winning with security - junipernetworksevents.net · automation, integration with...
TRANSCRIPT
Winning With Security Ritesh Agrawal Product Line Director
Rasmus Andersen Partner Sales Development
Agenda
• EMEA MARKET
• A LOOK TO THE PAST
• JUNIPER SECURITY VISION THE ROAD AHEAD
• WHAT CAN YOU EFFECTIVELY SELL TODAY
• INVESTMENTS THEMES
• SUMMARY
Security market grew 4.4% YoY
Juniper market share grew 13.8%
80 % of partners expect revenue growth
72% of partners expect profit growth
83% of partners in state of transformation
Change in what and how customers consume security.
hosted security services grew 38% Q4 2015.
Canalys March 2016
The 2015 (ISC)2 Global Information Security Workforce Study
The 2015 (ISC)2 Global Information Security Workforce Study
0
200
400
600
800
1000
1200
1400
1600
1800
2015 2016 2017 2018 2019
EMEA information
Security workers shortage
Demand-meeting projection
Supply-Constrained Projection
The 2015 (ISC)2 Global Information Security Workforce Study
Over next 5 years, you will change…
HOW you sell…
WHO you sell to…
WHAT you sell…
Hybrid IT Cloud
Mobility Software-defined
infrastructure Analytics
Security
Managed
services
Business
outcomes
Professional
services-led
Annuity
revenues
Service level
agreements From IT
supplier to
strategic
partner
CIO
Developer
teams
Internal
service broker
Lines of
business
Born in the
cloud
Verticals
Security sales exceeded expectations in 2015, growing 5 percent year-over-year.
“That's not an accident," he said. “It is a result of some really great work by a lot of people at Juniper that I'm extremely proud of. You're going to see a rolling thunder of security enhancements."
A Look To The Past
Market Addressability
Telco WebSP and
Hosting/Colo Cable
Strategic Verticals (incl. XaaS/Cloud)
Govt/Federal FSI
Commercial
Enterprise Campus & Branch ($3.4B)
Datacenter ($2.4B)
Service Provider Edge ($400M)
Verticals Domains
TAM $6.2B, CAGR 5% (2015-18)
FY15 reflection – THANK YOU!
First Y-Y growth in 5 years Domains
$415
$436
$300
$400
$500
FY'14 FY'15
Rev $’M
-14% Y/Y
5% Y/Y
High-End SRX – 67% Y/Y Growth
SRX Only Y/Y TAM Y/Y
Data Center 27% 13%
Campus & Branch 16% 8%
Mobile SP 4% 21%
2015 Year of Rebound
Platforms refresh Virtual innovation L7 Services
UX/Management Cloud delivered
Security Certifications
Gartner MQ SDSN Partnerships
Refresh: SRX 1500, 3xx, 550, 5K/Gen3
vSRX2.0, cSRX, vSRX on AWS,
OpenStack/CloudStack
Contrail integration
98% IPS efficacy, CP-lite, Tunnel
scale
Security Director 2.0
Sky ATP 1.0 12.1x46, 12.3x48
2nd place for Carrier Grade FW
Vectra, Attivo, Cyphort, Skyhigh,
Cylance Partnerships
Areas of investment Execution
Junipers Security Vision The Road Ahead
Security Trends Today
16
Network security landscape has changed. CISOs “Treading Water”
Risks posed by threats vs risks to business outcomes
Pouring money in security, yet not any more secure
Attackers are always gaining, staying ahead
Metrics of success: total number of attacks stopped vs reduction of risk
17
Bring the whole network to bear. Start talking about Secure Networks.
A Change in Mindset
Realize threats are everywhere. They are already inside. They walked in your front door
Recognize perimeter security isn’t enough
Detection and Enforcement should be enabled anywhere
Acknowledge security is everyone’s problem – horizontal and vertical
The Software-Defined Secure Network
18
Create and centrally manage intent based policy directly aligned to business objectives
Gather & distribute threat intelligence, from multiple sources – know who the bad guys are faster
Leverage cloud economics for real time analysis – find the bad guys faster
Enforce policy to the threat feed information, real time across the network – adapt the network real-time
Detection
Policy
Enforcement
Your Enterprise Network
Software-Defined Secure Network Juniper Building Blocks
Security from the Cloud
Third Party Cloud Security Feeds
Security Director
Mgmt/UI: Policy, App Visibility, Threat Map, Events
vSRX
Virtual Firewall
SRX Series
Physical Firewall
Juniper Cloud Security
Sky Advanced Threat Prevention
Spotlight Secure
Threat Intelligence
MX Series Routers
EX & QFX Series Switches
Comprehensive suite of products: Centralize and automate security
Instant threat intelligence and detection
Dynamically adapting policy, deployed in real-time
Consistent firewall capabilities – physical and virtual
Detection
Detection
Detection
Enforcement
Enforcement
Policy Security Policy Controller
Policy
Third Party Network Elements
Use-Cases YOU can sell TODAY
Data Center Use Cases
Virtualization/ Micro-segmentation /NGFW
Enterprise
Private Cloud
Common Building Blocks
vSRX SRX
AWS,/Contrail Integration, IPSec VPN
Public/Hybrid
Cloud
Multi-tenancy, End-to-end solution, Services
Telco DC
(xCPE)
L2-L7 Security, NAT, Automation
B2B
XaaS/Web DC
Multi-Tenancy, Virtual, LSYS,
Orchestration/Management
Hosting/Colo
Contrail & CSO NFX
Data Center Use Cases
Use Case Customer Needs / Identifying Characteristics
Products Customer
Benefit Positioning
Notes Scale Features Management
Enterprise Private Cloud
<4G Virtual FW,
10G-100G Physical FW
for DC Edge & Core.
Virtualized DC, Physical DC Edge and
DC Core, L4-L7 security, micro-parameterization and micro-segmentation.
Carrier Grade FW
Orchestration using VMWare vRealize or Openstack/Contrail. Unified physical and
virtual security management. Automation
Core & Edge: SRX 5K, 1500 Virtual: vSRX Services: Sky ATP (1500), IPS, AppSec.
High performance, HA/6-nine reliability, Unified physical and virtual management with
SD, Automation, Integration with Contrail/Openstack & QFX, Highest
performance/core and lowest TCO on virtual FW. Integration with vRealize/vCenter is fine.
Competitive overall. (NSX integration is planned for H2 2016)
Public/ Hybrid Cloud
<=1G Virtual FW
1G-10G VPN
for intercloud connectivity
AWS workload, IPSec VPN, L4-L7 services Hybrid/Multi-cloud
cloud with Openstack/Contrail or VMWare environemnt
Unified physical and virtual security management. Automation
Edge: SRX 5K,1500 Virtual: vSRX on AWS & Contrail/Openstack integration Services: L4-L7 Services including Sky ATP, IPS, AppSec.
Hybrid/multi-cloud connectivity using IPSec VPN, unified physical and virtual management
with SD, advanced L4-L7 services for cloud, utility pricing model
Competitive overall: Differentiated in Openstack/Contrail environment
Telco DC [xCPE] <=1G Virtual
FW for xCPE High
density/low TCO
MSPs needing distributed branch
management platform [CSO, uCPE, vCPE] NFVs with L2-L7 security services
Unified physical and virtual security management. Automation
Platform: NFX NFV: vSRX, vMX Orchestration: CSO SDN: Contrail .
End to end solution to reduce Opex and increase topline. Open platform for 3rd party NFVs. OSS/BSS integration, fits into 3rd party
ecosystem, flexible architecture to pick best of breed individual solution components, pay-as-
you-grow business model
Differentiated: End to end solution with Contrail, NFVs, CSO, NFX. Capture mindshare with cSRX high density/low-TCO POC
Data Center Use Cases
Use Case
Customer Needs / Identifying Characteristics
Products Customer
Benefit Positioning
Notes Scale Features Management
B2B XaaS/Web DC 10G IMIX physical
FW
L2-L7 security services, VPN, Carrier grade
availability/HA, Scale
Automation, GUI based policy management
Core & Edge: SRX 5400, SRX1500 Services: IPS
HA/6-nine reliability, Automation
Competitive overall
Hosting/Colo <=4G Virtual FW IMIX per tenant
32 LSYS Physical
FW 10-40G IMIX Physical FW
Mutli-Tenant environment. L2-L7
security services. Virtual and Physical FW. Except
when >32 LSYS is required
Unified physical and virtual security management. Automation
Platform: vSRX, SRX 3xx, 1500, 5K. Services: L4-L7 Services including Sky ATP, IPS, AppSec.
