Juniper boosts end-point security
Company adds new features to its SSL VPN gateway to make sure devices connecting to a network are clean.
On Monday, the company announced updates to its NetScreen Secure Access SSL VPN product. The updates center on the integration of technology from end-point security companies such as InfoExpress, McAfee, Sygate Technologies, Symantec, Trend Micro and Whole Security.
Juniper's virtual private network (VPN) gateway uses a browser-based encryption technology called Secure Sockets Layer (SSL). Its current product is based on one developed by a start-up called Neoteris, which was later bought by NetScreen Technologies. Juniper announced it was buying NetScreen in February.
Since 2002, the Neoteris SSL VPN has offered some host security features. Neoteris partnered with Sygate and Whole Security to provide health checks of devices connecting to a network via an SSL connection.
The SSL VPN product has been evolving. The latest version introduced Monday scans hosts for viruses, worms and malware. It also makes sure that the appropriate versions of security software are running. If an anomaly is detected, it automatically pushes software updates and security patches to clients when needed. Previously, people were redirected to a third-party Web site where they were asked to upload the content themselves.
Juniper says that with automatic security updates, network managers will have more control over their networks because they will be able to track and accurately record when hosts have been updated.
"If the end user is redirected off the network, administrators lose visibility," said Johnnie Konstantas, senior product manager for Juniper. "They are unable to log that information and take action later if someone is not in compliance with their established policies."
End-point security has become a hot topic lately as enterprises struggle to keep employees' laptops, desktops and PDAs connected to the network clean. Earlier this year, Cisco Systems announced a network architecture it calls Network Admission Control. Through a partnership with three antivirus software companies, Cisco's routers will be able to check that devices connecting to a network are secure. The company plans to launch functionality on its Ethernet switches in 2005.
Enterasys and Alcatel have also announced similar functionality. Using the IEEE 802.11x standard, their Ethernet switches check the health of hosts connecting to a network.
Microsoft has also developed an architecture, which it calls Network Access Protection. Microsoft has partnered with several antivirus companies and has also announced partnerships with several networking companies, including Juniper.
Juniper's product is similar to these others, but it focuses on SSL VPN connections exclusively. This means it can only check the health of a host connecting to the network through an SSL VPN gateway. Other SSL VPN players, including Aventail and Nokia, offer similar functionality.