What happens when data, the crown jewel of any business, moves from a centralized, self-contained data center to multiple distributed locations? It becomes harder to manage and secure.
This is the challenge organizations are facing everywhere: Enterprises are adopting multicloud strategies, bringing storage and compute to the edge; cloud providers are building out infrastructure to support this demand; and service providers are transforming metro sites into distributed edge clouds to support 5G architectures and new monetization opportunities.
To adapt to this changing environment, a new, modern data center architecture is needed. One that delivers reliable performance by leveraging automated data center operations that are simple, consistent and easily repeatable in any hardware environment. One that has an open, high-performing network infrastructure capable of supporting the most stringent workloads, such as AI model training. And one that delivers performance, scale, reliability and simplicity without sacrificing security within and among data center locations.
Today, Juniper Networks is the first in the industry to deliver a solution that can do just that. With the introduction of the Juniper Connected Security Distributed Services Architecture, we’re fundamentally changing the game with several new, unique and innovative capabilities that integrate our unified security management paradigm with best-in-class routing and AI-Predictive Threat Prevention to bring operational simplicity and scale to data center security. In addition, we’ve added four new high-performance firewall platforms to our award-winning Juniper Networks SRX family, which deliver unmatched performance in 1 RU footprints for exceptional cost savings and sustainability advantages.
These new capabilities seamlessly extend security services and Zero Trust policies across distributed data center environments, all the while enabling customers to operationalize data center architecture transitions at their own pace. When combined with the other key elements of a Juniper secure and automated data center, Juniper Apstra data center fabric management and automation software, as well as Juniper QFX Series Switches, MX Series Universal Routers and Security Director Cloud for setting and managing security policies, organizations now have all the tools needed to modernize their data center infrastructure environments for the best operator and end-user experiences.
From Firewall to Firewalling
Traditionally, there have been three approaches for implementing security services: chassis-based firewalls, fixed form-factor firewalls and fixed form-factor routers. None of them are ideal.
- Traditional chassis-based firewalls are simple to manage and easy to scale up to a point. They’re limited by the capacity of the chassis size and compute power and have limited redundancy due to the device being the single point of failure and the high baseline price being cost-prohibitive. Additionally, as chassis-based systems consume a large amount of space and power, they’re not as suitable for deployment at metro edge and colocation facilities.
- Fixed form-factor firewalls have a small footprint and scale well horizontally, but management complexity grows exponentially as more devices are added to the network. They’re painful to upgrade, and forwarding performance suffers when services are enabled. In fact, many customers must turn off the advanced security capabilities because traditional security vendors’ devices cannot deliver high performance and advanced threat protection. This is also one of the key reasons why customers are looking to Juniper to build their Zero Trust data center.
- Fixed form-factor routers have a small footprint and high forwarding performance but no advanced security services unless tethered to security devices—once again adding management complexity.
As traditional data centers become more distributed, the firewall needs to evolve from a self-contained entity to a security fabric that brings protection to every point of connection in the network. More specifically, it must move from a device limited by its own physical capacity and data path to an extensible enforcement node that intelligently and dynamically scales with the needs of the network to wherever data resides.
Now, Juniper’s Connected Security Distributed Services Architecture, managed by Security Director Cloud, does just that. Juniper has transitioned the industry from firewalls to firewalling by delivering the following unique capabilities:
- Scalability: Scale horizontally and elastically as needed, with no chassis limitations. All distributed firewalls function together as a fabric, enabling automated resiliency with multi-path redundancy. If one fails, others automatically load-balance and pick up the slack.
- Simplicity: Manage all distributed firewall engines as a single logical element, no matter how many are added. Customers can deploy the right form at each site and manage everything the same way as if adding virtual service cards to a chassis. Together with Juniper Security Director Cloud, no matter where data resides or where users are, customers always have full visibility of who is accessing what from where, and whenever a new firewall engine is added, the security policy is rolled out automatically.
