Software-Define Secure Networks The Future of Network Security for Digital Learning

Similar documents
Zero Trust Security with Software-Defined Secure Networks

Policy Enforcer. Product Description. Data Sheet. Product Overview

Stop Threats Faster. Vaishali Ghiya & Dwann Hall Juniper Networks

Build a Software-Defined Network to Defend your Business

Juniper Sky Advanced Threat Prevention

Software-Defined Secure Networks. Sergei Gotchev April 2016

Software Defined Secure Networks

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

Software-Defined Secure Networks in Action

Security Everywhere Within Juniper Networks Mobile Cloud Architecture. Mobile World Congress 2017

Policy Enforcer. Policy Enforcer Connectors Guide. Modified: Copyright 2018, Juniper Networks, Inc.

Beyond Firewalls: The Future Of Network Security

Juniper Sky Advanced Threat Prevention

JUNIPER SKY ADVANCED THREAT PREVENTION

Cloud-Enable Your District s Network For Digital Learning

Software-Defined Secure Networks (SDSN) Using Third-Party Devices and Aruba ClearPass Policy Manager

Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation

Infrastructure Trends in Education. New Mexico Technology in Education 2016 Conference

Building a Software-Defined Secure Network for Healthcare

SECURING THE MULTICLOUD

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

How Vectra Cognito enables the implementation of an adaptive security architecture

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

JN0-210.juniper. Number: JN0-210 Passing Score: 800 Time Limit: 120 min.

Juniper Unite Cloud-Enabled Enterprise Reference Architecture

Overview of the Juniper Networks Mobile Cloud Architecture

SECURE HYBRID CLOUD Solution

SYMANTEC DATA CENTER SECURITY

Presenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

How-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Avanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Datacenter Security: Protection Beyond OS LifeCycle

The threat landscape is constantly

Rethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Stopping Advanced Persistent Threats In Cloud and DataCenters

AppDefense Cb Defense Configuration Guide. AppDefense Appendix Cb Defense Integration Configuration Guide

ForeScout ControlFabric TM Architecture

Pulse Policy Secure X Network Access Control (NAC) White Paper

Transforming IT: From Silos To Services

WHITE PAPER OCTOBER VMWARE NSX WITH CHECK POINT vsec. Enhancing Micro-Segmentation Security

Security and Compliance for Office 365

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Disclaimer CONFIDENTIAL 2

METAFABRIC ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER

Infoblox as Part of the Ecosystem

Security Everywhere within the Juniper Networks Mobile Cloud Architecture. White Paper

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Network Configuration Example

Overview of the Juniper Mobile Cloud Architecture Laying the Foundation for a Next-gen Secure Distributed Telco Cloud. Mobile World Congress 2017

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Disaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture. White Paper

Securing the Software-Defined Data Center

ClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead

Extending Enterprise Security to Public and Hybrid Clouds

RSA pro VMware. David Matějů. RSA, The Security Division of EMC

Junos Security Bundle, JSEC & AJSEC

VMware Hybrid Cloud Solution

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement

Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller

CYBER ATTACKS DON T DISCRIMINATE. Michael Purcell, Systems Engineer Manager

McAfee Endpoint Threat Defense and Response Family

Enterasys 2B Enterasys Certified Internetworking Engineer(ECIE)

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

Extending Enterprise Security to Public and Hybrid Clouds

ForeScout Extended Module for Carbon Black

align security instill confidence

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Extending Enterprise Security to Multicloud and Public Cloud

FOUR WAYS TO IMPROVE ENDPOINT SECURITY: MOVING BEYOND TRADITIONAL APPROACHES

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

CloudSOC and Security.cloud for Microsoft Office 365

Security Automation Connecting Your Silos

CAMPUS AND BRANCH RECAP. Ralph Wanders Consulting Systems Engineer

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

CLEARPASS EXCHANGE. Open third party integration for endpoint controls, policy and threat prevention SOLUTION OVERVIEW MAKE BETTER-INFORMED DECISIONS

Cisco Secure Access Control

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Borderless Networks. Tom Schepers, Director Systems Engineering

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Intelligent Edge Protection

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Where is the Network Edge? MEC Deployment Options, Business Case & SDN Considerations

Journey to Secure and Automated Multi-cloud

with Advanced Protection

Transforming the Network for the Digital Business

Forescout. Configuration Guide. Version 2.4

Bromium: Virtualization-Based Security

2018 Edition. Security and Compliance for Office 365

DISASTER RECOVERY- AS-A-SERVICE FOR VMWARE CLOUD PROVIDER PARTNERS WHITE PAPER - OCTOBER 2017

1V0-642.exam.30q.

Strategies for a Successful Security and Digital Transformation

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

Transcription:

Software-Define Secure Networks The Future of Network Security for Digital Learning SIGS, 5.Juli 2015 Klaus Ernst, Systems Engineer Juniper Networks

Threat Landscape Feels like Treading Water 2017 IT Priorities Mobile Learning Broadband & Network Capacity Cyber Security High Risk Top Security Concerns Phishing Denial of Service Ransomware Source: CoSN IT Leadership Survey Source: CoSN Infrastructure Survey

Network Security Today Inline Intrusion Prevention Unified Threat Management Layered on top of the networkbuilt on perimeter model Outside (Untrusted) Internal (Trusted) Data Loss Prevention Designed to trust inside activity. Easy Lateral Threat Propagation Limited Threat Visibility. Relies mostly on traditional firewalls for data and insight Application Security Advanced Threat Prevention Today s network security is inadequate to effectively detect and stop evolving threats

Traditional infrastructure and network security today Network Security today follows a UNTRUST / TRUST Model Sally School District Network

Traditional infrastructure and network security today Network Security today follows a UNTRUST / TRUST Model Network compromised workflow Sally School District Network

Software Defined Secure Network Delivers Zero Trust Security Model Perimeter Secure Network Outside (Untrusted) Simplified Security Policy Block Lateral Threat Propagation Internal (Also Untrusted) Comprehensive Visibility

SDSN Phase-1 Recap

Campus Network: Infected Host Workflow CAMPUS Internet SRX Series Cluster 3 rd Party Feeds SKY ATP POLICY Policy defined in Policy Engine Infected Hosts with Threat Level >8 should be quarantined Core / Distribution SRX Policy & Feeds SD ND Threat Feeds SDSN Policy Engine DETECTION Sky ATP Threat Feeds Custom Feeds (e.g: Attivo, Vectra) Access Switch ACLs ENFORCEMENT Access and aggregation switches quarantine infected host SRX policy enforcement Block Port or Q-VLAN

SDSN Threat Remediation Use Case Manual Threat Workflows Automated Threat Remediation Feed Feed Incident Response Net-Sec Operations Endpoint Security TKT Malware Found TKT Multiple Teams Threat Detection Enforcement Delays Vendor specific threat feeds Cohesive Threat Management System Automation across Network & Security Open API and 3 rd Party Threat Feed Collation

SDSN Phase-1 (FRS 2016) Use Case: Threat Remediation of infected hosts DETECTION Sky ATP Known & Day-0 Malware analysis, Sandboxing, Infected Host identification, Command & Control, GeoIP POLICY Simplified Threat Remediation Policy (Block, Quarantine, Track) defined in Security Director Policy Enforcer ENFORCEMENT Juniper: SRX, vsrx, EX and QFX Key Features Security Fabric including Firewalls and Switches Infected Host Blocking Perimeter Firewall level for north south traffic EX/QFX switches to protect from lateral movement of threats Infected Host Tracking Track infected host movement in network, and Quarantine or block infected hosts even if IP address changes Customer Benefits Automates threat remediation workflows Real-time remediation of infected hosts Reduced time to remediate = Reduced exposure to attacks Leverage Network (EX/QFX) and Firewall (SRX/vSRX) to take remediation actions to address lateral movement of attacks inside the network in addition to limiting attacks from outside world

SDSN Phase-2 Overview

Threat Remediation Enhancements Use Case: 3 rd Party Switch and Wireless Support ENFORCEMENT Juniper: SRX, vsrx, QFX and EX (+Fusion Support) 3 rd Party: Access Switches with Radius(AAA) configured SKY ATP 3 rd Party Access Switch Radius messages Policy Enforcer Connector Framework 3 rd Party Connector Wireless: WLCs with Radius(AAA) configured Key Features Security Fabric to support 3 rd party switches and wireless Infected Host Blocking Juniper & 3 rd party switches to protect from lateral movement of threats Infected Host Tracking Track infected host movement in network, and Quarantine or block infected hosts even if IP address changes Radius Server Customer Benefits Automates threat remediation workflows Real-time remediation of infected hosts Reduced time to remediate = Reduced exposure to attacks Network vendor agnostic mechanism for threat remediation

