juniper software defined secure networks - startseite · juniper software defined secure networks...
TRANSCRIPT
Juniper Software Defined Secure NetworksChristoph Plum, [email protected] Engineer
Legal Disclaimer
This product roadmap sets forth Juniper Networks’ current intention and is subject to
change at any time without notice. No purchases are contingent upon Juniper
Networks delivering any feature or functionality depicted on this roadmap.
• Device proliferation and BYOD
• IoT based attacks• Hybrid cloud deployments
growing
• Zero day attacks• Advanced, persistent,
targeted attacks• Adaptive malware
• Virtualization and SDN• Applications, data,
management in the cloud• Application proliferation
Security is in Transformation
INFRASTRUCTURETHREAT SOPHISTICATION CLOUD
Multiple vendors and interfaces
Intelligence not shared –Illicit behavior not detected
Isolated security functions
Advanced Threat Prevention
Intrusion Prevention
ApplicationSecurity
Specialized Security Doesn’t Work
Data Loss Prevention
010101001010101010111011011101010110101001010111001101110101
Endpoint Protection
Strategy for Futureproof Cybersecurity
ANY VENDOR
Open ecosystem for threat intel sharing and integration
Consistent, automated defense across diverse
environments
ANY CLOUDANY NETWORK ASSETS
Unified enforcement domain
Keep your organization safe from cyber criminals with a unified cybersecurity platform from Juniper Networks, powered by automation, machine learning and real-time intelligence
Infection is Easy
!
Arrivals Departureswww.pdf.com
And Can Spread Without Resistance
!
SDSN Stops the Threat
Command & Control Server
Quarantined
Security Director + Policy Enforcer
01010101010101010 01110101 01101110 01101001 01110000
SRX/vSRX
Sky ATP
Juniper or 3rd
Party Switch
Infected LaptopMAC: 3A-34-52-C4-69-b4
IP: 172.16.254.3
Demanding Software Defined Secure Networks
Global Policy Orchestration, Policy Engine
Open and Unified Threat Detection
Dynamic, Automated Enforcement
IDSDeception Sandbox
AV NGFW
AnalyticsIPS NAT
Uncoordinated and firewall focused
Orchestrated, holistic system encompassing security + infrastructure
Software Defined Secure Network
Threat intelligence from multiple sources: Threat-Hunting, analytics, correlation, forensics to identify, report and rate offences
Create and centrally manage security policy through user-intent based system
Enforce policy in near real time across the network; ability to adapt to network changes
Detection
Enforcement
PolicyDynamic and Adaptive
Policy Engine
Your Enterprise Network
SecurityIntelligence
Threat Defense:Cloud and/or
Enterprise-basedThreat Detection
Campus & Branch
Data Center
PublicCloud
PrivateCloud
Policy
Detection
Detection
Enforcement
Enforcement
Detection• Fast, effective protection from advanced threats• Integrated threat intelligencePolicy• Adaptive enforcement to firewalls, switches, 3rd
party devices and routers• Robust visibility and managementEnforcement• Consistent protection across physical/virtual• Open and programmable environment
Software Defined Secure Networks (SDSN)Unified Security Platform
Network as a single enforcement domain - Every element is a policy enforcement point
Third PartyThreat Intel
Security Director + Policy EnforcerPolicy Enforcement, Visibility, Automation
SRX Physical Firewall
vSRXVirtual Firewall
Juniper Cloud
Sky Advanced Threat Prevention (ATP)
Spotlight SecureThreat Intelligence
MX Routers*
EX & QFX Switches
Third Party Elements
DETECTION
POLICY
DETECTION
ENFORCEMENT
*Roadmap, subject to change
Sky Advanced Threat Prevention (ATP)
101110000 SRX/vSRX
Sandbox
Analysis
MachineLearning
Sky ATP
Custom and Third
Party Intel
C&C Geo IP
Zero DaysMalware
01101010 011
• Protects against advanced malware like ransomware
• Stops advanced persistent threats
• Analysts web and email files• European Data Center for data
sovereignty• FedRAMP certified
Cloud Infrastructure
Multiple Anti-Virus
Cache
InlineBlocking
Sandbox
Static Analysis
Sky Advanced Threat Prevention Cloud
Potentially malicious files
BehavioralAnalysis Deception
Machine Learning
• Verdicts determined at every level
• Additive verdict determination ensures accuracy
• Over 50 deception techniques employed to trick malware into exposing itself
Sky ATP
SuspectedIncidentsServers and mainframes
Data activity
Network and virtual activity
Application activity
Configuration information
Security devices
Users and identities
Vulnerabilities and threats
Global threat intelligence
AutomatedOffenseIdentification• Unlimited data collection, storage and analysis
• Built in data classification
• Automatic asset, service and user discovery and profiling
• Real-time correlation and threat intelligence
