Stop Threats Faster Vaishali Ghiya & Dwann Hall Juniper Networks
This statement of direction sets forth Juniper Networks current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted in this presentation. This presentation contains proprietary roadmap information and should not be discussed or shared without a signed non-disclosure agreement (NDA).
Software Defined Secure Networks Vaishali Ghiya Sr. Director, Security Sales vghiya@juniper.net
Data is the new Gold AS VALUE INCREASES SO DOES CYBERCRIME 80 % of black-hat hackers are affiliated with organized crime In 2016 1 IN131 emails contained malware, the highest rate in five years Cybercrime will become a $2.1 TRILLION business By 2019 1.1B identities were exposed in 2017 357M New unique pieces of malware in 2016 360K Ransomware attacks in 2016 Source: Symantec Internet Security Threat Report 2017, Verizon 2016 Data Breach Investigations Report
Today s Threats Are More Complex Than Ever Realize threats are everywhere. They are already inside. They walked in your front door Recognize perimeter security isn t enough. Malware walks in with the employee Detection and Enforcement should be enabled anywhere Acknowledge security is everyone s problem horizontal and vertical 5
Software Defined Secure Networks: Network As A Firewall Detection (Machine Learning) Sky Advanced Threat Prevention Cloud 1 2 DETECTION Sandbox w/deception ATP Static Analysis Centralized policy push POLICY Security Director + Policy Enforcer Policy Enforcement, Visibility, Automation DETECTION ENFORCEMENT SRX vsrx Physical Firewall Virtual Firewall Network as Third Party Elements* EX & QFX MX a Firewall Switches Routers* Multi-cloud 4 3 Enforcement
SDSN Threat Remediation Use Case Manual Threat Workflows Automated Threat Remediation Incident Response Net-Sec Operations Endpoint Security Feed Feed TKT Malware Found TKT Multiple Teams Threat Detection Enforcement Delays Vendor specific threat feeds Cohesive Threat Management System Automation across Network & Security Open API and 3 rd Party Threat Feed Collation
SDSN Simplified Scenario: Traveling Employee Arrivals Departures www.pdf.com!
SDSN Simplified Scenario: Sunnyvale HQ L2 VLAN!
SDSN Simplified Scenario: Sunnyvale HQ Sky Advanced Threat Prevention Cloud Sandbox w/deception Infected Laptop Address ATP MAC: 3A-34-52-C4-69-b4 IP: 172.16.254.3 Static Analysis Command & Control Server L2 VLAN 01010101010101010 01110101 01101110 01101001 01110000 Customer SRX
SDSN Simplified Scenario: Sunnyvale Campus DETECTION Sky Advanced Threat Prevention Cloud Sandbox w/deception ATP Static Analysis Third Party Threat Intel POLICY Security POLICYDirector + Policy Enforcer Policy Enforcement, Visibility, Automation Command & Control Server L2 VLAN DETECTION ENFORCEMENT SRX EX & QFX Switches Physical Firewall MX Routers* vsrx Virtual Firewall Third Party Elements* Quarantined
SDSN Simplified Scenario: San Francisco Campus DETECTION Sky Advanced Threat Prevention Cloud Sandbox w/deception ATP Static Analysis Third Party Threat Intel L2 VLAN POLICY Security Director + Policy Enforcer Policy Enforcement, Visibility, Automation Command & Control Server Infected Laptop Address MAC: 3A-34-52-C4-69-b4 NEW IP: 174.12.254.3 DETECTION ENFORCEMENT SRX Physical Firewall vsrx Virtual Firewall Quarantined EX & QFX Switches MX Routers* Third Party Elements*
SDSN Simplified: Network As a Firewall Detection (Machine Learning) Sky Advanced Threat Prevention Cloud 1 2 DETECTION Sandbox w/deception ATP Static Analysis Centralized policy push POLICY Security Director + Policy Enforcer Policy Enforcement, Visibility, Automation DETECTION ENFORCEMENT SRX vsrx Physical Firewall Virtual Firewall Network as Third Party Elements* EX & QFX MX a Firewall Switches Routers* Multi-cloud 4 3 Enforcement
SRX Product Line Evolution New hardware platforms & software innovations LOW END Small Data Center MIDRANGE SRX4200 Mid-sized Data Center SRX5400 Large Data Center SRX5600 5U, 480 Gb/s Very Large Data Center /SP SRX4600 SRX4800 8U, 960Gb/s HIGH END SRX5800 00 16U, 2Tbps 3U, 320 Gb/s 1U, 80 Gb/s 1U, 40 Gb/s Branch Refresh SRX300/320/ 340/345 SRX550 Compact Campus SRX1500 1U, 5 Gb/s SRX4100 1U, 20 Gb/s vsrx Virtual SRX 4 Gb/s (2 vcpu) 20 Gb/s (upto 10 vcpu) BRANCH & SECURE ROUTER SMALL CAMPUS ENTERPRISE EDGE/SMALL DATA CENTER NDA: Juniper Networks Company Confidential DATA CENTER All performance estimates are IMIX
SRX 4100 & SRX 4200 High Performance Midrange Platform Small RU footprint 1U, 2 SKUs with 20G and 40G Throughput Low power consumption 8 ports of 10G Platform Based on off-the-shelf hardware components X86 CPU for advanced security services Performance Targets Significant improvement in price/performance Excellent FW/NAT IMIX performance for Midrange Firewall (20Gbps to 40Gbps) Excellent NGFW performance (5 Gbps to 10 Gbps) Dramatically improved throughput, session & connections per second scale Juniper Confidential Subject to Change
Security Director: Application Visibility 1 2 4 3 5 1. Interactive/Graphical Summary of Applications. 2. Data from different angles. 3. Who is using what 4. Perform correcting and troubleshooting actions - identify, allow, block or limit usage 5. Toggle to launch to details Grid view
Security Director: Threat Map 2 4 1 3 1. Map shows threat count by region 2. Easy to filter according to threat type, severity, and source/destination 3. Table has ability to filter map results and view related events - Table shows details of threat events according to filters 4. Ability to zoom into a region for filtered threat view details
Sky Advanced Threat Prevention Solution Overview Juniper Cloud Customer Sky Advanced Threat Prevention Cloud Sandbox w/deception ATP 01101010 01110101 01101110 01101001 01110000 Customer SRX Static Analysis 1. SRX extracts potentially malicious objects and files 2. SRX sends potentially malicious content to Advanced Threat Prevention cloud 3. Advanced Threat Prevention cloud performs static and dynamic analysis 4. Advanced Threat Prevention cloud provides malware results and C&C server data to the SRX 5. SRX blocks known malicious file downloads and outbound C&C traffic
Sky Advanced Threat Prevention Cloud Machine Learning Verdicts determined at every level Potentially malicious files Cache Inline Blocking Multiple Anti-Virus Static Analysis Cloud Infrastructure Behavioral Analysis Sandbox Deception Additive verdict determination ensures accuracy Over 50 deception techniques employed to trick malware into exposing itself
Juniper Advanced Threat Detection Lateral Spread Perimeter Malicious Email Internet SMART ANALYTICS Malicious Web Lateral threat migration indicates progression through cyber kill chain. Collectors capture that traffic too.
Hybrid Cloud: vsrx in Transit VPC for AWS vsrx differentiators VPC 1 VPC 2 VPC N High performance Integrated routing and security Higher scale of VPC support Transit VPC Transit VPC AZ 1 vsrx AZ 2 VPN over Direct Connect vsrx Internet Backup VPN Inter-VPC connectivity over VPN Security group securing VPC workloads Inter-VPC security (IDS/IPS, NextGen Firewall) on vsrx Redundancy through dynamic routing - BGP Fully automated VPN connections to new VPCs with zero touch
Juniper Security Services Overview Next Generation Firewall Services Unified Threat Management (Known Threats) Threat Intelligence Platform Cloud Based Advanced Anti-Malware (Zero Day) Application Control & Visibility Anti-virus Botnets/C&C Sandboxing Intrusion Prevention Web/Content Filtering GEO-IP Evasive Malware User-based Firewall Anti-spam Custom Feeds, APT Rich Reporting, Analytics SRX Foundation Services Firewall NAT VPN Routing Management Reporting Analytics Automation
Advanced Policy Based Routing (AppRoute/APBR) Corporate HQ Enterprise App Server MPLS Applications N Branch Internet
Juniper Automation and Orchestration Solution SDN NorthStar Contrail MH API BASED THIRD PARTY JUNOS Space JUNOS SDK Network Director Security Director Puppet Chef Ansible OFF-BOX NETCONF Juniper Openstack Plug-in Juniper Cloudstack Plug-in OpenClos ON-BOX PY-EZ Ruby-EZ SLAX ZTP OPEN PLATFORM One JUNOS Software JUNOS SDK
26 Live Demo
Software Defined Secure Network Demo Aruba Enforcement on Cisco Switch Dwann A. Hall Sr. Security Solutions Specialist
Solution Components Product Junos Space 17.1R2 Description Network Management Platform Security Director 17.1R2 PE UI and SRX policy deployment Policy Enforcer 17.1R2 (PE) SRX with Sky ATP Aruba Clear Pass / Cisco ISE User intent policy for threat management, deployment with Juniper Switches as well as integration with Aruba Clear Pass and Cisco ISE for 3 rd party Switch enforcement Sky ATP for threat detection and feeds v/srx for malware file scanning and policy enforcement Integration w/ Network Access Control (Radius/802.1x) Juniper and (or) 3 rd party Switches Infected host tracking and enforcement (block/quarantine)
EX/QF X SDSN in a Third-Party Switched Network 2 SRX Cisco S/W 1 7 SKY ATP 6 EX/Cisco 3 Radius Access Server Juniper 3 rd Party Wireless 5 Policy Enforcer Policy Controller Connector Framework Connector API 3 rd Party SW Connector 4 Feed Collector Cloud Feed Server Remote Feed Server 1. End user authenticates to network via 802.1x or mac authentication 2. Sky detects End Point getting the infected 3. Policy Enforcer downloads the Infected Host Feed. 4. PE enforces the Infected Host policy with the 3 rd Party SW Connector calling the generic API 5. 3 rd Party Connector queries AAA Server for Endpoint details for Infected Host IP initiates CoA for the Infected Host mac. 6. CoA action could be block or quarantine vlan. 7. Enforcement happens on the NAC device End Point authenticated on. 8. Policy enforcer Communicated the end host details back to sky
Demo SDSN Enforcement via Aruba Clear Pass User vlan 10 Quarantine vlan 99
DEMO
Juniper SDSN Network as a Firewall Key Take Aways Deploy alongside your existing firewalls No changes required to existing firewalls Automates the threat remediation in a significantly reduced time Block or quarantine any infected host from connecting to the network Stop threats faster - minimize horizontal spread of malware Significantly reduce business impact