Subscribe to CIO Magazine »

Juniper's "device fingerprinting" security technology gets mixed reviews

Detection and blocking of security threats against organizations often is done through IP address-based methods and reputation services, but Juniper this week launched an effort to encourage security managers to abandon IP-based detection in favor of the "device fingerprinting" its security gear now supports to pinpoint devices used in online attacks. The idea is getting mixed reviews so far.

Juniper's device fingerprinting pinpoints attacks from specific devices and identifies them in a way that can be disseminated through its Junos Spotlight Secure global attacker database and shared among Juniper customers where this threat intelligence can be put to use in Juniper security products that guard web applications and other gateways.

Juniper customers Forbes and Revlon backed the approach in public statements made this week. "Current protections need to evolve beyond IP-based blocking to definitive attack prevention and we see Juniper's new products as a step in the right direction," said David Giambruno, senior vice president and CIO at Revlon.

[Background: Juniper security products use "device fingerprints" to way to detect, block attacks]

[NEWS: Stuxnet was attacking Iran's nuke program a year earlier than thought

The idea of pinpointing devices known to be used in attacks and automatically detecting and blocking them is so compelling, that Art Coviello, executive chair of RSA, the security division of EMC, alluded to the Juniper announcement during his keynote yesterday at the RSA Conference, saying RSA would be contacting Juniper to find out about possibly including this type of device fingerprinting in its own threat-intelligence feeds.

Device fingerprinting it's not an entirely new technology by any means appears to have appeal to security professionals though they have qualms about abandoning IP-based threat detection. And they wonder if Juniper's device fingerprinting technology might raise the same old issues about vendor lock-in.

When a panel of four chief information security officers (CISO) at the RSA Conference here this week was asked their reaction to the idea of abandoning IP-based detection in favor of what Juniper is proposing, their reaction was mixed.

Carter Lee, CSO at e-commerce company, said he was interested in the idea of device fingerprinting as an additional form of threat intelligence, but he was hesitant on the idea backed by Juniper that enterprises abandon IP-based detection altogether. He also expressed concern about whether device fingerprinting might be subject to vendor lock-in, as some technologies are. And he wondered about how resistant to malware attack such a device fingerprinting technology might be. "Would some malware figure out a way to defeat that?" Lee said.

Asked for its reaction to the Juniper announcement, Cisco also weighed in.

Cisco Vice President of Security Dave Frampton remarked the only way to make Juniper's device fingerprinting practical and effective would be to take feeds from multiple sources in order to have it scale on a global basis. Frampton also said Cisco disagreed with the notion that IP-based detection is somehow obsolete or ineffective, as Juniper appears to claim.

And he said Cisco does have its own kind of device fingerprinting but it's used to determine specifics about "the user device and the posture of that device, such as the application running on it, the server, the geo-location and IP address," and it's seen as part of monitoring devices on the move.

"We're not labeling something an attack device and publishing it out," said Frampton. He notes there could be possible drawbacks to labeling a device that way for the purposes of threat intelligence-sharing.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Cisco, CSO, EMC, IDG, Juniper,, RSA
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: security, Wide Area Network, CIO
Latest Blog Posts
  • Information Management
    Valuable data can be a needle in a haystack, but by leveraging the value in existing information assets, organisations can generate real and achievable gains in revenue generation, IT investments and productivity gains. This whitepaper discusses how Information Management (IM) is a multi-faceted discipline that can be employed to meet or exceed your business objectives.
    Learn more »
  • Rebranded Quadmark revamps its IT solutions with Google Apps
    The Singapore office was using Exchange as its email server but encountered various issues such as storage capacity limitations and difficulty in managing spam. Adding new users to the server was also a hassle that often required a third party vendor, resulting in a waste of time and resources. Quadmark also experienced email performance issues that slowed down their employees’ response time, leading to frustration among staff and clients. Quadmark’s management felt that it was unacceptable to continue it’s current solution and thus decided to streamline its IT infrastructure alongside its rebranding plans. The business wanted a unified and consolidated email service for its various offices. Quadmark also wanted to be able to house files and documents on the cloud.
    Learn more »
  • The Three Essential Steps to Successful Cloud Migration
    Businesses and enterprises have quickly realised the power and efficiency of cloud computing, but migrating to the cloud can be a challenging process. This guide leads you through the three key steps you should take to assess your workload, select the most appropriate cloud model and ensure your cloud provider’s migration methodology stacks up.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments