Building a Software-Defined Secure Network for Healthcare

Similar documents
Juniper Sky Advanced Threat Prevention

JUNIPER SKY ADVANCED THREAT PREVENTION

Extending Enterprise Security to Public and Hybrid Clouds

Software-Defined Secure Networks in Action

Extending Enterprise Security to Public and Hybrid Clouds

Juniper Sky Enterprise

Juniper Sky Advanced Threat Prevention

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Service Automation Made Easy

SDSN: Dynamic, Adaptive Multicloud Security

Policy Enforcer. Product Description. Data Sheet. Product Overview

Software-Defined Secure Networks. Sergei Gotchev April 2016

JUNIPER NETWORKS AND AEROHIVE NETWORKS: CLOUD- ENABLED SOLUTIONS FOR THE ENTERPRISE

Juniper Solutions for Turnkey, Managed Cloud Services

Build a Software-Defined Network to Defend your Business

Juniper Unite Cloud-Enabled Enterprise Reference Architecture

Juniper Networks and Aerohive Networks: Cloud-Enabled Solutions for the Enterprise

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Software-Define Secure Networks The Future of Network Security for Digital Learning

Open Cloud Interconnect: Use Cases for the QFX10000 Coherent DWDM Line Card

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

Contrail Networking: Evolve your cloud with Containers

PROTECTING YOUR NETWORK FROM THE INSIDE-OUT

Instant evolution in the age of digitization. Turn technology into your competitive advantage

WHITE PAPER. Applying Software-Defined Security to the Branch Office

Overview of the Juniper Networks Mobile Cloud Architecture

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

THE ACCENTURE CYBER DEFENSE SOLUTION

Security Everywhere Within Juniper Networks Mobile Cloud Architecture. Mobile World Congress 2017

Transit VPC Deployment Using AWS CloudFormation Templates. White Paper

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

5 STEPS TO BUILDING ADVANCED SECURITY IN SOFTWARE- DEFINED DATA CENTERS

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

JUNIPER NETWORKS PRODUCT BULLETIN

WHITE PAPER. Protecting Financial Services Networks From the Inside-Out. Internal Segmentation Firewall (ISFW)

SECURING THE MULTICLOUD

Disaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture. White Paper

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

AKAMAI CLOUD SECURITY SOLUTIONS

SRX als NGFW. Michel Tepper Consultant

White Paper. Juniper Networks Cloud Security

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Cloud-Enable the Enterprise with Junos Fusion

ForeScout ControlFabric TM Architecture

Delivering the Wireless Software-Defined Branch

The threat landscape is constantly

Mitigating Branch Office Risks with SD-WAN

Cisco Start. IT solutions designed to propel your business

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Deploying Data Center Switching Solutions

SIEM Solutions from McAfee

How SD-WAN will Transform the Network. And lead to innovative, profitable business outcomes

Juniper Networks M Series and J Series Routers

Cluster Upgrade. SRX Series Services Gateways for the Branch Upgrade Junos OS with Minimal Traffic Disruption and a Single Command APPLICATION NOTE

Overview of the Juniper Mobile Cloud Architecture Laying the Foundation for a Next-gen Secure Distributed Telco Cloud. Mobile World Congress 2017

Rethinking Security: The Need For A Security Delivery Platform

Zero Trust Security with Software-Defined Secure Networks

Trend Micro Deep Discovery for Education. Identify and mitigate APTs and other security issues before they corrupt databases or steal sensitive data

Features. HDX WAN optimization. QoS

Distributed Data Centers within the Juniper Networks Mobile Cloud Architecture. White Paper

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

Beyond Firewalls: The Future Of Network Security

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Cisco Connected Factory Accelerator Bundles

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS NETWORK SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Verizon Software Defined Perimeter (SDP).

Medigate and Palo Alto Networks Integration

Accelerate Your Enterprise Private Cloud Initiative

VMware vcloud Networking and Security Overview

Security Everywhere within the Juniper Networks Mobile Cloud Architecture. White Paper

Network Configuration Example

A Unified Threat Defense: The Need for Security Convergence

PROTECT WORKLOADS IN THE HYBRID CLOUD

Modernizing Healthcare IT for the Data-driven Cognitive Era Storage and Software-Defined Infrastructure

Build application-centric data centers to meet modern business user needs

Securing Your Most Sensitive Data

QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

with Advanced Protection

VM-SERIES FOR VMWARE VM VM

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Networking for a dynamic infrastructure: getting it right.

Securing the Software-Defined Data Center

Total Threat Protection. Whitepaper

Cloud-Enable Your District s Network For Digital Learning

Juniper Care Plus Advanced Services Credits

Pulse Secure Application Delivery

SYMANTEC DATA CENTER SECURITY

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

Rethinking Security CLOUDSEC2016. Ian Farquhar Distinguished Sales Engineer Field Lead for the Gigamon Security Virtual Team

Network Security Protection Alternatives for the Cloud

CA Security Management

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Juniper Networks Live-Live Technology

Transcription:

Building a Software-Defined Secure Network for Healthcare Detect, adapt, and enforce security policies faster with network-wide visibility, orchestration, and control Challenge Enable digital transformation at healthcare firms by eliminating threats coming from both inside and out. Solution Juniper s Software-Defined Secure Network, which includes Services Gateways for branch and data center, virtual firewall, Spotlight Secure cloud service, Sky Advanced Threat Prevention, and Junos Space Security Director, provides an open, scalable way to block threats at every step of the cyber kill chain. Benefits Expand threat visibility and enforcement capabilities across the entire network infrastructure Provide flexibility and agility in responding to threats Reduce time between threat detection and enforcement Simplify management with a platform for creation, deployment, and replication of common security policies across a healthcare enterprise The digital economy is transforming the healthcare market sector. The required pace of innovation is accelerating, patients have higher expectations than ever, and new competitors are emerging from nontraditional markets. At the same time, the healthcare market has long been a favorite target of cyberattackers, and despite firms best efforts, cybersecurity threats are rising and attacks are more successful than ever. Healthcare firms need a more effective, adaptable approach to detecting and stopping cyberthreats. The Challenge Traditionally, network security has meant a strong perimeter defense. Firewalls sat at the boundary of the network, checking everything coming inside, while everything on the inside of the network was trusted. That s no longer enough. Advanced threats can bypass traditional perimeter security defenses, enter the trusted network, and move about undetected. Employees, contractors, and patients mobile devices can be infected when used on public or home networks, and that malware can be inadvertently unleashed inside the corporate network. The risk increases exponentially with the rise of the Healthcare Internet of Things. In the data center, virtualization and cloud have brought new agility, but modern security technologies have failed to keep pace with evolving threats. As a result, threats can persist unseen inside the network, giving criminals time to carefully plan the theft of high-value information, take medical intellectual property, commit fraud, destroy brand image, and disrupt revenue opportunities. Employees and contractors rely on regional and facility networks to access applications and other resources to do their jobs. Patients count on websites and mobile apps to interact with their caregivers, insurance companies, and other healthcare providers. Attackers commonly target facility resources and mobile devices because these systems have access to business- critical applications, but it can be very difficult for security administrators to control and monitor today s highly distributed environments for suspicious activities. Security pros need greater visibility into business applications, whether they are in the data center or in the cloud. Data privacy is critical to maintain competitive advantage and regulatory compliance, but data sent to and from data centers over service provider networks or the public Internet is at a great risk for eavesdropping, even if appropriately encrypted. Data center networks are also prime targets for attackers, as they run the core operations for healthcare firms and are home to the organization s most valuable information and applications. In addition to data theft and destruction, a denial-of-service (DoS) attack can overwhelm the data center network and prevent workers and patients from accessing critical resources and personal healthcare information. A DoS attack can be just as damaging to business viability as the exfiltration of high-value data. To thrive, security professionals can no longer view internal networks as trusted and external networks as untrusted. In today s cybersecurity threat landscape, all network traffic must be viewed as untrusted. 1

The Juniper Networks Software-Defined Secure Network Juniper s Software-Defined Secure Network (SDSN) creates a holistic security ecosystem that enables healthcare firms to react in near real time to current and evolving intelligence to protect against unknown threats. SDSN delivers a zero trust model for information security. With SDSN, healthcare firms can make the shift from a traditional, siloed approach to security prevalent in healthcare today to viewing the network as a single enforcement domain. Network policy, detection, and enforcement become more adaptable, and firms can stop threats with greater accuracy. Security administrators can create and manage policies that are tightly aligned with business policies, rather than micromanaging security for different VLANs and security zones. Software-Defined Secure Networks Create and centrally manage security through a user intent-based system Unify and rate intelligence from multiple sources Enforce policy in near real time across the network, and have the ability to adapt to network changes With an SDSN approach, threats can be detected faster, even as they evolve, by leveraging threat intelligence from multiplesources (including third-party feeds) and tapping into the power of the cloud. Network security can adapt dynamically to real- time threat information so that security policies are enforced consistently, even in a nationwide healthcare enterprise. The building blocks of a Software-Defined Secure Network include advanced firewalls for the facility and data center, threat intelligence, orchestration, and cloud-based protection. Software-Defined Secure Network Delivers Zero Trust Security Model Perimeter Secure Network Outside (Untrusted) Simplified Security Block Lateral Threat Propogation (Untrusted) Comprehensive Visibility Figure 1: Juniper s SDSN is based on a zero trust security model. Software-Defined Secure Network,, and Cloud-based Threat Defense Dynamic and Adaptive Engines Bottoms Up and Top Down Approach Leverage entire network and ecosystem for threat intelligence and detection Campus and Facility Your Enterprise Network Data Center Private Cloud Public Cloud Utilize any point of the network as a point of enforcement Dynamically execute policy across all network elements, including third-party devices Figure 2: SDSN simplifies creating security policies, detecting threats, and enforcing policies. 2

Securing Facility Networks in Healthcare Juniper Networks Services Gateways for the facility combine next-generation firewall and unified threat management (UTM) services with routing and switching in a single, highperformance, cost-effective network device. gateways provide network connectivity to regional or branch locations using standards-based routing protocols. A small facility gateway also provides switching to connect a small number of endpoints, while a large gateway can provide WAN connectivity and switching for a regional office or campus. gateways also support full, standards-based IPsec encryption to ensure the secure transport of business data across networks that are not managed, controlled, or secured by the firm s security administrators, whether the organization uses a shared service provider network or the public Internet. Securing Data Center Networks in Healthcare Through Micro-Segmentation Healthcare firms of all sizes can defend their data centers with Juniper s portfolio of enterprise security solutions. Services Gateways are a next-generation, anti-threat firewall with advanced, integrated threat intelligence, delivered on the industry s most scalable and resilient platform. gateways set new benchmarks with 100GbE interfaces, and also provide connectivity options for 1GbE, 10GbE, and 40GbE. Express Path technology enables up to 2 Tbps performance for the data center and with less than 7 microseconds of throughput latency. All gateways can encrypt and decrypt traffic across shared and public WANs using IPsec VPN, and can simultaneously support thousands of VPN tunnels. In cloud and virtual environments, virtual firewall Internet Facility: Connectivity Data Center LAN Firewall Facility A Facility B Facility C User User User Facility is concerned with providing connectivity as well as security to client devices in the enterprise. Attackers are commonly targeting facility resources because the attack landscape is larger, resources are less segmented, and they have access to valuable systems. Figure 3: Secure User network services architecture supports healthcare branches Branch Internet Cluster Core/ Distribution Access Remediation of Infection SDSN Protecting a Branch Detect Infected Hosts SRX and Feeds SD ND ACLs Third Party Feeds Threat Feeds SDSN Engine End Point Security Partner Solutions Sky ATP defined in Engine - Infected Hosts with Threat_Level > 8 should be quarantined Sky Infected Host feed - Using third party (e.g.: Attivo, Vectra), and SRX data to Sky Access and aggregation switches quarantine infected host Figure 4: SDSN makes it easier to protect facilities with consistent security policies, threat detection, and enforcement 3

can be deployed to provide east-west separation for traffic to meet requirements of micro-perimeterization and micro- segmentation, addressing today s virtual workloads. The is the industry s fastest virtual security platform, providing scalable, secure protection for data centers and cloud. This level of advanced security is extended to Docker Containers with Juniper Networks csrx container firewall and brings greater agility and elasticity to virtual infrastructure. The csrx has a microservices architecture that makes deployment throughout the network easier without compromising performance. Unified Security on a Common Platform security capabilities are consistent whether the SRX Series device is deployed as an appliance, a scalable chassis, or virtually and whether it is protecting traditional physical architectures or virtual and cloud applications. Policies are enforced consistently to meet the needs of any healthcare organization of any shape or size. Separation of Control and Data Planes High volumes of traffic and processor overutilization can cause a firewall to become unmanageable and block user access to business resources if the firewall is designed with shared control and data planes. Juniper Networks Junos operating system, the foundational operating system of the gateway, is designed with the separation of control and data plane. When under a DoS attack, the firewall provides strict policing protection of the control plane so that administrators can maintain management connectivity with the platform, while screens and additional mechanisms can be put into place to minimize the impact that a DoS attack might have on the data plane. Border Router Perimeter Firewall Routers WAN DMZ Network ing Physical Security Biz Apps and Online Banking DB And Bus App 1 SAP WWW Firewall per Application Virtual Virtualization Software e.g. vmware DMZ Bus App 1 SAP WWW Firewall per Application Virtual Virtualization Software e.g. vmware Virtual Security Physical Server Physical Network Physical Server Physical Firewall/DS Figure 5: Micro-segmentation allows zoning and segmentation created by gateways (both virtual and physical). Internet Perimeter Cluster Cluster IT Web IT App IT DB DMZ VLAN MZ VLAN DB VLAN Data Center Micro-Segmentation Data Center Fin Web Fin App Fin DB ACLS Provisions in Service Chain Third Party Feeds Sky ATP Threat Feeds SDSN Engine Security Groups IT Apps Fin Apps SDN Controller defined in Engine - IT Applications cannot access Finance Applications even if they share same VLAN - Traffic in and out of Infected Applications should be logged Sky detection applicable for infected applications scenario (#2 above) related traffic controls enforced in Physical to physical traffic controls in access/aggregation switches Figure 6: Juniper simplifies extending security to every segment in the data center using micro-segmentation. 4

Next-Generation Firewall Services and Application Inspection gateways provide security enforcement and deep inspection across all network layers and applications. Users can be permitted or prohibited from accessing specific business applications and Web applications, regardless of the network ports and protocols that are used to transmit the applications. Deep inspection can be applied via intrusion prevention policies for any traffic that is allowed to pass through the, so security administrators can ensure that the desired traffic running across an organization s network is legitimate and is not being manipulated as an attack vector. Application- and user-based firewall policies can be combined to ensure that specific users within a healthcare organization s network can only access the specific business applications that they are authorized to access. Antivirus, content filtering, and antispam enforcements can be layered on top of these policies to round out the full spectrum of application-based services that can be applied to network traffic running through the firewall. Enhanced Threat Intelligence and Spotlight Secure To enhance traffic visibility and provide an additional layer of protection against advanced persistent threats, gateways support IP address blocking via geo-ip and commandand-control botnet feeds. This additional threat intelligence is delivered via Juniper Networks Spotlight Secure cloud service, and is updated constantly to ensure that the threat data employed in the firewalls is accurate and fresh. IP address threat data is applied within security policies quickly and without requiring a commit of the configuration. This means that the new threat data within firewall policies can be applied in less than 60 seconds after being updated within the Spotlight Secure cloud service. A healthcare organization also can automatically enforce and block IP addresses on firewalls from threat data that is created internally, or with data from a third-party threat feed. All of this threat data can be delivered and enforced on firewalls within 60 seconds. Sky Advanced Threat Prevention As malware attacks evolve and grow more insidious, conventional anti-malware products have difficulty defending against them. A good example of this is the recent increase in ransomware attacking the healthcare market s data. These attacks cripple the ability to do business by encrypting critical data and offering to decrypt the data for a fee (ransom). Sky Advanced Threat Prevention keeps the network free of these types of zero-day attacks and other unknown threats by delivering superior cloud-based protection, scanning ingress and egress traffic for malware and indicators of compromise. Sky ATP, which employs a pipeline of technologies in the cloud to identify varying levels of risk, provides a higher degree of accuracy in threat protection. It integrates with gateways to deliver deep inspection, inline malware blocking, and actionable reporting. Sky ATP s identification technology uses a variety of techniques to quickly identify a threat and prevent an impending attack. These methods include: Rapid cache lookups to identify known files Dynamic analysis that involves unique deception techniques applied in a sandbox to trick malware into activating and self-identifying Additionally, machine-learning algorithms let Sky Advanced Threat Prevention adapt to and identify new malware in an everchanging threat landscape. Centralized and Orchestrated with Security Director In today s complex environment, if management solutions are slow, unintuitive, or restricted in their level of granularity and control, network security management can become overly timeconsuming and prone to error. Junos Space Security Director provides centralized and orchestrated security policy management through an intuitive, web-based interface that offers enforcement across emerging and traditional risk vectors that healthcare organizations face every day. As an application on the Juniper Networks Junos Space platform, Security Director provides extensive security scale, granular policy control, and policy breadth across the network for every physical and virtual device. Security administrators can use Security Director to quickly manage all phases of the security policy life cycle for stateful firewall, threat intelligence from Spotlight Secure, unified threat management (UTM), intrusion prevention system (IPS), application-based firewall, IPsec VPN, and Network Address Translation (NAT). Summary Stop Threats Faster with Juniper Security Solutions Juniper s Software-Defined Secure Network can help security administrators in healthcare organizations stop threats faster and more accurately. It can also help them gain greater control over the applications and traffic on their regional, facility office, and data center networks while protecting business assets and patient health information against increasingly sophisticated and successful cyberthreats. Services Gateways deliver next-generation firewall protection with application awareness, IPS, and user role- based control options, plus best-in-class UTM to help protect and control healthcare business assets. Healthcare firms can choose from a broad range of models: from all-in-one security and networking appliances, to highly scalable, high- performance 5

chassis options, to virtual and cloud-based enforcement platforms. Juniper s security intelligence for gateways is designed to respond to a rapidly changing threat landscape, and as an open security intelligence solution, it is extensible based on business needs. Spotlight Secure delivers actionable security intelligence that can be used in policy immediately. Sky Advanced Threat Prevention integrates with firewalls for detection and enforcement, and provides dynamic, automated protection against known malware and advanced zero-day threats, resulting in instant threat response. Administrators can centrally manage all gateways using Junos Space Security Director, and other security services are easily added to existing platforms for a costeffective and easily managed solution. Next Steps To bring the power of Juniper s Software-Defined Secure Network to your firm, contact your Juniper representative, or go to www. juniper.net/us/en/solutions/software-defined-secure-networks/. About Juniper Networks Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. Our team co-innovates with customers and partners to deliver automated, scalable and secure networks with agility, performance and value. Additional information can be found at Juniper Networks or connect with Juniper on Twitter and Facebook. Corporate and Sales Headquarters Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or +1.408.745.2000 Fax: +1.408.745.2100 www.juniper.net APAC and EMEA Headquarters Juniper Networks International B.V. Boeing Avenue 240 1119 PZ Schiphol-Rijk Amsterdam, The Netherlands Phone: +31.0.207.125.700 Fax: +31.0.207.125.701 EXPLORE JUNIPER Get the App. Copyright 2016 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 3510597-001-EN Oct 2016

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback