Extending Enterprise Security to Public and Hybrid Clouds

Similar documents
Extending Enterprise Security to Public and Hybrid Clouds

SDSN: Dynamic, Adaptive Multicloud Security

Software-Defined Secure Networks in Action

Juniper Sky Advanced Threat Prevention

JUNIPER SKY ADVANCED THREAT PREVENTION

Juniper Sky Enterprise

Juniper Solutions for Turnkey, Managed Cloud Services

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Policy Enforcer. Product Description. Data Sheet. Product Overview

Juniper Networks and Aerohive Networks: Cloud-Enabled Solutions for the Enterprise

JUNIPER NETWORKS PRODUCT BULLETIN

JUNIPER NETWORKS AND AEROHIVE NETWORKS: CLOUD- ENABLED SOLUTIONS FOR THE ENTERPRISE

Juniper Unite Cloud-Enabled Enterprise Reference Architecture

Contrail Networking: Evolve your cloud with Containers

SECURE HYBRID CLOUD Solution

Service Automation Made Easy

Transit VPC Deployment Using AWS CloudFormation Templates. White Paper

Extending Enterprise Security to Multicloud and Public Cloud

Building a Software-Defined Secure Network for Healthcare

Juniper Care Plus Advanced Services Credits

Cloud-Enable the Enterprise with Junos Fusion

Topology-Independent In-Service Software Upgrades on the QFX5100

by Cisco Intercloud Fabric and the Cisco

WHITE PAPER. Applying Software-Defined Security to the Branch Office

Mitigating Branch Office Risks with SD-WAN

Cluster Upgrade. SRX Series Services Gateways for the Branch Upgrade Junos OS with Minimal Traffic Disruption and a Single Command APPLICATION NOTE

Juniper Sky Advanced Threat Prevention

Move, manage, and run SAP applications in the cloud. SAP-Certified Infrastructure from IBM Cloud

White Paper. Juniper Networks Cloud Security

Instant evolution in the age of digitization. Turn technology into your competitive advantage

Cisco Start. IT solutions designed to propel your business

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Veritas Backup Exec. Powerful, flexible and reliable data protection designed for cloud-ready organizations. Key Features and Benefits OVERVIEW

Optimizing CloudEnabled Branch with. Juniper Services and Support. Protect and Ensure the Operational Success of Your Juniper Cloud-Enabled Branch

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Open Cloud Interconnect: Use Cases for the QFX10000 Coherent DWDM Line Card

SYMANTEC DATA CENTER SECURITY

REALIZE YOUR. DIGITAL VISION with Digital Private Cloud from Atos and VMware

Juniper Networks Live-Live Technology

Benefits of SD-WAN to the Distributed Enterprise

Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY

One Release. One Architecture. One OS. High-Performance Networking for the Enterprise with JUNOS Software

Simplify Hybrid Cloud

SECURING THE MULTICLOUD

Security for the Cloud Era

JUNIPER OPTIMUM CARE SERVICE

Total Threat Protection. Whitepaper

Securing Your Amazon Web Services Virtual Networks

SOLUTION BROCHURE. Mobility Changes Everything

McAfee Public Cloud Server Security Suite

Juniper Care Plus Services

MODERNIZE INFRASTRUCTURE

AWS Reference Design Document

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Deploying Data Center Switching Solutions

ING DIRECT turns ideas into revenue faster with Cisco UCS.

Deploying Cisco SD-WAN on AWS

Reaping the Full Benefits of a Hybrid Network

Cisco Cloud Application Centric Infrastructure

10 QUESTIONS, 10 ANSWERS. Get to know VMware Cloud on AWS The Best-in-Class Hybrid Cloud Service

Cisco CloudCenter Use Case Summary

Easily Managing Hybrid IT with Transformation Technology

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

Cisco SAN Analytics and SAN Telemetry Streaming

Cisco Collaborative Knowledge

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

Software-Defined Secure Networks. Sergei Gotchev April 2016

Managed Endpoint Defense

The threat landscape is constantly

WX CENTRAL MANAGEMENT SYSTEM

OUR SECURITY DELIVERED YOUR WAY

Hitachi Enterprise Cloud Container Platform

Securing Your Microsoft Azure Virtual Networks

FIREFLY HOST. Product Description. Product Overview DATASHEET

Why Converged Infrastructure?

Juniper Networks Champion Program

A10 HARMONY CONTROLLER

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Intermedia s Private Cloud Exchange

Best Practices in Securing a Multicloud World

THE ESSENTIAL GUIDE: SELECTING A CLOUD COMMUNICATIONS PROVIDER

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Enabling Network Automation with Junos OS

Benefits of Extending your Datacenters with Amazon Web Services

Disaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture. White Paper

A CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management

ENTERPRISE SECURITY MANAGEMENT. Frederick Verduyckt 20 September 2012

PROTECT WORKLOADS IN THE HYBRID CLOUD

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cloud Computing: Making the Right Choice for Your Organization

Simplifying WAN Architecture

NFV and SDN what does it mean to enterprises?

BUILDING A NEXT-GENERATION FIREWALL

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud

Dell EMC Hyper-Converged Infrastructure

Citrix SD-WAN for Optimal Office 365 Connectivity and Performance

ebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS

Transcription:

Extending Enterprise Security to Public and Hybrid Clouds Juniper Security for an Ever-Evolving Market Challenge Enterprises are migrating toward public or hybrid clouds much faster than expected, creating an immediate need to extend the level of security found in traditional networks to the new cloud landscape. Solution With a broad portfolio of physical and virtual firewalls, centralized single-paneof-glass management, and threat intelligence, Juniper helps enterprises seamlessly secure physical data centers, private clouds, and public clouds by extending simple yet comprehensive protection to the ever-evolving market. Benefits Significant CapEx and OpEx savings through investment protection, lower TCO, and lower learning costs Simple, intuitive management for enforcing and monitoring security across public and hybrid clouds Extension of security policies and technologies used in physical data centers to public and hybrid clouds Reduction in the number of proprietary, feature-limited public cloud elements to deploy and manage The migration to public cloud is accelerating rapidly. In fact, Gartner predicts that the global market for public cloud is expected to reach $204 billion in 2016. This rapid adoption is primarily attributable to the public cloud s ability to deploy across geographies, its flexibility and scalability, its pay-per-use model and lower upfront costs, and its simplicity. However, enterprises with heavy investments in private data centers and concerns about the feasibility of public clouds tend to favor a hybrid approach, leveraging a combination of public clouds and existing physical data centers and private clouds. Regardless of the approach, the move to the cloud creates real concerns about security that need to be addressed to ensure a successful migration. The Challenge No new technology is without its pitfalls, and the cloud is no exception. When data no longer resides behind an on-premises firewall, as is the case with public and hybrid clouds, it introduces a paradigm shift in security that must be addressed. For instance, (AWS), the most popular public cloud platform with 57% market share, employs a simple IP-level or port-level restriction security approach at each instance level. This is a far cry from the granular control and advanced security features that IT and security administrators are used to on their physical deployments. Public Cloud Security Challenges The popularity of public clouds is driven, in large part, by the dynamics and realities of the startup world. In 2016, the economics of deploying a physical data center with a dedicated IT admin no longer makes economic sense for most startups and small enterprises. Instead, they typically go with one of the more popular cloud platforms, deploy their infrastructure, and hire a DevOps resource in place of a traditional IT/security administrator. While DevOps resources offer a mix of development and operational experience, they typically lack the deep security knowledge of traditional security administrators. They are expected to possess good scripting skills and are usually tasked with additional responsibilities such as software build management. Since network security is only a small part of their job description, DevOps individuals need a simple security solution that they can easily configure, monitor, and upgrade. With the rise of infrastructure automation platforms such as Chef and Puppet, programmability is top of mind with every DevOps person and a serious requirement for any security platform. Hybrid Cloud Security Challenges Enterprises that want to move to the cloud but have heavy investments in physical data centers prefer the hybrid cloud model, which allows them to leverage the flexibility and economics of public cloud. Also, some enterprises are legally required to hold certain data on premise. A hybrid approach allows extremely sensitive data to be stored in private data centers while offloading the rest to the cloud. 1

