Juniper's New 100-Gbps Firewall Is 'Absolutely Ridiculous -- In A Good Way'

Juniper Networks is throwing down the gauntlet in the security market by enhancing its Software-Defined Secure Networks (SDSN) framework, which it says opens up new software revenue opportunities for channel partners and widens the technology gap against cybersecurity competitors.

"We're competing against niche players like your Palo Alto Networks, your Fortinet, Check Point [Software Technologies], but what sets us apart is our vision encompassing the entire network rather than just selling point products," said Jennifer Blatnik, vice president of cloud and marketing at Juniper, in an interview with CRN.

"Then you have larger players like Cisco who have a wide product portfolio breadth. But the issue with them is that their portfolio is so wide that it's almost just a bunch of different siloed companies just united by a brand," said Blatnik. "Cisco has a solution approach, but whether they can achieve it or not … I'll let [customers] judge that."

[Related: CRN Exclusive: Cisco's Earle Defends Intercloud And Its Future In The Channel]

The Sunnyvale, Calif.-based networking vendor launched Monday a new compact and containerized SRX, the cSRX, and enhanced its vSRX firewall to support 100 Gbps per second for its SDSN framework.

"A 100 Gbps virtual firewall sounds absolutely ridiculous -- in a good way," said Dominic Grillo, executive vice president of Atrion Communications, a Branchburg, N.J.-based solution provider and longtime Juniper partner. "That's really impressive. You're seeing more people looking towards protecting things east-west [server-to-server] internally, so the more you can enable in that virtual environment, the better. A 100-Gbps [firewall] would be a great new asset for us."

The new cSRX is a software-defined networking (SDN) controlled firewall providing advanced layer 4 to layer 7 microservices that Juniper says is the industry's fastest virtual firewall. CSRX includes content security, Juniper's application security suite and unified threat management for providing security as a service in large multi-tenant cloud networks.

"We're the first one to launch a firewall for the container environment," said Blatnik. "This was a part of the market that the channel wasn't able to play in ever before."

Juniper also increased the performance of its vSRX by using 12 virtual central processing units (vCPUs) to increase firewall throughput speeds five times to reach 100 Gbps per seconds.

"With the 100 Gbps, you can now scale up in an x86 appliance model. Up until now, customers had to purchase a dedicated firewall with some type of hardware acceleration to reach these levels of performance and throughput," said Blatnik. "Partner can now sell this one software version and an enterprise customer could deploy it from their data center or private or hybrid cloud."

These enhancements extend the network and security administrator's ability to provision and scale firewall protection, enabling organizations to have more enforcement points across the network to stop threats faster.

Juniper touts its SDSN as giving customers end-to-end network visibility that secures the entire network -- both physical and virtual -- by combining policy, detection and enforcement with a suite of products that centralizes and automates security. Products include Juniper's SRX and vSRX firewalls, cloud-based advanced malware prevention and its Junos Space Security Director.

SDSN allows channel partners to sell in more software environments and enables solution providers to become a trusted adviser to customers by designing an end-to-end solution, according to the company.

Grillo said his company is seeing an uptick in Juniper software sales, but the vendor still has work do to in marketing itself as a true security leader.

"They aren't the one people think of when people think of next generation firewall-type stuff yet. From a branding, marketing perspective, they've got work to do," said Grillo.

"They've definitely got throughputs typically beyond what Palo Alto [Networks] can deliver, so it's a matter of convincing the market that, 'Hey, we're in this space for real and we can do really well with it," said Grillo. "That's the big thing for them is getting the message out."

Blatnik said Juniper is striving to evolve the industry from thinking "network security" to "secure networks" through its SDSN.

"The difference is, network security is just about layering on security devices onto the network, which is not really the most efficient way to secure the network," said Blatnik.

"The idea behind SDSN is that you can federate across the board different security policy engines and be able to use anything on the network as a possible point of enforcement," said Blatnik.