Extending Enterprise Security to Public and Hybrid Clouds

Similar documents
Extending Enterprise Security to Public and Hybrid Clouds

SDSN: Dynamic, Adaptive Multicloud Security

Software-Defined Secure Networks in Action

Juniper Sky Advanced Threat Prevention

JUNIPER SKY ADVANCED THREAT PREVENTION

Juniper Sky Enterprise

Juniper Networks and Aerohive Networks: Cloud-Enabled Solutions for the Enterprise

JUNIPER NETWORKS AND AEROHIVE NETWORKS: CLOUD- ENABLED SOLUTIONS FOR THE ENTERPRISE

Juniper Solutions for Turnkey, Managed Cloud Services

Service Automation Made Easy

SECURE HYBRID CLOUD Solution

JUNIPER NETWORKS PRODUCT BULLETIN

Juniper Unite Cloud-Enabled Enterprise Reference Architecture

Policy Enforcer. Product Description. Data Sheet. Product Overview

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Extending Enterprise Security to Multicloud and Public Cloud

Contrail Networking: Evolve your cloud with Containers

Transit VPC Deployment Using AWS CloudFormation Templates. White Paper

Mitigating Branch Office Risks with SD-WAN

WHITE PAPER. Applying Software-Defined Security to the Branch Office

Cloud-Enable the Enterprise with Junos Fusion

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Juniper Care Plus Advanced Services Credits

Topology-Independent In-Service Software Upgrades on the QFX5100

Building a Software-Defined Secure Network for Healthcare

Cluster Upgrade. SRX Series Services Gateways for the Branch Upgrade Junos OS with Minimal Traffic Disruption and a Single Command APPLICATION NOTE

Move, manage, and run SAP applications in the cloud. SAP-Certified Infrastructure from IBM Cloud

Open Cloud Interconnect: Use Cases for the QFX10000 Coherent DWDM Line Card

Benefits of SD-WAN to the Distributed Enterprise

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Optimizing CloudEnabled Branch with. Juniper Services and Support. Protect and Ensure the Operational Success of Your Juniper Cloud-Enabled Branch

One Release. One Architecture. One OS. High-Performance Networking for the Enterprise with JUNOS Software

Juniper Networks Live-Live Technology

by Cisco Intercloud Fabric and the Cisco

White Paper. Juniper Networks Cloud Security

AWS Reference Design Document

SECURING THE MULTICLOUD

Juniper Sky Advanced Threat Prevention

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Simplify Hybrid Cloud

Reaping the Full Benefits of a Hybrid Network

Total Threat Protection. Whitepaper

Juniper Care Plus Services

JUNIPER OPTIMUM CARE SERVICE

Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

SOLUTION BROCHURE. Mobility Changes Everything

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Network Edge Innovation With Virtual Routing

Instant evolution in the age of digitization. Turn technology into your competitive advantage

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

Disaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture. White Paper

Veritas Backup Exec. Powerful, flexible and reliable data protection designed for cloud-ready organizations. Key Features and Benefits OVERVIEW

ENTERPRISE SECURITY MANAGEMENT. Frederick Verduyckt 20 September 2012

PROTECT WORKLOADS IN THE HYBRID CLOUD

Cisco Start. IT solutions designed to propel your business

MODERNIZE INFRASTRUCTURE

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

Build your own Cloud on Christof Westhues

Security for the Cloud Era

Cisco Cloud Application Centric Infrastructure

REALIZE YOUR. DIGITAL VISION with Digital Private Cloud from Atos and VMware

McAfee Public Cloud Server Security Suite

Securing Your Amazon Web Services Virtual Networks

ING DIRECT turns ideas into revenue faster with Cisco UCS.

Cloud-Enable Your District s Network For Digital Learning

Cloud Computing: Making the Right Choice for Your Organization

A CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management

OUR SECURITY DELIVERED YOUR WAY

Data center interconnect for the enterprise hybrid cloud

Hitachi Enterprise Cloud Container Platform

MyCloud Computing Business computing in the cloud, ready to go in minutes

Juniper Networks Champion Program

Securing Your Microsoft Azure Virtual Networks

SYMANTEC DATA CENTER SECURITY

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Why Converged Infrastructure?

Securing the Software-Defined Data Center

Enabling Network Automation with Junos OS

Cisco Collaborative Knowledge

Overview of the Juniper Networks Mobile Cloud Architecture

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

Easily Managing Hybrid IT with Transformation Technology

Network. Arcstar Universal One

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

Carbonite Availability. Technical overview

Cloud-Enable and Secure Your K-12 Education Network. Juniper Powers Digital Learning with a Simple, Reliable, and Scalable Network

Hitachi Enterprise Cloud Family of Solutions

Simplifying the Branch Network

Best Practices in Securing a Multicloud World

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud

Symantec Cloud Workload Protection

Singtel Managed Virtual Private Cloud powered by VMware. Fits Your Unique Business Needs Perfectly.

Juniper Networks Universal Edge and Access Network for Residential Services

IBM and Juniper Networks

J-Care Agility Services Advanced Options

DISASTER RECOVERY- AS-A-SERVICE FOR VMWARE CLOUD PROVIDER PARTNERS WHITE PAPER - OCTOBER 2017

Benefits of Extending your Datacenters with Amazon Web Services

Deploying Data Center Switching Solutions

Transcription:

Extending Enterprise Security to Public and Hybrid Clouds Juniper Security for an Ever-Evolving Market Challenge Enterprises are increasingly migrating to public or hybrid deployments, creating an immediate need to extend the level of security found in traditional networks to the new cloud landscape. Solution With a broad portfolio of physical and virtual firewalls, centralized single-paneof-glass management, and threat intelligence, Juniper helps enterprises seamlessly secure physical data centers, private clouds, and public clouds by extending simple yet comprehensive protection to the ever-evolving market. Benefits Significant CapEx and OpEx savings through investment protection, lower TCO, and lower learning costs Simple, intuitive management for enforcing and monitoring security across public and hybrid clouds Extension of security policies and technologies used in physical data centers to public and hybrid clouds Reduction in the number of proprietary, feature-limited public cloud elements to deploy and manage The migration to public cloud is accelerating rapidly. In fact, Gartner predicts that the global market for public cloud is expected to reach $204 billion in 2016. This rapid adoption is primarily attributable to the public cloud s ability to deploy across geographies; its flexibility, scalability, and simplicity; and its pay-per-use model and lower upfront costs. However, enterprises with heavy investments in private data centers and concerns about the security of public clouds tend to favor a hybrid approach, leveraging a combination of public clouds and existing physical data centers and private clouds. Regardless, the move to the cloud creates a different risk model that needs to be addressed to ensure the protection of an organization s network. The Challenge No new technology is without its pitfalls, and the cloud is no exception. When data no longer resides behind an on-premises firewall, as is the case with public and hybrid clouds, it introduces new risks that need to be taken into account. Additionally, as customers adopt a multi-cloud approach to ensure access to best-of-breed solutions, the need to centrally manage security policies is more critical than ever. Amazon Web Services (), the most popular public cloud platform, places a significant emphasis on security. Juniper and Amazon have joined forces to augment s defensive capabilities with advanced L7 features such as application firewall, Intrusion Prevention System (IPS), and Advanced Threat Prevention (ATP), providing customers with comprehensive security for their deployments. This joint solution also addresses the needs of traditional physical deployments whose security administrators want to extend their policies to a public, hybrid, or multi-cloud deployment mode. Public Cloud The popularity of public clouds is no longer restricted to the startup world; their adoption has spread across the full business spectrum to include large enterprises as well. While enjoys the majority of cloud provider market share, solutions such as Microsoft s Azure, Google s Google Cloud Platform (GCP), and IBM s SoftLayer are making significant inroads. Other cloud providers such as Oracle Cloud and Rackspace are also gaining market traction. Today, the economics of deploying a physical data center with dedicated administrative staff no longer makes economic sense for most enterprises. Instead, they typically opt for one of the more popular cloud platforms, deploy their infrastructure, and hire DevOps personnel in place of a traditional network/security teams. While DevOps resources offer a mix of development and operational experience, they typically lack security expertise. They are expected to possess good scripting skills and are usually tasked with additional responsibilities such as software build management. Since network security is only a small part of their job description, DevOps individuals need a simple security solution that they can easily configure, monitor, and upgrade. With the rise of infrastructure automation platforms such as Chef and Puppet, programmability is top of mind with every DevOps team and a serious requirement for any security platform. 1

Hybrid Cloud Enterprises that want to move to the cloud but have heavy investments in physical data centers prefer the hybrid cloud model, which allows them to leverage the flexibility and economics of public cloud while maintaining more control. Also, some enterprises are legally required to hold certain data on premise. A hybrid approach allows extremely sensitive data to be stored in private data centers while offloading the rest to the cloud. Migrating to a hybrid cloud is not without its own set of challenges. New security policies must be set up for the public cloud deployment, adding management overhead and introducing discrepancies between the physical data center and the cloud. Additionally, hiring cloud professionals or training existing personnel for cloud security adds to operational expenses and takes time. The Juniper Networks Public and Hybrid Cloud Security Solution Juniper Networks offers a broad portfolio of products that work together to address the unique concerns of securing public and hybrid cloud environments. The major components of this solution are: Juniper Networks SRX Series Services Gateways and Juniper Networks virtual firewall with integrated next-generation and unified threat management (UTM), which deliver: Core firewall functionality with IPsec VPN and featurerich networking services such as NAT and routing Intrusion Prevention System (IPS) 2.0 to detect and block network intrusions Application control and visibility with integrated Juniper Networks AppSecure 2.0 to provide application-level analysis, prioritization, and blocking to safely enable applications Antivirus, antispam, and Web and content filtering with UTM to protect against viruses, spam, and malicious URLs and content Support for Linux KVM, VMware,, and Azure platforms () Sky Advanced Threat Prevention, a cloud-based advanced anti-malware service with dynamic analysis (sandboxing) to protect against sophisticated malware. Integrated with SRX Series and virtual firewalls, Sky Advanced Threat Prevention provides built-in machine learning to improve verdict efficacy and decrease time to remediation. Juniper Networks Junos Space Security Director provides centralized, single-pane-of-glass management to deploy, monitor, and configure security features and polices across all SRX Series and virtual firewalls in the network. Policy Enforcer, a component of Security Director, provides an additional level of centralized intelligence for deploying and enforcing security policies on multivendor network elements such as switches, routers, wi-fi access points, and the like. Security Director includes a customizable dashboard with detailed drill-downs, threat maps, and event logs, providing unprecedented visibility into network security measures. It is also available as a mobile app for Google s Android and Apple s ios systems to enable remote mobile monitoring. User-based firewalls to analyze, log, and enforce access control based on user roles and groups User Firewall Intrusion Prevention Juniper Threat Defense Sky ATP Gateway Unified Threat Management Gateway App Secure Advance Threat Prevention Intrusion VPN Prevention Termination Carrier Class Routing Figure 1: Juniper in a simple public cloud deployment (/Azure) 2

Juniper s Solution for Securing and Simplifying Deployment in the Public Cloud ( and Azure) Let s take a look at a simple deployment comprising one virtual private cloud (VPC) with an gateway and several EC2 instances to explore how the Juniper solutions deliver comprehensive security for the cloud. In a simple cloud deployment, a Juniper Networks virtual firewall can be easily incorporated between the gateway and the VPC, facilitating comprehensive security, routing, and VPN services. Similarly, in a Microsoft Azure deployment, a can be added to the virtual network to facilitate VPN termination and advanced security services. In a more complex cloud deployment, the can fill the roles of paid cloud features such as VPN gateways, NAT gateways, and VPC peering modules. Reallocating these tasks to the dramatically simplifies the topology, reducing the number of elements to manage and delivering better value for the customer. Expanding Juniper Solution to Secure the Hybrid Cloud: Real-World Use Cases The following section looks at the challenges and security requirements of two real-world use cases Enterprise Expansion and Workload Distribution and shows how Juniper solutions address both scenarios. Simple and Secure Juniper Solutions for Enterprise Expansion and Workload Distribution The following Juniper security solutions can be deployed to provide security for enterprise expansion and workload distribution use cases. A virtual firewall is installed in each /Azure deployment to secure the instances and applications in the cloud. An SRX Series device/ virtual firewall connects to the advanced threat defense system, Sky ATP, in the cloud and receives the latest threat information to help detect sophisticated malware. The is also used for IPsec VPN termination, multisite VPN, and NAT gateway functionality to facilitate and complement the /Azure deployment. The gateways in the remote data center branches connect to the SRX Series firewalls at headquarters via IPsec VPN for secure data transportation. Junos Space Security Director centrally manages all security policies across the infrastructure. The virtual firewalls deployed in remote data centers register with Security Director, whether installed at headquarters or in the cloud. Once security policies are pushed to the remote devices, application data is synchronized across all data centers. New security policies are centrally added or updated from Security Director and deployed across all data centers. Use Case 1: Enterprise Expansion Adding new branch offices to a different geography A new e-commerce enterprise with a physical data center in San Francisco wants to expand its global presence and decides to open offices globally. Requirements: The company plans to add three new data centers one each in Europe, APAC, and South America. Employees must be able to access the company s internal resources from their region. Customers need to be redirected to their respective regions. Essential services such as mail, active directory, and file servers are replicated in all data centers, with data being synchronized in real time. Use Case 2: Workload Distribution Distributing workloads across geographical locations A new video-streaming enterprise anticipates more viewers in the U.S. east coast between 7 and 10 p.m. during November and December. Deploying a new physical data center or provisioning a virtual data center in a private cloud can be expensive to facilitate such intermittent usage. Requirements A high-quality user experience in a cost-efficient manner without compromising customer privacy is critical. Content and customer data need to be replicated. The data center must be able to scale higher or lower based on demand. Loss of service due to any failures is unacceptable. Leaking copyrighted content or customer details is unacceptable. 3

Security Director Central Management Policy, App Visibility, Threat Map Data Center SRX Series EC2 EC2 Enterprise Data Center Juniper Threat Defense Sky ATP VM VM Figure 2: Juniper security solutions in a hybrid/multicloud deployment Key Benefits Delivered by Juniper Security Solutions Juniper security solutions deliver the following benefits in a public or hybrid cloud environment. 1. Unified intelligent security The virtual firewall serves as a single point of enforcement. By leveraging security feeds from advance threat intelligence platforms in the cloud, such as Sky Advanced Threat Prevention, the can detect known and unknown threats while enforcing application security, intrusion prevention, and unified threat management. 2. Centralized, simple, and intuitive management Junos Space Security Director provides intuitive and centralized management for monitoring security across entire network. The simple user interface means even new users can quickly become proficient. The mobile Security Director app, available for ios and Android platforms, is accessible to security admins or CIOs who want to monitor security updates in their network remotely. 3. Programmability With a wide range of programmatic APIs supported in Juniper Networks Junos operating system, DevOps resources can easily automate deployment and management activities through simple scripts, streamlining the entire workflow. 4. Lower costs and shorter learning curves The ability to extend the familiar and well-known security policies used in the physical data center to private and public clouds is a critical benefit, allowing enterprises to leverage existing admins to manage cloud infrastructure. There is no need to hire new cloud experts. Summary Juniper Networks security solutions seamlessly extend across public and hybrid clouds without compromising flexibility and manageability. With highly evolved security intelligence and simple, centralized management and automation tools, Juniper makes it easy to monitor and enforce security across existing and new data centers. Next Steps For more information on Juniper Networks security solutions, please visit us at www.juniper.net/us/en/products-services/ security and contact your Juniper Networks representative. 4

About Juniper Networks Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. Our team co-innovates with customers and partners to deliver automated, scalable and secure networks with agility, performance and value. Additional information can be found at Juniper Networks or connect with Juniper on Twitter and Facebook. Corporate and Sales Headquarters Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or +1.408.745.2000 Fax: +1.408.745.2100 www.juniper.net APAC and EMEA Headquarters Juniper Networks International B.V. Boeing Avenue 240 1119 PZ Schiphol-Rijk Amsterdam, The Netherlands Phone: +31.0.207.125.700 Fax: +31.0.207.125.701 EXPLORE JUNIPER Get the App. Copyright 2016 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos and QFabric are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 3510567-005-EN Oct 2017

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback