tailored security for critical assets srx series services gateways for the high end presenter name...

TAILORED SECURITY FOR CRITICAL ASSETS

SRX SERIES SERVICES GATEWAYS FOR THE HIGH END

PRESENTER NAME

DECEMBER 29, 2013

COMMITTED TO INNOVATION AND INVESTMENT

Security is core to our business at Juniper

Juniper R&D is $1.027B, or 23% of revenues –a figure no one else in the industry comes closeto on a percentage basis – 2011 Annual Report

New in 2012: A differentiated approach to security with our Intrusion Deception capabilities

Market Leader

High-EndFirewalls

Remote AccessSSL VPN

NetworkSecurity

$1Bglobal

revenue

#1

Dedicated Innovator

Global Powerhouse

#1

#3

Serving customers in over 47 countries, with a worldwide community of over1000 Reseller Partners

Infonetics Research 2012

Keeping up with unpredictable traffic volumes

Ensuring application availability and business continuity

Securing against cyber attacks

CUSTOMER CHALLENGES

MARKET SITUATION

54%

OF THE DATA BREACHES WERE RELATED TO COMPROMISED SERVERS

75%OF ATTACKS ARE DRIVEN BY FINANCIAL MOTIVES

60%OF BREACHES TOOK WEEKS OR MONTHS TO DISCOVER

$11mAVERAGE COST DUE TO DATA BREACH

SOLVING THE PROBLEM

Stop all types of attacks with BEST-IN-CLASS SECURITY

Get maximum PERFORMANCE & easily SCALE to adapt to the future

Ensure your network is always AVAILABLE with easy, secure ACCESS to optimize productivity

Tailored Security for Critical Assets in the Data Center

CARRIER-GRADE AVAILABILITY

SRX SERIES SERVICES GATEWAYS FOR THE HIGH END

Tailored Security for Critical Assets

BEST-IN-CLASS SECURITY

MAXIMUM PERFORMANCE AND SCALE


Enables complete application visibility and control

Integrates security for physical and virtual data centers

Strong, dynamic content security: leveraging intelligence from multiple security companies

Secure and resilient even under the most demanding conditions

MAXIMUM PERFORMANCE

AND SCALE

Delivers high-performance throughput, massive session volumes and flexible, large-scale connectivity

Add security services without service interruptions for business continuity

Enables pay as you grow approach

CARRIER-GRADE AVAILABILITY

Delivers uptime continuity with in-service hardware and software upgrades

Enables high availability with redundant components and links

Built on a carrier-class hardware foundation

SRX SERIES SERVICES GATEWAYS

100G

Up to 300 Gbps FW throughput and 100 million concurrent sessions scaling

High-End SRX

Single Junos

Unprecedented ScaleIntegrated Routing, Switching and Security

1G

10GBranch SRX

SRX3400

SRX100SRX210

SRX220SRX240

SRX650

BRANCH CAMPUS DATA CENTER

SRX110

SRX550

SRX1400

SRX3600

SRX5400

SRX5800

SRX5600

DIFFERENTIATORS

HIGH PERFORMANCE

line cards for maximum

throughput, scalability, ISSU,

and ISHU

BEST-IN-CLASS

CONTENT SECURITY leveraging

intelligence from multiple expert

security companies

SECURE AND RESILIENT

under attack with separate control and data planes

and multiple processing cores

INTEGRATION of virtual and

physical solutions (Firefly/SRX) to deliver visibility,

security, and compliance

APPLICATION AWARENESS

with AppSecure to stop

application borne security threats

and manage application usage

PROFESSIONAL AND EDUCATION SERVICES

Juniper Care

Juniper Care Plus

Juniper Professional ServicesJuniper

Premium Care

Juniper Education

CUSTOMER LIFECYCLE

AssessmentDesign

PLAN OPERATEBUILD

Deployment/Onboarding Migration

MaintenanceOptimization

OFFERINGS

MAXIMUM PERFORMANCE AND SCALABILITY

OPERATIONAL EFFICIENCY

“Good options exist for high-throughput, purpose-built appliances, especially in the higher end SRX models.”

Greg Young, Gartner MQ for Enterprise Network Firewalls 2013

“Junos “achieved a 40% reduction in operation costs…[including] planning and provision, deployment, and planned and unplanned network events…Positive financial payback within 0.8 years or 9 months.”

