Juniper Networks is continuing to build out its Connected Security architecture on an open platform that the networking giant launched in 2019. The platform provides enterprises with a range of automated and integrated security technologies from a number of vendors.
The company this week added Cloud Workload Protection, a lightweight software agent designed to protect applications and workloads both in the cloud and on premises. The agent will control application execution and monitor the application’s behavior and context to ensure there are no anomalies and automatically remediate issues that arise.
Essentially, Cloud Workload Protection understands what the software is supposed to do and monitors what’s happening in real time. It protects against bad actors looking to exploit vulnerabilities in the applications, protecting mission-critical applications and keeping services safe. This is important because software is written by humans, Kate Adam, senior director of security product marketing for Juniper, told Enterprise Networking Planet.
“Even the companies that have the most stringent SDLC [Secure Development Lifecycle] … there are probably always going to be some level of errors, vulnerabilities created, even if all the best measures are taken into account, even if your coders are trained and well-versed in secure coding practices,” Adam said.
Vulnerabilities are Costly
Exploited vulnerabilities can bring a big cost to companies, she said. Even if the vulnerability is discovered through testing or other means, like DAST scanning or static analysis, it takes time and money to pull back part of the application and issue a patch. It’s even more expensive if an attacker exploits the vulnerability.
Juniper’s Cloud Protection agent is essentially a safety net for applications, Adam said.
“What it does is essentially maps out the application – what it’s supposed to do, what services it’s supposed to call, what functions are in that code,” she said. “It integrates with the DAST scanning tools [and] with pen-testing results so it can suck in that vulnerability discovery information. But within that map that the agent creates, it also can identify when there’s a deviation from the map. ‘I know that this function is supposed to call these services in this order.’ Any deviation from that is very likely an exploit attempt.”
The offering comes with an array of capabilities, including protection against memory-based attacks, vulnerability detection, signatureless run-time application self–protection (RASP) for real-time attack protection, and comprehensive telemetry for application-level security event generation and reporting.
There also is zero-trust microsegmentation, which is designed to protect applications from threats moving laterally through the network. It integrates with Juniper’s vSRX virtualized firewalls and will also work with the vendor’s physical firewall appliances.
“A lot of applications these days are deployed in public cloud environments, where vSRX is used most heavily,” Adam said. “With the Cloud Workload Protection agent, all of the vulnerability and exploit attempt information that it gathers as a result of that mapping [and] as a result of the continuous monitoring and blocking is actually sent to the SRX. Any attacker IPs are sent to the dynamic address group [and] any of the exploit information places within the code where the vulnerability exists is also sent to the vSRX, and that way customers can create customized IPS signatures within a few minutes.”
No Baseline Needed
The agent is different from machine learning and behavioral modeling tools because it doesn’t need a baseline of application behavior, Adam noted. Instead, Juniper’s offering “just needs to look at what [the application] is intending to do and what it is attempting to communicate with and how those communication attempts are made. We’ve been able to detect and block even zero-day exploit attempts. This does not require a behavioral baseline. Literally, a customer can deploy this agent and in a few minutes the application map is done and they’re ready to go.”
Cloud Workload Protection also is part of Juniper’s Zero Trust data center architecture, which works with the Connected Strategy portfolio to orchestrate application infrastructure in various data centers and secure connection points along the way, from the data center gateway to interconnects between servers and within workloads, Adam wrote in a blog post.
Network’s Growing Role in Security
It’s also the latest example of the increasing security role networking providers are playing in an increasingly distributed IT world of data centers, clouds and the edge, where applications and data more and more are being created, stored, and accessed outside of traditional central data centers and often by workers working remotely and leveraging myriad devices. The network is the pathway between the applications and data traffic and is the technology that connects these disparate sites.
It was the impetus for Juniper to create its Connected Security strategy two years ago, Adam said. The strategy was launched with such partners as Nutanix and Aruba Networks (owned by Hewlett Packard Enterprise) and addresses such advanced market segments as software-defined WAN (SD-WAN), next-generation firewalls and secure access service edge (SASE).
“We saw the need for security and networking to converge such that the network takes part in its own defense and the network goes from what has traditionally been dumb pipes,” Adam said, adding that Juniper has been working to extend “those security capabilities to the networking stack — to the routing, switching, to Wi-Fi access points, to data center fabrics, to the things that make the network go. They also need to make the network secure. We can’t rely solely on traditional security technology and just say the firewall will catch it.”
Also read: The Future of Network Management with AIOps
Need More Than Firewalls
Traditional firewalls play an important role, but the network also can collect threat intelligence, drive visibility into the entire network — not only what goes through the firewall — to see what the switches and routers are doing and whether a blip in network performance indicates that an attack is underway, Adam said.
“The network is superpowered with security, visibility, intelligence and enforcement capabilities and we’ve seen a lot of success with that strategy,” she said. “We really do believe that is the way to change. The face of security is involving the network from the get-go and it has been incumbent upon networking vendors to make that happen.”
The global network security market seems to be rebounding from a dip caused by the COVID-19 pandemic, according to analysts with Dell’Oro Group. A combination of increased vaccination rates and economic stimulus packages pushed by governments have helped reduce lockdown mandates and injected money into the system, they wrote in a report this week.
Market growth in 2020 was 3 percent year-over-year, the analysts wrote. They expect low double-digit increases this year and next, then high single-digit growth through 2025. Those products in a cloud-delivered software-as-a-service (SaaS) model will grow at an average rate of 21 percent, hitting almost $10 billion by 2025. The $12 billion physical appliance market will see about 3 percent growth a year.