Securely Connected Everything S3-7: Securing the Evolving Network: Unlocking Network Access Control with Matt Fowler

Unlock the secrets of modern network access control with Matt Fowler, the Director of AI-Driven Enterprise Sales and Engineering at Juniper Networks for the APC region.

Unlock the secrets of modern network access control with Matt Fowler, the Director of AI-Driven Enterprise Sales and Engineering at Juniper Networks for the APC region. Matt takes us through his 18-year journey, starting from a support engineer at Cisco TAC to leading innovations at Juniper. Discover how network access control has transformed over the years, from basic authentication on Wi-Fi networks to advanced functionalities like guest access and compliance posturing. Learn how Juniper driven by Mist AI is pushing the boundaries, making NAC more dynamic and integral to today’s digital environments.

Ever wondered about the complexities behind scaling on-premise NAC systems? Matt breaks down the significant design work required, including considerations for authentication rates, endpoint support, and redundancy. Uncover the challenges of maintaining high availability and the industry’s shift towards cloud-based solutions. With Juniper’s Access Assurance cloud NAC, scaling and configuration are simplified through user-friendly interfaces and integrations with identity stores like Azure AD and Okta. This chapter is a must-listen for anyone looking to streamline their NAC deployment.

IoT and BYOD are transforming how we approach network security. With technologies like Marvis Virtual Network Assistant enhancing customer experiences through conversational troubleshooting and continuous network monitoring, handling IoT and BYOD has never been easier. Matt shares real-world insights from a Melbourne law firm and a large school district that transitioned to scalable NAC solutions. As we wrap up, we reflect on the advancements in AI technology and its transformative role in network infrastructure. Don’t miss this episode; it’s a glimpse into the future of network evolution.

Matt Fowler: 0:02

This encompasses both access assurance as well as just the general AI that we have. Machines can automatically collect data instead of reactively collecting data after the fact. If you’re always capturing the telemetry, you don’t have to ask the user to reproduce a problem because you’ve already captured the problem.

Michael van Rooyen: 0:19

On today’s episode I’m having a chat to Matt Fowler, Director of AI-Driven Enterprise Sales and Engineering at Juniper, for the APC region. Welcome, Matt. Thank you, Michael. Thanks for having me. No problem at all. Look, welcome to the show. We’re thrilled to have you on board. For those who don’t know Matt Fowler a bit of a legend in wireless, a long history from an engineering point of view. To kick things off, could you share a little bit about your journey in the tech industry and what led you to your current role, really driving the AR native sales engineering play?

Matt Fowler: 0:48

Yeah, absolutely. So. I’ve been in the industry for 18 years now and, throughout that time, actually been heavily involved in the Wi-Fi industry. As you mentioned, I started out as a support engineer, troubleshooting some of the largest Wi-Fi networks globally, so I did that at Cisco TAC and back then a lot of manual process that’s required getting users to reproduce problems, hoping that you can capture that particular problem and so I’ve lived the pain, so to speak, myself. I then transitioned into a sales engineer role at Cisco, which I was in for a good seven, eight years, and then, at that time, I had worked with Sujay Hajela and Bob Friday and Sidiya Mata and Tom Wilburn.

Matt Fowler: 1:33

Sujay and Bob started a new company called Mist Systems.

Matt Fowler: 1:38

When they were ready to expand, I was fortunate enough that they approached me and took the gamble, so to speak. I was fortunate enough that they approached me and took the gamble, so to speak, but you know, with such industry veterans, the gamble to join a startup I felt was quite a low risk one. Yes, just because of their track record and how good they are as people as well. And so in 2018, I joined Miss Systems as a startup alongside Zohar Cohen here in Australia, and we were very successful very quickly here with a very large retailer and also a large bank. That moved across to us. And then we were acquired by Juniper and been on that journey for the last five years, bringing in the Juniper Enterprise product into the Mist cloud and that’s been extremely exciting as well and then building, building my own team around that as well. So when I joined miss, that was as an individual contributor, and then, since joining juniper, I’ve been able to build my own team, a great team across asia, pacific, which has been exciting as well.

Michael van Rooyen: 2:39

Yeah great, great. I remember, um, you were a bit of a cisco veteran and you’ve been dealing with wireless, as you you say, for a very long time. And I remember hearing and obviously dealing with you when you were at Cisco, but then hearing that you’d left to join this company called Myst and I think a lot of people were like, well, there’s got to be something for Matt to really take this seriously. And of course, it’s many years along the journey now and quite a lot of innovation happening in the Mist portfolio.

Michael van Rooyen: 3:02

What I really wanted to talk to you today about is knowing your technical skills and capability and what you’re dealing with is really around a knack right. So people you know have been using network access control for a long time. There’s a lot of evolution that space and I know Mist and Juniper have really created something a little bit different in the way to approach that. So if we don’t mind, we spent a little bit of time this morning just talking around. You know some of the things you guys are doing in that space and if we just run through a couple scenarios and bits and pieces, that’ll be great. If you think about in today’s context of you know dynamic and digital environments.

Matt Fowler: 3:31

You know how’s the role and the strategic importance of network access control evolved over what you’ve seen over the years and what you guys are doing, I think a good way to answer that would be just to look at, maybe, the history of network access control and where it came from, what it’s been used for in the past, and then maybe touch on where it is today and where it’s going. So when I think back to those 18 years ago, we’re talking about products like Microsoft IaaS, which became NPS. We’re talking about Cisco ACS. Primarily back then it was all about authenticating users onto the Wi-Fi network to generate a key for WPA. With WPA you have personal pre-shared key, you have enterprise and internal 1X. In order to generate the pairwise master key, you need to do some type of authentication, and so it was very important in Wi-Fi just to generate that key. That was then used for the encryption In the wired network. Pretty much no one use any type of network access control right. You could walk into any business and you get past their physical security and that could be as easy as tailgating someone. You plug into a network port and you’ve got complete access, and in a lot of organizations you can still do that today.

Matt Fowler: 4:51

But yeah, I think in the very early days it was really around how do I generate a pairwise master key for my Wi-Fi access? And then, as time went on, you started getting things like guest access right. How do I allow guest users into the network? How do I onboard them easily? And in the enterprise products, you know a local Australian company, amigopod, which was acquired by Aruba and then became part of ClearPass. It was that captive portal guest access that was important. And then you started to get products that combined these two things, and so I mentioned ClearPass. Cisco had the identity service engine, and then you saw things like posturing start to come in to network access control. How can I ensure that my endpoint devices are in compliance with firewall, being enabled, antivirus, up to date, those types of things.

Matt Fowler: 5:41

And then what we kind of saw was that you know, having a single box that can do everything starts to become bloated, and then when you’re wanting to scale that up or handle high availability, it becomes extremely complex to have those boxes that do everything.

Matt Fowler: 6:00

Also, you can try and do everything, or you can try and do a couple of things very well, and so one of the things we saw around posturing is, with the explosion of BYD and mobile devices Android and iOS mobile device management became a specialty, and so suddenly posturing became something that was a bit separate as well. If we look at today, I think a lot of organizations are much more aware of securing that wide network as well. Yes, particularly with one of the major vectors for cybersecurity attacks to be inside the organization, whether that’s malicious or unintentional, and so being able to segment your network becomes very important. You can do that statically, but that involves a lot of overhead, introduces potential for human error, or you can let NAC do it, and NAC can do it dynamically, based on who the user is, what device they’re on and a whole range of other things. What level of access can you provide to the network? And that’s a real big use case for NAC on the wired side of the network you touch on a good point.

Michael van Rooyen: 7:00

Over the years that I’ve been working with customers and consultants in many different flavors, you’re absolutely touching on a really good point. Over the years that I’ve been working with customers and consultants in many different flavors, you’re absolutely touched on a really good point. People really adopted for wireless and it was so hard to everyone always had the vision of let’s secure everything, but it was really cumbersome, as you just touched on. You know there’s lots of manual ways to do it and sure it would work but, as you said, needs a lot of overhead and then devices disappear for the network and devices are replaced. It really becomes a big overhead task, right, right, but now we also and we’ll talk a bit later about you know some of the more IoT use cases and this continuous explosion.