- Flexibility: Customers can scale forwarding performance and services independently by decoupling forwarding and services layers. They can assemble the right size security solution for every location, mix and match different form factors and utilize our pay-as-you-grow options to manage budgets flexibly. Additionally, those with existing Juniper firewalls can continue to leverage them in the new architecture, ensuring that the processes and policies all remain intact.
Juniper’s Connected Security Distributed Services Architecture
AI-Predictive Threat Prevention
In addition, Juniper is unveiling new AI-predictive threat prevention offerings to drive more value to our Juniper Connected Security portfolio. These solutions draw on Juniper’s ability to automatically scan vast amounts of data across a distributed network. Our AI approach continuously updates the threat signature database and detects any abnormal behavior anomalies, performing as a trusted advisor of the security team to identify potential threats with faster speed and higher efficacy. Key benefits include:
- AI-generated custom signatures: Expanding upon the capabilities of Juniper’s Adaptive Threat Profiling and Encrypted Traffic Insights, the Juniper SRX series can detect malicious threats within encrypted traffic without decryption by leveraging AI/ML behavior analysis. Additionally, it automatically broadcasts with all other SRXs when a new threat is detected. And now, it can even automatically generate custom signatures that are unique to the customer’s environment and the threats we see because no one network is the same.
- Even more effective malware prevention at line rate: Traditional solutions need the complete file to make a judgment on whether it is malware or not, which requires turning on the TCP proxy and thereby slowing down the throughput performance of the firewall. Juniper’s organically built anti-malware solution uses a proxy-less architecture with AI to detect threats by scanning just the first few packets as they stream in, without the need to download the full file, giving customers even more effective malware prevention at line rate.
- Even more customizable web filtering: We’ve enhanced Juniper’s URL filtering solution to provide more granular control, with more than 200 categories to choose from and up to 200 languages supported, as well as a new portal for better insights on web content. The new service will also provide a mechanism for customers to easily recategorize anytime based on their changing business needs.
New Additions to the Juniper SRX Series Family
- Industry-leading throughput performance and security efficacy: All new SRX platforms are 1RU in size and deliver extremely high performance. For example, the SRX4700 delivers the industry’s highest firewall throughput performance per rack (1.4Tbps per rack with full 400GE support), and all new SRXs support wire-speed MACsec (Media Access Control Security). We believe that customers shouldn’t have to choose between network throughput performance and security effectiveness. In addition to high performance, Juniper’s security technologies have consistently ranked #1 in security efficacy in objective, third-party security tests, such as CyberRatings, NetSecOPEN and ICSA Labs, for the past four years, which cover firewall use cases across the network from edge to data center, including public cloud. With the introduction of new SRX series firewalls, we maintain our commitment to effectively prevent threats, regardless of form factor or use case.
- Built-in Zero Trust for Supply Chain Security: The new SRX Series platforms feature embedded TPM 2.0 chips (Trusted Platform Module) and unique, cryptographically signed device IDs for standards-based Secure Zero Touch Provisioning (SZTP). Teams can remotely assess the trust posture of devices as soon as they power up and verify that no one has tampered with the hardware or software.
- EVPN-VXLAN Support: EVPN-VXLAN Type 5 route configurations are supported across all Juniper Networks SRX Series firewalls so customers can embed security across the entire EVPN-VXLAN fabric. With full fabric awareness, security operators possess the situational awareness to respond to threats faster and reduce the blast radius of an attack to the smallest possible area using everything available to them, including the network.
An Experience-First Approach to Operationalizing Security Services Everywhere
Today’s announcements bring together Juniper’s core advantages in both Connected Security and data center operations to ensure the best user and operator experiences in the modern data center. Our customers and partners now have a single policy framework to operationalize security services across every point of connection in the network, while securing their distributed data center architecture transition at their own pace. With this launch, we’re not only making security more scalable, extensible and manageable, but also an indispensable part of every data center network.