High performance, HA/6-nine reliability, Unified physical and virtual management with SD, Automation, Integration with Contrail/Openstack, Highest
performance/core and lowest TCO on virtual FW, pay-as-you-grow
business model
Differentiated: vSRX and Contrail/Openstack
MSDC
100G+ IMIX physical FW,
40G/100G Interfaces
L2-L7 security services, NAT, VPN, Carrier grade
availability/HA, Scale
Automation/ NetConf
Core & Edge: SRX 5K, MX for CGNAT
High performance, HA/6-nine reliability, Automation, Modular
Scalability (Pay as you grow)
Competitive overall
Campus and Branch Use Cases
Common Building Blocks
vSRX SRX Contrail & CSO NFX
Branch Office Devices
Wireles
s APs
L2
Switch
Multi Services
Gateway
Internet
vCPE SRX NFX
D
D
o
S
I
A
M
N
e
t
S
e
c
A
A
M
w
A
A
M
w
I
A
M
D
D
o
S
I
A
M
N
e
t
S
e
c
S
I
E
M
A
A
M
w
A
n
a
l
y
t
i
c
s
Bank Retail Remote
Office
Enterprise HQ /
DC
Private
Cloud
Public
Cloud
IPSec VPN IPSec
VPN
IPSec
VPN
Multi-
tenant
WAN
Connectivity
Controller
WAN
Connectivity
Controller
Multi-
tenant
Internet
Retail Retail
Campus Edge Firewall
HQ or Campus
Internet
Branch Offices
Branch Firewall
Secure Router and Managed CPE xCPE and SD-WAN Campus and Branch NGFW
Campus & Branch Security
Use Case
Customer Needs / Identifying Characteristics Key
Products Customer
Benefit Positioning Notes
Key Features Scale Management
/Orchestration
Secure Router/managed CPE
• Strong IPSec, VPN, Routing, FW
• Extensive WAN & LAN connectivity
Medium/ Large and distributed enterprise deployments
• Centralized Management with SD
• Multiple automation tools – Auto install and One touch provisioning
Branch: 3xx, 550M Mgmt: SD LTE: CBA
• Superior Price/Perf
• Complete security services
• Path to SD-WAN
Competitive in large and distributed enterprise deployments Opportunistic in integrated LTE markets
NGFW/APT
• Excellent App identification
• NAC Integration • Easy add-on of security
services for SR/L3-L4 deployments
• Effective Zero-day threat detection(Sky ATP)
• Geo-IP, C&C and Custom Feeds for third party integration
Branch FW – Any Scale NAC deployed or <= 2 AD domains
• Central management with SD – easy policies, reports and remediation
Branch: 3xx, 550M Campus: 1500, 5400 Bundles Mgmt: SD
• Easy add-on of NGFW feature set
• Comprehensive Security services
• Inline blocking for zero day threats
Competitive in Small/Medium Size deployments Customers looking for consistency across DC, Campus and Branch security solutions Pursue installed base refresh(Netscreen)
Cloud-CPE
• NFX250 and vCPE • Security NFV • Services Automation
Any scale deployments (Enterprise or SP Managed)
• CSO and Contrail
Branch: NFX250, vSRX Mgmt/Orchestration: CSO, Contrail
• Simplified management / deployment at scale
Differentiated with Cloud-based platform
2016 Focus - Service Provider Edge Domain
Scale / Performance / Modularity /NGFW / DDoS/ CGNAT
Gi Firewall SecGW Roaming
Firewall
IPSec VPN/ Scale / Reliability/ Automation
GTP/SCTP / Billing / HA / Automation
Common Building Blocks
SRX vSRX
2016 Focus – Service Provider Edge use-cases
Use Case Customer Needs / Identifying Characteristics
Products Customer
Benefit Positioning