Michael van Rooyen: 7:28

So the systems you’re talking about talk about ClearPass. You talked about Cisco ISE or Identity Services Engine. Those are really were originally built many years ago as real on-prem type scenarios, right? So you know water feed servers, configure them, do all that heavy lifting, which is pretty traditional networking and space. So what have customers in the past or your experience, you know seen with the primary challenges they have with on-prem NAC deployments, especially in terms of scalability, flexibility, maintenance, all those. Can you talk a little bit about the current state of people’s way they do it on-prem today?

Matt Fowler: 8:00

Yeah, I think this definitely impacts organizations differently depending on their size, right? So for the small to medium businesses, they’re very complex, and so you need to have someone that is skilled in being able to configure and manage them. The medium to the large end. The issue is, as you said, with scale. You basically have to run a cluster of these devices, whether it’s ISO or ClearPass. A cluster of these devices, whether it’s ISO or ClearPass, and quite often they’ll take on different personas Understanding the requirements around authentications per second, understanding total number of endpoints, supported latency and throughput requirements between these nodes.

Matt Fowler: 8:38

The design work before you even get to deploying, is quite significant. There’s hundreds of pages of manuals on just designing these on-premise NAC deployments. So I think that’s number one. The design can be quite challenging and complex. Number two is around kind of related to design, but around the scaling. So how many nodes do I need? How do I handle redundancy? How do I handle load balancing? So now you need things like radius low balances as well, and that’s additional complexity.

Matt Fowler: 9:08

And then, once it’s actually deployed at large scale, you’re basically deploying your own private cloud for these network access control systems.

Matt Fowler: 9:15

But once it’s deployed, you’re then having to maintain it when it comes to troubleshooting, quite often the logging and the visibility is completely independent to the network logging and visibility. So you might have a platform that provides visibility into the user connectivity state on the network, but if they have problems authenticating you’ll often have to go to the NAC server to actually look through logs and find out why a user is not able to connect to the network. So they’re a bit disjointed. And then if there’s an upgrade or a patch that’s required because it’s a distributed architecture, it can be quite tricky in terms of having the maintenance windows and upgrading all of that equipment. That’s on-prem. So it really comes down to designing for scale, designing for redundancy. How do you handle maintenance and patching? This becomes a not-the-vendor problem and then therefore it becomes either the integrator and, at the end of the day, the end customer, because even if the integrator is doing it, the customer is paying for it. That’s right.

Michael van Rooyen: 10:19

Let alone some of the licensing constraints right. So there’s lots of tiers of licensing and certainly that’s understandable from the use case they’re trying to solve. But we’ve seen over the years lots of changes in that space for what the licensing was and different versions of it and keeping that up to date. And we’ve seen customers and no doubt you’ve seen plenty of it as well where the on-prem stuff is working, it gets configured, gets deployed. You go to that whole phase of building.

Michael van Rooyen: 10:40

Customer solves their problem by at least having some sort of security mechanism in place and then it gets kind of forgotten about. Right, it runs and runs and runs. They don’t necessarily keep an eye on patching and updating, which becomes a bigger business problem later from a security point of view. And then they’ve got to jump multi-levels, which is just this extra complexity which you’re talking about, which is now we’re going to do a multi-phased upgrade. Hardware needs to be refreshed at some point.

Michael van Rooyen: 11:00

All these common challenges that we’ve seen for a long time, which is obviously why a lot of customers are moving to cloud, Just adding to that is really the industry needed a different type of thinking on this, and one thing that Australian listeners will like is I always have this thing about don’t get knackered with all the stuff you’ve got to do to fix up knack right, which really puts you in a jam. Looking at the Juniper, I think it’s called Access Assurance cloud-based knAC effectively, which integrates deeply with the missed AI and the development there. Can you just tell the listeners a little bit around what the access assurance cloud is?

Matt Fowler: 11:34

no-transcript. Yeah, so we’ve really focused on addressing those problems with more traditional on-premise NAC approaches by treating NAC as an application inside of our microservices cloud. It means that we get all of the same benefits that we got for wireless LAN controllers when MIS started, is now coming over to NAC as well, and so what this means is our customers don’t have to worry about scaling up or scaling down the NAC service, because we do that as a service. It also means that from a high availability perspective, we take care of that, and we take care of that in a global sense with geo-redundancy as well. So even if you’re a multinational company and you’ve got sites in different parts of the world, we will actually automatically load balance, route the authentication to the closest authentication server globally, and you don’t have to even worry about that, like we do all of that. Our auth acceleration service scaling redundancy is a big one. Also, we’ve simplified the configuration.

