In the face of increasingly complex attacks, Juniper Networks is beefing up its DDoS Secure solution to help companies mitigate the threats. The solution promises more effective security intelligence
thoughout the network fabric.
Here’s Juniper’s pitch: Today’s enterprises need more sophisticated protection as attacks on the network become more complicated and difficult to spot. As the company sees it, leveraging information and intelligence in the network is vital to building a secure high-IQ network.
The latest upgrades to the DDoS solution promise to detect and stop attacks at the network and application layer closer to the source. Juniper is doing this by using networking protocols to make its MX Series routers function as enforcement points.
Optimizing Network Operations
Juniper is pitching that its approach gives both enterprises and service providers a better way to stop the volumetric attacks that could cripple a network. The strategy also promises to mitigate inside-out domain name system (DNS) reflection and amplification attacks, and botnet-infected devices impacts, as well as other popular DDoS (distributed denial-of-service) attack methods.
According to Infonetics Research, new varieties of amplification attacks are pushing the boundaries of mitigation performance and driving increased investment in DDoS prevention. The 2013 DNS amplification attack aimed at Spamhaus that topped 300G and the NTP amplification attack earlier this year that exceeded 400G are prime examples.
“Leveraging a single provider for DDoS mitigation and DNS availability can optimize network operations, streamline remediation and improve customer experience,” said Jeff Wilson, principal analyst at Infonetics Research.
Part of Juniper’s secret sauce is tighter integration into routing and service provider infrastructures with BGP Flowspec and GPRS Tunneling Protocol (GTP) protocols. According to the company, this approach enables new forms of protection that can “more effectively and efficiently” mitigate a variety of DDoS attacks without restricting or impacting normal service.
We caught up with Zeus Kerravala, principal analyst at ZK Research, to get his take on the new release. He told us it’s long overdue.
“Juniper has always been a performance-focused security company and used to be regarded as one of the best security vendors out there,” said Kerravala. “Over the last few years they’ve lost some of that tag to companies like Palo Alto.”
Kerravala noted that the product seems primarily focused on service providers, which is still where the bulk of Juniper’s revenue comes from. It also hones in more strongly on DDoS attacks, which he sees as a solid strategy.
“While this challenge has been around for a while, DDoS attacks are still a big problem,” he said. “From my research, almost half of companies today still see regular DDoS attacks launched at their networks. I would assume that is higher among service providers.”