Secure network perimeter to result from Symantec-Juniper deal

Juniper and Symantec struck a deal this week that will allow the companies to scratch each other's backs while supplying a combined security platform to enterprises.

The partnership received glowing reviews from observers who view integration of leading security products as a win for enterprises. At the same time, a note of caution was sounded by users and competitors that the Juniper-Symantec platform does not reach far enough into the LAN to provide adequate protection.

Under the joint agreement, the companies will integrate Symantec's client security software with Juniper's Secure Sockets Layer (SSL) VPN boxes. The combination will create endpoint compliance and access control platforms, and also offer a one-stop shopping experience to network managers looking to bolster protection of the network perimeter from intruders.

The agreement covers Symantec's anti-spam, intrusion detection and prevention signatures and vulnerability information, as well as Juniper's Secure Services Gateway line of security hardware. Both companies will market and sell the combined security platforms.

The announcement comes on the heels of Symantec's recent announcement that it is exiting the hardware business.

"This really is a brilliant partnership. It helps Symantec out because they need Juniper's hardware, and Juniper gets Symantec's security software," said Charlotte Dunlap, analyst, information security, with Current Analysis. "Investments network managers have made in Juniper's networking are going to be nicely protected, and they can look forward to solid security now and going forward."

The two companies will also work together to enhance Juniper's unified threat management and intrusion detection and prevention products.

They also vowed to continue support of the Trusted Network Connect (TNC) open standard, a set of nonproprietary network access control specifications that enable the application and enforcement of security requirements for endpoints connecting to a network.

Further, Juniper's J-Security worldwide team and Symantec's industry-leading Global Intelligence Network will collaborate on security and threat research and on creating intrusion prevention signatures for Juniper's appliances, the companies said.

"Right up front, we are going to share technology to build solutions together," said Hitesh Sheth, vice president, enterprise products and solutions at Juniper, noting that the collaboration agreement will offer network managers a simplified, end-to-end platform that lets endpoint and network policies talk to each other. "We are reducing the number of moving parts and reducing the complexity of the solution so that it's much easier and cheaper to deploy."

The announcement by Juniper and Symantec takes a clear swipe at network access control (NAC) vendors such as Cisco, Lockdown Networks and ConSentry, as well as point-product companies addressing the antivirus software arena.

"On one hand, you've got Cisco with a broad portfolio of products, and then you have point-product vendors like Check Point," Sheth said. "But point-product companies don't have breadth of technology. Cisco has breadth, but it has a market share problem in independent segments."

The comparison falls short, however, when it comes to helping enterprises with potentially more dangerous problems such as zero-day viruses, according to Michelle McLean, director of marketing with ConSentry.

"This deal validates the need for more pervasive protection against zero-day threats, and it recognizes the limitations of signatures," McLean said "The challenge for [network managers] is that this threat extends to the entire network, so along with protection on the client and on SSL VPN devices, [network managers] need zero-day protection built into the LAN itself. Getting that protection in Juniper's model is very difficult, because deploying firewalls all over the LAN is too costly and won't scale."

Lloyd Hession, chief security officer at BT Radianz and a security expert, agrees. He warned that for network managers focused on trying to secure the LAN infrastructure, the Juniper-Symantec partnership doesn't "really address that because it isn't clear to me that this agreement targets that space."

"The LAN now has so much of a focus as a security point because it's no longer hidden away from the prying eyes of the outside world," said Hession, who is a frequent speaker on security issues as well as a major policy contributor within the securities industry and government agencies. "Sophistication of the applications people are reaching is much further into the organisation traffic is so complex that it needs more than simple filtering."