Software Defined Secure Networks

Similar documents
Build a Software-Defined Network to Defend your Business

Software-Define Secure Networks The Future of Network Security for Digital Learning

Zero Trust Security with Software-Defined Secure Networks

Stop Threats Faster. Vaishali Ghiya & Dwann Hall Juniper Networks

Security Everywhere Within Juniper Networks Mobile Cloud Architecture. Mobile World Congress 2017

Remote Access VPN Helping enterprise businesses implement strong authentication for their remote workforce

Policy Enforcer. Product Description. Data Sheet. Product Overview

Juniper Sky Advanced Threat Prevention

Software-Defined Secure Networks in Action

JUNIPER SKY ADVANCED THREAT PREVENTION

Juniper Sky Advanced Threat Prevention

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

SECURING THE MULTICLOUD

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

CYBER ATTACKS DON T DISCRIMINATE. Michael Purcell, Systems Engineer Manager

Disaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture. White Paper

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Extending Enterprise Security to Multicloud and Public Cloud

Juniper SD-WAN Alexandre Cezar Consulting Systems Engineer, Security/Cloud

Digital Transformation

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Journey to Secure and Automated Multi-cloud

How Vectra Cognito enables the implementation of an adaptive security architecture

Overview of the Juniper Mobile Cloud Architecture Laying the Foundation for a Next-gen Secure Distributed Telco Cloud. Mobile World Congress 2017

Infoblox as Part of the Ecosystem

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Automated Threat Management - in Real Time. Vectra Networks

Software-Defined Secure Networks. Sergei Gotchev April 2016

Cisco Ransomware Defense The Ransomware Threat Is Real

Synchronized Security

Juniper Unite Cloud-Enabled Enterprise Reference Architecture

Overview of the Juniper Networks Mobile Cloud Architecture

Compare Security Analytics Solutions

Extending Enterprise Security to Public and Hybrid Clouds

METAFABRIC ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Cloud-Enable Your District s Network For Digital Learning

McAfee Advanced Threat Defense

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

Smart and Secured Infrastructure. Rajesh Kumar Technical Consultant

McAfee Virtual Network Security Platform

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Firefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2. Tuncay Seyran

JN0-210.juniper. Number: JN0-210 Passing Score: 800 Time Limit: 120 min.

Mitigating Branch Office Risks with SD-WAN

SYMANTEC DATA CENTER SECURITY

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Extending Enterprise Security to Public and Hybrid Clouds

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Building a Software-Defined Secure Network for Healthcare

Automated Control and Orchestration within the Juniper Networks Mobile Cloud Architecture. White Paper

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Technologies for the future of Network Insight and Automation

Security Everywhere within the Juniper Networks Mobile Cloud Architecture. White Paper

Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation

Simplifying the Branch Network

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

SECURE HYBRID CLOUD Solution

SRX als NGFW. Michel Tepper Consultant

FOUR WAYS TO IMPROVE ENDPOINT SECURITY: MOVING BEYOND TRADITIONAL APPROACHES

Cybersecurity Roadmap: Global Healthcare Security Architecture

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

ENTERPRISE SECURITY MANAGEMENT. Frederick Verduyckt 20 September 2012

Juniper Sky Enterprise

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Securing the Software-Defined Data Center

SDSN: Dynamic, Adaptive Multicloud Security

WHITE PAPER. Applying Software-Defined Security to the Branch Office

Network Automation and Branch Agility The Network Helps Enable Digital Business. Rajinder Singh Product Sales Specialist June 2016

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Seceon s Open Threat Management software

Cisco ISR G2 Management Overview

Agile Security Solutions

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

Security Vendor Line Card

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

SIEM Solutions from McAfee

Passit4Sure (50Q) Cisco Advanced Security Architecture for System Engineers

Best Practices in Securing a Multicloud World

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Traditional Security Solutions Have Reached Their Limit

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Cisco Secure Access Control

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

Stopping Advanced Persistent Threats In Cloud and DataCenters

A Unified Threat Defense: The Need for Security Convergence

Security Partner Activation Kit

Self-driving Datacenter: Analytics

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Lastline Breach Detection Platform

Versa Software-Defined Solutions for Service Providers

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

Transcription:

Software Defined Secure Networks Seguridad Avanzada en Campus Complejos José Fidel Tomás fidel.tomas@juniper.net