• Activity baselining and anomaly detection
• Detects incidentsof the box
Embedded Intelligence
Prioritized Incidents
JSA in a nutshell - Automated offense identification
Detection• Fast, effective protection from advanced threats• Integrated threat intelligencePolicy• Adaptive enforcement to firewalls, switches, 3rd
party devices and routers• Robust visibility and managementEnforcement• Consistent protection across physical/virtual• Open and programmable environment
Software Defined Secure Networks (SDSN)Unified Security Platform
Network as a single enforcement domain - Every element is a policy enforcement point
Third PartyThreat Intel
Security Director + Policy EnforcerPolicy Enforcement, Visibility, Automation
SRX Physical Firewall
vSRXVirtual Firewall
Juniper Cloud
Sky Advanced Threat Prevention (ATP)
Spotlight SecureThreat Intelligence
MX Routers*
EX & QFX Switches
Third Party Elements
DETECTION
POLICY
DETECTION
ENFORCEMENT
*Roadmap, subject to change
Policy Enforcer
Extend Enforcement to Access Layer
(Juniper & 3rd Party)
Block, Quarantine, Release, and Track
Automate Pervasive Enforcement
Micro-segmentation with vSRX & Vmware NSX
SDSN
Security Fabric including Firewalls and SwitchesInfected Host Blocking
Perimeter Firewall level for north – south trafficEX/QFX switches to protect from lateral movement of threats
Infected Host TrackingTrack infected host movement in network, andQuarantine or block infected hosts even if IP address changes
KeyFeatures
Use Case: Threat Remediation of infected hosts
DETECTIONSky ATP – Known & Day-0 Malware analysis, Sandboxing, Infected Host identification, Command & Control, GeoIP
POLICYSimplified Threat Remediation Policy (Block, Quarantine, Track) defined in Security Director Policy Enforcer
ENFORCEMENTJuniper: SRX, vSRX, EX and QFX
Automates threat remediation workflowsReal-time remediation of infected hosts Reduced time to remediate = Reduced exposure to attacksLeverage Network (EX/QFX) and Firewall (SRX/vSRX) to take remediation actions to address lateral movement of attacks inside the network in addition to limiting attacks from outside world
CustomerBenefits
Understanding SDSNSKY ATP Security Fabric
• SRX Firewalls • Juniper EX and QFX switches
Sky Realm• SRX and PE registered
Threat Intelligence from • SKY ATP Cloud Feeds
Enforcement• On SRX via Security Director
• ATP policy pushed to SRX from SD
• SRX pulls Infected host feed from PE
• On EX/QFX Switches• S/W micro service collects
and Maintain IP/MAC binding of hosts
• Commits a MAC F/W filter on switch for enforcement
S/W Micro
Service
Policy Enforcer
Security Director
SRX Detection
Layer
EX/QFX
Management
Feeds
Enforcement
Secure Fabric
Private Cloud
NSX– vSRX Micro-segmentationMeta-Data&SGSyncvSRX Policies
Policy Enforcer Phase 2 – Overview
Threat Remediation
• EXinFusionMode• 3rdPartySwitches• Wireless&TrunkPort
3rd Party Eco-System
3rd PartyThreatFeeds• Whitelist,BlacklistandInfectedHostthreatfeeds
3rd PartyEnforcement• SouthboundAPIfor3rd parties
3rd Party Access Switch
Radius Server
Radiusmessages
Threat Remediation Enhancements
Security Fabric to support 3rd party switches and wirelessInfected Host Blocking
Juniper & 3rd party switches to protect from lateral movement of threats
Infected Host TrackingTrack infected host movement in network, andQuarantine or block infected hosts even if IP address changes
KeyFeatures
Use Case: 3rd Party Switch and Wireless Support
Automates threat remediation workflowsReal-time remediation of infected hosts Reduced time to remediate = Reduced exposure to attacksNetwork vendor agnostic mechanism for threat remediation
CustomerBenefits
ENFORCEMENTJuniper: SRX, vSRX, QFX and EX (+Fusion Support)
3rd Party: Access Switches with Radius(AAA) configured
Wireless: WLCs with Radius(AAA) configured
Policy Enforcer
Connector Framework
3rd Party Connector
SKY ATP
SDSN Phase-3
• User Intent Policy • Hybrid Cloud Support
• AWS• Contrail
• Additional Threat Remediation• JSA, Cisco ISE, Forescout
KeyFeatures
SDSN is a huge differentiator for Juniper
Complete Threat Remediation Use CaseAdditional NAC vendor support , and JSA
Introduce User Intent Based Policy ModelSimplicity of policy to support agile applications & usersSupport Private & Public CloudWith vSRX on VMware NSX, Contrail, AWS
• Flexible and extensible policy - Security Policy is tied to a business intent and not to a network topology
• Enhanced user experience and optimized network operation -Unified Security Policy across all Juniper Product Lines
• Ubiquitous and multi-vendor enablement – work with 3rd party devices and works on-premise as well in the Cloud
CustomerBenefits
Thank you