Juniper updates network access control

This week Juniper Networks updated its Unified Access Control (UAC) software, which the vendor says will reduce the cost and complexity of securing networks and applications.

UAC version 2.1 offers access control, visibility, and monitoring of applications and users to address regulatory compliance and mitigate risk and exposure to an ever-evolving landscape of threats. According to Juniper Director of Product Management Karthik Krishnan, version 2.1 is in line with Juniper's broader strategy to give enterprises advanced, coordinated visibility and control of applications and users across the enterprise.

UAC 2.1 includes the following features:

• Coordinated threat control, which uses Juniper's Intrusion Detection and Prevention (IDP) platforms for Layers 2 through 7 visibility into application traffic. This allows IT to isolate a threat at the user or device level and employ a specific, configurable policy action against that user or device.
• An identity-enabled profiler that ties user identity and role information to network and application usage, allowing enterprises to track and audit network application access, thereby addressing regulatory compliance.
• Unmanageable device support that can dynamically address unmanageable endpoints like printers and VoIP phones so enterprises can use existing policy and profile stores to control their access.
• Advanced security assessment, which integrates Shavlik NetChk Protect's predefined patch management assessment checks, allowing granular endpoint device health and security-state assessments.
• Heterogeneous endpoint support that extends support to enterprise computing platforms with a new Layer 2/3 UAC agent for Microsoft Windows Vista.
• Simplified deployment that extends authentication protocol support for phased deployments, providing enhanced automatic remediation capabilities.

NAC evolves from the core to outer edge

According to Krishnan, companies now consider networks and network access as critical to success and are recognising that access control, visibility, and monitoring of applications and users are essential to mitigate exposure to internal and external threats. Network access control (NAC), he said, is at an evolutionary stage, maturing from simple pre-admission controls, guest-user access and endpoint policy assessment. Instead, NAC is now wrapping in post-admission policies and controls, role-based application access, and network and application visibility and monitoring. In UAC 2.1, Juniper has added the ability to implement security policy enforcement broader and deeper into a network's core and outward to the edge, mitigating many of the risks associated with exposing corporate assets.

Andrew Braunberg, senior analyst at research firm Current Analysis, said Juniper's UAC updates will continue to make Juniper a worthy competitor in the network access control market. He added, however, that many of the enhanced features aren't entirely new but instead a spin on already existing functionality.

"With NAC, it's about letting users leverage their existing security investments," he said, adding that he wonders if UAC 2.1's IDP tie-in will be opened up to third-party intrusion detection and prevention tools.

Overall, Braunberg said, Juniper has been able to round out both the pre- and post-connect capabilities of UAC, tasks, that, he added, users and market research ranks rather high among NAC tools. Additionally, adding in identity- and role-based awareness for auditing and compliance furthers NAC's capabilities. And while he said the updates, such as a Vista client and the ability to discover unmanageable devices agentlessly, are not a "huge new deal," he noted that they represent progress.

"This will help [Juniper] stay competitive," he said.

Competition in the NAC market, which is dominated by Cisco's framework and appliance, has recently reached a plateau, since few new functions are being created. Braunberg said many vendors are enhancing their NAC offerings in order to stay on par, but no real new functionality has arisen since the market reached a level of maturity.

"There's not really going to be anything new under the sun in the NAC market over the next few years," Braunberg said, citing something he read recently. "Most of it is already available. Vendors will continue fortifying their NAC solutions."

Sanjay Beri, vice president of access solutions at Juniper, said UAC 2.1 enables IT to proactively mitigate threats, maintain regulatory compliance and reduce administration inefficiencies that increase costs and diminish productivity.

"Our open, standards-based UAC offering provides enterprises with a simple, flexible access control solution that enables a phased approach to deployment and protects customers' previous IT investments," Beri said.