From the 12th to the 14th of July, we attended the Juniper Networks EMEA Tech Summit in Berlin. This yearly returning event aims at both Juniper Certified Champions as well as internal Juniper System Engineers. It is the ideal opportunity to get in touch with those who are responsible for Product Lifecycle Management at Juniper Networks. You can ask them your questions and get feedback about the opportunities and hurdles you meet in the field. This privilege is for top customers only.

Our schedule was fully booked with topics such as the upcoming roadmap, and what Juniper Networks has in store in terms of security strategy. Juniper Networks is laying out the groundwork for its new Software Defined Secure Network (SDSN) architecture, which will shake up the way traditional datacenter security will be envisioned.

In this framework, threats are not seen as something that comes from outside the company. Many attack vectors originate from the internal enterprise network. SDSN will provide a shift to a zero-trust security model, which bundles correlated information from enterprise Security Information and Event Management (SIEM) platforms with cloud-based threat Security Intelligence.

The self-driving network: the key takeaway

On the first day, Juniper challenged us on what we think a ‘self-driving network’ should contain. Juniper Networks has a vision of a network that can monitor, repair and maintain itself without administrator intervention.

The key takeaway? The architecture is driven by security event detection across the entire network stack (including the application layer). It allows direct security enforcement that takes place on the access layer: the switch port. This will lead to a self-protecting network that eliminates the horizontal propagation of sophisticated malware within the same layer 2 switched network.

A big shift is the move to disaggregated Junos Platforms, logically separating the Junos software Platform from the hardware it runs on. A big advantage of this move is that Junos will offer the same functional features across both the hardware and virtualized platforms, fully supporting SD(S)N based environments.

The components of the SDSN architecture

The complete SDSN architecture is due for release in early 2017, but most components are already available today:

  • Juniper SRX, the next-generation anti-threat firewall:
    • Juniper SRX5400 based firewalls are next-generation security platforms ideally suited for large enterprise, service provider, and public-sector networks with up to 65Gbps firewall performance.
    • The Juniper SRX1500 is a high-performance, low-latency firewall for distributed enterprise campuses as well as small to medium-sized data centers. This platform scales up to 10Gbps firewall.
    • The Juniper vSRX is the industry’s fastest virtual security platform. vSRX offers firewall speeds up to 17 Gbps using only 2 vCPUs, scaling to 100Gbps with 12 vCPUs to provide scalable, secure protection across private, public, and hybrid clouds.
    • The highly-anticipated new SRX4000 platforms are due for release over the coming months, will broaden Junipers high-end data center line-up.
  • Sky Advanced Threat Protection keeps your network free of sophisticated zero-day attacks and other unknown threats by delivering superior cloud-based protection, scanning ingress and egress traffic for malware and indicators of compromise. High-performance static code analysis can be combined with sandbox analysis and malware deception technology to protect against emerging sophisticated malware.
  • Junos Space Security Director provides centralised security policy management through an intuitive, centralized, web-based interface that offers enforcement across emerging and traditional risk vectors. As an application on the open Junos Space platform, Security Director provides extensive security scale, granular policy control, and policy breadth across the network with extensive automation capabilities.
  • Juniper EX and QFX switches provide carrier-class switching solutions for the converged enterprise branch office, campuses and data centers. Wire-speed performance with high 1Gb, 10Gb, 40Gb and 100Gb port densities can be combined with Junos Fusion technology for consolidated management.

The unfolding of the roadmap

Most sessions were technical deep-dives and the speakers showed a profound understanding of the relevant security topics. DDoS mitigation with Juniper Secure Analytics is an example of such a session where an existing product was leveraged to automatically enhance firewall filters for blocking flooding hosts.

When the Tech Summit reached its conclusion, we had a very positive impression. We are definitely moving forward. Convinced of the promising vision Juniper Networks presented, we are very eager to see the upcoming roadmap unfold.