Matt Fowler: 12:35

This is a lot of feedback that we get from our customers about our user interface in general. There’s two ways to think about simplification. You can have simplification by just getting rid of a whole heap of features, but you can also have simplification by thinking about the actual flows that administrators use when doing their configuration. A lot of feedback that we get is it’s really great that we have everything in one place. I don’t have to go click here, click there, click there to do something. It’s all in this one place.

Matt Fowler: 13:07

We’ve done something very similar with access assurance by leveraging concepts that we already use in our dashboard, like labels, and applying that to policy. Now You’ll actually see that you know if you’re coming from an ICE or a ClearPass deployment. It’s all very familiar. You know, you have your match criteria and then what you want to do. But also, if you’re an existing MIST customer, you’ll find that the UI is very similar to, say, our WXLAN policy, and that makes the learning process a lot easier as well. Also, being cloud and the fact that a lot of identity stores, a lot of customers are moving to cloud identity. So, away from Active Directory and maybe more to Azure, ad or Intra, or maybe they’re using Okta or Ping Identity, having a direct cloud to cloud OAuth authentication. You know it just makes sense. If you’re moving your identity to the cloud, you may as well look at moving your network access control to the cloud as well.

Michael van Rooyen: 14:00

Fair enough too, and what the team at Juniper did is really build on that. As you talked on the microservices architecture, so being able to add this type of service to the environment well integrated, not another product trying to be bolted in. It was created from scratch and the whole premise was solving these common challenges that people have with on-prem equipment you know, water, maintain and feed, plus all the complexes of how to build those systems. And why do we move that to the cloud as part of our portfolio or the MIS portfolio, to provide that in customer experience?

Matt Fowler: 14:25

Yeah, we really wanted it to be fully integrated into the microservices cloud, not have it as a standalone product, so that, when it came to understanding user experience, you get the full view. You get how did they connect to the network? Was it successful? If it wasn’t, why? All inside the one user experience or admin experience? And so it was extremely important for us not just to come up with a NAC product, but to come out with a service, and that’s why it’s called Access Assurance Service, because it’s just another service inside the Mist cloud, nice, nice.

Michael van Rooyen: 14:58

So off the back of that, it’s great. You talk about user experience, which I know is critical for what Mist is trying to offer. But if we take a lens on NAC, user acceptance is crucial for NAC deployments. You know, if you can’t connect, I think you’re the one who said to me once that people who have two problems with wireless they can’t connect or have a bad experience. So, talking on that user experience, for it to be substantial or be comfortable, how does the access assurance make sure that troubleshooting and remediation of access issues are both smooth for the user and the help desk? Absolutely.

Matt Fowler: 15:25

From a business-as-usual perspective, the experience that the user should have when things are going right should be no different. Moving to the cloud should have no consequence for the end user, and that’s what we see. Whether you’re using a radius authentication to an on-prem or RADSEC secure to the cloud, it’s basically the same. So, from an end user perspective coming into the office or the school or the university or the hospital, it’s the same experience. Where it differs is if something goes wrong.

Matt Fowler: 15:54

Let me step you through thinking back to my days in support. What would a support engineer have to do if a user can’t connect to the network? Quite often you would have to start a debug or start logging. You would then have to ask the user to reproduce a problem. So, straight away, the user’s experience is now poorer. They’re now having to help you fix your problem. That’s right. Then you’d have to hope that they actually were able to reproduce. Because you’re dealing with laptops, smartphones, tablets, now IoT devices. It’s not guaranteed that you’re going to reproduce every problem, particularly if it’s like a roaming problem, for example. These are very difficult to troubleshoot. So I remember just that data collection would take days, sometimes lining up schedules and everything like that, and the end user is probably busy with their day-to-day job.

Michael van Rooyen: 16:42

They might be in the retail floor, they might be doing something else. That’s just taking the time up is a painful exercise.

Matt Fowler: 16:47

Correct. And then you, as a support engineer, need to look through all of that logging. Maybe it pinpoints to an individual client issue and maybe you need a packet capture. So now you need to go back to the end user and say, can you just give me another hour or two, we’ll capture this together. And so what could be a very simple problem to solve actually becomes a very difficult and long problem to solve just because you don’t know where to look and you have to do all of the analysis.

Matt Fowler: 17:16

What we do differently and this encompasses both access assurance as well as just the general ai that we have inside the misproduct there’s a lot of things there that machines can do very, very well, right?

Matt Fowler: 17:28

Machines can automatically collect data, right.

Matt Fowler: 17:30

So instead of reactively collecting data after the fact, if you’re always capturing the telemetry yes, you don’t have to ask the user to reproduce a problem because you’ve already captured the problem Then, when you look at what is AI very good at it’s very good at finding patterns in data.

Matt Fowler: 17:47

Humans can be quite good at that too just a bit slower, whereas machines can be very fast at that pattern recognition and when you’re looking through logs or debugs of problems, that’s really what you’re just doing. You’re looking for patterns, because when it works, you know what it looks like, and if it doesn’t look like that, it must be something that’s going wrong, and so the Mist AI, marvis, can do that very efficiently and very quickly, and then, if it does, pinpoint to an actual authentication issue so the user entered the wrong credentials, certificates have expired, the external directory source denied the authentication. Having all of that for the AI to have access to means that they can not only identify the issue, but also what’s the cause of the issue as well, and so I think that’s a big differentiator for access assurance.

Michael van Rooyen: 18:31

Yeah well, that’s massive right and users, rightly so don’t necessarily understand the technology. They just say I’ve got a wireless problem. Right From what I’ve seen and I think you’ve shown me is the ability for it to also give you a suggestion. Look, pulling that packet capture apart, actually making a suggestion on why it’s failing. So quite amazing shift and end users are you know If I think about it.

Matt Fowler: 18:48

When I was doing port, you know I had to be an expert. I had a CCIE wireless because that’s what you needed to do to look through.

Michael van Rooyen: 18:55

You needed that level, correct?

Matt Fowler: 18:58

And I think Marvis really has three personas, right. It’s got its Marvis Actions, which is more about alerting and alarming, but with using the AI to remove false positives. It does time series analysis to understand deviations from normal, and so that removes false positives. We’ve got our latest one, which is Marvis Minis, which is basically a digital experience twin, so even when users aren’t in the network, it can actually do testing to validate user experience.

Matt Fowler: 19:25

The one that really helps help desk is the conversational assistant, so instead of needing to be a CCIE wireless, you can just ask a natural question. Right? You can just say what’s wrong with Matt’s iPhone and it’ll actually suggest what is wrong. If they’re having an authentication issue and it’s because they entered in the wrong password or their certificate’s expired, it’ll actually just tell you that and it’ll tell you how to remediate that as well. If you wanted to look across the entire organization, just say something like who are my unhappy users being on the help desk?

Matt Fowler: 19:53

You don’t necessarily have to be an expert. It’s your digital guide to assist you. As a non-expert, it can be the expert for you. And actually I was just listening to a podcast with Sam Altman from OpenAI and he mentioned something that I thought was quite insightful, talking about AI and how it will reduce the workforce, and he thinks of it not as reducing the the workforce and taking away jobs, but breaking it down and and it being able to remove tasks. So, whether it’s a five minute task, a 10 minute task, an hour task, yes, and then that means that the the person doesn’t have to waste that time. You still need the person, of course, but all of those mundane time-consuming things can be automated.

Michael van Rooyen: 20:41

I couldn’t agree with you more. And there’s a, I guess, as the explosion of you know a chat came along in 2022. People are now getting their head around it and you know, for me, ai is lots of acronyms for it, but, you know, augmented intelligence is one that stands out to me. The mundane tasks are speeding up, in your instance, with not only marvis. Conversational troubleshooting not in their deep skills first of all makes the customers experience better, as quicker resolution must be a huge benefit in cost reduction of support staff being able to resolve tickets quicker. The other part is that, if we talk about a bit more about marvis minis you know that was, I think, only announced about a month or so ago being able to digital twin or rerun the scenarios of the network in an ongoing basis. That’s like kind of having a team of engineers continuously testing, looking all the time, which I think was the cover idea. Can you tell me a little bit more about that?

