How the Software-Defined Secure Network Protects the Entire Network

By Marcus Doran – VP & GM at Rahi Systems Europe.

  • Friday, 24th August 2018 Posted 6 years ago in by Phil Alsop
Every time a mobile device or Internet of Things (IoT) sensor connects to the network, there’s a real risk of a data breach. Today’s hackers are highly effective at exploiting the vulnerabilities in these devices, as well as tricking users into handing over their legitimate credentials. Once inside, hackers can move across the network undetected, looking to steal sensitive data and sell it to the highest bidder.

Simply building a great wall of IT security won’t be enough to protect your data and IT assets, yet many organizations continue to focus their efforts on improving firewall security. Next-generation firewalls are important, but they are only one element of a layered security approach.


Mobile and the IoT has created an ill-defined, porous perimeter that’s increasingly difficult to protect. Perimeter defenses are designed to block threats coming in from the outside but trust everything on inside, where many threats already reside. Furthermore, disparate security tools don’t communicate with one another, creating visibility issues and security gaps.

The Software-Defined Secure Networks (SDSN) platform from Juniper Networks is based on the principle that every network element can be a point of threat detection. It is an open, API-based fabric that automatically collects data across the network and correlates it using the Juniper Sky Advanced Threat Prevention (ATP) cloud-based service.

This approach provides end-to-end visibility and enables real-time threat analysis by leveraging cloud economics and actionable, location-aware threat intelligence. Threats are detected quickly and blocked or quarantined to prevent them from moving north-south or east-west through the network.

Policy Enforcer, SDSN’s dynamic policy engine, enables IT teams to manage network security through a single pane of glass. Policy orchestration ensures that policies are deployed and consistently enforced in both physical and virtual environments.

The Junos Space Security Director Policy Enforcer also makes it possible to enforce policies in third-party switches as well as firewalls and Juniper switches, which offers better protection against incoming and laterally moving threats. Third-party integration through Juniper’s Open Convergence Framework enables organizations to choose multiple sources for threat intelligence.

By combining threat intelligence with a centralized policy engine, SDSN dynamically adapts to stay ahead of the latest threats. Updates are automatically distributed across the network in real time. This provides greater agility and flexibility in responding to evolving security threats while minimizing the time between detection and resolution.

SDSN makes it possible to detect security threats anywhere across the network structure, not just the perimeter. The SDSN platform also integrates with third-party cloud systems to deliver security to both private and public clouds. In addition, Juniper Sky ATP goes beyond traditional antivirus and anti-spam tools, using machine learning capabilities for email analysis to detect the latest malware campaigns.

Next-generation firewalls simply can’t offer protection in every area of your network. With Juniper SDSN, organizations can centrally manage and automatically update and enforce security policies across the entire infrastructure — physical or virtual, public or private cloud.