Attacks against web applications are a growing threat that Juniper hopes to challenge with its Mykonos purchase
Juniper Networks is adding Web application security to its security portfolio, after it acquired Mykonos Software for $80 million (£51m) in cash.
The company said it acquired privately held Mykonos to expand its security footprint to include “intrusion-deception” systems that protect Websites and Web applications from advanced attacks.
Customers will benefit from having access to a proactive security approach that can stop attackers in real time and to an extensive portfolio covering physical, virtual and cloud environments, Juniper said.
Web applications are among the largest unprotected attack surfaces, and the frequency of attack is increasing, Juniper said. Mykonos focuses on protecting Web applications from zero-day attacks and advanced threats.
The Web Intrusion Prevention System from Mykonos will complement Juniper’s existing line of security products, which include firewalls and network-security systems, Nawaf Bitar, a senior vice president and general manager of Juniper’s security business unit, said in an interview.
“It fills a Web application security gap we had,” Bitar said. Juniper’s goal, he added, is to provide security across all devices, applications, cloud and the network.
Mykonos specialises in intrusion-deception techniques that feed attackers false information as they try to breach a Website or application. The technology tags and profiles the attacker, based on the device being used and other characteristics, and uses that information to block future break-in attempts.
The technology is “unique” because it proactively identifies attackers and neutralises threats in real time before damage is done, Brian Marshall, an IT hardware and data-networking analyst for ISI Group, wrote in a research note. The acquisition is a “solid addition” to Juniper’s security portfolio and would help service providers and enterprises simplify their network security, he added.
The Mykonos deal should be considered a strategic acquisition, according to Bitar. He noted that all 14 Mykonos employees are expected to stay with Juniper, and the company will maintain its offices in San Francisco, New York City and Rochester, N.Y. David Koretz, CEO and founder of Mykonos, will report to Bitar.
Bitar declined to share details of the long-term product road map, but said there were several areas in which Mykonos products could be integrated with existing Juniper offerings. He did not rule out the possibility of data being shared between the various products or even offering the technology as a service.
“There are opportunities for Juniper to sell stand-alone and integrated versions of the Mykonos solution,” Jeff Wilson, principal analyst at Infonetics Research, said in his assessment of the deal.
Mykonos would operate independently for the short-term and retain the company name for brand recognition, Koretz said. The security research teams will also work independently for the time being, but he expects them to eventually work together. It’s increasingly clear that the static approach to security no longer works and cyber-intelligence is needed, Koretz said.
Juniper’s efforts in the network space were similar to what law-enforcement authorities and the military accomplish in the physical world, protecting the borders and actively foiling attacks, Koretz said. Mykonos will provide the intelligence and insights that will make these efforts more effective. The Juniper-Mykonos combination will deliver a “one-two punch” that competitors will be hard-pressed to counter, he claimed.
Koretz acknowledged that the acquisition was “not the most obvious deal” for Mykonos, but said it actually made the best sense for the company’s overall strategy because the two companies have similar visions of where security should go. The deal brings both companies closer to their goals faster, he added.
How well do you know Internet security? Try our quiz and find out!