Juniper Challenges Cisco Data Centre Security

A new “dynamic security model” for data centre networks from Juniper and IBM has the potential to hit Cisco where it hurts

Much attention in recent weeks has been given to the war between Cisco Systems and Hewlett-Packard, as each battle for dominance in the data centre and the virtualised world. But Cisco is fighting on multiple fronts, and no less fierce is the Juniper Networks sector – which is challenging Cisco on switches, carrier circuits and security. Juniper’s latest salvo – aided by IBM – on data centre security shows it intends to remain a thorn in Cisco’s side.

With less than a week before the Juniper partner conference in Arizona, Juniper announced a new dynamic security model for protecting data centre infrastructure. The model, built on the SRX Series appliance and Junos operating system platform, is intended to guard against threats specifically common to virtualised environments, Web 2.0 applications and large cloud computing deployments.

The cornerstone of this model is AppTrack, a security package that identifies applications at the gateway and enforces granular security policies – blocking, filtering and alerting. In essence, Juniper is deploying next-generation firewall technology to enterprise data centre environments. It’s also rolling out AppSecure, which guards against distributed denial-of-service (DDoS) attacks. And the model provides malware protection through a partnership with FireEye, a security software startup that specialise in detecting and preventing virus infections and zero-day vulnerability exploits.

Open technology and broad partners

Interestingly, Juniper is making these security applications available on the SRX appliances sold through IBM. For its data centre deployments, IBM is bundling the Juniper gear and applications with its data centre equipment to provide a holistic solution to match those fielded by Cisco and, arguably, HP.

From a technical perspective, the Juniper SRX with AppTrack seems extremely competitive against the broader field of security appliance vendors. Juniper says the integrated management system allows administrators to throttle resources and allocate priority to different security functions based on need. The company claims a single SRX gateway can operate at speeds above 120G bps, which matches the Fortinet 3950B unified threat management appliance announced on 17 May, and dwarfs the performance of anything Cisco has in the field.

In recent conversations I’ve had with Juniper channel chief Frank Vitagliano, he’s maintained that one of the essential elements of Juniper’s competitiveness is maintaining both an open technology platform and broad partners that extends its technology and market reach. It’s built such relationships with Brocade for storage and data centre switching.

In fact, financial analysts have credited competitive pressure by Juniper and others for Cisco’s recent disappointing earnings.

Anders Bylund at the Motley Fool wrote yesterday:

“I’m not convinced that Cisco is doing all that much better than direct competitors Juniper Networks and Brocade Communications Systems, both of whom are keeping up with — or exceeding — Cisco’s organic growth. Simply put, these are salad days for networking businesses and Cisco should have been springboarding off that trend to increase its already-hulking stature in the sector. But instead, and despite a torrent of bolt-on acquisitions, Cisco is barely keeping up with the Joneses.”

Goldman Sachs analyst Simona Jankowski wrote:

“We continued to receive feedback from the channel and from enterprise customers that Cisco has been more aggressive on pricing in response to the rising competitive threat in the switching market from HP and Juniper. In some cases Cisco’s products appear to no longer carry a significant premium to the competitive offerings.”

Challenging Cisco

Clearly Juniper and other competitors are having an impact on Cisco and its channel. It’s not to say that Cisco isn’t selling or doesn’t have strong offerings, but it does show that the competitive set across the board are doing more than putting up stiff resistance.

When I asked Vitagliano last week about what it’s like competing with Cisco, he simply said that he’s been in the field against Cisco for six years and that its always a fight. However, he said his and Juniper’s focus is on promoting its platforms and products, and winning market share. And, he added, that Juniper has a long ways to catch up with Cisco in market share in many technology lines.

The OEM alliance strategy – such as the deal with IBM – makes perfect sense in Juniper’s strategy to challenge Cisco. Some partners, particularly midmarket integrators and VARs, worry that Juniper may curry too much favor with the large OEMs and telecom carriers at their expense. A few VARs have told me that they’ve seen Juniper yank deals away from them and give them to carriers. Vitagliano said he’s unaware of such problems and that Juniper is committed to working with all its channel partners. He did concede that carriers will sometimes win deals when competing with smaller Juniper resellers, but it really comes down to who has the greater capabilities.

It will be interesting to see how much security and Cisco are a part of Juniper’s message at next week’s partner conference in Phoenix.