Juniper Networks Delivers Enterprise Infranet Solution; Unified Access Control Solution Increases Security and Control Over Users and Endpoints

Business Wire, Oct 24, 2005

SUNNYVALE, Calif. -- Juniper Networks, Inc. (Nasdaq:JNPR) today announced the availability of its Infranet Controller 4000 and 6000 appliances and Infranet Agent to provide unified access control of enterprise networks. The unified access control solution, based on the Enterprise Infranet framework, uses a combination of identity-based policy and endpoint intelligence to give enterprises real-time visibility and policy control throughout the network. As a result, enterprises can control access, prevent threats, ensure compliance, and deliver secure and assured network services.

As access to network resources has grown ubiquitous, the challenge of making resources available and preserving a high-level of security has increased. Mobile laptops and non-compliant desktops are susceptible to a myriad of Internet threats, yet are still allowed to access the corporate network and business critical resources. Business requirements demand that these devices get access to resources and applications, but providing such access without sufficient security controls opens the enterprise to a number of security risks and regulatory compliance challenges. Juniper's unified access control solution solves the problem of balancing access and security controls by binding endpoint, identity and network information for dynamic policy management that is enforced in real-time throughout the network.

"Adding authentication and endpoint intelligence has posed a significant challenge for our organization. We've worked on this problem for some time and have not been satisfied with traditional approaches. Juniper's unified access solution represents a new way to solve the problem by combining user identity, network identity and endpoint status with network and endpoint policies. The approach Juniper has taken has the potential to meet a wide range of challenges related to controlling our network," said Jeff Springer, network security manager at University of Nevada, Reno.

Unified Access Control Maintains Secure and Assured Experience

"The Enterprise Infranet vision and Juniper's unified access control solution delivers a comprehensive, pragmatic and cost-effective approach to solving enterprise customer network and security challenges," said Joel Conover, principal analyst at Current Analysis. "Use and threat controls do need to be aligned and more tightly integrated to not only allow for better protection of the network and applications, but also ensure reliable business services."

Juniper's unified access control solution is the first to offer endpoint and identity-based controls, and support both client-host and network-based enforcement of dynamically configured firewall and IPSec policies. The Infranet Controller appliance leverages the policy and control engine from Juniper's award-winning Secure Access SSL VPN and the security and performance from Juniper's firewall/VPN platform. The Infranet Controller makes role-based policy decisions as well as seamlessly provisions the Infranet Agent, a software agent that assesses the endpoint's compliance state both before and during the session, and enforces policy on the client host. These policy decisions are enforced on the entire family of the Juniper Networks firewall/VPN appliances running Juniper's latest ScreenOS 5.3 operating system, designed to allow communication with the Infranet Controller and perform computationally intensive security functions without compromising throughput. The firewall/VPN appliances act as enforcement points for policy decisions that are based on user's identity attributes and the endpoint assessment. Native Host Check and the Juniper Endpoint Defense Initiative (J.E.D.I.)-based checks provide the host assessment. The Infranet Agent can also enforce network policy on the client host. These client host policies include firewall rules, dynamically provisioned IPSec policies and single sign-on in Microsoft environments. The policy options that work in conjunction with Microsoft Windows authentication and IPSec services represent the initial results of Juniper's work with Microsoft to integrate user, application and network policy enforcement for an assured and trusted IT environment and user experience. This effort was announced last year when Microsoft's Network Access Protection (NAP) was introduced.

By consuming signals from the Infranet Controller, the Infranet Enforcers provide user and endpoint specific security controls, as well as provide end-to-end transport security when required. The combination of the Infranet Controller, Agent and enforcement points enable real-time network policy enforcement in a solution that provides high-availability, high-performance and reliability. Together, the products unify access control by creating a service layer that runs over an existing infrastructure and infuses identity and endpoint security attributes into the network security policy. This service layer consists of the dynamic policy configuration that enforces firewall and optional IPSec rules, and because it does not require a forklift upgrade or any other changes to switching or routing infrastructure, the Infranet Controller can be cost effectively deployed in simple phases at critical points in the network.