Matt Fowler: 21:24

Yeah, so at the moment we do testing for things like DHCP, arp, dns and application-based testing For authentication testing because, for example, a lot of it uses, you know, eaptls, so you’d be doing certificate-based testing. It’s a little bit harder to do. It is something that we’re exploring doing as well.

Michael van Rooyen: 21:43

You talked about. You touched on IoT and, obviously, the amount of data ingested. So what are you seeing in relation to how is AccessSeries going to facilitate the onboarding of this continuous explosion of IoT devices into the enterprise?

Matt Fowler: 21:55

I guess one of the challenges with IoT devices is a lot of them don’t have edited or 1X supplicants, so you can’t actually even do WPA enterprise, and so you have to look at using PreShareKey. This is, if they’re wireless Wi-Fi devices, right. If they’re Wi-Fi IoT sensors or devices or things, then you’ll need to use PreShareKey. The insecurity is right in the name shared.

Matt Fowler: 22:18

Correct, correct. And so one of the things that we do with a sub-component of access assurance, which is called IoT assurance, is we can do something called multi-pre-shared key, where you can have the same SSID, which is important from a performance perspective, because in Wi-Fi each additional SSID adds overhead, so you can’t just add a separate SSID for each IoT device or category of device, and so we can be efficient by having a single SSID but still have the security by having a different key for different types of devices on that SSID, and so that gets rid of the shared component of pre-shared key. What we can then do is, based on the key, we can do segmentation. So that segmentation could be a different VLAN based on the key they have. It could be applying a WXLAN policy, so filter traffic. It could even be what we call a personal WLAN, where you just completely isolate it. It means that those common vectors for attacks in IoT devices, which would be east-west attacks right, you get in to the IoT device and then you spread out. That attack surface is minimized by having segmentation. That can be done through this IoT assurance service. So that’s where we’re seeing that.

Matt Fowler: 23:32

We’re also actually seeing that similar technology being applicable to BYOD as well. It’s for a little bit of a different reason. For IoT, the reason is because they don’t have added .1X applicants, but your iPhone, your Android device, they do. The challenge in the past, though, has been the onboarding of those .1X profiles to those devices. If they’re personal, if they’re corporate-owned, you just put MDM on it, and that’s the best solution. But for personally-owned devices, you may not want to, or you can’t afford to, put MDM on all of those devices, and so the approach in the past would be let’s have the NAC do that onboarding of those profiles, and I think anyone that’s listening, that has been through this process or deployed this before, knows that when a new iOS or Android version comes out, that breaks, knows that when a new iOS or Android version comes out, that breaks. Now, the MDM vendors are very quick to update that, but the NAC vendors not so much. Yes, I think we’ve all been there.

Michael van Rooyen: 24:27

Yes, exactly.

Matt Fowler: 24:28

And so this ability to do these multi or personal pre-shared keys we’re seeing is a big transition for BYD. The fact that our IoT assurance includes BYOD onboarding, where we can actually authenticate the users via SAML, sso, to then generate a key that they can then click and install on their personal device, is a much simpler and therefore less risky way to handle BYOD as well, and actually there’s an Australian company that was an early adopter of this. It was actually a law firm down in Melbourne and they for years suffered with this problem of the onboarding of BYD devices through different iOS and Android versions, and they’ve deployed this IoT assurance for their BYD devices and haven’t looked back.

Michael van Rooyen: 25:17

It’s been really great for them. That’s awesome. So there really has been some thinking there around IoT device. Right, we can see this continuing explosion, but I really like the multi-pre-shared key. It really sorts a simple problem for customers today, right, and you’re thinking there around IoT, so really, again, that identifying the device is really the key. Right, you just touched on a law firm there as an example. Can you share an example? And certainly no need to name or share many customers, but can you walk us through any organisations you’ve seen, you know, move from a traditional on-prem NAC solution to a more flexible, fibrous approach, and were there any lessons learned from that?

Matt Fowler: 25:48

So we’ve had a very large school district that went through that migration.

Matt Fowler: 25:53

They were migrating from an on-prem NAC solution experienced all the challenges that we’ve already talked about before right, scaling. If you think about a school, let’s talk about scaling NAC. There’s two vectors there’s total count of users, but then there’s also the authentication rate per second. And if you think about a school, everyone comes to the school at the same time and so everyone wants to connect to the network at the same time. And now if you’ve got a district of schools, all of those schools, all the students, are all trying to connect at the one time, and so you’re actually scaling for the worst possible scenario, but you have to. That was one of their challenge. How do they scale? And therefore, because of that scale that’s required when it comes to maintenance patching you mentioned it before If patching is too complex, people just don’t patch, yes, and then they’re open to security vulnerabilities. Yes, and don’t patch, and then they’re open to security vulnerabilities, and that’s what this customer found as well. And then they also saw that the complexity of the configuration just didn’t make sense for a school. They migrated over to our access assurance service by moving to the cloud. It meant that those problems went away. So you don’t have to worry about scaling anymore. You don’t have to worry about redundancy anymore. You know we take care of you. The fact that they were already a Juniper customer meant that the telemetry and visibility inside the Mist dashboard now included the NAC side of things as well, so you can see you know why users are failing to connect. If they do, you know they saw the benefits that they had from Mist in general now applying to their NAC, which was something that they saw was quite valuable.

Matt Fowler: 27:23

Another example that we’ve seen is from a customer that had a mixed environment. Because they were going through a transition. They decided to move to Juniper Mist, but they still had a lot of sites running their incumbent vendor, and so one of the great things about Access Assurance is it also has third-party support. With Juniper devices they’ll just build a RADSEC connection to our Access Assurance service, but with third-party devices they might not even support RADSEC, and even if they do, provisioning the certificates to those endpoints can be challenging. So we have a very elegant solution where we can use our MistEdge product as a RadSec proxy with our incumbent vendor devices, the third-party devices. They just point to MistEdge as a radius server and MistEdge will proxy the radius inside RadSec to our cloud, and so that helps with migrating as well.

Michael van Rooyen: 28:15

That’s very cool. So what that really means for the listeners is really, if you’re wanting to take advantage of all the benefits you talked about moving to the cloud, you have an existing network and you want to move to a cloud-based NAC type service that solves your problems, keep your existing environment as it is. You don’t have to have Juniper end-to-end. It is really giving you that advantage to secure or authenticate people on your network via proxy using your cloud service. That’s brilliant. Proxy using your cloud service that’s brilliant. Coming to the end of this episode, I thought, matt, this doesn’t have to be a juniper specific related question and I know you’ve been obviously very related to wireless for a very long time but a real general question for you is you know what is the biggest technology change or shift that you’ve personally been involved with? That’s just an open question.

Matt Fowler: 28:51

I like to ask my guests I mean, for me it has to be ai, and so I think the biggest transition we’re living it now, and sometimes when you’re on an exponential curve, it’s hard to understand the change that’s happening.

Michael van Rooyen: 29:04

Yes, that’s true.

Matt Fowler: 29:05

At Myst and now Juniper Myst. We’ve been doing this for now six, seven years and over that time, just to see the impact that just being able to collect the right data, analyze the right data and give insights into that data that alone is mind-blowing for a lot of organizations. What AI can then do on the top of that around removing false positives, assisting non-experts I think we’re really just at the starting point of that and I think, as we’re seeing industry-wide the rapid pace of innovation and the push towards AGI, I think this is an extremely exciting point in the industry.

Michael van Rooyen: 29:46

I completely agree. Take all this time to build this plumbing, this infrastructure. Networks evolve. We’ve all evolved as an industry and you’re right when you’re actually going up as part of the curve, you’re not really looking behind you. Seeing how far we’ve come and how it’s compressing. It is impressive and I completely agree with that, while we’re seeing the shift. Matt, thanks for your time, really good to see you again and appreciate it. Great Thank you.

Subscribe to Securely Connected Everything

Other Podcasts

Season Two
Join the conversation with Daryl Isaac, the tech wizard behind Liquid IT, as he shares an intricate tapestry of tales from the IT frontline, tracing back to the dawn of desktop as a service in New Zealand.
Season Two
How has the COVID-19 pandemic transformed technology demands in critical industries like aviation and education? Join us in a compelling conversation with Mark Hind, Chief Technology Enablement Officer at Air Services Australia.
Season Three
Curious about how data centres are evolving and what it means for the future of tech? We promise you’ll gain valuable insights as we sit down with Jason Gomersall, founder and chief executive director of iSeek.