Juniper Mist Access Assurance

The Juniper Mist Access Assurance cloud service is essential for organizations of all types and sizes that want to protect their network and data from unauthorized access. Any business or institution with a network of multiple users and devices, such as employees, guests, contractors, and IoT devices, can benefit by using Access Assurance to help improve its security posture.

The cloud-native Access Assurance service controls who can access your network using a Zero Trust approach, enforces security policies, and helps guard against malware and other security threats. You can also use it to ensure compliance with regulatory requirements and improve overall network visibility and control.

Access Assurance offers numerous features that help enterprises strengthen network and data security:

• Secure network access control for guest, IoT, BYOD, and corporate devices based on user and device identities: Access Assurance capabilities are delivered using 802.1X authentication or, for non-802.1X devices, the MAC Authentication Bypass (MAB) protocol
• A microservices-based cloud architecture for maximum agility, scalability, and performance: Regional service instances minimize latency for enhanced user experiences
• 100% programmability: Access Assurance supports open APIs for full automation and seamless integration with external SIEM and ITSM systems for both configuration and policy assignment
• Visibility into end-to-end user connectivity and experience levels across the network stack
• Optimized Day 0/1/2 operations through a unified IT management experience across the full network stack, including wired and wireless LAN access

Access Assurance works with a diverse range of both wired and wireless LAN-connected devices and enables administrators to bring them into compliance. Among them are:

• Traditionally managed devices, such as corporate-owned laptops, tablets, and smartphones
• Unattended IoT and other M2M devices
• Manageable but traditionally unmanaged devices, such as user-owned computers and phones (BYOD)
• Shadow IT devices
• Guest devices

Network access control (NAC) is a decades-old security technology for network device onboarding and policy management. However, traditional NAC suffers from architectural challenges. For example, the explosion of different unattended device types, complexities of disaggregated networks, and on-premises NAC implementations expose ever-increasing risks and vulnerabilities.

The cloud-native Juniper Mist Access Assurance solution solves these problems by verifying the following information before allowing a device to connect:

• Who is trying to connect (determined using identity fingerprinting and user context)
• Where the connection is originating, such as a specific site or VLAN 
• What permissions and other access policies are associated with the user and the device attempting to connect
• How the user/device is attempting to establish access and what type of network connection they are using

802.1X is an Ethernet LAN authentication protocol used to provide secure access to a computer network. It’s a standard defined by the Institute of Electrical and Electronics Engineers (IEEE) for port-based network access control. As such, its main purpose is to verify that a device attempting to connect to the network is actually what it claims to be. 802.1X is commonly used in enterprise networks to protect against unauthorized access, enforce security policies, and make sure that data transmitted over the network is secure.

MAB is a network access control protocol that bases a grant or deny decision exclusively on the endpoint’s media access control (MAC) address. It’s often used within the context of a larger, standard 802.1X authentication framework for the subset of devices that don’t support 802.1X client, or supplicant, software, such as M2M/IoT and BYOD devices.