Juniper Networks has boosted its threat detection capabilities across its Mist platform for wireless users and Advanced Threat Prevention (ATP) Cloud and SRX Series firewalls.
At this week's RSA Conference, Juniper is demonstrating its SecIntel for Mist, which it bought last year for $405 million, and encrypted traffic analysis on the ATP Cloud and the SRX firewalls. Both of those new features are part of the Juniper Connected Security platform.
SecIntel, which was announced at last year's RSA Conference, was initially designed to provide advanced threat detection and threat intelligence on Juniper's MX routers, and was added into its EX and QFX switches near the end of last year.
"So Juniper Connected Security is about bringing visibility and extending it to the entire network for detecting threat intelligence," said Juniper Networks' Samantha Madrid, vice president of security business and strategy. "It brings visibility to every point of connection so that your routers, your switches or access points, in addition to your traditional security technologies, are all working in concert and our threat aware.
"Mist users now have the ability to leverage our threat intelligence and our SecIntel capabilities to be able to identify and stop infected users and devices that are on their networks. They can isolate them and gain insight into what's happening."
Using threat alerts detected by Juniper SRX Series Firewalls and ATP Cloud, administrators can assess security risks when users and devices connect to wireless networks, and take appropriate action via the Mist cloud or APIs, such as quarantining or enforcing policies. It works in tandem with existing security threat intelligence capabilities in order to protect networks across all points. SecIntel for Mist customers will be available in the second quarter.
Juniper's new encrypted traffic analysis feature was designed to detect malicious botnets that are often undetected due to encryption. It gives organizations more visibility and policy control over encrypted traffic, without requiring resource-intensive SSL Decryption. For customers using Juniper SRX firewalls, it doesn't' require additional hardware or network changes to set up and manage.
Industry analyst firm Omdia estimated that as much as 70% to 80% of enterprise inbound network traffic is now encrypted, which is up approximately 20% from three years age. Madrid said 40% of the attackers use encryption and cryptography in order to obfuscate their attacks in the networks. Because it's encrypted, most organizations don't have visibility into those types of attacks on their encrypted traffic.
Madrid said Juniper's encrypted traffic analyses could look for threats without breaking the encryption.
"What we've been able to do is to detect whether or not the patterns associated with encrypted traffic are in fact malicious," she said. "So this gives administrators the opportunity to be able to stop those connections and isolate those hosts."
Madrid said the encrypted traffic analyst feature would be generally available this summer.