Juniper's Security Setbacks

Juniper's security wins include Junos Pulse, a security and management platform that the company claims appears on tens of millions of mobile devices. Deals to acquire Altor, a virtualization security specialist, in December 2010 and Mykonos, a Web security specialist, last May, bolstered Juniper's strong security portfolio, which it essentially built with its $4 billion acquisition of NetScreen in 2004.

But Juniper's security reputation took a big hit from the perception that its security product development had slowed, combined with a product debacle that unfolded over the past three years on one of its best-known security lines.

Last year, at Juniper's Global Partner Conference, there was nary a conversation that didn't include its much-touted SRX services gateways. Juniper, partners told CRN at the conference, had responded too slowly in 2010 and 2011 to customer complaints about certain SRX lines' massive technical shortcomings, particularly in areas such as unified threat management and intrusion detection. Juniper, they said, had released a product that wasn't fully baked.

The SRX blowback was so severe -- admittedly because, as partners said, Juniper was always perceived as a "products first" company -- that Juniper executive vice presidents Stefan Dyckerhoff and Bob Muglia apologized to Juniper's partner base during a main-stage session.

"By the time it gets to that, where everyone knows how badly they [screwed] things up that they have to talk about it when they're supposed to be rah-rahing everything, that's how you know they choked," said the chief executive of a Juniper Elite Portfolio partner who requested anonymity.

It came at an inopportune moment for Juniper, which at the time had also just been demoted from the "leaders" category of Gartner's 2011 Magic Quadrant for firewalls to the "challengers" category. All of it added up to the heightened perception of Juniper as an enterprise security laggard, and smaller, scrappier vendors such as Fortinet, Palo Alto Networks and Check Point Software Technologies wasted no time hammering Juniper from a marketing perspective.

Juniper itself has admitted it has fallen behind in security, particularly enterprise security.

"I think we've been clear about admitting that Juniper has been behind in strategy and approach here," Muglia, who heads software solutions at Juniper, told CRN. "We had pivoted our security toward service provider and there had been a very strong focus on the security engineering work toward the service provider side. We did not invest the way we should have in enterprise security, and we did not see the growth there that we would have liked to see."

Most partners believe Juniper has some big security moves up its sleeve but won't be convinced until Juniper makes those moves. Analysts, too, see Juniper needing a major move of some kind to get its security mojo back.

"I don't want to encourage a big, dilutive acquisition, but there were a number of players, especially Palo Alto and Fortinet, who leapfrogged them," Simon Leopold, managing director of communications equipment for Raymond James, said. "They're just not making a good story there. We've talked to a number of folks who looked at the SRX and were disappointed, and that tarnished their image. They have fallen behind in a key part of their base of business."

Nontraditional security vendors such as F5 Networks, which rules the application delivery networking space and has lately been marketing itself behind the data center security capabilities in its platforms, have also attacked the perceivably weakened Juniper base.

"F5 in particular seized a golden opportunity," said a solution provider who partners with both F5 and Juniper and asked not to be named. "They heard that Juniper had lost focus and become disorganized. They also heard from customers that the nature of cyberattacks would be better prevented by data center vendors who could talk up things like connections-per-second and DNSSEC [DNS Security Extensions] performance. F5's won over a lot of Juniper business; there's no question about that."

"In security, Palo Alto and Fortinet came out of nowhere and have been taking share from all the legacy vendors, and F5's also put a bull's-eye on Juniper's back," Zeus Kerravala, founder and principal of ZK Research, said. "There's been a lack of product innovation. It's tough being a Juniper security VAR right now because they haven't reinvigorated the firewall yet and there is good product but not a lot of innovation for a while."

Juniper, however, says its security story is improving. Its third-quarter 2012 security product revenue was $178 million, down 7 percent year over year, but up 12 percent from where it was in Juniper's prior quarter.

"We're making good progress in rebuilding momentum in security," Juniper CEO Kevin Johnson said during the company's third-quarter earnings call in October. "We grew in low double digits on a percentage basis quarter-on-quarter. Demand for high-end SRX within the service provider sector was also strong this quarter, growing quarter-on-quarter. But we also saw gains across most of our product families, lending to our confidence that our security business is beginning to stabilize."

Muglia told CRN that Juniper is driving hard to rebuild its strong security stance.

"We are the guys who are going to transform and change the game and the strategies we will outline [in networking] very much impact the network security business," he said. "We are, on a functionality-by-functionality basis, getting to where we can do what competitors can do. We are on a path that puts us very much in parity with them and beyond them."

PUBLISHED JAN. 14, 2013