Juniper Adds CASB and DLP to Security Platform


By: R. Scott Raynovich

Juniper is ramping up its assault on the Secure Access Service Edge (SASE) market, where it has added Cloud Access Service Broker (CASB) and Data Loss Prevention (DLP) capabilities.

Yay – more acronyms! Let’s try to explain what this means. SASE is a collection of cloud security technologies that can be integrated with software-defined wide-area networking (SD-WAN) technology to enable cloud-based management of network security functions. The most important functions of SASE include firewalls, secure web gateways (SWGs), DNS security, advanced threat protection (ATP), zero-trust network access (ZTNA), CASB, and DLP. Over the years, Juniper has built up many of these technologies, including SD-WAN and many components of SASE, but it still needed to add a stronger CASB and DLP play.

Juniper says the CASB and DLP offerings will secure software-as-a-service (SaaS) applications and help prevent unwanted access, malware delivery and distribution, and data exfiltration. Both capabilities are part of Juniper's Secure Edge cloud-delivered security solution managed by Security Director Cloud, which secures remote users and on-premises users alike. It enables customers to manage zero trust networks and SASE architectures through one management portal using a single-policy framework.

CASB and DLP services help enterprises gain visibility and security of corporate data being accessed in the cloud. They include the monitoring of user access to cloud services and sites and the implementation of monitoring and security policies. Additional features include threat protection and proxy services such as sandboxing to protect users against cloud security threats.

Juniper executives said they have been working on these capabilities for years, with the goal of providing the most flexible and comprehensive SASE and networking security services. Juniper now offers a hybrid product that can be operated from the cloud or with its on-premises security devices such as routers or firewalls.

“It’s a full security stack, and that’s extremely important to deliver customers a complete experience as they migrate to SASE,” said Samantha Madrid, Group VP of Juniper’s Security Business and Strategy division, in a briefing with analysts last week.

Going Its Own Way

So why now, you ask? Juniper has been seeing financial gains as it has added to its security portfolio, driving revenue growth in the hot cybersecurity market. Recently, the trend in SASE has been a race to integrate as many functions into a cloud-managed SD-WAN platform as possible. Some of Juniper’s biggest competitors -- Cisco, Palo Alto Networks, and Versa Networks among them -- have been busy stocking up SASE capabilities through either internal development or mergers and acquisitions (M&A). Juniper’s biggest competitor, Cisco, has primarily depended on M&A to add SASE capabilities. For example, Cisco bought CASB supplier Cloudlock in 2016.

Meanwhile, some of the more cloud-focused security companies, such as Bitglass, Netskope, Zscaler, and others, offer CASB products but primarily as cloud services, rather than as integrated on-premises networking offerings.

Juniper says its strategy enables its traditional networking customers to migrate to cloud security services using the same software management tools they use for on-premises security and equipment. The company has made some key acquisitions to beef up its security and software-defined wide-area networking technologies, but its CASB and DLP technology are homegrown. Juniper executives said they worked for years on a thoughtful approach to a full suite of integrated networking capabilities to help migrate their customers with on-premises traditional networking equipment.

Juniper feels with CASB integrated with its broad portfolio of SASE and traditional networking security such as firewalls, it has something for everyone. Juniper Secure Edge now provides a full stack of SASE functions, including Firewall-as-a-Service (FWaaS) and Secure Web Gateway (SWG), in a single software stack, now with CASB and DLP, all managed by Security Director Cloud.

With its new full-stack SASE solution, Juniper can now argue that it has one of the more fully featured SASE offerings on the market. It also functions as a platform for both cloud-delivered security and on-premises networking devices, offering a strong migration strategy forJuniper's installed base.