Security is in Transformation THREAT SOPHISTICATION Zero day attacks Advanced, persistent, targeted attacks Adaptive malware CLOUD Virtualization and SDN Applications, data, management in the cloud Application proliferation INFRASTRUCTURE Device proliferation and BYOD IoT based attacks Hybrid cloud deployments growing

Demanding Software Defined Secure Networks AV NGFW Deception IDS Sandbox IPS Analytics NAT Uncoordinated and firewall focused Orchestrated, holistic system encompassing security + infrastructure Global Policy Orchestration, Policy Engine Open and Unified Threat Detection Dynamic, Automated Enforcement

Software Defined Secure Networks (SDSN) Unified Security Platform Detection Leverage entire network and ecosystem for advanced threat intelligence and detection Policy User intent based policy model Consistent policy enforcement across multiple enforcement domains Robust visibility and management Enforcement Utilize any point of the network including firewalls, switches, routers, 3 rd party devices, SDN and public cloud platforms as a points of enforcement Network as a single enforcement domain - Every element is a policy enforcement point

SDSN Phase-1 Use Case: Threat Remediation of infected hosts DETECTION Sky ATP Known & Day-0 Malware analysis, Sandboxing, Infected Host identification, Command & Control, GeoIP POLICY Simplified Threat Remediation Policy (Block, Quarantine, Track) defined in Security Director Policy Enforcer ENFORCEMENT Juniper: SRX, vsrx, EX and QFX Key Features Security Fabric including Firewalls and Switches Infected Host Blocking Perimeter Firewall level for north south traffic EX/QFX switches to protect from lateral movement of threats Infected Host Tracking Track infected host movement in network, and Quarantine or block infected hosts even if IP address changes Customer Benefits Automates threat remediation workflows Real-time remediation of infected hosts Reduced time to remediate = Reduced exposure to attacks Leverage Network (EX/QFX) and Firewall (SRX/vSRX) to take remediation actions to address lateral movement of attacks inside the network in addition to limiting attacks from outside world

SDSN Phase-2 Threat Remediation Enhancements Use Case: 3 rd Party Switch and Wireless Support ENFORCEMENT Juniper: SRX, vsrx, QFX and EX (+Fusion Support) SKY ATP 3 rd Party Access Switch Radius messages Policy Enforcer Connector Framework 3 rd Party Connector 3 rd Party: Access Switches with Radius(AAA) configured Wireless: WLCs with Radius(AAA) configured Key Features Radius Server Customer Benefits Security Fabric to support 3 rd party switches and wireless Infected Host Blocking Juniper & 3 rd party switches to protect from lateral movement of threats Infected Host Tracking Track infected host movement in network, and Quarantine or block infected hosts even if IP address changes Automates threat remediation workflows Real-time remediation of infected hosts Reduced time to remediate = Reduced exposure to attacks Network vendor agnostic mechanism for threat remediation

SDSN Phase-3 SDSN is a huge differentiator for Juniper Complete Threat Remediation Use Case Additional NAC vendor support, and JSA Introduce User Intent Based Policy Model Simplicity of policy to support agile applications & users Support Private & Public Cloud With vsrx on VMware NSX, Contrail, AWS User Intent Policy Hybrid Cloud Support AWS Contrail Additional Threat Remediation JSA, Cisco ISE, Forescout Key Features Customer Benefits Flexible and extensible policy - Security Policy is tied to a business intent and not to a network topology Enhanced user experience and optimized network operation - Unified Security Policy across all Juniper Product Lines Ubiquitous and multi-vendor enablement work with 3 rd party devices and works on-premise as well in the Cloud

SDSN User Intent Policy Model Network Configuration User Intent Policy Firewall Rule Tables Access Control Lists Routing Tables & SDN Service Chains Access Control Threat Prevention Compliance Extensibility Automation IP MAC Proto Port Users Devices Sites Applications Meta Data Private Public AD CMDB vcenter Custom Islands of Management Device/Platform specific configurations Tough to automate, challenging compliance Comprehensive Security User Intent Based Policies Native automation and compliance support

SDSN Threat Management Manual Threat Workflows Threat Management Automation Feed Feed Incident Response Net-Sec Operations Endpoint Security Malware Found TKT TKT Multiple Teams Threat Detection à Enforcement Delays Vendor specific threat feeds Cohesive Threat Management System Automation across Network & Security Open API and 3 rd Party Threat Feed Collation

