Well, anyone familiar with Juniper’s acquisition of the Mykonos Web-centric Intrusion Deception products may or may not have rolled their eyes at it. What the heck was Juniper thinking? They were buying a product that didn’t really have an established market and was mostly mis-identified and compared with Web Application Firewalls, which resulting in losing by features comparisons to those products almost everytime (because it is NOT a WAF, mind you). Well, my thoughts on it was that Juniper didn’t buy the product for the product itself, but to use as a spring board for launching a threat-intelligence solution, which came to fruition with the Spotlight Secure product. Spotlight Secure was interesting because it could take information multiple sources, such as: Juniper WebApp Secure (the new name for the Mykonos product line), SRX Security gateways, and the Juniper DDOS Secure product line. While that may be cool for customer to have their devices talking among each other, the big advantage is when multiple global customers have their Spotlight installations talking to the cloud and then provide threat information to other customers. Pretty clever Juniper….but wait there’s more.
On Feb 25, 2014, Juniper announced a new product: Juniper Argon Secure, an add-on subscription that can be leveraged on Juniper SRX Security Gateways. While I’m still investigating what all the product can do, it appears that it will do more in the way of the network fake-outs (similar to what Web AppSecure provides with its TarTrap mechanisms) such as fake fileshares which detect when malware reaches out to network shares attempting to gain access to confidential data, or to latch its hooks further in the network. Although none of the literature specifically stated that it would have faux-SMTP processes, I would think that would be par for the course as well, since the press release stated the product can detect applications that “attempt to send data outside the company network”.
Having productized honey-pot/tar-pit type products that can automate their detection and leverage that information to protect other parts of the network by enabling on-demand firewall policies, possibly quarantining hosts to specific network segments, and sharing zero-day detection data with other Juniper customers seems like a step in the right direction. This might just change the outlook for Next-Gen Infrastructure Security…
BTW, if you think the new stuff is cool, you should check out the Secure Access/Access Control Gateways and Juniper Secure Analytics (formerly STRM) integration with IF-MAP – a powerful shared information repository in it’s own-right.