“The Total Economic Impact of Juniper Networks JUNOS Network Operating System,” Michael Speyer, Forrester Research

WHAT ANALYSTS ARE SAYING…

COMPREHENSIVE THREAT PREVENTION“Juniper is also the only solution with all the advanced features in this evaluation.”

Info-Tech, “Vendor Landscape: Next Generation Firewalls,” James Quin


MAXIMUM PERFORMANCE AND SCALE

CARRIER-GRADE RELIABILITY

SUMMARY

NEXT STEPS

Arrange for anASSESSMENTof your currentsecurity initiatives

Schedule aDEEP DIVE SESSION and demo

Arrange for anEVALUATION in person or via the virtual proof of concept lab

THANK YOU!

HIGH PERFORMANCE SERVICES PROCESSING CARDS

Ensures zero downtime and flexibility via in-service software and hardware upgrades to eliminate the need for a maintenance window

Always-On Security

Minimizes upgrade costs with backward compatibility with existing cards and chassis; no “rip and replace” or forklift upgrades

Investment Protection

Delivers 300 Gbps firewall throughput, 150 million concurrent sessions, and up to 100G connectivity to accommodate more users and devices

Superior Performance

SRX Series

PHYSICAL

Hypervisor

Firefly Series

VM VM VM VM

Firefly Virtual Gateway

MANAGEMENT AND SECURITY SERVICES

SecurityDirector

Security Threat Response ManagerSTRM

SERVICES VIRTUAL

Firewall

IPS

DoS Prevention

AppSecure

DoS

INTEGRATED DATA CENTER SECURITY SPANS PHYSICAL AND VIRTUAL NETWORKS

APPSECURE – APPLICATION INTELLIGENCE FOR THE DATA CENTER

• Understand security risks

• Address new user behaviors

• Easy add-on security services for SRX gateways

• Delivers application visibility, enforcement and protection

• Integrates nested application detection/protection, control, and remediation

• Subscription service includes all modules and updates

• Juniper Security Lab provides 800+ application signatures

• Block access to risky apps

• Allows user tailored policies

• Prioritize important apps

• Rate limit less important apps

• Protect apps from bot attacks

• Allow legitimate user traffic

• Remediate security threats

• Stay current with daily signatures

AppTrack AppDoS IPSAppFW AppQoS

Firewall management

IPsec VPN management

Network Address Translation (NAT) management

Intrusion prevention (IPS) signature management

Application-level policy management

Publish WorkFlow: Manage policy work by role for better accuracy+

SCALABLE SECURITY MANAGEMENT• Security Director

– Delivers scalable, responsive, and accurate policy management

– Enables intuitive web-based policy lifecycle management

• STRM– Collects, archives, reports and correlates

events, flow data, and application data– Analyzes network behavior for anomalies

AUTOMATES

ARCHITECTURE:SEPARATE DATA AND CONTROL PLANE

Con

trol

Pla

neD

ata

Pla

ne

Physical Interfaces

PACKET FORWARDING

DOS & DDOS ATTACKS

Attacks overwhelm the boxAdministrator loses management access – your network is down

Attacks can be thwartedUnder attack, administrator maintains management access to modify policy, disallow bad traffic, and process good traffic – your network stays up

SHARED PLANE

MO

DU

LE

N

INT

ER

FA

CE

S

MA

NA

GE

ME

NT

RO

UT

ING

…KERNEL

DA

TA

MA

NA

GE

ME

NT

RO

UT

ING

DOS & DDOS ATTACKS

SRX SERIES SPECIFICATION SUMMARYSRX1400 SRX3400 SRX3600 SRX5400 SRX5600 SRX5800

On-board Ethernet 6 10/100/1000 + 6 SFP or 6 10/100/1000 + 3 SFP and 3 10GbE

(on board) 16 SFP GbE, 16 10/100/1000,

or 2 XFP 10GbE

8 10/100/1000 + 4 SFP (on-board) 16

SFP GbE, 16 10/100/1000, or 2

XFP 10 GB (SR or LR)

8 10/100/1000 + 4 SFP (on-board) 16

SFP GbE, 16 10/100/1000, or 2

XFP 10 GB (SR or LR)

