Richard,
Nice article. I've provided a clarification on Drew's blog post as well - that (1) SDSN does provide ability to enforce granular and differentiated policy for different end points, and (2) SDSN solution supports security admin workflows in terms of getting notified (using syslog) about infected end points as well as ticket oriented workflows (leveraging log --> ticket creation) is possible today
Srini Nimmagadda
Director Product Management, Juniper