Juniper Networks: Follow the Leader
When Juniper Networks realized that network security was an area of strategic importance to Cisco SystemsJuniper's singularly huge competitor in networking gearthe company felt it had to catch up fast. So in 2004, it bought firewall-appliance maker NetScreen in a deal worth more than $3 billion.
It was a smart move, says Dan Cameron, senior technical architect at Cambridge Health Alliance, a hospital and public health company in Massachusetts, because it gave Juniper instant entry into the security market with high-performance firewall and intrusion prevention products. Juniper "bought the true market leader, and they've done a good job of integrating them," he says.
NetScreen appliances, which use special-purpose chips designed to quickly process security rules and policies, don't require as much care and feeding as traditional firewalls, according to Cameron. "There are no moving parts with NetScreen," he says. "It just runs."
Under the stewardship of Juniper, the NetScreen products "get better and better every day," says Jason Warmby, information-technology director for Hathaway Dinwiddie Construction, a contractor based in San Francisco. For instance, he says, the NetScreen firewalls now offer "deep-packet inspection" that can identify attacks as they're occurring.
At the University of Miami, "Juniper's firewall is the lifeblood of everything," says Stewart Seruya, chief security and network officer. When the university, which has 15,000 students and 10,000 staff and faculty members, first deployed NetScreen firewalls in 2001, Seruya's team shut off virtually all incoming or outgoing traffic that wasn't a Web page or e-mail.
Seruya wanted to be sure the exceptions to that tight lockdown were individually evaluated and approved. Today, four of Juniper's NetScreen 5000-series firewalls manage 4,500 exceptions that the school's security staff has documented,
such as allowing network-based phone traffic through the firewall.
Juniper has been very good about listening to NetScreen customers and responding to feedback, Seruya says: "One of the things I like is that we've got their ears."
For example, the NetScreen operating system initially couldn't handle the H.323 protocolused by IP-based voice and video applications to control phone calls and handle other communications functions-on networks using network address translation (which masks the IP address of systems).
In October 2004, Juniper announced that version 5.1 of the software would provide that capability. Seruya says that while it took three years for the feature to appear in the product, "at least I had a forum to scream and holler at Juniper."