Since Juniper bought Altor Networks, there has been steady progress to use Altor VF3 (now Juniper vGW, pronounced vee-Gee-W) as a way to extend the functionality of the Juniper SRX Series of Service Gateways into the virtual and cloud environments. Juniper is focusing on the entire security stack from the endpoint to the hypervisor, vGW offers one component of that entire picture. Another component is the Junos Pulse Mobile Security Suite which provides Security as a Service for mobile devices. These two components alone are a very powerful set of tools for any Enterprise. When you add in the other components it is a compelling story from network security perspective.End-point security is becoming more and more important as the use of personal wireless devices such as iPhones, Androids, and Tablets increase. The theory goes:
If we can protect the end-point from attack we have a better chance of protecting the environment to which they connect.
To which I agree, but the problem is based on how that security is implemented. Minimally security for end-point devices boils down to very few questions:
- Does it affect my ease of use?
- Does it affect my ability to do my job?
- How much does it cost?
- How much will it cost if I do not do this?
And these are the hardest questions to answer, but one thing everyone should realize is:
Use of mobile devices increases your attack surface area.
So having a service that allows me to protect these devices is a goal unto itself. Unlike Zscaler and more like Trusteer, the Junos Pulse Mobile Security Suite uses the cloud to manage and download the security agents to the mobile devices. The cloud component is where all the policy and controls are set, while the downloaded tools work to protect the mobile devices and provide a secure VPN into a Juniper VPN device.
On the other end of the spectrum sits the Juniper vGW (formerly Altor VF3) which has been modified to integrate into the SRX Series of Juniper physical devices. Juniper vGW gives a view into the virtual or cloud environments that make use of vSphere. Zone information, communication and network interface policies are configured within an SRX and vGW queries those zones and policies while providing all other vGW functionality. In this way there is one place to set certain policies. vGW has all the existing features of Altor VF3 as well with a new look and field. SRX policies are now enforced with vGW. I still see vGW, however, as mainly a firewall play with IDS/IPS capabilities. Its compliance module is for determining compliance to the policies you set, which are important but does not have any preset rules for the bigger compliance requirements of PCI, etc. This requires other non-Juniper products to be also part of your suite such as RSA Archer or HP Arcsight.
vGW has improved its own integrations with the Juniper IDS/IPS solutions as well as providing a SourceFire IDS/IPS feed. In essence, Juniper vGW can also be a standalone product within your virtual environment as well as integrating into the bigger family of Juniper products. Combined with Junos Pulse Mobile Security Suite it looks like Juniper has covered all aspects of the Enterprise network.
Share this Article:
Latest posts by Edward Haletky (see all)
- Common Product Security Questions - November 23, 2016
- Sorry Support: Not Getting My Data - November 18, 2016
- Moving to the Future: Strategies for Handling Data Scale - November 14, 2016