of SDSN. The company is also focusing on professional services to provide its customers with risk assessments for their networks. “We are constantly innovating to transform the security arena by providing high value to our customers with a highly differentiated offering,” he concludes.