100GE-CFP-2X40GE-QSFPP

10XGE-SFPP

40 SFP GbE, 4 XFP 10 GB (SR or LR),

16 GbE (TX or XFP) FlexIOC, or 4 XFP 10 GB (SR or LR)

FlexIOC

40 SFP GbE, 4 XFP 10 GB (SR or LR),

16 GbE (TX or XFP) FlexIOC, or 4 XFP 10 GB (SR or LR)

FlexIOC

JUNOS Software Version Support JUNOS 12.1X46 JUNOS 12.1X46 JUNOS 12.1X46 JUNOS 12.1X46 JUNOS 12.1X46 JUNOS 12.1X46

Firewall Performance (Large Packets)

10 Gbps 30 Gbps 55 Gbps 65 Gbps 100 Gbps 200 Gbps

Firewall Performance (IMIX) 5 Gbps 10 Gbps 20 Gbps 30 Gbps 65 Gbps 130 Gbps

Firewall Performance (Firewall + Routing PPS 64byte)

1.5 Mpps 3.5 Mpps 6.5 Mpps 9.9 Mpps 20 Mpps 50 Mpps

VPN Performance – AES256+SHA-1 or 3DES+SHA 1

4 Gbps 8 Gbps 15 Gbps 40 Gbps 75 Gbps 130 Gbps

AppSecure 6.5 Gbps 16 Gbps 24 Gbps 50 Gbps 80 Gbps 160 Gbps

Intrusion Prevention System 3 Gbps 8 Gbps 15 Gbps 22 Gbps 50 Gbps 100 Gbps

Connections Per Second (CPS) 70 K 150 K 270 K 450 K 400 K 400 K

Maximum Concurrent Sessions 1.5 M 3 M 6 M 28 M 100 M 100 M

High Availability A/A or A/P A/A or A/P A/A or A/P A/A or A/P A/A or A/P A/A or A/P

SRX1400

• Ideal for small to mid-size data centers, enterprise, and Service Provider networks

• Software Security Services– AppSecure and IPS– AV and web filtering

• Combination IOC/SPC card

SRX1400

On-board Ethernet 6 10/100/1000 + 6 SFP or 6 10/100/1000 + 3 SFP and 3 10GbE (on board) 16 SFP

GbE, 16 10/100/1000, or 2 XFP 10GbE

JUNOS Software Version Support JUNOS 12.1X46

Firewall Performance (Large Packets) 10 Gbps

Firewall Performance (IMIX) 5 Gbps


1.5 Mpps


4 Gbps

AppSecure 6.5 Gbps

Intrusion Prevention System 3 Gbps

Connections Per Second (CPS) 70 K

Maximum Concurrent Sessions 1.5 M

High Availability A/A or A/P

fan vent slot coverline cards

SRX3400

• Ideal for medium to large enterprises and Service Provider networks



SRX3400

On-board Ethernet 8 10/100/1000 + 4 SFP (on-board) 16 SFP GbE,

16 10/100/1000, or 2 XFP 10 GB (SR or L)





3.5 Mpps


8 Gbps

AppSecure 16 Gbps



Maximum Concurrent Sessions 3 M


line cards

slot coverpower supply

SRX3600




SRX3600

On-board Ethernet 8 10/100/1000 + 4 SFP (on-board) 16 SFP GbE,

16 10/100/1000, or 2 XFP 10 GB (SR or LR)





6.5 Mpps


15 Gbps

AppSecure 24 Gbps





line cards slot cover

power supply

SRX5400



• Next-generation, high-performance line cards

SRX5400

On-board Ethernet 100GE-CFP-2X40GE-QSFPP

10XGE-SFPP





9.9 Mpps


40 Gbps

AppSecure 50 Gbps





line cards slot cover

power supply

SRX5600

• Ideal for large enterprise, Service Provider, and public sector networks



SRX5600

On-board Ethernet 40 SFP GbE, 4 XFP 10 GB (SR or LR), 16 GbE (TX or XFP) FlexIOC, or 4 XFP

10 GB (SR or LR) FlexIOC





20 Mpps


75 Gbps

AppSecure 80 Gbps





IOC card

SPC card

slot cover

SRX5800

• Ideal for large enterprise, Service Provider, and public sector networks

• Software Security Services– AppSecure and IPS– AV and web filtering (X46)


SRX5800

On-board Ethernet 40 SFP GbE, 4 XFP 10 GB (SR or LR), 16 GbE (TX or XFP) FlexIOC, or 4 XFP

10 GB (SR or LR) FlexIOC





50 Mpps


130 Gbps

AppSecure 160 Gbps





IOC card

SPC card

tailored security for critical assets srx series services gateways for the high end presenter name...

Documents