winning with security - junipernetworksevents.net · automation, integration with...

Winning With Security Ritesh Agrawal Product Line Director

Rasmus Andersen Partner Sales Development

Agenda

• EMEA MARKET

• A LOOK TO THE PAST

• JUNIPER SECURITY VISION THE ROAD AHEAD

• WHAT CAN YOU EFFECTIVELY SELL TODAY

• INVESTMENTS THEMES

• SUMMARY

Security market grew 4.4% YoY

Juniper market share grew 13.8%

80 % of partners expect revenue growth

72% of partners expect profit growth

83% of partners in state of transformation

Change in what and how customers consume security.

hosted security services grew 38% Q4 2015.

Canalys March 2016

The 2015 (ISC)2 Global Information Security Workforce Study

0

200

400

600

800

1000

1200

1400

1600

1800

2015 2016 2017 2018 2019

EMEA information

Security workers shortage

Demand-meeting projection

Supply-Constrained Projection

The 2015 (ISC)2 Global Information Security Workforce Study

Over next 5 years, you will change…

HOW you sell…

WHO you sell to…

WHAT you sell…

Hybrid IT Cloud

Mobility Software-defined

infrastructure Analytics

Security

Managed

services

Business

outcomes

Professional

services-led

Annuity

revenues

Service level

agreements From IT

supplier to

strategic

partner

CIO

Developer

teams

Internal

service broker

Lines of

business

Born in the

cloud

Verticals

Security sales exceeded expectations in 2015, growing 5 percent year-over-year.

“That's not an accident," he said. “It is a result of some really great work by a lot of people at Juniper that I'm extremely proud of. You're going to see a rolling thunder of security enhancements."

A Look To The Past

Market Addressability

Telco WebSP and

Hosting/Colo Cable

Strategic Verticals (incl. XaaS/Cloud)

Govt/Federal FSI

Commercial

Enterprise Campus & Branch ($3.4B)

Datacenter ($2.4B)

Service Provider Edge ($400M)

Verticals Domains

TAM $6.2B, CAGR 5% (2015-18)

FY15 reflection – THANK YOU!

First Y-Y growth in 5 years Domains

$415

$436

$300

$400

$500

FY'14 FY'15

Rev $’M

-14% Y/Y

5% Y/Y

High-End SRX – 67% Y/Y Growth

SRX Only Y/Y TAM Y/Y

Data Center 27% 13%

Campus & Branch 16% 8%

Mobile SP 4% 21%

2015 Year of Rebound

Platforms refresh Virtual innovation L7 Services

UX/Management Cloud delivered

Security Certifications

Gartner MQ SDSN Partnerships

Refresh: SRX 1500, 3xx, 550, 5K/Gen3

vSRX2.0, cSRX, vSRX on AWS,

OpenStack/CloudStack

Contrail integration

98% IPS efficacy, CP-lite, Tunnel

scale

Security Director 2.0

Sky ATP 1.0 12.1x46, 12.3x48

2nd place for Carrier Grade FW

Vectra, Attivo, Cyphort, Skyhigh,

Cylance Partnerships

Areas of investment Execution

Junipers Security Vision The Road Ahead

Security Trends Today

16

Network security landscape has changed. CISOs “Treading Water”

Risks posed by threats vs risks to business outcomes

Pouring money in security, yet not any more secure

Attackers are always gaining, staying ahead

Metrics of success: total number of attacks stopped vs reduction of risk

17

Bring the whole network to bear. Start talking about Secure Networks.

A Change in Mindset

Realize threats are everywhere. They are already inside. They walked in your front door

Recognize perimeter security isn’t enough

Detection and Enforcement should be enabled anywhere

Acknowledge security is everyone’s problem – horizontal and vertical

The Software-Defined Secure Network

18

Create and centrally manage intent based policy directly aligned to business objectives

Gather & distribute threat intelligence, from multiple sources – know who the bad guys are faster

Leverage cloud economics for real time analysis – find the bad guys faster

Enforce policy to the threat feed information, real time across the network – adapt the network real-time

Detection

Policy

Enforcement

Your Enterprise Network

Software-Defined Secure Network Juniper Building Blocks

Security from the Cloud

Third Party Cloud Security Feeds

Security Director

Mgmt/UI: Policy, App Visibility, Threat Map, Events

vSRX

Virtual Firewall

SRX Series

Physical Firewall

Juniper Cloud Security

Sky Advanced Threat Prevention

Spotlight Secure

Threat Intelligence

MX Series Routers

EX & QFX Series Switches

Comprehensive suite of products: Centralize and automate security

Instant threat intelligence and detection

Dynamically adapting policy, deployed in real-time

Consistent firewall capabilities – physical and virtual

Detection

Detection

Detection

Enforcement

Enforcement

Policy Security Policy Controller

Policy

Third Party Network Elements

Use-Cases YOU can sell TODAY

Data Center Use Cases

Virtualization/ Micro-segmentation /NGFW

Enterprise

Private Cloud

Common Building Blocks

vSRX SRX

AWS,/Contrail Integration, IPSec VPN

Public/Hybrid

Cloud

Multi-tenancy, End-to-end solution, Services

Telco DC

(xCPE)

L2-L7 Security, NAT, Automation

B2B

XaaS/Web DC

Multi-Tenancy, Virtual, LSYS,

Orchestration/Management

Hosting/Colo

Contrail & CSO NFX


Use Case Customer Needs / Identifying Characteristics

Products Customer

Benefit Positioning

Notes Scale Features Management

Enterprise Private Cloud

<4G Virtual FW,

10G-100G Physical FW

for DC Edge & Core.

Virtualized DC, Physical DC Edge and

DC Core, L4-L7 security, micro-parameterization and micro-segmentation.

Carrier Grade FW

Orchestration using VMWare vRealize or Openstack/Contrail. Unified physical and

virtual security management. Automation

Core & Edge: SRX 5K, 1500 Virtual: vSRX Services: Sky ATP (1500), IPS, AppSec.

High performance, HA/6-nine reliability, Unified physical and virtual management with

SD, Automation, Integration with Contrail/Openstack & QFX, Highest

performance/core and lowest TCO on virtual FW. Integration with vRealize/vCenter is fine.

Competitive overall. (NSX integration is planned for H2 2016)

Public/ Hybrid Cloud

<=1G Virtual FW

1G-10G VPN

for intercloud connectivity

AWS workload, IPSec VPN, L4-L7 services Hybrid/Multi-cloud

cloud with Openstack/Contrail or VMWare environemnt

Unified physical and virtual security management. Automation

Edge: SRX 5K,1500 Virtual: vSRX on AWS & Contrail/Openstack integration Services: L4-L7 Services including Sky ATP, IPS, AppSec.

Hybrid/multi-cloud connectivity using IPSec VPN, unified physical and virtual management

with SD, advanced L4-L7 services for cloud, utility pricing model

Competitive overall: Differentiated in Openstack/Contrail environment

Telco DC [xCPE] <=1G Virtual

FW for xCPE High

density/low TCO

MSPs needing distributed branch

management platform [CSO, uCPE, vCPE] NFVs with L2-L7 security services


Platform: NFX NFV: vSRX, vMX Orchestration: CSO SDN: Contrail .

End to end solution to reduce Opex and increase topline. Open platform for 3rd party NFVs. OSS/BSS integration, fits into 3rd party

ecosystem, flexible architecture to pick best of breed individual solution components, pay-as-

you-grow business model

Differentiated: End to end solution with Contrail, NFVs, CSO, NFX. Capture mindshare with cSRX high density/low-TCO POC


Use Case

Customer Needs / Identifying Characteristics

Products Customer

Benefit Positioning


B2B XaaS/Web DC 10G IMIX physical

FW

L2-L7 security services, VPN, Carrier grade

availability/HA, Scale

Automation, GUI based policy management

Core & Edge: SRX 5400, SRX1500 Services: IPS

HA/6-nine reliability, Automation

Competitive overall

Hosting/Colo <=4G Virtual FW IMIX per tenant

32 LSYS Physical

FW 10-40G IMIX Physical FW

Mutli-Tenant environment. L2-L7

security services. Virtual and Physical FW. Except

when >32 LSYS is required


Platform: vSRX, SRX 3xx, 1500, 5K. Services: L4-L7 Services including Sky ATP, IPS, AppSec.

High performance, HA/6-nine reliability, Unified physical and virtual management with SD, Automation, Integration with Contrail/Openstack, Highest

performance/core and lowest TCO on virtual FW, pay-as-you-grow

business model

Differentiated: vSRX and Contrail/Openstack

MSDC

100G+ IMIX physical FW,

40G/100G Interfaces

L2-L7 security services, NAT, VPN, Carrier grade

availability/HA, Scale

Automation/ NetConf

Core & Edge: SRX 5K, MX for CGNAT

High performance, HA/6-nine reliability, Automation, Modular

Scalability (Pay as you grow)

Competitive overall

Campus and Branch Use Cases


vSRX SRX Contrail & CSO NFX

Branch Office Devices

Wireles

s APs

L2

Switch

Multi Services

Gateway

Internet

vCPE SRX NFX

D

D

o

S

I

A

M

N

e

t

S

e

c

A

A

M

w

A

A

M

w

I

A

M

D

D

o

S

I

A

M

N

e

t

S

e

c

S

I

E

M

A

A

M

w

A

n

a

l

y

t

i

c

s

Bank Retail Remote

Office

Enterprise HQ /

DC

Private

Cloud

Public

Cloud

IPSec VPN IPSec

VPN

IPSec

VPN

Multi-

tenant

WAN

Connectivity

Controller

WAN

Connectivity

Controller

Multi-

tenant

Internet

Retail Retail

Campus Edge Firewall

HQ or Campus

Internet

Branch Offices

Branch Firewall

Secure Router and Managed CPE xCPE and SD-WAN Campus and Branch NGFW

Campus & Branch Security

Use Case

Customer Needs / Identifying Characteristics Key

Products Customer

Benefit Positioning Notes

Key Features Scale Management

/Orchestration

Secure Router/managed CPE

• Strong IPSec, VPN, Routing, FW

• Extensive WAN & LAN connectivity

Medium/ Large and distributed enterprise deployments

• Centralized Management with SD

• Multiple automation tools – Auto install and One touch provisioning

Branch: 3xx, 550M Mgmt: SD LTE: CBA

• Superior Price/Perf

• Complete security services

• Path to SD-WAN

Competitive in large and distributed enterprise deployments Opportunistic in integrated LTE markets

NGFW/APT

• Excellent App identification

• NAC Integration • Easy add-on of security

services for SR/L3-L4 deployments

• Effective Zero-day threat detection(Sky ATP)

• Geo-IP, C&C and Custom Feeds for third party integration

Branch FW – Any Scale NAC deployed or <= 2 AD domains

• Central management with SD – easy policies, reports and remediation

Branch: 3xx, 550M Campus: 1500, 5400 Bundles Mgmt: SD

• Easy add-on of NGFW feature set

• Comprehensive Security services

• Inline blocking for zero day threats

Competitive in Small/Medium Size deployments Customers looking for consistency across DC, Campus and Branch security solutions Pursue installed base refresh(Netscreen)

Cloud-CPE

• NFX250 and vCPE • Security NFV • Services Automation

Any scale deployments (Enterprise or SP Managed)

• CSO and Contrail

Branch: NFX250, vSRX Mgmt/Orchestration: CSO, Contrail

• Simplified management / deployment at scale

Differentiated with Cloud-based platform

2016 Focus - Service Provider Edge Domain

Scale / Performance / Modularity /NGFW / DDoS/ CGNAT

Gi Firewall SecGW Roaming

Firewall

IPSec VPN/ Scale / Reliability/ Automation

GTP/SCTP / Billing / HA / Automation


SRX vSRX

2016 Focus – Service Provider Edge use-cases

Use Case Customer Needs / Identifying Characteristics

Products Customer

Benefit Positioning


GiFW 40G-100G FW 1M CPS,

230M Sessions

Scale-up/out with virtual

FW

Carrier grade reliability/Statefull HA, CGNAT, L7 Service (URL filtering), DDoS/Screens

Mindshare to go

virtual/VNF

Automation

HW Platform: SRX 5K [L4-L7] [Performance/Scale] Virtual: vSRX Scale-out

High performance, HA/6-nine reliability, CGNAT scale and feature richness, 40G/100G

interfaces, Screens, Rich L4-L7 services

Differentiated: Virtual scale-out architecture, capture mindshare with early POC with vSRX

Sec GW 40G-100G IPSec

10K-50K tunnels

<150 Tunnel setup rate

Carrier grade reliability/HA, IPSec VPN/PKI,

Advanced routing

Automation/ZTP Platform: SRX 5K HA/6-nine reliability, Carrier grade routing, Automation

Competitive overall

Roaming FW

10G-40G IMIX FW

1G-5G VPN

Carrier grade reliability/HA, GTP/SCTP Support Billing interfaces

(Dimension),

Automation Platform: SRX 5400

HA/6-nine reliability, Automation, Complete GRX protocol support,

End to end SRX solution with GiFW/SecGW/RoamingFW

Competitive overall

SRX100

SRX 110

SRX 210

SRX 240

SRX 550

SRX 650

SRX 1400

SRX 3400

SRX 3600

SRX SRX 5K Gen1 IOCs

2016 Product Transition Update

*In pricelist and new ones coming soon.

SRX300, Additional SKU*

SRX 320+VDSLPIM*

SRX 320

SRX 340/345

SRX 550M

SRX 1500

SRX 1500

SRX 5400 Bundle*

SRX 5400 Bundle*

SRX 5K Gen2/3 IOCs

2015 NOW

Investment Themes

Investment areas – Enterprise Domain

Use-cases Execution

Secure Router

NGFW / UTM

Advanced Persistent Threat Mitigation

Software Defined Secure Network

SD-WAN Integrated LTE, VDSL vectoring Remote Access CSO integration

User FW Performance/scale, AppFW Unified Policy TCP Proxy scale with UTM On-box management with logging/reporting Greatwall 20-40G Price/Performance Mid-range 1RU FW

Platform support, File APIs, Protocols, File Types, SD Support, STIX/TAXII/Cybox, 3rd party feed API

Switch/Router port action Partners: End-point (Cylance), CASB (Netskope/Skyhigh)

Investment areas – Datacenter Domain

Use-cases Execution

DC Edge and DC Core (ALL)

Private Cloud

Public/Hybrid Cloud

Telco Cloud

B2B XaaS/Web-DC

Hosting/Colo

SDSN

Greatwall 20-40G Price/Performance Mid-range 1RU FW On-box management with logging/reporting

NSX and Contrail based micro-segmentation VXLAN Overlay awareness

vSRX/cSRX support for Azure, 100G vSRX

Contrail/CSO with vSRX, cSRX

Scale-up vSRX (100G), cSRX with NGFW features

LSYS transition plan using Virtual

SDSN Integration with Private/Public clouds

Investment areas – SP Domain

Use-cases Execution

Gi-LAN

SecGW

Roaming FW

Software Defined Secure Network

MX Screens, MPC gaps, Summit 3RU, SRX 5K and MX SPC3, vSRX scale-up, vSRX 3GPP features

Common VPN (SRX/MX), vSRX scale-up

GRX gaps

Evolution to MEC/Telco-NFV

Summary

Delivered several new offerings that you can sell today

Will continue to make it easy for you to sell

Investing in differentiation and addressing key gaps

Thank you for your partnership

Discussion Questions

Is SDSN differentiating, and what else needs to be considered?

Where are you winning and losing today?

Do you believe you can leverage the 2016 use-cases to win?

2

3

1

How else can Juniper expand Security Partner business? 4

Thank you

winning with security - junipernetworksevents.net · automation, integration with...

Documents