Notes Scale Features Management
GiFW 40G-100G FW 1M CPS,
230M Sessions
Scale-up/out with virtual
FW
Carrier grade reliability/Statefull HA, CGNAT, L7 Service (URL filtering), DDoS/Screens
Mindshare to go
virtual/VNF
Automation
HW Platform: SRX 5K [L4-L7] [Performance/Scale] Virtual: vSRX Scale-out
High performance, HA/6-nine reliability, CGNAT scale and feature richness, 40G/100G
interfaces, Screens, Rich L4-L7 services
Differentiated: Virtual scale-out architecture, capture mindshare with early POC with vSRX
Sec GW 40G-100G IPSec
10K-50K tunnels
<150 Tunnel setup rate
Carrier grade reliability/HA, IPSec VPN/PKI,
Advanced routing
Automation/ZTP Platform: SRX 5K HA/6-nine reliability, Carrier grade routing, Automation
Competitive overall
Roaming FW
10G-40G IMIX FW
1G-5G VPN
Carrier grade reliability/HA, GTP/SCTP Support Billing interfaces
(Dimension),
Automation Platform: SRX 5400
HA/6-nine reliability, Automation, Complete GRX protocol support,
End to end SRX solution with GiFW/SecGW/RoamingFW
Competitive overall
SRX100
SRX 110
SRX 210
SRX 240
SRX 550
SRX 650
SRX 1400
SRX 3400
SRX 3600
SRX SRX 5K Gen1 IOCs
2016 Product Transition Update
*In pricelist and new ones coming soon.
SRX300, Additional SKU*
SRX 320+VDSLPIM*
SRX 320
SRX 340/345
SRX 550M
SRX 1500
SRX 1500
SRX 5400 Bundle*
SRX 5400 Bundle*
SRX 5K Gen2/3 IOCs
2015 NOW
Investment Themes
Investment areas – Enterprise Domain
Use-cases Execution
Secure Router
NGFW / UTM
Advanced Persistent Threat Mitigation
Software Defined Secure Network
SD-WAN Integrated LTE, VDSL vectoring Remote Access CSO integration
User FW Performance/scale, AppFW Unified Policy TCP Proxy scale with UTM On-box management with logging/reporting Greatwall 20-40G Price/Performance Mid-range 1RU FW
Platform support, File APIs, Protocols, File Types, SD Support, STIX/TAXII/Cybox, 3rd party feed API
Switch/Router port action Partners: End-point (Cylance), CASB (Netskope/Skyhigh)
Investment areas – Datacenter Domain
Use-cases Execution
DC Edge and DC Core (ALL)
Private Cloud
Public/Hybrid Cloud
Telco Cloud
B2B XaaS/Web-DC
Hosting/Colo
SDSN
Greatwall 20-40G Price/Performance Mid-range 1RU FW On-box management with logging/reporting
NSX and Contrail based micro-segmentation VXLAN Overlay awareness
vSRX/cSRX support for Azure, 100G vSRX
Contrail/CSO with vSRX, cSRX
Scale-up vSRX (100G), cSRX with NGFW features
LSYS transition plan using Virtual
SDSN Integration with Private/Public clouds
Investment areas – SP Domain
Use-cases Execution
Gi-LAN
SecGW
Roaming FW
Software Defined Secure Network
MX Screens, MPC gaps, Summit 3RU, SRX 5K and MX SPC3, vSRX scale-up, vSRX 3GPP features
Common VPN (SRX/MX), vSRX scale-up
GRX gaps
Evolution to MEC/Telco-NFV
Summary
Delivered several new offerings that you can sell today
Will continue to make it easy for you to sell
Investing in differentiation and addressing key gaps
Thank you for your partnership
Discussion Questions
Is SDSN differentiating, and what else needs to be considered?
Where are you winning and losing today?
Do you believe you can leverage the 2016 use-cases to win?
2
3
1
How else can Juniper expand Security Partner business? 4
Thank you