Secure access service edge (SASE) and security service edge (SSE) have been gaining momentum with hybrid work being the primary driver. The traditional appliance model for security was never ideal but doable with branch offices but impossible with home workers. Pushing the security capabilities to the cloud greatly simplifies the deployment and on-going management of security services while giving workers at home the same level as security as when they are in the office. For those confused by SASE versus SSE, you’re not alone. The simplest way to think about it is that SASE is comprised of SSE plus SD-WAN.
This has created an opportunity for most of the network and security vendors to expand their portfolios and compete in adjacent markets. Also, this transformation has shifted the buyer mindset and opened the door to looking at new vendors. A couple of interesting data points from my research quantify this. With traditional network WAN equipment, less than 8% of customers were willing to look an alternative vendor, which is why Cisco had the share it did. With SD-WANs, 55% are now willing to look at a different vendor, which is why companies like VMware, Juniper, Fortinet and others have jumped into that space.
Recently, Juniper Networks announced it has expanded its security service edge (SSE) portfolio by adding native cloud access security broker (CASB) and data loss prevention (DLP) capabilities. Prior to this announcement, Juniper had been going to market in CASB via its partnership with Netskope, an SSE Magic Quadrant leader. Having its own CASB gives the company better control of roadmap.
More importantly, CASB and DLP give Juniper a wealth of data to advance its “Experience First Networking” vision. While one could look at the tagline as just marketing speak, the company does appear to have used it to drive its product innovation and M&A strategy. Every move the company has made since the acquisition of Mist has been to gain greater visibility into user experience and then provide the automation, management and security capabilities to ensure a best-in-class user experience.
CASB and DLP are necessary to secure SaaS applications and now can be managed by Juniper’s Security Director Cloud, which it introduced last summer. The product is the company’s policy management platform and enables security pros to manage all their firewalls and security services from a centralized portal. This includes cloud as well as on-premises infrastructure. Most of Juniper’s SSE and SASE competitors are cloud-only and while the world is trending that way, there is still a call for on-prem. It doesn’t have the appeal of cloud but on-prem will still have a long life, particularly in large offices and HQ locations.
With the addition of CASB and DLP to Secure Edge, Juniper can connect organizations’ existing security posture to data and apps that live outside the physical perimeter of the network. For example, DLP gives security teams increased visibility by setting up identity-based micro-perimeters around users and apps. Identity-based micro-perimeters help prevent unauthorized access in the cloud and keep corporate data protected.
On a call with analysts, I asked Juniper Group VP of Security and Business Strategy, Samantha Madrid, about how the company defines “full stack” and she said that the company now has a single policy framework that organizations can use to create firewall policies, proxy policies, secure access, and now CASB and DLP. They can later take those capabilities and automatically apply them to future networks without having to revamp their investments. Most importantly, organizations can transition to SASE at their own pace by leveraging what they already have.
“That’s extremely powerful when you think of the overall experience and how to migrate your organization to cloud-delivered security. It’s all anchored on the experience. But in security, decisions aren’t made based on experience. Decisions are made based on technology need,” said Madrid. “The security space has addressed the need and not the experience. That’s why the experience has been the North Star for Juniper’s security business.”
The term “full stack” is becoming one of those phases that is highly overused and has multiple meanings. This isn’t the right post to debate what is or is not full stack, but it’s definition, Juniper can make that claim. Given the multiple definitions of full stack being bandied about, its as valid as any other.
With full-stack, the underlay security fabric is consistent across all modalities of consumption because organizations get the same security policies both on-prem and off-prem. The connective tissue that makes it all happen is artificial intelligence (AI), said Sudheer Matta, group vice president of AI-driven enterprise at Juniper.
“We are impacting the user experience in a positive way on the network side, as well as the security side. We have strength in both of these now,” Matta added.
Juniper uses AI and machine learning (ML) for encrypted traffic insights to detect whether a transaction is malicious strictly on its behavior. The vendor is also introducing security assurance, which allows organizations to maintain a consistent experience through a common management framework with Security Director Cloud. By having common policies and complete visibility, security teams can work hand-in-hand with AIOps teams.
Zeus Kerravala is the founder and principal analyst with ZK Research. He provides a mix of tactical advice to help his clients in the current business climate and long-term strategic advice. Kerravala provides research and advice to end-user IT and network managers, vendors of IT hardware, software and services and the financial community looking to invest in the companies that he covers. He can be reached at [email protected], and follow him @zkerravala and on YouTube.
Industry Voices are opinion columns written by outside contributors—often industry experts or analysts—who are invited to the conversation by Fierce staff. They do not represent the opinions of Fierce.