What is Sky Advanced Threat Prevention Juniper Cloud Customer Sky Advanced Threat Prevention Cloud Sandbox w/deception ATP 01101010 01110101 01101110 01101001 01110000 Customer SRX Static Analysis 1. SRX extracts potentially malicious objects and files and sends them to the cloud for analysis 2. Known malicious files are quickly identified and dropped before they can infect a host 3. Multiple techniques identify new malware, adding it to the Known Bad list and reporting it to SecOps 4. Correlation between newly identified malware and known C&C sites aids analysis 5. SRX blocks known malicious file downloads and outbound C&C traffic *SRX Platforms Supported: 340, 345, 550M, 1500, 4100, 4200, 5000, vsrx

Sky ATP Enhancements 2 Sky Advanced Threat Prevention Cloud 3 Threat Sharing Ecosystem Juniper Cloud Sandbox w/deception ATP Static Analysis Customer 01101010 01110101 01101110 01101001 01110000 Key Features EMAIL (SMTP, IMAP) 1 Customer Benefits Email support: SMTP, IMAP (Comprehensive email support) Threat Intelligence sharing: STIX/TAXII/Cybox, Yara API ecosystem: Infected Host APIs to integrate with third-party vendors along with custom feed API Email bound malware prevention ability allows customers to fence off one of the largest threat vector- 70% malware comes through email Rich API ecosystem that enables shared Threat Intelligence Pool to identify and prevent malware quickly and effectively

Sky ATP Efficacy v Defense in Depth Approach v Sandboxing v Deception techniques Cutting Edge Analysis Techniques Cloud Velocity v Rapid development and deployment of security components v Global data footprint v Accurate verdicts mean actionable intelligence v Trained on full breadth of our footprint Machine Learning Everywhere Shared Threat Intelligence v Open platform v RESTful APIs to share and consume threat information in real time

Recognition 2017 2016 Leader in Forrester Wave Automated Malware Analysis Report 2015 Hottest Security Startups of 2015 2 Advanced Threat Analytics 1 Advanced Threat Detection 3 One-Touch Threat Mitigation 2014 1 Detection: Discover threats that bypassed the 1st line of 2 Analytics: Improve productivity and accelerate SOC/IR 3 Mitigation: One-touch mitigation controlled by SOC/IR. defense. Signature-less detection technology continuously analyze web, email and lateral spread traffic. response. Events from multiple security tools correlated into an identity-based, timeline view of prioritized security incidents. Automated policy updates of security tools to isolate infected endpoints and strengthen in-line tools against future attacks.

Native Detection, Open Ingestion Means Powerful Analytics Perimeter Internet SmartCore ANALYTICS ENGINE SIEM Open architecture allows logs to be collected from multiple sources, including Cyphort collectors, then analyzed, correlated via SmartCore analytics engine

2 Advanced Threat Analytics Flexible Deployment Works with your existing SIEM Leverage your SIEM platform and data feeds in combination with SmartCore analytics to strengthen security posture and accelerate incident response SmartCore ANALYTICS ENGINE SIEM Works as a stand-alone SIEM Anti-SIEM threat detection and analytics engine delivers all the values of a traditional SIEM with less cost, noise, complexity, and wasted time.

One-Touch Mitigation for IR Teams Perimeter Mitigation & Enforcement Publish Blocking Data To Existing: FW, IPS and SWG API based or manual Internet SmartCore ANALYTICS ENGINE Infection Verification Verify infection on suspect endpoints before cleaning (Native, Carbon-Black, Tanium, Crowdstrike)

3 Quilt - Technology Security Vendor Ecosystem Endpoint Firewall/SWG SIEM CASB NAC/Identity Other

SECURITY SERVICES

Security Services: Physical and Virtual SRX Next Generation Firewall Services Application Control Intrusion Prevention User-based firewall Unified Threat Management Anti-Malware Web/Content Filtering Anti-spam Junos SRX Foundation Security Intelligence Command & control GeoIP feeds Custom feeds Firewall VPN NAT Routing Management Reporting Analytics SKY ATP Anti Malware SRX Integrated Deception Techniques Automation Juniper Security Analytics & Integrated Logging and reporting

SRX Unified Threat Management (UTM) Antivirus Antispam Web Filtering Content Filtering Sophos Live Protection against Trojans, Viruses, Phishing Attacks Reputationenhanced capabilities Multilayered spam protection from security experts Protection against APTs Block malicious URLs Prevent lost productivity Websense TSC with more than 140 categories Filter out extraneous or malicious content Maintain bandwidth for essential traffic Subscription Based Software Services for a Turnkey Fully Integrated Offering

Next Generation Firewall Services App Tracking Understanding security risks Address new user behavior Ingress Heuristics for evasive and tunneled apps More application signatures Open signature language App Firewall App QoS App Routing SSL Proxy Block access to risky apps Allow user tailored policies Prioritize important apps Rate-limit less important apps Define packet forwarding for Apps Create custom app environment SSL packet inspection Egress IPS Prevent application borne security threats

SD-WAN MPLS Network Service Activator SD-WAN Controller Orchestrator HQ SD-WAN Highlights Must support multiple WAN connections MPLS, Internet, LTE etc. Can do dynamic path selection Allows for Application based load sharing across WAN links Branch Internet Data Center Provides simplified WAN management Support zero-touch provisioning & unified security & routing policy Must support secure VPNs Support flexible VPN deployments options with Auto VPN, Group VPN Key Features Integrated LTE MPIM Application based routing phase-ii Phone call home client on SRX3xx / SRX1500 Application QOE Ephemeral commit (policy changes without formal commit) Customer Benefits Enable customers to reduce WAN spending by incorporating costeffective broadband and LTE links into the WAN Dynamic WAN path selection and load-balancing WAN traffic across multiple links based on the application, user and its performance Significant reduction in operation cost by provisioning remote branch office without truck rolls and on-site expertise

Security Director Dashboard Firewall Policy Threat Map Events and Logs Application Visibility Automate Operations Auto Rule Placement Reduce Effort By 20x Reduce User Error Improve Response Time

Fault Remediati on Junos Automation Tools Unrivaled Flexibility Workflow Automation NETCONF/gRPC Automate d SW Upgrades Data Models (in YANG) AUTOMATION Automated SW Testing Use cases Junos CLI (show, set, request etc.) Config Mgmt. MGD Infra Config DB (IETF, OC, Custom, Junos) (edb, sdb) Service Provision ing Network Deploym ent & more Junos Automation Tools (PyEZ, RubyEZ) Data Encoding PROGRAMM- ABILITY of control plane Applications Any user specific language apps Juniper/ Partner Developed Custom Apps JET APIs Control Plane grpc TELEMETRY Collectors grpc Sensors.... Automation is a huge differentiator for Juniper Infra built with Automation over 20 years No other vendor has such a long history with automation We have a Rich stack & continuously investing in enriching our portfolio Manual tasks are automated using infra in green showing capabilities exposed on Junos devices like data models/yang. We support many flavors, more agile so user can use any language. Config DB: Ephemeral DB provides faster commit times Data encoding formats to modify script outputs directly to JSON or XML (no conversion needed) Usecases can be done via CLI or workflow automation tools or via networking specific tools like RubyEZ, PyEZ-juniper developed on github. Programmability of control plane South/north bound APIs for many functinos like Firewall, routing, interface, manageability, Class Of Service. Junos extensibility toolkit JET is the brand for ongoing work on APIs. grpic is transport porotocl Write a custom app in any language Juniper also builds User writes code against APIs Telemetry Control + data plane on junos device support telemetry Collector is application sitting on mgmt. server running ansible or anything doing mgmt. activities.. Specify in application sources of telemetry/junos devices. Enable telemetry on junos, add target IP address of collector & server to listen to sensors on control+data plane on junos device. Feature enabled via CLI, controller, Ansible or anything user uses. Transport is grpc and junos devices push data to server in specified encoding. High resolution Insights & Fine Grained capabilities & integrates with any type or number of open source tools & databases

Software Defined Secure Networks (SDSN) Unified Security Platform Detection Leverage entire network and ecosystem for advanced threat intelligence and detection Policy User intent based policy model Consistent policy enforcement across multiple enforcement domains Robust visibility and management Enforcement Utilize any point of the network including firewalls, switches, routers, 3 rd party devices, SDN and public cloud platforms as a points of enforcement Network as a single enforcement domain - Every element is a policy enforcement point

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback