Juniper Sky Advanced Threat Prevention The evolution of malware threat mitigation Nguyễn Tiến Đức ntduc@juniper.net 1
Most network security strategies focus on security at the perimeter only outside in. Is securing the perimeter really enough? Today s Enterprise: Perimeter security model Security layered on top of network Trust model: trust what s inside the network Inline Intrusion Prevention Unified Threat Management Inline Anti-Malware Visibility relies mostly on perimeter firewalls Application Security Data Loss Prevention Evolving threats requires adaptability 2
A Change in Mindset Stop talking about Network Security. Start talking about Secure Networks. Realize threats are everywhere. They are already inside. They walked in your front door Recognize perimeter security isn t enough Detection and Enforcement should be enabled anywhere Acknowledge security is everyone s problem horizontal and vertical 3 Copyright 2015 2014 Juniper Networks, Inc.
Software-Defined Secure Network Policy, Detection & Enforcement Cloud-based Threat Defense Detection Enforcement Threat Intelligence Dynamic and Adaptive Policy Engine Policy Bottoms Up and Top Down Approach Leverage entire network and ecosystem for threat intelligence and detection Your Enterprise Network Detection Enforcement Utilize any point of the network as a point of enforcement Dynamically execute policy across all network elements including third party devices 4
Software-Defined Secure Network Detection Juniper Building Blocks Third Party Cloud Security Feeds SRX Series Security from the Cloud Physical Firewall Detection Security Director Enforcement Juniper Cloud Security Spotlight Secure Threat Intelligence Sky Advanced Threat Prevention Mgmt/UI: Policy, App Visibility, Threat Map, Events MX Series Routers Policy Policy Security Policy Controller Third Party Network Elements Comprehensive suite of products: Centralize and automate security Instant threat intelligence and detection Dynamically adapting policy, deployed in real-time vsrx Virtual Firewall EX & QFX Series Switches Your Enterprise Network Detection Enforcement Consistent firewall capabilities physical and virtual 5
Sky Advanced Threat Prevention Detail Data Feed Distribution (Spotlight Secure) Known C&C Servers C&C Feed GeoIP Infected Host Feed Malware Inspection Content (File) Extraction on SRX Fast Verdicts for In-line Blocking Inspection Pipeline Manager Cache AV and Static Analysis Dynamic Analysis (Sandbox) SRX Events (C&C Hits ) Host Analyzer Identified Malware Log Hits Indicators of Compromise Admin Management and Configuration Service Portal Licensing & Entitlement Config & Mgmnt API Reporting API 6
The ATP verdict chain Staged analysis: combining rapid response and deep analysis Suspect file Suspect files enter the analysis chain in the cloud 1 2 3 4 Cache lookup: (~1 second) Files we ve seen before are identified and a verdict immediately goes back to SRX Anti-virus scanning: (~5 second) Multiple AV engines to return a verdict, which is then cached for future reference Static analysis: (~30 second) The static analysis engine does a deeper inspection, with the verdict again cached for future reference Dynamic analysis: (~7 minutes) Dynamic analysis in a custom sandbox leverages deception and provocation techniques to identify evasive malware 7
Why Cloud? Cloud environments are flexible and massively scalable A shared platform means everyone benefits from new threat intelligence in near real-time Security developers can update their defenses as new attack techniques come to light, with no delay to distribute the threat intel. On-site platforms offer lower efficiency, scalability, efficacy and agility. 8
Sky Advanced Threat Prevention Use Cases Sky ATP Use cases across the deployment spectrum of SRX A. Campus Edge Firewall Protection of end user devices from files downloaded from the Internet Data Center SRX B A C SRX Branch Locations B. Branch Router Protection for split-tunnel deployments SRX C. Data Center Edge Application protection from infected files 9 Campus Locations
Juniper s Security Vision From Network Security to Secure Networks Only one in the industry with building blocks for tomorrow s Software-Defined Secure Network Simplified Policy and Management across all network elements Adaptable Security Solution based on real time threat intelligence information Cost Effective Detection and Enforcement utilizing the entire network to protect you The Juniper Software-Defined Secure Network dynamically adapts to changing threat landscape so you don t have to! 11 Copyright 2015 Juniper Inc Copyright 2014 JuniperNetworks, Networks, Inc.
Thank you