Juniper and Symantec struck a deal this week that will allow the
companies to scratch each other's backs while supplying a combined
security platform to enterprises.
The partnership received glowing reviews from observers who view
integration of leading security products as a win for enterprises.
At the same time, a note of caution was sounded by users and
competitors that the Juniper-Symantec platform does not reach far
enough into the LAN to provide adequate protection.
Under the joint agreement, the companies will integrate
Symantec's client security software with Juniper's Secure Sockets
Layer (SSL) VPN boxes. The combination will create endpoint
compliance and access control platforms, and also offer a one-stop
shopping experience to network managers looking to bolster
protection of the network perimeter from intruders.
The agreement covers Symantec's anti-spam, intrusion detection
and prevention signatures and vulnerability information, as well as
Juniper's Secure Services Gateway line of security hardware. Both
companies will market and sell the combined security platforms.
The announcement comes on the heels of Symantec's recent
announcement that it is exiting the hardware business.
"This really is a brilliant partnership. It helps Symantec out
because they need Juniper's hardware, and Juniper gets Symantec's
security software," said Charlotte Dunlap, analyst, information
security, with Current Analysis. "Investments network managers have
made in Juniper's networking are going to be nicely protected, and
they can look forward to solid security now and going forward."
The two companies will also work together to enhance Juniper's
unified threat management and intrusion detection and prevention
products.
They also vowed to continue support of the Trusted Network
Connect (TNC) open standard, a set of nonproprietary network access
control specifications that enable the application and enforcement
of security requirements for endpoints connecting to a network.
Further, Juniper's J-Security worldwide team and Symantec's
industry-leading Global Intelligence Network will collaborate on
security and threat research and on creating intrusion prevention
signatures for Juniper's appliances, the companies said.
"Right up front, we are going to share technology to build
solutions together," said Hitesh Sheth, vice president, enterprise
products and solutions at Juniper, noting that the collaboration
agreement will offer network managers a simplified, end-to-end
platform that lets endpoint and network policies talk to each
other. "We are reducing the number of moving parts and reducing the
complexity of the solution so that it's much easier and cheaper to
deploy."
The announcement by Juniper and Symantec takes a clear swipe at
network access control (NAC) vendors such as Cisco, Lockdown
Networks and ConSentry, as well as point-product companies
addressing the antivirus software arena.
"On one hand, you've got Cisco with a broad portfolio of
products, and then you have point-product vendors like Check
Point," Sheth said. "But point-product companies don't have breadth
of technology. Cisco has breadth, but it has a market share problem
in independent segments."
The comparison falls short, however, when it comes to helping
enterprises with potentially more dangerous problems such as
zero-day viruses, according to Michelle McLean, director of
marketing with ConSentry.
"This deal validates the need for more pervasive protection
against zero-day threats, and it recognizes the limitations of
signatures," McLean said "The challenge for [network managers] is
that this threat extends to the entire network, so along with
protection on the client and on SSL VPN devices, [network managers]
need zero-day protection built into the LAN itself. Getting that
protection in Juniper's model is very difficult, because deploying
firewalls all over the LAN is too costly and won't scale."
Lloyd Hession, chief security officer at BT Radianz and a
security expert, agrees. He warned that for network managers
focused on trying to secure the LAN infrastructure, the
Juniper-Symantec partnership doesn't "really address that because
it isn't clear to me that this agreement targets that space."
"The LAN now has so much of a focus as a security point because
it's no longer hidden away from the prying eyes of the outside
world," said Hession, who is a frequent speaker on security issues
as well as a major policy contributor within the securities
industry and government agencies. "Sophistication of the
applications people are reaching is much further into the
organization … traffic is so complex that it needs more than simple
filtering."