FIREFLY HOST. Product Description. Product Overview DATASHEET

Similar documents
Product Description. Product Overview DATASHEET

Juniper Sky Enterprise

JUNIPER NETWORKS PRODUCT BULLETIN

Juniper Sky Advanced Threat Prevention

White Paper. Juniper Networks Cloud Security

JUNIPER SKY ADVANCED THREAT PREVENTION

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

Cluster Upgrade. SRX Series Services Gateways for the Branch Upgrade Junos OS with Minimal Traffic Disruption and a Single Command APPLICATION NOTE

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Juniper Care Plus Advanced Services Credits

Transit VPC Deployment Using AWS CloudFormation Templates. White Paper

JUNOS SCOPE SOFTWARE IP SERVICE MANAGER

Software-Defined Secure Networks in Action

Policy Enforcer. Product Description. Data Sheet. Product Overview

Extending Enterprise Security to Public and Hybrid Clouds

WX CENTRAL MANAGEMENT SYSTEM

SDSN: Dynamic, Adaptive Multicloud Security

Juniper Solutions for Turnkey, Managed Cloud Services

Symantec Network Access Control Starter Edition

Contrail Networking: Evolve your cloud with Containers

CONFIGURING WEBAPP SECURE TO PROTECT AGAINST CREDENTIAL ATTACKS

Topology-Independent In-Service Software Upgrades on the QFX5100

Symantec Network Access Control Starter Edition

ForeScout ControlFabric TM Architecture

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

The threat landscape is constantly

Kaspersky Security for Virtualization Frequently Asked Questions

Protecting Physical and Virtual Workloads

JUNOS SPACE ROUTE INSIGHT

JUNIPER OPTIMUM CARE SERVICE

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Service Automation Made Easy

Symantec Network Access Control Starter Edition

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Dynamic Datacenter Security Solidex, November 2009

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

Securing Your Amazon Web Services Virtual Networks

Juniper Networks Live-Live Technology

Juniper Networks and Aerohive Networks: Cloud-Enabled Solutions for the Enterprise

Deploying Data Center Switching Solutions

Instant evolution in the age of digitization. Turn technology into your competitive advantage

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

McAfee Public Cloud Server Security Suite

WHITE PAPER: BEST PRACTICES. Sizing and Scalability Recommendations for Symantec Endpoint Protection. Symantec Enterprise Security Solutions Group

Securing Your Most Sensitive Data

Enterprise & Cloud Security

JUNIPER NETWORKS AND AEROHIVE NETWORKS: CLOUD- ENABLED SOLUTIONS FOR THE ENTERPRISE

Features. HDX WAN optimization. QoS

WatchGuard XTMv Setup Guide

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY

WatchGuard XTMv Setup Guide Fireware XTM v11.8

VM-SERIES FOR VMWARE VM VM

Securing Your Microsoft Azure Virtual Networks

Cloud-Enable the Enterprise with Junos Fusion

SOLUTION BROCHURE. Mobility Changes Everything

Extending Enterprise Security to Public and Hybrid Clouds

Securing the Virtualized Environment: Meeting a New Class of Challenges with Check Point Security Gateway Virtual Edition

IBM Internet Security Systems Proventia Management SiteProtector

Cisco Network Admission Control (NAC) Solution

The McAfee MOVE Platform and Virtual Desktop Infrastructure

Symantec Endpoint Protection

VMware vsphere 4. The Best Platform for Building Cloud Infrastructures

Symantec Client Security. Integrated protection for network and remote clients.

Securing the Software-Defined Data Center

Enterprise Guest Access

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

McAfee Embedded Control

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

5 Mistakes Auditing Virtual Environments (You don t Want to Make)

ForeScout Extended Module for Carbon Black

ExtremeWireless WiNG NX 9500

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

NX 9500 INTEGRATED SERVICES PLATFORM SERIES FOR THE PRIVATE CLOUD

Symantec Network Security 7100 Series

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Securing the Data Center against

VMware vsphere 4 and Cisco Nexus 1000V Series: Accelerate Data Center Virtualization

Juniper Care Plus Services

Juniper Networks Adaptive Threat Management Solutions

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

Firefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2. Tuncay Seyran

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Endpoint Security and Virtualization. Darren Niller Product Management Director May 2012

J-Care Agility Services Advanced Options

1V0-642.exam.30q.

SYMANTEC DATA CENTER SECURITY

QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS

McAfee Cloud Workload Security Product Guide

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

TALK. agalaxy FOR THUNDER TPS REAL-TIME GLOBAL DDOS DEFENSE MANAGEMENT WITH A10 DATA SHEET DDOS DEFENSE MONITORING AND MANAGEMENT

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

AppDefense Getting Started. VMware AppDefense

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

IBM PowerSC. Designed for Enterprise Security & Compliance in Cloud and Virtualised environments. Highlights

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Transcription:

DATASHEET FIREFLY HOST Product Overview Juniper Networks Firefly Host is a comprehensive virtualization security solution that includes integrated stateful inspection firewalling, intrusion detection, compliance monitoring and enforcement, as well as on-access and on-demand antivirus scanning. Purpose-built for virtualization, Firefly Host synchronizes with ware vcenter to provide the highest levels of security and performance. Firefly Host delivers superior protection, throughput, scalability, automated deployment, operational efficiencies, and value for virtualized environments, enabling enterprises to maintain comparable security and regulatory compliance across physical and virtual networks. Product Description Juniper Networks Firefly Host * is a comprehensive virtualization security solution that includes a high-performance, hypervisor-based stateful firewall, integrated intrusion detection system (IDS), virtualization-specific antivirus protection, and unrivaled scalability for managing multi-tenant cloud security. Firefly Host brings forward powerful features that offer layers of defenses and automated security as well as compliance enforcement within virtual networks and clouds. By leveraging virtual machine introspection ( Introspection), coupled with Firefly Host s wide-ranging information about the virtual network environment, Firefly Host creates an extensive database of parameters by which security policies and compliance rules can be defined and enforced. Firefly Host makes this rich data available in intuitive user interfaces that let administrators build the entire range of policies from corporate rules on global protocol handling (e.g., block Kazaa) to discrete regulatory compliance policies for how virtual machines should be configured (e.g., must have antivirus installed). Compliance assessment and security enforcement happen automatically and in lockstep with changes in the virtual environment. New virtual machines (s), for example, will be scanned and quarantined if out of compliance with policies in effect. The same applies to s whose state changes such that their security posture is weakened (e.g., antivirus protection is turned off). Firefly Host security operates from deep within the virtualization fabric as part of the hypervisor. Consequently, the software delivers unprecedented levels of security. Security and compliance concerns are top of mind in virtualization and cloud deployments. Juniper s experience and innovative research in virtualization security have resulted in a powerful software suite capable of monitoring and protecting virtualized environments without negatively impacting performance. A hypervisor-based virtualization security approach, in combination with x-ray level knowledge of each virtual machine through Introspection, gives Firefly Host a unique vantage point in the virtualized fabric. Here, virtualization security can be applied efficiently and with context about the virtual environment and its state at any given moment. *Formerly vgw Gateway

Firefly Host delivers total virtual data center protection and cloud security through visibility, protection, and compliance: Visibility full view to all network traffic flowing between s. Complete and group inventory, including virtual network settings. Deep knowledge of state, including installed applications, operating systems, and patch level, through Introspection. Protection a stateful firewall provides access control over all traffic via policies that include which ports, protocols, destination s, etc. should be blocked. Further, an integrated intrusion detection engine inspects packets for the presence of malware or malicious traffic and alerts as appropriate. Finally, virtualizationspecific antivirus protections deliver highly efficient on-demand and on-access scanning of disks and files with the ability to quarantine infected entities. Compliance enforcement of corporate and regulatory policies for the presence of required or banned applications via Introspection. Some practical applications of compliance enforcement, such as assurance of segregation of duties, ensure that s are assigned to the right trust zones inside the virtual environment. Pre-built compliance assessment is based on common industry best practices and leading regulatory standards. Firefly Host can also enforce compliance to a gold image with quarantine and alerting for non-compliance, thereby ensuring that deviations from the desired configuration do not create a security risk. Figure : A dashboard view of virtual network security and compliance states. Architecture and Key Components Center Physical Server # Physical Server #2 Intranet Application Live Migration Database SAP Desktop Desktop 2 Firewall Firewall Physical Network 2 Firewall secure inter- communication, stopping infections. Secure otion by attaching an enforceable policy to the migrating. Figure 2: Firefly Host secures highly dynamic s through change and motion. 2

Features and Benefits ization has brought both economic benefits and new security concerns to enterprises. IT managers often hesitate to virtualize systems with sensitive data or take full advantage of live migration due to security worries. Among their concerns: Undetected and uncontained malware outbreaks or insider attacks in the virtual environment Lack of visibility into, or control of, traffic between s that never touches the physical network Inability to enforce policies that isolate s, prevent sprawl, or secure features like otion ization compliance gaps and audit data holes Increasing network complexity and administrative burden caused by applying legacy VLAN or firewall technology to the virtual environment Figure 3: The Firefly Host antivirus allows for on-demand and onaccess scanning of s and files. By mitigating security risks in a cost-effective manner, Firefly Host enables enterprises to realize the full potential that virtualization technology has to offer. Automated Deployment and Integration Upon installation, the Firefly Host virtual appliance discovers all guest s through integration with ware vcenter. Unlike using VLANs to isolate s, Juniper s solution is easy to maintain and readily scales as virtualization use grows and new virtual machines are added to the environment. Automated Security Firefly Host automates the application and enforcement of security rules. This is accomplished in two ways. First, Firefly Host allows for the creation of highly detailed security policies that dynamically combine desired conditions from a rich database of virtual infrastructure and information. The dynamic policy groups can then be associated with one or more s. When additional s are created, they can be automatically associated with known groups and policies by matching predefined criteria. Administration overhead is reduced by allowing a build once, apply continuously model to security policy definition and enforcement. Cloud Security API Juniper provides an XML-RPC programming interface that lets service providers and large enterprises customize and fully automate firewall provisioning lifecycle. This includes the ability to auto secure and un secure s without requiring administrator or tenant intervention. Users of the API can efficiently secure virtualization services for internal or external customers while ensuring strict isolation of customer s. Moreover, the API enables customers to integrate virtualization security into their existing provisioning and management systems. Firewall Enforcement and Management for IPv6 Many organizations are now required or even governmentmandated to support IPv6. Firefly Host offers firewall enforcement and management channel support for both IPv6 and IPv4 so that users can load either protocol on their s. This is critical for service providers who want to capitalize on the lead time to IPv6 adoption and ensure they can secure a mixed-mode IPv4/IPv6 network, as well as for any customer transitioning to IPv6 for more efficient routing and packet processing, multicast support, and other new and valuable services that enable faster content delivery. Compliance Firefly Host lets administrators, security managers, and compliance auditors define and report on the specific conditions (corporate and regulatory) that constitute compliant operation in their environments. The Firefly Host user interface allows for the building of custom whitelists (desired configurations) and blacklists (unwanted conditions). Firefly Host continuously monitors all s, including all ESX/ESXi hosts and s (even newly created ones), to report on the overall compliance posture of the virtual environment. data center and cloud administrators can see their aggregate compliance posture at a glance, and drill down on each to identify the exact condition that has triggered a noncompliance alert (e.g., in virtual port group, or missing important software like ware tools or backup agents). High Availability Using redundant system components, Firefly Host provides mission critical reliability. Easily deployed standby systems can immediately take over if any of the primary systems fail, ensuring uninterrupted connectivity, security, and policy enforcement. High-Performance, Hypervisor-Resident Firewall By processing inspections in the ware hypervisor kernel, Firefly Host provides more than 0 times the throughput of older, bridge mode firewalls running in virtual environments. This optimized innovation can increase secured s per host while eliminating network reconfigurations. Firewall protection is continuous as s move from host to host using otion. Firefly Host keeps the live in live migration by maintaining open connections and security throughout the event. Integrated Intrusion Detection The Firefly Host intrusion detection system (IDS) is fully integrated with the virtual firewall. Rule-based IDS enables selective deep packet inspection of allowed traffic for malware suppression, maximizing the host resources available for s. Alerts are generated automatically and stakeholders receive relevant reports. Further, Firefly Host IDS identifies the alert source and provides the mechanism for shutdown. 3

Integrated Antivirus ization-specific antivirus adds another layer of defense against malware (such as viruses, worms, and spyware) with minimal impact on memory and disk. The Firefly Host antivirus engine provides optional on-access and on-demand scanning so that administrators can either choose to scan files in real time or use the completely agent-less offline approach. With numerous options for when and what to scan, organizations can optimize their antivirus scanning mechanisms for performance in the most cost-effective manner by obviating the need to buy licenses for all s or run CPU-intensive applications on hosts. Intuitive and Highly Scalable Central Management The web-based central management console displays real-time views of each virtual machine s operating and security status at a glance. This offers a simple, familiar interface for defining rules and managing policies to support role-based administration, enabling separation of duties. Multi-Center The Multi-Center feature allows Firefly Host to import virtualization information from multiple and even geographically disparate ware vcenters. Firefly Host administrators have the benefit of a singular logical view of the virtualized network, making the configuration of security policies faster and less prone to error. This unique synchronization capability makes Firefly Host the top choice for global organizations and service providers with ever growing virtualized environments that require cost-effective security at scale. Split-Center Split-Center is available in cases where large-scale virtualized environments especially multi-tenant ones require segregation of a single security management platform into parts that are consistent with unique security policies per tenant. Split-Center allows for logical segmentation of the data contained in one ware vcenter into what are effectively seen as multiple independently managed Firefly Host centers to improve resource isolation for cloud services/multi-tenancy. Based on the granularity of control they require, administrators can set up management domains that consist of: the entire vcenter; multiple data centers within the vcenter; or multiple clusters of hosts within the vcenter. Logging, Reporting, and Alerts System logging output gives security event management systems insight into virtual network activity. Administrators can print reports of historical traffic data and configure SNMP traps to alert them to selected events. Those events can then be sent via system logs to third-party security products like those specializing in Security Information and Event Management (SIEM) such as Juniper Networks STRM Series Security Threat Response Managers. These products can synthesize Firefly Host log and event information from the virtualized data center with events from other parts of the network in order to get a holistic picture of the entire data center and its security posture. Hypervisor Compliance Monitoring Firefly Host compliance checks extend to the maintenance of the hypervisor and its security posture. The Firefly Host compliance engine can be configured to generate alerts to stakeholders when conditions change on the ESX host such that their impact is understood to increase risk. This type of continuous monitoring ensures that changes to the hypervisor or ESX host configuration and access rights get additional scrutiny and aims at mitigating exposure through erroneous or improper virtual infrastructure administrator action. Introspection Introspection is a groundbreaking approach, analogous to an x-ray of s and the virtual environment from the hypervisor. Introspection enables information gathering about Windowsand Linux-based s, the security of the virtual network, and virtual environment settings without the use of agents. The ability of malware to disable or hide from security agents is a classic unresolved security problem that has plagued the security industry for decades. Not only does Firefly Host incorporate Introspection as part of its security policy definition and enforcement mechanism, but Firefly Host also combines Introspection and antivirus features to offer an innovative new approach to leveraging the hypervisor for an uncompromised x-ray inspection of s, where malware literally has nowhere to hide. By amassing information about the kinds of applications and services running on s, Firefly Host sustains deep knowledge about the internal security state of each virtual system. This information is then made available through the Firefly Host pointand-click dynamic policy editor, so that rules can easily be built to enforce a desired security posture. Figure 4: Firefly Host IDS enables deep packet inspection of traffic for malware suppression. 4

Specifications Firefly Host Security Operating System Appliance Memory: 52 MB Disk Space: 2.0 GB Security Design for Firefly Host Operating System Appliance Memory: 2 GB Disk Space: GB ware vsphere 4.x (ESX/ESXi), vsphere 5.x Ordering Information For more information about Juniper Networks Firefly Host, please go to www.juniper.net or contact the nearest Juniper Networks sales representative. Model Number Description VGW-CENTER- Central management center VGW-S-ADD-2 Security license for 2 CPU VGW-S-ADD-0 Security license for 0 CPU VGW-S-ADD-20 Security license for 20 CPU VGW-S-ADD-50 Security license for 50 CPU Juniper Networks Services and Support Juniper Networks is the leader in performance-enabling services that are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to maximize operational efficiency while reducing costs and minimizing risk, achieving a faster time to value for your network. Juniper Networks ensures operational excellence by optimizing the network to maintain required levels of performance, reliability, and availability. For more details, please visit www.juniper.net/us/en/ products-services. VGW-S-ADD-00 VGW-HA-ADD-2 VGW-HA-ADD-0 VGW-HA-ADD-20 VGW-HA-ADD-50 VGW-HA-ADD-00 VGW-IDS-ADD-2 VGW-IDS-ADD-0 VGW-IDS-ADD-20 VGW-IDS-ADD-50 VGW-IDS-ADD-00 VGW-AV-ADD-2 VGW-AV-ADD-0 VGW-AV-ADD-20 VGW-AV-ADD-50 VGW-AV-ADD-00 Security license for 00 CPU High availability license for 2 CPU High availability license for 0 CPU High availability license for 20 CPU High availability license for 50 CPU High availability license for 00 CPU One year IDS subscription for 2 CPU One year IDS subscription for 0 CPU One year IDS subscription for 20 CPU One year IDS subscription for 50 CPU One year IDS subscription for 00 CPU One year antivirus subscription for 2 CPU One year antivirus subscription for 0 CPU One year antivirus subscription for 20 CPU One year antivirus subscription for 50 CPU One year antivirus subscription for 00 CPU About Juniper Networks Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. The company serves customers and partners worldwide. Additional information can be found at www.juniper.net. 5

Corporate and Sales Headquarters Juniper Networks, Inc. 94 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or +.408.745.2000 Fax: +.408.745.200 www.juniper.net APAC and EMEA Headquarters Juniper Networks International B.V. Boeing Avenue 240 9 PZ Schiphol-Rijk Amsterdam, The Netherlands Phone: +3.0.207.25.700 Fax: +3.0.207.25.70 To purchase Juniper Networks solutions, please contact your Juniper Networks representative at +-866-298-6428 or authorized reseller. Copyright 203 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos and QFabric are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 000363-008-EN Dec 203 Printed on recycled paper 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback