Why Juniper’s SASE Move Makes Sense

Security3Shield

By: R. Scott Raynovich


Everybody wants in on the Secure Access Service Edge (SASE) party, and networking industry giant Juniper isn’t going to be left out. Today the company officially entered the SASE market with force, announcing a multi-pronged strategy to offer software-based SASE solutions including full integration with its traditional networking gear.

Juniper’s new flagship SASE product is called Security Director Cloud, a service portal that enables customers to manage connectivity and security services to sites, users, and applications. Juniper also said this will “manage customer SASE transformations.”

The announcement comes just a day after Aryaka Networks announced a move to buy Hamburg, Germany-based Secucloud to add cloud-based security functions to its network-as-a-service (NaaS), also launched under the SASE moniker. The announcements were unrelated, of course, because both companies have been working on the plans for months. But it shows just how hot an item SASE has become.

Why SASE Now?

Juniper has had software-defined wide-area networking (SD-WAN) as well as a full series of security products for quite some time. But the arrival of hybrid and remote work appears to have accelerated the move to cloud-based security solutions, so Juniper has put together a plan to migrate its security offerings to the cloud -- which will also help on the business side as the company looks to increase the amount of revenue it derives from annual software subscriptions.

SASE isn’t a specific product. It’s a set of security functions and use cases that can be launched from the cloud as a software-as-a-service (SaaS) offering. Yes, that means that SASE is SaaS (oh no!). But the main goal is to integrate networking solutions with security solutions and management.

Really, SASE is the next step of the evolution of the SD-WAN market, a fast-growing market that hits on the need for network managers to build more flexible network capabilities that could be managed from the cloud.

The SD-WAN and SASE markets will continue to be connected at the hip, and products in these markets will evolve over the years. (See our first SASE report in 2020 and Tech Primers outlining the key use cases and SASE market leaders.) The top use cases and SASE features in our discussions with both end users and vendors include secure web gateways (SWGs), cloud access security brokers (CASBs), cloud-based firewall-as-a-service (FWaaS), and zero trust network access (ZTNA) or software-defined perimeter (SDP) services.

Juniper Leverages Its Security Assets

Juniper already had many of these capabilities in its networking lineup and is no stranger to security. In fact, it’s got a well-regarded lineup of routers and security tools that also include firewall functionality, including its SRX series. What Juniper needed was a coherent strategy to move these functions to a cloud-based architecture without alienating or leaving behind folks that had purchased its traditional networking and security gear, such as firewalls.

The company appears to have done that quite elegantly with the Security Director Cloud product. Juniper says it will help its customers manage both cloud-security deployment, as well as traditional networking equipment on-premises. Juniper says that its customers want help making the transition to the cloud, a project that will be measured in years, not months.

According to Juniper's press release, key functions of the Security Director Cloud include:

  • Experience-led management to facilitate network transformation. Juniper says that the Security Director Cloud delivers a “transformational management experience” that will help reduce challenges of the architectural shift to the cloud. It features zero-touch provisioning and configuration wizards for secure connectivity, content security, and advanced threat prevention (ATP) for both on-premises and cloud-based security policy. In addition, it will fully synchronize cloud-hosted and on-premises management and individual firewalls, so that both types of networking can be managed from the cloud.
  • Unified policies across physical, virtual and cloud-based security. Juniper says that customers can create security policies — including user- and application-based access, IPS, anti-malware and web security policies — that follow users, devices, or applications as they move to new locations and automatically apply them. This idea is that a “unified policy construct” will minimize the operational overhead of managing both environments.
  • Validated security effectiveness. Juniper claims its cyberattack protection is among the best in the business, validated by objective, third-party testing. This includes a 99.5% effective rating from Cyberratings.org compared to leading security vendors for enterprise firewalls, and a 100% effectiveness with zero false positives in ICSA Labs’ Advanced Threat Defense test in Q4 of 2020.
  • Visibility into threat behaviors across the entire network. Security Director Cloud includes a feature called Insights that provides correlated visibility into attacks across the network by bringing together threat detection information – including detections from other vendors’ products – into an attack timeline, and it enables one-touch mitigation to quickly address gaps in defense.

New Pricing Models and Customers

Security Director Cloud, like most SASE and SaaS products, will be sold as a monthly or annual software subscription. Customers that want to buy Security Director Cloud can negotiate new licenses that cover both its traditional networking gear as well as the new cloud-based software, according to Juniper.

“We want to incentivize customers to move to Security Director Cloud,” Kate Adam, Senior Director of Security Product Marketing, told us in a briefing. “We are making licensing very easy and helping them out with any terms they have in place.”

In its launch, Juniper quoted two customers, Beeline and Momentum Telecom, as adopters of the Security Director Cloud.

“Over the past year, as our workforce became more distributed, securely managing our network across multiple international data centers was a challenge,” said Jason Philp, Director of Infrastructure at Beeline, a software company. “Juniper gets that challenge and, with Security Director Cloud, we are able to centralize management in the cloud as we move to SASE.”

Mark Marquez, EVP of Technology at Momentum Telecom, said another key feature of Security Director Cloud will be the use of the session routing technology acquired when Juniper bought 128 Technology.

“Juniper Connected Security coming together with Session Smart technology is excellent news for our business,” said Marquez in a statement. “Having started our Juniper journey with 128 Technology, we are happily looking forward to adding their full SASE capabilities to our offering, with both validated security efficacy and AI-driven SD-WAN, that allow us to best facilitate our customers’ network transformations.”