» Topic:  Juniper to Buy Funk for $122M to Boost NAC

» Added by:  Paul F. Roberts

» Date:  15.11.2005

  Just weeks after announcing its first dedicated product for network access control, Juniper Networks Inc. on Monday said it was buying Funk Software Inc. to boost its network access security products.

Juniper will pay $122 million for Cambridge, Mass.-based Funk in an all-cash transaction that must still be approved by the companies' shareholders.

Juniper plans to use the Funk technology to extend enforcement of network access control from the company's Net Screen firewalls to Layer 2 switches.

The move will bring Juniper into more direct competition with chief competitor, Cisco Systems Inc., in the market for NAC solutions, but some experts worry about integrating Funk, and its plans for Funk's other products, such as the Steel-Belted Radius Server.

Funk's technology will help Juniper provide a comprehensive network enforcement architecture that is based on open standards, such as the TNC (Trustworthy Computing Group's Trusted Network Connect) standard, said Hitesh Sheth, vice president of Enterprise Products and Solutions at Juniper, in a conference call to discuss the acquisition.

The acquisition is expected to close in December.

Most of Funk's approximately 140 employees will remain in the company's Cambridge headquarters, and CEO Paul Funk will be named senior executive of Juniper's Security Products Group, said Bob Dykes, Juniper's CFO and executive vice president of Business Operations.

Funk made its name providing access control technology such as RADIUS (Remote Authentication Dial In User Service), which allows organizations to validate the credentials of users who are trying to access a network.

The company was an early supporter and adopter of the TNC open-source NAC technology.

In May, the company announced new versions of the Steel Belted Radius server and 802.1x Odyssey client that supported TNC standards for client integrity checks and user quarantining.

Funk's ability to interoperate with TNC-compliant technology from third-party vendors like Check Point Software Technologies and McAfee was attractive to Juniper, which wants to build a unified architecture for access control that supports "best of class" products from third parties, rather than requiring customers to change their infrastructure just to acquire network access control features, Sheth said.

"We want an enforcement strategy that secures the infrastructure customers already have with standards-based applications," he said.

Juniper will integrate Funk's endpoint control technology with the Juniper Enterprise Infranet Controller.

That product, which Juniper announced in October, uses a hardware appliance and desktop agent to coordinate policy enforcement across enterprise networks through the company's NetScreen firewalls, Sheth said.

Using switches to enforce security policy allows enterprises to stop infected hosts before they get access to a corporate LAN, by blocking communications ports or transferring machines to quarantine areas.

In contrast, NetScreen firewalls can only block access at the boundaries between network zones, such as subnets, said Eric Maiwaldof Burton Group Inc.

In October, Cisco unveiled an update to its Network Admission Control program that extends NAC features from the company's routers to its Catalyst switches and enterprise wireless gear, including the Catalyst 6500-, 4500- and 4900-series platforms; Aironet access points; and wireless LAN controllers.

Cisco has promised to submit its NAC technology for approval as an open standard.

However, the company has been criticized for excluding other network equipment makers from the NAC program and forcing customers to standardize on Cisco hardware to take advantage of NAC features.

Juniper plans to offer similar kinds of protection as Cisco NAC, but based on open standards.

"Our customers tell us they want open standards based approach for NAC, TNC and [Microsoft's] NAP [Network Access Protection]," Sheth said.

The company will work with vendors like Microsoft to make sure that its products integrate with NAP and other architectures, as well, he said.

Funk's Steel-belted Radius server will also fit well into Juniper's Enterprise Infranet Controller architecture and could become a standard part of that solution for managing interfaces to user stores like LDAP, Active Directory and RADIUS, Maiwald said.

However, analysts who were briefed on the acquisition expressed skepticism about Juniper's plans, especially after Bob Dykes, Juniper's CFO, said that the company didn't expect Funk's current quarterly revenue of between $5 million to $7 million to continue in the future, and didn't expect Funk's products to add to Juniper's net quarterly revenue going forward.

"What we're doing here is adding important technology to technologies and solutions we've previously announced so that the overall growth of [Juniper's] security group will continue at a strong level," Dykes said.

"Looking at Funk's growth isn't appropriate," he said.

Juniper will continue supporting Funk's customers.

However, Juniper executives said that their main interest was in integrating Funk into the Juniper product line, rather than continuing to develop Funk's products.

"Our intention is to add Funk to our products," Sheth said.

Source : www.eweek.com