Juniper Branches Out To NetScreen

On February 9, 2004, Juniper Networks announced an agreement to acquire NetScreen Technologies in a stock transaction valued at $4 billion. Juniper is a leader in high-performance communications equipment; the company specializes in sales to service providers. NetScreen, which sells firewalls, network integrity and SSL VPN application gateways to enterprises, is the fastest growing publicly held network security company. Juniper expects the acquisition to close in the second quarter of 2004.

Market Impact
The extended enterprise forces organizations to allow onto the corporate network computers (including home PCs, those belonging to business partners and remote employee laptops) with uncontrolled configurations. IT organizations cannot control the software configurations of resources not owned by the company and cannot vouch for the integrity of network communications beyond the network perimeter. However, IT can insist on a network security policy that assures user and machine authentication, validation of the endpoint security profile (e.g., antivirus protection, spyware checking and software patch levels), and exposes/cloaks network resources based on quality of endpoint security. The security industry refers to this as end-to-end security.

Juniper is the third major communications equipment company—after Cisco and Nortel—to decide to serve its customers by delivering critical security features as an integral component of the network infrastructure. The presence of companies generating more than $15 billion in annual revenue will cause fundamental ripples throughout the security industry.

Competition among these behemoths will drive further consolidation-by-acquisition of security vendors with unique architectures. In addition to Cisco, Juniper and Nortel, potential acquirers include Alcatel, 3Com and Foundry Networks. These are some of the targets: perimeter firewall vendors (such as Check Point, Crossbeam, Fortinet and TippingPoint), network integrity vendors (such as Arbor Networks, Captus Networks, Lancope and Riverhead Networks), application gateways (such as Forum Systems, IronPort, KaVaDo and Netcontinuum) and endpoint integrity (such as Pest Patrol, Sana Security and SecureWave).

Vendor Winners/Losers

• NetScreen is the clear winner in this acquisition. The $4 billion price tag is a sharp premium for a company reporting $250 million in 2003 revenue. NetScreen is positioned to leverage Juniper’s relationships with service providers to open new channels and win large enterprise-wide deals.
• Cisco Systems can consider this an endorsement of its end-to-end security program, with Cisco supplying perimeter firewalls, access control, security agents and the powerful Network Admission Control alliance. The Juniper acquisition reinforces the Cisco vision while spotting Cisco a 2-year head start.
• Check Point is left behind in this announcement, if a company with more than $1 billion in cash can be considered a loser. Check Point purchased Zone Labs, the leading desktop security vendor, to commence its end-to-end security mission. NetScreen’s growth came at the expense of Check Point. Now Check Point finds itself with flat revenue growth and no allies in taking on powerful competitors in Cisco and Juniper.
• Juniper will use this acquisition to bolster its position in the enterprise market and eventually capture more of the coveted enterprise router market Cisco currently dominates the market with a 93% share. Juniper will struggle to be anything more than a low single-digit enterprise-router vendor in the next 24 to 36 months. In addition to Cisco, Juniper will face competition from Enterasys and 3Com. We also expect Nortel to re-enter the enterprise router market, which will add another strong competitor for the enterprise market.

• This is a strong cultural fit because Juniper and NetScreen are both engineering-driven organizations. The Yankee Group expects the merger to produce innovative products, perhaps with NetScreen deep packet inspection technology appearing as an add-on to Juniper switches and routers.
• With its previously acquired Neoteris product line, NetScreen is the industry leader for terminating SSL VPN sessions to applications. The growth in secure application access will open business opportunities for service providers.
• The businesses are highly complementary; NetScreen has strong channel sales to enterprises and Juniper has strong direct sales to service providers. This acquisition opens doors for each vendor to take advantage of the combined sales expertise.

• Keep NetScreen as an autonomous business unit. NetScreen Technologies is a leading innovator in network security, with first-mover advantages in perimeter firewalls (ASIC-driven deep packet inspection), network integrity (OneSecure acquisition) and application security (Neoteris acquisition). Juniper should encourage NetScreen to remain aggressive and creative in approaches to network security.
• NetScreen technology needs to energize the Juniper sales channel to penetrate enterprise-wide solutions. Enterprises standardize on a network security vendor to ease administration. NetScreen can use the backing of Juniper to accelerate growth in large corporate security deals.
• Use NetScreen to compete against Cisco by shifting the value of security from the enterprise network to the service provider network. Automate security coordination between NetScreen devices in the enterprise and Juniper devices in the service provider cloud. Knowledge of enterprise intrusions prevented and SSL VPN traffic profiles can help service providers optimize bandwidth utilization for customer applications, and enhance the ability to deliver clean traffic to the enterprise.

• Cisco should continue to promote its leadership position for enterprise security. Add profiles of customer deployments groundbreaking partnerships to the message. Cisco can move more security into the network with perimeter PIX firewall-based antivirus and intrusion filtering and network integrity systems for bandwidth management. In addition, it can acquire the competitive SSL VPN capability to enter the application gateway space.
• Check Point should complement its Zone Labs acquisition with a mission to dominate the application gateway security markets. Rather than competing on end-to-end security, Check Point should fight to be the vendor of choice for application security needs. This may involve further acquisition of technology to combine lower layer stateful packet inspection strengths with upper layer application-specific features for SSL VPN, Web services, Web applications, IP telephony, e-mail and wireless access.

• Reevaluate your vendor decisions during your next major upgrade. Most companies upgraded networking equipment for Y2K compliance. Because of this, we expect to see a refresh cycle for networking gear occurring in the next 12 to 24 months. The easy choice is to buy Cisco, but it may not always be the correct choice. Even large Cisco shops can benefit by having various vendors submit RFPs to keep the incumbent vendor in check.
• Think of the network as a platform and extend the lifecycle of network equipment to 5 to 7 years. The router refresh cycle has historically been 3 to 5 years and the security lifecycle only 2 to 3 years. Part of the reason is that the enterprise did not consider the long-term direction of the network when deciding on networking equipment. Companies should take look at their networking strategy beyond 5 years and choose a product that can be left in place and built upon.