Post on 14-May-2022
1 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Juniper Networks Supply Chain and Product Integrity
Presented to:
Brad Minnis, CPP
Sr. Director, Corporate Security
May 12, 2011
2011 Annual IEEE CQR International Workshop
2 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Juniper Networks Product Integrity Program Mission
Ensure the integrity of Juniper’s products throughout their lifecycle by understanding and minimizing the risk of the
insertion of intentional and unintentional vulnerabilities into our products during sourcing, development,
manufacturing and distribution.
3 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Juniper Networks Product Integrity Program Focus
CONNECTED PROTECTION STRATEGY
Provides an innovative framework to ensure the integrity of Juniper Networks’
products by employing Security Best Practices at all stages of the product lifecycle
SILICON SYSTEMS SOFTWARE
4 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Areas of Strategic FocusProtect the Product at all Stages of the Product Lifecycle
ESTABLISH PRODUCT PROTECTION STRATEGY
SECURITY SUPPORT YOU CAN RELY ON
Security
Research
Trusted/VettedPartners
Security StdsImplemented
Component Integrity Stds
IncidentResponse
CommunicationGlobal Threat
MonitoringMarket
Monitoring
Code ofConduct
SecurityAssessments
Contracts & Requirements
PartnerSelection
Technology Features
Secure DevEnvironment
Research and Intelligence
IMPLEMENT BEST PRACTICES FOR PREVENTION
INVOLVE PARTNERS IN THE SECURITY PROCESS
SALES CHANNELS
Development
Supply Chain
Concept and Feasibility
After Sales
Support
Distribution
IP Security Standards
Education & Awareness
Software Integrity Ass.
Education & Awareness
Communication
Market ProfileRisk
AssessmentProtection
PlanTraceabilityStandards
ContinualImprovement
5 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Critical for Success
Individual product line ownership in a manner similar to corporate safety or quality processes
Education and Awareness conducted at all levels of the product lifecycle – both internal and external
Integrity Best Practices are integrated as a normal course of business - not something to do after you have a problem or find counterfeits and gray market products in the channel…and then call it “Brand Protection”…
Close communication and collaboration between Juniper, our partners and suppliers, and our customers in the security and integrity process
Leadership positions in industry coalitions which enhance integrity efforts
6 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
Industry Security Leadership
• Critical Partnerships and Alliances
• NSTAC, NSIE (U.S.A.)
• CPNI (U.K.)
• Chair, U.S. IT Sector Coordinating Council, National Plan for Critical Infrastructure and Key Resource Protection
• Coalition Against Counterfeiting and Piracy – U.S. Chamber of Commerce
• AGMA (Alliance for the Abatement of Counterfeiting and Gray Marketing)
• Software Assurance Forum for Excellence in Code (SAFECode)
• Enduring Security Framework (U.S.A.)
• ISMA Counterfeit Special Interest Group Leadership
• Overseas Security Advisory Council (OSAC) U.S. Dept. of State
• InfraGuard
• OSAC Pan Asia Regional Security Council
• Focus on High Performance Networking
7 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
What are the Results?
NO evidence of counterfeit Juniper products in the marketplace,
for more than five years.
� Previous incident relating to Netscreen 5GT firewalls in 2006
Minimal Gray Market issues
� Most reports are related to companies selling used or refurbished
gear
Close security partnership and cooperation between Juniper and
our partners both supply chain and sales/distribution
Security performance improvement by our supply chain partners
year over year for the past three years
Crisp intelligence and communications with our partners
8 Copyright © 2009 Juniper Networks, Inc. www.juniper.net
What Our Customers Should Know
Who you are purchasing your products from:
Authorized or not by the Manufacturer?
Where are THEY sourcing the product from?
Require them by contract to source only from authorized channels
Ask for documentation of product origin and who has touched the product during the distribution process
Confirm the legitimacy of the product with the manufacturer
Most can track products through to the customer
9 Copyright © 2009 Juniper Networks, Inc. www.juniper.net 9 Copyright © 2009 Juniper Networks, Inc. www.juniper.net