Migrating to a hybrid cloud is not without its own set of challenges. New security policies must be set up for the public cloud deployment, adding management overhead and risking discrepancies between the physical data center and the cloud. Additionally, hiring cloud professionals or training existing IT personnel for cloud security adds to operational expenses and takes time. The Juniper Networks Public and Hybrid Cloud Security Solution Juniper Networks offers a broad portfolio of solutions that work together to solve the cloud security issue. The major elements of this solution are: Juniper Networks SRX Series Services Gateways and Juniper Networks virtual firewall with integrated unified threat management (), which deliver: Core firewall functionality with IPsec and featurerich networking services such as NAT and routing Intrusion Prevention System () 2.0 to detect and block network intrusions User-based firewalls to analyze, log, and enforce access control based on user roles and groups Application control and visibility with integrated Juniper Networks App 2.0 to provide application-level analysis, prioritization, and blocking to safely enable applications Juniper threat defense, security intelligence in the cloud composed of Spotlight threat intelligence and Juniper Networks Sky Advanced Threat Prevention. Spotlight threat intelligence aggregates threat feeds from multiple sources to deliver open, consolidated, actionable intelligence to SRX Series firewalls. Spotlight provides an open platform for threat detection and advanced malware protection by learning attack patterns through multiple intelligence sources and sharing that knowledge with SRX Series and virtual firewalls for instant defense. Sky Advanced Threat Prevention is a cloud-based advanced anti-malware service with dynamic analysis (sandboxing) to protect against sophisticated malware. Integrated with SRX Series and virtual firewalls, Sky Advanced Threat Prevention provides a built-in machine learning to improve verdict accuracy. Juniper Networks Junos Space Security Director provides centralized, single-pane-of-glass management to deploy, monitor, and configure security features and polices across all SRX Series and virtual firewalls in the network. Security Director includes a customizable dashboard with detailed drill-downs, threat maps, and event logs, providing unprecedented visibility into firewall performance. It is also available as a mobile app for Google s Android and Apple s ios systems to enable remote mobile monitoring. Antivirus, antispam, and Web and content filtering with to protect against viruses, spam, and malicious URLs and content Support for Linux KVM, VMware, and AWS platforms () User Firewall Juniper Threat Defense VPC Gateway Intrusion Prevention Unified Threat Management Spotlight Gateway Sky ATP App VPC Storage Advance Threat Prevention Intrusion Prevention Termination Storage Battle-Tested Junos OS Figure 1: Simple deployment on AWS with one VPC 2

Juniper s Solution for Securing and Simplifying Deployment in the Public Cloud (AWS) Let s take a look at a simple AWS deployment comprising one virtual private cloud (VPC) with an gateway and several instances to explore how the Juniper solutions deliver comprehensive security for the cloud. In a simple cloud deployment, a Juniper Networks virtual firewall can be easily incorporated between the gateway and the VPC, facilitating comprehensive security and services. In a more complex AWS deployment, a reduces the need for dedicated hardware components, consolidating them for easier management. Take, for example, an enterprise with multiple departments and hundreds of employees logging in to access infrastructure resources via a dedicated. Some of the departments need to share resources while others don t. In AWS, intercommunication between VPCs requires a dedicated peering module. By default, all IP addresses within a VPC are in the private space (10.X.X.X). Internal resources wanting to access the public require a dedicated NAT module for each VPC. In contrast, a on AWS can handle the task of termination, NAT, and intercommunication between VPCs with multisite (which is currently missing in AWS), dramatically simplifying the topology and reducing the number of elements to manage while enabling secure and granular control between VPCs (see Figure 2). Eliminate the dedicated NAT Peering VPC VPC VPC 10.101.0.0/16 10.102.0.0/16 Engineering Production Sales VPC Peering Gateway Gateway Connection AWS Cloud Gateway Connection Connection Eliminate the dedicated gateway Eliminate the VPC peering module Add comprehensive security Intelligence at ingress, egress and between VPCs Manage all security from a single console (unified) Gateway VPC VPC VPC 10.101.0.0/16 10.102.0.0/16 Engineering Production Sales Gateway Gateway Gateway Connection Connection Connection Engineering Team Partner Team Sales Team Automation Engineering Team Partner Team Sales Team Figure 2: Comprehensive AWS deployment with multiple VPCs Use Case 1: Enterprise Expansion Adding new branch offices to a different geography A new e-commerce enterprise with a physical data center in San Francisco wants to expand its global presence and decides to open offices globally. Requirements: The company plans to add three new data centers one each in Europe, APAC, and South America. Employees must be able to access the company s internal resources from their region. Customers need to be redirected to their respective regions. Essential services such as mail, active directory, and file servers are replicated in all data centers, with data being synchronized in real time. Use Case 2: Workload Distribution Distributing workloads across geographical locations A new video-streaming enterprise anticipates more viewers in the U.S. east coast between 7 and 10 p.m. during November and December. Deploying a new physical data center or provisioning a virtual data center in a private cloud can be expensive to facilitate such intermittent usage. Requirements A high-quality user experience in a cost-efficient manner without compromising customer privacy is critical. Content and customer data need to be replicated. The data center must be able to scale higher or lower based on demand. Loss of service due to any failures is unacceptable. Leaking copyrighted content or customer details is unacceptable. 3

Expanding Juniper Solution to the Hybrid Cloud: Real-World Use Cases The following section looks at the challenges and security requirements of two real-world use cases Enterprise Expansion and Workload Distribution and shows how Juniper solutions can address both the scenarios. Simple and Juniper Solutions for Enterprise Expansion and Workload Distribution The following Juniper security solutions can be deployed to provide the necessary security for the enterprise expansion and workload distribution use cases. A virtual firewall is installed between the VPC and gateway of each AWS deployment to secure the instances and applications in the VPC. An SRX Series device/ virtual firewall connects to the advanced threat defense system in the cloud and receives the latest threat information to help detect sophisticated malware. The is also used for IPsec termination, multisite, and NAT gateway functionality to facilitate and complement the AWS deployment. The gateways in the remote data center branches connect to the SRX Series firewalls in the head office via IPsec for secure data transportation. Junos Space Security Director centrally manages all security policies across the infrastructure. The virtual firewalls deployed in remote data centers register with Security Director, whether installed at headquarters or in the cloud. Once security policies are pushed to the remote devices, application data is synchronized across all data centers. New security policies are centrally added or updated from Security Director and deployed across all data centers. Key Benefits Delivered by Juniper Security Solutions Juniper security solutions deliver the following benefits in a public or hybrid cloud environment. 1. A single point of intelligent security The virtual firewall serves as a single point of enforcement. By leveraging security feeds from advance threat intelligence platforms in the cloud, such as Sky Advanced Threat Prevention, the can detect known and unknown threats while enforcing application security, intrusion prevention, and unified threat management. 2. Centralized, simple, and intuitive management Junos Space Security Director provides intuitive and centralized management for monitoring security across entire network. The simple user interface means even new users can quickly become proficient. The mobile Security Director app, available for ios and Android platforms, is accessible to security admins or CIOs who want to monitor security updates in their network remotely. Central Management Security Director Policy, App Visibility, Threat Map, Events Remote Data Center in AWS AWS Enterprise Data Center Data Center SRX Series Remote Data Center in AWS AWS Juniper Threat Defense Spotlight Sky ATP Figure 3: Juniper security solutions deployed in a hybrid cloud for the enterprise expansion and workload distribution use cases 4

3. Programmability With a wide range of programmatic APIs supported in Juniper Networks Junos operating system, DevOps resources can easily automate deployment and management activities through simple scripts, streamlining the entire workflow. 4. Lower costs and shorter learning curves The ability to extend the familiar and well-known security policies used in the physical data center to private and public clouds is a critical benefit, allowing enterprises to leverage existing IT admins to manage cloud infrastructure. There is no need to hire new cloud experts. Next Steps For more information on Juniper Networks security solutions, please visit us at www.juniper.net/us/en/products-services/ security and contact your Juniper Networks representative. About Juniper Networks Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. Our team co-innovates with customers and partners to deliver automated, scalable and secure networks with agility, performance and value. Additional information can be found at Juniper Networks or connect with Juniper on Twitter and Facebook. Summary Juniper Networks security solutions seamlessly extend across public and hybrid clouds without compromising flexibility and manageability. With highly evolved security intelligence and new simple, centralized management and automation tools, Juniper makes it easy to monitor and enforce security across existing and new data centers. Corporate and Sales Headquarters Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or +1.408.745.2000 Fax: +1.408.745.2100 www.juniper.net APAC and EMEA Headquarters Juniper Networks International B.V. Boeing Avenue 240 1119 PZ Schiphol-Rijk Amsterdam, The Netherlands Phone: +31.0.207.125.700 Fax: +31.0.207.125.701 EXPLORE JUNIPER Get the App. Copyright 2016 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos and QFabric are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 3510567-002-EN Sept 2016

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback