Product Description. Product Overview DATASHEET

Similar documents
FIREFLY HOST. Product Description. Product Overview DATASHEET

JUNOS SCOPE SOFTWARE IP SERVICE MANAGER

WX CENTRAL MANAGEMENT SYSTEM

JUNOS SPACE ROUTE INSIGHT

SOLUTION BROCHURE. Mobility Changes Everything

CONFIGURING THE CX111 FOR THE SSG SERIES

JUNIPER NETWORKS PRODUCT BULLETIN

Protecting Physical and Virtual Workloads

QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS

J-Care Agility Services Advanced Options

Juniper Sky Enterprise

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

Secure Remote Access with Comprehensive Client Certificate Management

JUNOS SPACE. Product Description. Product Overview

JUNIPER CARE SERVICES

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Product Description. Product Overview. Architecture and Key Components of the MAG Series Junos Pulse Gateways

Juniper Sky Advanced Threat Prevention

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

Juniper Networks Certification Program

JUNIPER SKY ADVANCED THREAT PREVENTION

Juniper Networks M Series and J Series Routers

Cluster Upgrade. SRX Series Services Gateways for the Branch Upgrade Junos OS with Minimal Traffic Disruption and a Single Command APPLICATION NOTE

Juniper Networks Adaptive Threat Management Solutions

Symantec Network Access Control Starter Edition

WX Client. Product Description. Product Overview DATASHEET

M120 Class-of-Service Behavior Analysis

Coordinated Threat Control

Symantec Network Access Control Starter Edition

White Paper. Juniper Networks Cloud Security

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

ForeScout ControlFabric TM Architecture

Kaspersky Security for Virtualization Frequently Asked Questions

802.1X: Port-Based Authentication Standard for Network Access

Product Description. Product Overview. Architecture and Key Components of the MAG Series Junos Pulse Gateways

Security Solutions Portfolio

The threat landscape is constantly

Juniper Care Plus Advanced Services Credits

IMPLEMENTING A LAYER 2 ENTERPRISE INFRASTRUCTURE WITH VIRTUAL CHASSIS TECHNOLOGY

Policy Enforcer. Product Description. Data Sheet. Product Overview

J-series Advanced Switching Configuration

One Release. One Architecture. One OS. High-Performance Networking for the Enterprise with JUNOS Software

Product Description. Architecture and Key Components of the MAG Series Junos Pulse Gateways. Product Overview DATASHEET

Dynamic Datacenter Security Solidex, November 2009

System Architecture Overview for THE Juniper Networks SSG500 Line

Guest Access Made Easy

Transit VPC Deployment Using AWS CloudFormation Templates. White Paper

Symantec Network Access Control Starter Edition

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

IBM PowerSC. Designed for Enterprise Security & Compliance in Cloud and Virtualised environments. Highlights

Software-Defined Secure Networks in Action

Extending Enterprise Security to Public and Hybrid Clouds

SDSN: Dynamic, Adaptive Multicloud Security

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

CONFIGURING WEBAPP SECURE TO PROTECT AGAINST CREDENTIAL ATTACKS

Enterprise Guest Access

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

McAfee Public Cloud Server Security Suite

Enterprise & Cloud Security

Juniper Networks M-series and J-series Routers. M10i. Solution Brochure J4350. Internet. Regional Office/ Medium Central Site. Branch Office J2320

WHITE PAPER. Copyright 2010, Juniper Networks, Inc. 1

UNIFIED ACCESS CONTROL

STRM SERIES SECURITY THREAT RESPONSE MANAGERS

Cisco Network Admission Control (NAC) Solution

Symantec Endpoint Protection

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group

WatchGuard XTMv Setup Guide Fireware XTM v11.8

WatchGuard XTMv Setup Guide

Securing Your Amazon Web Services Virtual Networks

The McAfee MOVE Platform and Virtual Desktop Infrastructure

Securing the Software-Defined Data Center

Comprehensive Network Access Control Based on the Network You Have Today. Juniper Networks Unified Access Control

Securing the Virtualized Environment: Meeting a New Class of Challenges with Check Point Security Gateway Virtual Edition

1V0-642.exam.30q.

EX2500 ETHERNET SWITCHES

Symantec Client Security. Integrated protection for network and remote clients.

High-Performance Security Solutions That Work Better Because They Work Together

Cisco NAC Network Module for Integrated Services Routers

Features. HDX WAN optimization. QoS

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

TRUSTED MOBILITY INDEX

NCIRC Security Tools NIAPC Submission Summary Juniper IDP 200

McAfee Cloud Workload Security Product Guide

Securing Your Most Sensitive Data

MULTISERVICE INTERFACE MICS FOR MX SERIES

KEY BENEFITS OF CORRELATING DATA WITH JUNIPER NETWORKS STRM SERIES SECURITY THREAT RESPONSE MANAGERS

IBM Internet Security Systems Proventia Management SiteProtector

McAfee Embedded Control for Retail

IDP SERIES INTRUSION DETECTION AND PREVENTION APPLIANCES

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

Juniper Solutions for Turnkey, Managed Cloud Services

McAfee Embedded Control

Product Description. Product Overview DATASHEET

Securing Your Microsoft Azure Virtual Networks

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

SIEM: Five Requirements that Solve the Bigger Business Issues

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Transcription:

DATASHEET VGW Gateway Product Overview Juniper Networks vgw Gateway is a comprehensive virtualization security solution that includes integrated stateful inspection firewalling, intrusion detection, compliance monitoring and enforcement, as well as on-access and on-demand antivirus scanning. Purpose-built for virtualization, vgw synchronizes with ware vcenter, and uses the safe APIs to provide the highest levels of security and performance. vgw delivers superior protection, throughput, scalability, automated deployment, operational efficiencies, and value for virtualized environments, enabling enterprises to maintain comparable security and regulatory compliance across physical and virtual networks. Product Description Juniper Networks vgw Gateway is a comprehensive virtualization security solution that includes a high-performance, hypervisor-based stateful firewall, integrated intrusion detection system (IDS), and virtualization-specific antivirus for complete virtual network protection. vgw brings forward powerful features that offer layers of defenses and automated security as well as compliance enforcement within virtual networks and clouds. By leveraging virtual machine introspection ( Introspection), coupled with vgw s wide-ranging information about the virtual network environment, vgw creates an extensive database of parameters by which security policies and compliance rules can be defined and enforced. vgw Gateway makes this rich data available in intuitive user interfaces that let administrators build the entire range of policies from corporate rules on global protocol handling (e.g., block Kazaa) to discrete regulatory compliance policies for how virtual machines should be configured (e.g., must have antivirus installed). Compliance assessment and security enforcement happen automatically and in lockstep with changes in the virtual environment. New virtual machines (s), for example, will be scanned and quarantined if out of compliance with policies in effect. The same applies to s whose state changes such that their security posture is weakened (e.g., antivirus protection is turned off). vgw ware safe-certified security operates from deep within the virtualization fabric as part of the hypervisor. Consequently, the software delivers unprecedented levels of security. Security and compliance concerns are top of mind in virtualization and cloud deployments. Juniper s experience and innovative research in virtualization security has resulted in a powerful software suite capable of monitoring and protecting virtualized environments without negatively impacting performance. A hypervisor-based, safecertified virtualization security approach, in combination with x-ray level knowledge of each virtual machine through Introspection, gives vgw a unique vantage point in the virtualized fabric. Here, virtualization security can be applied efficiently and with context about the virtual environment and its state at any given moment. 1

vgw delivers total virtual data center protection and cloud security through visibility, protection, and compliance: Visibility full view to all network traffic flowing between s. Complete and group inventory, including virtual network settings. Deep knowledge of state, including installed applications, operating systems, and patch level, through Introspection. Protection a safe-certified stateful firewall provides access control over all traffic via policies that include which ports, protocols, destination s, etc. should be blocked. Further, an integrated intrusion detection engine inspects packets for the presence of malware or malicious traffic and alerts as appropriate. Finally, virtualization-specific antivirus protections deliver highly efficient on-demand and on-access scanning of disks and files with the ability to quarantine infected entities. Compliance enforcement of corporate and regulatory policies for the presence of required or banned applications via Introspection. Some practical applications of compliance enforcement, such as assurance of segregation of duties, ensure that s are assigned to the right trust zones inside the virtual environment. Pre-built compliance assessment is based on common industry best practices and leading regulatory standards. vgw can also enforce compliance to a gold image with quarantine and alerting for non-compliance, thereby ensuring that deviations from the desired configuration do not create a security risk. Figure 1: A dashboard view of virtual network security and compliance states. Architecture and Key Components Center Physical Server #1 Physical Server #2 Intranet Application Live Migration Database SAP Desktop Desktop 1 2 1 Firewall Firewall Switch Switch Switch Switch NIC NIC Physical Network NIC NIC 1 2 Firewall secure inter- communication, stopping infections. Secure otion by attaching an enforceable policy to the migrating. Figure 2: vgw secures highly dynamic s through change and motion. 2

Features and Benefits ization has brought both economic benefits and new security concerns to enterprises. IT managers often hesitate to virtualize systems with sensitive data or take full advantage of live migration due to security worries. Among their concerns: Undetected and uncontained malware outbreaks or insider attacks in the virtual environment Lack of visibility into, or control of, traffic between s that never touches the physical network Inability to enforce policies that isolate s, prevent sprawl, or secure features like otion ization compliance gaps and audit data holes Increasing network complexity and administrative burden caused by applying legacy VLAN or firewall technology to the virtual environment Cloud Security API Juniper provides an XML-RPC programming interface that lets service providers and large enterprises customize and automate firewall provisioning. Users of the API can efficiently secure virtualization services for internal or external customers while ensuring strict isolation of customer s. Moreover, the API enables customers to integrate virtualization security into their existing provisioning and management systems. Compliance vgw lets administrators, security managers, and compliance auditors define and report on the specific conditions (corporate and regulatory) that constitute compliant operation in their environments. The vgw user interface allows for the building of custom whitelists (desired configurations) and blacklists (unwanted conditions). vgw continuously monitors all s, including all ESX/ESXi hosts and s (even newly created ones), to report on the overall compliance posture of the virtual environment. data center and cloud administrators can see their aggregate compliance posture at a glance, and drill down on each to identify the exact condition that has triggered a noncompliance alert (e.g., in virtual port group, or missing important software like ware tools or backup agents). High Availability Using redundant system components, vgw provides mission critical reliability. Easily deployed standby systems can immediately take over if any of the primary systems fail, ensuring uninterrupted connectivity, security, and policy enforcement. Figure 3: The vgw antivirus allows for on-demand and on-access scanning of s and files. By mitigating security risks in a cost-effective manner, vgw enables enterprises to realize the full potential that virtualization technology has to offer. Automated Deployment and Integration Upon installation, the vgw virtual appliance discovers all guest s through integration with ware vcenter. Unlike using VLANs to isolate s, Juniper s solution is easy to maintain and readily scales as virtualization use grows and new virtual machines are added to the environment. Automated Security vgw automates the application and enforcement of security rules. This is accomplished in two ways. First, vgw allows for the creation of highly detailed security policies that dynamically combine desired conditions from a rich database of virtual infrastructure and information. The dynamic policy groups can then be associated with one or more s. When additional s are created, they can be automatically associated with known groups and policies by matching predefined criteria. Administration overhead is reduced by allowing a build once, apply continuously model to security policy definition and enforcement. High-Performance, Hypervisor-Resident Firewall By processing inspections in the ware hypervisor kernel, vgw provides more than 10 times the throughput of older, bridge mode firewalls running in virtual environments. This optimized safe innovation can increase secured s per host while eliminating network reconfigurations. Firewall protection is continuous as s move from host to host using otion. vgw keeps the live in live migration by maintaining open connections and security throughout the event. Integrated Intrusion Detection The vgw intrusion detection system (IDS) is fully integrated with the virtual firewall. Rule-based IDS enables selective deep packet inspection of allowed traffic for malware suppression, maximizing the host resources available for s. Alerts are generated automatically and stakeholders receive relevant reports. Further, vgw IDS identifies the alert source and provides the mechanism for shutdown. 3

Integrated Antivirus ization-specific antivirus adds another layer of defense against malware (such as viruses, worms, and spyware) with minimal impact on memory and disk. The vgw antivirus engine provides optional on-access and on-demand scanning so that administrators can either choose to scan files in real time or use the completely agent-less offline approach. With numerous options for when and what to scan, organizations can optimize their antivirus scanning mechanisms for performance in the most cost-effective manner by obviating the need to buy licenses for all s or run CPU-intensive applications on hosts. Intuitive and Highly Scalable Central Management The web-based central management console displays real-time views of each virtual machine s operating and security status at a glance. This offers a simple, familiar interface for defining rules and managing policies to support role-based administration, enabling separation of duties. Multi-Center The Multi-Center feature allows vgw to import virtualization information from multiple and even geographically disparate ware vcenters. vgw administrators have the benefit of a singular logical view of the virtualized network, making the configuration of security policies faster and less prone to error. This unique synchronization capability makes vgw the top choice for global organizations and service providers with ever growing virtualized environments that require security at scale. Split-Center Split-Center is available in cases where large-scale virtualized environments especially multi-tenant ones require segregation of a single security management platform into parts that are consistent with unique security policies per tenant. Split-Center allows segmentation of the information contained in one ware vcenter into what are effectively seen as multiple independently managed vgw centers to improve resource isolation for cloud services/multi-tenancy. Logging, Reporting, and Alerts System logging output gives security event management systems insight into virtual network activity. Administrators can print reports of historical traffic data and configure SNMP traps to alert them to selected events. Those events can then be sent via system logs to third-party security products like those specializing in Security Information and Event Management (SIEM) such as Juniper Networks STRM Series Security Threat Response Managers. These products can synthesize vgw log and event information from the virtualized data center with events from other parts of the network in order to get a holistic picture of the entire data center and its security posture. Hypervisor Compliance Monitoring vgw compliance checks extend to the maintenance of the hypervisor and its security posture. The vgw compliance engine can be configured to generate alerts to stakeholders when conditions change on the ESX host such that their impact is understood to increase risk. This type of continuous monitoring ensures that changes to the hypervisor or ESX host configuration and access rights get additional scrutiny and aims at mitigating exposure through erroneous or improper virtual infrastructure administrator action. Introspection Introspection is a groundbreaking approach, analogous to an x-ray of s and the virtual environment from the hypervisor. Introspection enables information gathering about Windows- and Linux-based s, the security of the virtual network, and virtual environment settings without the use of agents. The ability of malware to disable or hide from security agents is a classic unresolved security problem that has plagued the security industry for decades. Not only does vgw incorporate Introspection as part of its security policy definition and enforcement mechanism, but vgw also combines Introspection and antivirus features to offer an innovative new approach to leveraging the hypervisor for an uncompromised x-ray inspection of s, where malware literally has nowhere to hide. By amassing information about the kinds of applications and services running on s, vgw sustains deep knowledge about the internal security state of each virtual system. This information is then made available through the vgw point-and-click dynamic policy editor, so that rules can easily be built to enforce a desired security posture. Figure 4: vgw IDS enables deep packet inspection of traffic for malware suppression. 4

Specifications vgw Security Operating System Appliance Memory: 512 MB Disk Space: 1.5 GB Security Design for vgw Operating System Appliance Memory: 2 GB Disk Space: 11 GB ware vsphere 4.x (ESX/ESXi), vsphere 5.0 Ordering Information For more information about Juniper Networks vgw Gateway, please go to www.juniper.net or contact the nearest Juniper Networks sales representative. Model Number Description VGW-CENTER-1 Central management center VGW-S-ADD-2 Security license for 2 CPU VGW-S-ADD-10 Security license for 10 CPU VGW-S-ADD-20 Security license for 20 CPU VGW-S-ADD-50 Security license for 50 CPU Juniper Networks Services and Support Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit www.juniper.net/us/en/ products-services. VGW-S-ADD-100 VGW-HA-ADD-2 VGW-HA-ADD-10 VGW-HA-ADD-20 VGW-HA-ADD-50 VGW-HA-ADD-100 VGW-IDS-ADD-2 VGW-IDS-ADD-10 VGW-IDS-ADD-20 VGW-IDS-ADD-50 VGW-IDS-ADD-100 VGW-AV-ADD-2 VGW-AV-ADD-10 VGW-AV-ADD-20 VGW-AV-ADD-50 VGW-AV-ADD-100 Security license for 100 CPU High availability license for 2 CPU High availability license for 10 CPU High availability license for 20 CPU High availability license for 50 CPU High availability license for 100 CPU One year IDS subscription for 2 CPU One year IDS subscription for 10 CPU One year IDS subscription for 20 CPU One year IDS subscription for 50 CPU One year IDS subscription for 100 CPU One year antivirus subscription for 2 CPU One year antivirus subscription for 10 CPU One year antivirus subscription for 20 CPU One year antivirus subscription for 50 CPU One year antivirus subscription for 100 CPU About Juniper Networks Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. The company serves customers and partners worldwide. Additional information can be found at www.juniper.net. 5

6

7

Corporate and Sales Headquarters APAC Headquarters EMEA Headquarters To purchase Juniper Networks solutions, Juniper Networks, Inc. 1194 North Mathilda Avenue Juniper Networks (Hong Kong) 26/F, Cityplaza One Juniper Networks Ireland Airside Business Park please contact your Juniper Networks representative at 1-866-298-6428 or Sunnyvale, CA 94089 USA 1111 King s Road Swords, County Dublin, Ireland authorized reseller. Phone: 888.JUNIPER (888.586.4737) Taikoo Shing, Hong Kong Phone: 35.31.8903.600 or 408.745.2000 Phone: 852.2332.3636 EMEA Sales: 00800.4586.4737 Fax: 408.745.2100 Fax: 852.2574.7803 Fax: 35.31.8903.601 www.juniper.net Copyright 2012 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 1000363-006-EN Feb 2012 Printed on recycled paper 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback