Juniper crams security tools into appliances

Juniper Networks is delivering on a promise to pack lots of security features into its firewalls and appliances for medium-sized businesses and branch offices.

On Monday, the company released antispam capability, as well as an antivirus toolset that also fights spyware, adware and phishing, into the software for its SSG security appliances. It had promised those optional features in February when it introduced the SSG (Secure Services Gateway) product line.

The introductions Monday were part of a new version of Juniper's ScreenOS software, which runs the firewalls and appliances that trace their roots to the company's 2004 acquisition of NetScreen. The new software, ScreenOS 5.4, is also designed to simplify Juniper's system for keeping potentially dangerous devices from connecting to a network.

Both Juniper and its routing archrival, Cisco Systems, want to build security features into enterprise networks and use the network to enforce good security health on PCs and other devices. Juniper already offers optional IPS (intrusion prevention system) and Web filtering for the SSG platforms, which can act as WAN (Wide Area Network) routers as well as security appliances. The Sunnyvale, California, company gets the additional features from third-party specialists including Kaspersky Lab. and Symantec Corp.

The integration of a whole range of security features within one security device, sometimes called UTM (unified threat management), is best suited to smaller organizations and branch offices that have less bandwidth and resources to work with and so don't want a separate box for every function, said Stephen Philip, director of marketing for Juniper's security products group.

In the latest ScreenOS, Juniper is also making it easier to enforce rules on devices that try to get on to the network. It offers a "captive portal" feature that forces users into a specific Web page when they try to log on to the network. In the process, software is added to the user's device over the network for the latest security capabilities, Philip said.

In addition, Juniper is adding policy-based routing to ScreenOS. This can be used to direct certain types of packets to a third-party tool for more detailed analysis or special treatment, Philip said.

ScreenOS 5.4 is available now for Juniper's NetScreen, ISG (Integrated Security Gateway) and SSG lines and can be downloaded. It is free for new and currently supported customers except for the UTM features, which are sold on a subscription basis. Pricing was not immediately available.