SDSN Phase 2 Multi Vendor support SKY ATP Policy Enforcer Policy Controller Feed Collector Multi Vendor Wired and Wireless support EX/QFX SRX Cisco S/W EX/Cisco Radius Access Server Juniper 3 rd Party Wireless Connector Framework Connector API Junos Space SW Micro 3 rd Party SW Connector ForeScout Connector Cloud Feed Server 3 rd Party Feed Server Security Fabric including SRX Firewalls Juniper or Third Party Switches Wireless Components Threat Intelligence from SKY ATP Cloud Feeds Third Party Feeds Infected Host Tracking and Enforcement in one of these modes: On Juniper Switches natively via Junos Space S/W Micro Service On 3 rd Party /Juniper Switches and Wireless Access Controller via AAA Server (802.1X). On third party wired and wireless access infrastructure via ForeScout integration.

EX/QF X SDSN in a non Juniper Switched Network 2 SRX Cisco S/W 1 7 SKY ATP 6 EX/Cisco 3 Radius Access Server Juniper 3 rd Party Wireless 5 Policy Enforcer Policy Controller Connector Framework Connector API 3 rd Party SW Connector 4 Feed Collector Cloud Feed Server Remote Feed Server 1. End user authenticates to network via 802.1x or mac authentication 2. Sky detects End Point getting the infected 3. Policy Enforcer downloads the Infected Host Feed. 4. PE enforces the Infected Host policy with the 3 rd Party SW Connector calling the generic API 5. 3 rd Party Connector queries AAA Server for Endpoint details for Infected Host IP initiates CoA for the Infected Host mac. 6. CoA action could be block or quarantine vlan. 7. Enforcement happens on the NAC device End Point authenticated on. 8. Policy enforcer Communicated the end host details back to sky

SDSN Phase-2 Open Eco-System

Custom Feed API Support Use Case: Threat Remediation of infected hosts leveraging 3 rd party threat feeds DETECTION (Phase-1) Sky ATP Command and Control Infected Host SKY ATP Policy Enforcer Sky Feeds Feed Collector Remote Feed Server Feed API Poll for updates 3 rd Party Feeds ENHANCED DETECTION (Phase-2) Now supports 3 rd Party Feeds Blacklist Whitelist Dynamic Address Infected Host Feed Server Key Features Blacklist: Entities in blacklist always get blocked by SRX Whitelist: Entities in whitelist always get accepted by SRX Dynamic Address: Entities in Dynamic Address Group can be used in firewall policy of SRX Infected Host: Threat Prevention Policy enforced for entities identified as infected hosts Customer Benefits Enables customers to leverage existing, trusted threat feed sources to take threat remediation actions w/ Policy Enforcer Flexible mechanisms to synchronize threat information Push to PE with Threat Feed API, or Configure PE to poll from remote feed server

Infected Host Feed 1. Adds supported for 3 rd Party Infected Host Feed 2. IH Feed can be 1. Local File 2. Remote Feed server POST <context>/api/v1/controller/customfeeds/<feedtype>/param/<inputt ype>/<name> 3.. APIs to push IH feeds to PE. Body: "customfeed": { "domain": "SD domain name", "description": "infected IPs", "content": {"add": ["1.2.3.4","2.3.4.5"], {"delete": ["1.3.4.5"]} }

SDSN Phase-2 Vmware NSX Integration

NSX Integration Initial vsrx Provisioning Cloud Admin NSX Manager 1 SD Policy Enforcer Security Admin 0 NSX deployed and SD/PE installed 1 SD Registers vsrx Service w/ NSX 2 4 2 NSX provisions vsrx on all NSX hosts 3 VM VM vsrx VM VM vsrx 3 NSX provisions vsrx redirection rules DFW DFW DFW DFW vsrx vsrx vsrx vsrx 4 SD provisions licenses & default policy for vsrx NSX Virtual Switch ESXi Host-1 NSX Virtual Switch ESXi Host-2 Initial Provisioning Complete vsrx sees no traffic at this stage ToR Switch

Workflow Integrating vcenter and NSX Manager

Workflow Auto import NSX Security Groups as Dynamic Address Groups

SDSN Phase-2: Summary Pervasive Security, Without Complexity SDSN Vision Phase-2 Juniper SRX & Sky ATP Juniper, 3 rd Party Switching & Wireless Vmware NSX for Private Cloud Threat Remediation & Micro-segmentation

Change in Mindset Hardware defined Perimeter Manual enforcement Configuration driven Closed ecosystem Software/cloud defined Pervasive Automated Business driven Open framework

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback