Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

Transcription

1 Network that Know Rasmus Andersen Lead Security Sales Specialist North & RESE

2

3 Gateway vendor CERT AV vendor Law enforcement Web Security Vendor Network security appliance vendor IT Department App Vendor HR Department Risk Management DDOS Security Vendor Service Provider SIEM vendor Cloud Provider APT / AET protecfon vendor Infrastructure vendor VerFcal knowledge sharing End point Security vendor Forensic vendor

4

5 5 of Gartner top 10 for information security in SoNware- defined Security 2. Big Data Security AnalyFcs at the Heart of Next- generafon Security PlaTorms 3. Machine- readable Threat Intelligence, Including ReputaFon Services 4. Pervasive Sandboxing (Content DetonaFon) and IOC ConfirmaFon 5. Security Gateways, Brokers and Firewalls to Deal with the Internet of Things

6

7 Cyber Security kill chain Pre infection Reconnaissance WeaponizaFon Delivery Exploit InstallaFon Command & Control AcFons 7

8 The WebApp Secure advantage Deception Based Security Detect Track Profile Respond Tar Traps detect threats without false positives. Track IPs, browsers, software and scripts. Understand attacker s capabilities and intents. Adaptive responses, including block, warn and deceive.

9 Attackers on JUNIPER.NET

10 Cyber Security kill chain Post infection Reconnaissance WeaponizaFon Delivery Exploit InstallaFon Command & Control AcFons 10

11 Security Analytics SIEM Collects all flow and data in one place Compliance repor2ng Visibility Anomaly Detec2on 11

12 TRADITIONAL SECURITY IS NOT ENOUGH AEackers will not be stopped by current NGFW services!!

13 Evolution of Network Security Next-Gen Firewall L7 Next-gen firewall User-based Controls L3 Traditional firewall Application Visibility and Control Intrusion Prevention Services Static Dynamic 13

14 Evolution of Network Security Integrating threat intelligence enables an adaptive intelligent firewall L7 Next-gen firewall Adaptive intelligent firewall Open platform delivers more value Scalable to ensure full enterprise or service provider deployment Built for expansive data capacity L3 Static Traditional firewall Dynamic Improved efficacy through threat scores and tuning Adaptive: from the data source, to data normalization, to syndication at enforcement point 14

15 Juniper s Threat Intelligence for the firewall Dynamic protection against new threats Adds continuous value to threat intelligence feeds Juniper threat feed has the following characteristics: Compilation of data feeds from Juniper s own malware research team and leading 3rd parties Data feed sets include IP addresses, domains and URLs Highly focused on Command and Control (C&C) traffic related to malware and botnets C&C data is refreshed hourly to ensure it is current and blocking the latest threats Threat severity rating for fewer false positives and increased effectiveness 15

16 Effectiveness via Juniper Optimized Threat Feed Creation & Structure Source Data Optimi ze Generat e Feed Sourcing Threat Data Focused threat intelligence Variety of data sources and techniques Carefully evaluate sources Optimization Process Not all threat intelligence should be treated equally: Consolidate data Remove false positives Add/normalize scores Prioritize data Juniper Threat Feed Maximize FW resources Fine-tune policy Rinse & Repeat Threats change often, so refresh sources regularly Ensures data delivered to customer premise is up-to-date and actionable 16

17 Solution Architecture Spotlight Secure 2 1 Command & Control GeoIP Attacker Fingerprints 1. Aggregated & optimized cloud-based threat intelligence 2. Juniper-provided threat intelligence to customer premise 3. Local/Customer data aggregated into solution 4. Centrally managed by Junos Space Security Director 5. Intelligence distributed to SRX enforcement points 4 5 Security Director 3 SRX Firewalls Customer-provided or 3rd Party Threat Data Local Attacker Details (e.g. WebApp Secure) 17

18 Improve Your Defenses Use real-time threat intelligence to detect and mitigate threats PROTECT INTEGRATE IDENTIFY CREATE From Bots: Juniper threat feeds detect and block malicious Command and Control IPs, Domains and URLs attempting to control botinfected systems inside your network. Third party or custom feeds Know and control hackers with Juniper WebApp Secure Policy based on GeoIP information 18

19 Juniper Delivers on the Network that Knows Open Consumes virtually any data feed Scalable Robust, scalable architecture supports thousands of firewalls High capacity Capacity for >1M data feed entries, including IP addresses, URLs, and domains Adaptable Policy engine supports fine grained controls for prioritization and categorization of threats 19

20 Benefits Effective Actionable and high-quality feeds maximize firewall resources Open Intelligence platform enables customer control and is futureproof Extensible Customer choice for applying most effective protection Operationally efficient Centralized intelligence aggregation and policy management 20

21 Summary Requirements Security Efficacy Operational Efficiency Support For The Business Juniper Delivers: Actionable intelligence when and where you need it Visibility and enforcement with tunable controls Centralized control of dynamic policy updates Open platform supports multiple sources of intelligence Open, scalable architecture Capacity and flexibility for specific threat needs 21

22