Build a Software-Defined Network to Defend your Business Filip Vanierschot Systems Engineer fvanierschot@juniper.net Kappa Data 2020
Software Defined Secure Networks Juniper s Innovation in Secure Networks Filip Vanierschot Systems Engineer fvanierschot@juniper.net
Juniper Facts
A History Of Innovation
Why is security important?
Security is in Transformation THREAT SOPHISTICATION Zero day attacks Advanced, persistent, targeted attacks Adaptive malware CLOUD Virtualization and SDN Applications, data, management in the cloud Application proliferation INFRASTRUCTURE Hybrid cloud deployments growing Device proliferation and BYOD IoT
Causing Network Security Complexity Multi-vendor, multi-vector solutions deployed Layered on top of the network Security tools lagging behind attacker ingenuity Unmanaged risk to business outcomes and operations App Servers Application Security Unified Threat Management Firewalls Data Loss Prevention Inline Intrusion Prevention LAG Centralized DHCP and other services Inline Anti Prevention Core
Demanding Software Defined Secure Networks AV NGFW Deception IDS Sandbox IPS Analytics NAT Uncoordinated and firewall focused Orchestrated, holistic system encompassing security + infrastructure Global Policy Orchestration, Policy Engine Open and Unified Threat Detection Dynamic, Automated Enforcement
Assembling the parts into a solution PERIMETER & ENDPOINT BASED PERVASIVE HW SW/CLOUD DEFINED MANUAL AUTOMATED CONFIG. ORIENTED USER INTENT CLOSED, SILO OVERLAYS OPEN, STANDARDIZED
SDSN User Intent Policy Model Example Network Configuration User Intent Policy Firewall Rule Tables Access Control Lists Routing Tables & SDN Service Chains Access Control Threat Prevention Compliance Extensibility Automation IP MAC Proto Port Users Devices Sites Applications Meta Data Private Public AD CMDB vcenter Custom Islands of Management Device/Platform specific configurations Tough to automate, challenging compliance Comprehensive Security User Intent Based Policies Native automation and compliance support
SDSN Threat Management Automation Example Manual Threat Workflows Threat Management Automation Feed Feed Incident Response Net-Sec Operations Endpoint Security TKT Malware Found TKT Multiple Teams Threat Detection Enforcement Delays Vendor specific threat feeds Cohesive Threat Management System Automation across Network & Security Open API and 3 rd Party Threat Feed Collation
Software Defined Secure Networks Strategy Cloud-based Threat Defense and Open Intel Platform Detection Enforcement Threat Intelligence Dynamic and Adaptive Policy Engine Policy Bottoms Up and Top Down Approach Leverage entire network and ecosystem for threat intelligence and detection Your Enterprise Network Campus & Branch Detection DC Enforcement Private Cloud Public Cloud Utilize any point of the network as a point of enforcement Dynamically execute policy across all network elements including third party devices
Juniper s Software Defined Secure Network (SDSN) Platform Pervasive, Automated, Intent-driven POLICY Create and centrally manage policy with an intent-based system DETECTION Sky ATP Machine Learning, Analytics, Threat Feeds Third Party UTM & IPS Multiple layers of sensing and detection technologies DETECTION Unify threat intelligence from multiple sources ENFORCEMENT Automatically enforce policy across the infrastructure in site-locations and cloud DETECTION POLICY DETECTION ENFORCEMENT JSA Analytics, Security Director, Policy Enforcer Visibility, Correlation, Automation, Enforcement Infrastructure as a Secure Fabric SRX / vsrx / csrx NG Firewalls: Physical & Virtual EX & QFX Switches MX & PTX Routers Third Party Networking & Security
Juniper s Software Defined Secure Network (SDSN) Platform Artificial Intelligence Automation
Malware Example
SDSN vs. Malware Sky Advanced Threat Prevention Device Quarantined Automation
SDSN Simplified: Network As a Firewall Detection (Machine Learning) Sky Advanced Threat Prevention Cloud 1 2 DETECTION Sandbox w/deception ATP Static Analysis Centralized policy push POLICY Security Director + Policy Enforcer Policy Enforcement, Visibility, Automation DETECTION ENFORCEMENT EX & QFX Switches SRX Physical Firewall Network as a Firewall MX Routers* vsrx Virtual Firewall Third Party Elements* Multi-cloud 4 3 Enforcement
SDSN Portfolio Security Director Policy Enforcer Secure Analytics Sky Advanced Threat Prevention Application Security SSL Inspection Intrusion Prevention User Firewall UTM Management, Visibility, Automation SIEM Advanced Malware Prevention Service Next Gen Security Services 4Gb/s (2 vcpu) 25Gb/s (16 vcpu) 16RU 2Tb/s SRX300 2RU 5.5Gb/s 1RU 5Gb/s vsrx 1RU 20Gb/s csrx* 1RU 40Gb/s 5RU 480Gb/s SRX500 SRX1500 SRX4100 SRX4200 SRX5400 8RU 960Gb/s SRX5600 SRX5800 Branch Campus Data Center Cloud Service Provider Beta*
Ecosystem Partners CASB Access Security Endpoint Security Cloud App Risk Management Visibility and Control Malware and Threat Protection for Cloud Extend Security Policy Context-based BYOD Onboarding Role-based Network Access Assignment Access Control and Enforcement Discovery of All Endpoints Vulnerability and Patch Management Continuous Policy Enforcement Ready to Deploy End to End Security Solutions
Conclusion: Juniper s SDSN is a Security Platform Nature of a Platform Flexible to enable multiple solutions now Extensible to build and deploy future solutions Open to integrate current and future technologies Cloud-based Threat Defense and Open Intel Platform Detection Enforcement Threat Intelligence Your Enterprise Network Detection Enforcement Dynamic and Adaptive Policy Engine Policy
Internet of T. as an example
IoT Applications: Industrial and Consumer Industrial Internet of Things SMART Consumer Internet of Things SMART Factory Network Phone Grid High Performance Highly Scalable Low Latency Highly Secure Wearable Machine TV City Appliances Car Home
IoT History & Forecast - Then, Now and Future First Commercialized Consumer Product - Toaster and coffee maker 2000 Nest Labs Develops First Product - Later acquired by Google for $3.2B 2011 FitBit IPO - Wearables fitness tracker IPO (NYSE:FIT) 2015 1999 2008 2012 2020 Internet of Things First Coined - Conceived by Kevin Ashton at P&G - RFID technologies commercialized Growth in Connected Devices - First time number of devices surpass global population IPv6 Launch - Potential for new IP addresses, enabling the future of IoT Connected Devices to Reach 25 Billion - According to IDC, IoT connected things will account for 60% of total connected devices by 2020
IoT BREACH
SDSN IN ACTION Automation
What about us IoT consumers???
Juniper Networks Information Software Defined Secure Networks http://www.juniper.net/uk/en/solutions/software-defined-secure-networks/ Security Now! Blog https://forums.juniper.net/t5/security-now/bg-p/networkingnow Juniper http://www.juniper.net
THANK YOU Together Strong in a changing world Kappa Data 2020 #KappaData2020