Juniper Networks, Inc. announced its next-generation Intrusion Detection and Prevention (IDP) platform and new security management software designed to provide increased application visibility and control across the network. The new IDP version 4.0 software provides advanced control over enterprise applications including voice-over-Internet-protocol (VoIP), internal local area network (LAN) and cellular communications, while Juniper Networks' new NetScreen Security Manager (NSM) 2006.1 software provides easy-to-use, centralized management of the enterprise security infrastructure, including IDP systems.

Application use often varies from one enterprise to the next and is often accompanied by a myriad of servers and software versions running on the network at any given time. While many applications are justified for business use, others may exist that are unknown to the security administrator. Additionally, the security state of approved applications may also be unknown, creating open doors for threats to enter the network. With Juniper Networks' new IDP 4.0 solution and NSM management platform, organizations can discover the risks created by known and unknown applications on the network with pinpoint accuracy. Once identified, administrators can leverage the power of the IDP solution to apply granular control over the application, including peer-to-peer (P2P), instant messaging (IM) and many other Internet-based applications.

"Visibility and control over all types of network traffic and emerging applications such as VoIP is vital to delivering a quality managed security service," said Patrick Foxhoven, CIO for CentraComm Communications, a leading managed security service provider (MSSP). "The new Juniper Networks intrusion prevention system and new NSM software give us a competitive edge in delivering high-quality threat prevention and application control to our customers. Enhanced protocol support on the IDP allows us to secure voice communications, while new Security Explorer technology helps us quickly understand and control potential threats to an organization."

Graphical Visibility of Applications and Endpoints

The integration of new IDP and NSM software provides administrators with new levels of visibility into the state of the network. New Security Explorer technology in NSM 2006.1 provides user-friendly graphical views of host, application, server and user activity on the network. The graphical views offer detailed insight into the types and versions of applications running, as well as who is running the applications, what the applications are doing, and the type of attacks coming to or from a particular server, device, user or IP address. Network and application visibility is also augmented by the NSM Security Profiler technology, which provides administrators with critical information captured from network traffic. This includes information on operating system versions, browsers, and the type of communications happening among endpoints. The network-wide correlated information allows security administrators to make focused, incremental security policy adjustments on the IDP platforms in real-time as needed.

"As Internet-based application use increases across the enterprise, the need for application visibility and security management scalability becomes essential to enabling accurate, comprehensive security," said Charles Kolodgy, research director of security products for leading analyst firm IDC. "Juniper Networks new intrusion prevention system gives customers the granular threat awareness and protection needed to thwart threats throughout the network -- essentially IDP for everywhere in the network."

Comprehensive Application Control

The Juniper Networks IDP system leverages the increased visibility provided by the IDP and NSM software to provide focused application protection and control. The new IDP system has been expanded to include application control of VoIP networks through the decoding of the H.225 VoIP control protocol, which enables enterprises to securely use H.323-based VoIP solutions. Control of this protocol is important as VoIP use transcends beyond traditional voice transmissions to include video, data and other multi-media mediums. Additionally, Juniper Networks has expanded application control to include inspection of GTP traffic for threats, which are very prevalent in cellular wireless networks. This allows customers to securely leverage the unmatched reach of cellular networks. Juniper Networks has also enhanced the platform with a unique anomaly engine to protect against potential database threats.

New application marking capabilities in the IDP system allow enterprises and managed security service providers to more efficiently manage the network by prioritizing traffic based on specific business practices. This might include allowing employees to use peer-to-peer applications, but at a lower priority compared to enterprise-approved applications. This level of granular control enables administrators to provide maximum bandwidth allocation for business-critical applications.

"Detailed insight into applications running on the network is essential to understanding the security risk within a company, and is required for accurate and precise threat prevention. It also helps ensure the appropriate application use policies are implemented and enforced on the network," said Hitesh Sheth, vice president of security products for Juniper Networks. "With the combined power of Juniper Networks' new IDP and NSM software, customers can obtain a detailed assessment of what is occurring on their network and can take the necessary action to control it. The result is a better security posture, and reduced cost for the enterprise. For managed security service providers, it means a more targeted and cost-effective service."

The Juniper Networks IDP products provide zero day protection against worms, trojans, spyware, keyloggers and other malware. Juniper Networks is the first vendor to offer daily signature updates for IDP customers, critical in maintaining effective threat coverage and attack response. All of the Juniper Networks IDP platforms are supported by the efforts of Juniper Networks' J-Security Center, which is comprised of a dedicated team of researchers who operate in geographically distributed locations around the clock to monitor new threats and deliver comprehensive protection. With backgrounds in network security, defense and penetration testing, J-Security Center researchers lend their expertise in protocol analysis, engineering, vulnerability research and signature development to our intrusion prevention platforms. Customers also benefit from trusted partnerships with technology vendors, managed security service providers and independent security research firms that help Juniper Networks quickly deliver the most up-to-date protection against existing and emerging threats. The Juniper Networks J-Security Center and can be accessed at http://security.juniper.net.

Availability and Pricing

The Juniper Networks IDP 4.0 and NSM 2006.1 software are both available today for immediate download for existing IDP appliance and NSM customers. The IDP appliances with version 4.0 software are priced and sized to fit any organization, and list pricing for the IDP appliances starts at $9,000 for the IDP 50. Software upgrades are available for customers with active support contracts. A 5-device license of NSM 2006.1 is included with every IDP appliance purchase and upgrade licenses are also available for purchase. For more information and product details, please visit http://juniper.net/products/intrusion and http://www.juniper.net/products/intrusion/ns_sm.html.