Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

Transcription

1 Juniper Networks Next Generation Security for a Cybercrime World Lior Cohen Principal Solutions Architect Scott Lucas Director of Product Marketing, Branch Solutions Service Layer Technologies Business Group **Slide 01** Scott Lucas: Hello, and welcome to this edition of the Distributed Enterprise Webcast series. In this segment, we ll discuss Next Generation Security for a Cybercrime World. **Slide 02** Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit. Lior Cohen: And I m Lior Cohen, Principal Solutions Architect for Juniper. Scott Lucas: This is hopefully going to be a very interesting talk for people who are concerned about the issues associated with security at their remote and branch offices. And we were pleased to announce very recently at Juniper the availability of a set of powerful new products that are going to help provide the resources and the tools that you re going to need to really respond effectively to these challenges. Our new SRX Series Services Gateways for the Branch incorporate very important, new content security capabilities that are a direct response to some of the problems we re seeing today. **Slide 03** Scott Lucas: We have a new survey from Verizon Security that came out very recently in 2009 that provided some fairly compelling insights into exactly what s happening today from a cybercrime perspective. More electronic records were breached in 2009 than in the previous four years combined. 285 million compromised records in 2009 were the result of 90 confirmed breaches. And the financial sector accounted for 93% of all those records compromised last year, and a staggering 90% of those records involved groups identified by law enforcement as organized criminals. Verizon Business also found in this particular report that highly sophisticated attacks really only accounted for less than 20% of the breaches, but those relatively few cases accounted for 95% of the total records breached. And this is just a substantiation that there s a significant level of financial motivation for these groups to penetrate these networks, and they re deploying some pretty sophisticated capabilities to do that. So, Lior, when we think about that threat, when we think about the sophistication that we re confronted with from a cybercrime perspective, what kinds of strategies do you recommend we pursue to help protect against those in the distributed enterprise?

2 Lior Cohen: Before going through the protections themselves, it s really important for us to understand exactly how the attacks take place. These attacks are really of a new and kind of a much more modern and mature way of taking over remote resources. Scott Lucas: Kind of like those cybercrime breaches that we heard about that were very sophisticated, I think, what I m hearing you say. Lior Cohen: Exactly, so these cybercrime attacks are really multiphased attacks, they really do not just take place at once. These hackers do collect information about the sites, try to plant some kind of ideas and motivators for the internal users to really go after that bait and that attack. They disguise into regular traffic and not really show as unique and malicious traffic, and really seem to make valid connections into the applications. Scott Lucas: So what s the, kind of, process? I mean, what do we see in terms of the strategies these cyber criminals have used to extract information and penetrate the network? **Slide 04** Lior Cohen: The most typical process we d see is some form of social engineering to start with in which you may either blast some SPAM and try to attract some people to bite on that bait and go into a website. Scott Lucas: Something that might look like my bank statement or something like that. Lior Cohen: Like your bank statement, but potentially instead of Chase, Chase with a Z or something very minimal that s changed in that . So for that it s really important that we deploy the right level of anti-spam technology to really know how to filter these s before they enter... Scott Lucas: To keep those s away from the users in the first place. Lior Cohen: Exactly. The second piece is really after some of these s have gotten through, the users try to connect through to these sites that are being advertised. We want to make sure that we have the right web filtering technologies in place. Scott Lucas: So basically eliminate their ability to visit the site that might have some of the compromises on it. Lior Cohen: Exactly, because then after they do visit these sites, what they would typically do is see some form of a forged website for your Chaze bank account or such, and download a malicious piece of software for which, in that phase, we also need some protection at the gateway such as anti-virus, anti-malware protection to, in real time, identify whether this Flash executable or any other type of small applet that s being downloaded is malicious or not.

3 Scott Lucas: So you re saying basically once that user makes a bad decision to click on one of those bad sites, we need to be able to spot the fact that a virus is basically coming through the firewall. Lior Cohen: Yeah, so it s important to know that we also need to prevent his request to go out by a web filtering technology, as well as prevent the malicious software to be downloaded from that website with some kind of an anti-virus technology as well. In moving forward, it s not only that, because if these malware agents install themselves on the client machine, what they would start doing is sending out all kinds of sensitive information, and looking through your hard drive and sending out all that information, or just key logging and sending out that information for which we would want a sophisticated data leak prevention technology capability at that location as well. Scott Lucas: So data loss prevention, intrusion prevention services to spot those attacks as they occur. Lior Cohen: Exactly Scott Lucas: Now those are some of the things that the new SRX Series Services Gateways for the Branch have integrated into the JUNOS operating system, and those are strategies that we provide for companies that have adopted these kind of split tunneling approaches, or have established direct connections into the public internet. So, Lior, we ve got the bases covered I think when it comes to what we can provide onsite. What about the overall enterprise? What do you need to do from an overall enterprise perspective to gain the level of protection we need against these kinds of cybercrime attacks? **Slide 05** Lior Cohen: Generally speaking, your security is just as strong as your weakest link, and if there s anywhere in your enterprise where you don t really deploy these advances in security technologies that is the place it is going to be compromised and that is the easiest entry point into your enterprise. So, effectively, what you need is a consistent security deployment across the enterprise network, whether it s small branch locations, whether it s large headquarter offices, or it s data centers. They all need to have a unified security protection mechanism deployed. Scott Lucas: And, in many cases, since the connection from the branch office to the corporate headquarters is a trusted connection, penetration by a cyber criminal at any location is a penetration of the overall corporate network. Lior Cohen: Exactly, and that s exactly the reason why you do need to deploy consistent technology across the different locations and be able to centrally manage it all, deploy the same level of policies, the same granularity of controls, the same UTM feature sets, and really make sure that none of these locations turns into an easy entry point for these attackers. Scott Lucas: So two great tools here: content security located at the branch and consistency that we can deliver at all sites across the enterprise. And that really does highlight some of the

4 strengths of Juniper s overall security portfolio our ability to provide a very consistent security approach at very high scale with our SRX 3000 and 5000 Series Services Gateways, all the way down to the very smallest members of our family, the SRX 100 Services Gateways that are designed to provide that same level of protection even at very small sites. So, Lior, what does the future hold for us? What do we see in terms of evolution of these types of security capabilities and where is this going to go? **Slide 06** Lior Cohen: So as much as it really is important to have that consistent security across the product line, consistent security across your different locations, it s also important to make sure that we do address the different threats that are going to be coming in the future. The first part is really being able to differentiate the traffic and differentiate the different application access mechanisms. Today, pretty much everything will ride over port 80, whether it s HTTP or not. We do need to know whether the user or that client machine is trying to connect to a Google app, to a Microsoft app farm, to a software as a service vendor that we have of ours, to our internal websites, and we do need to know what kind of enforcement and entitlement policy to allow or extend at that point in time. Scott Lucas: So we re talking about adding application awareness and being able to incorporate identity awareness as well into the overall solution. How far out do you think some of these technologies are in terms of being practical for enterprises? Lior Cohen: A lot of them are right here and are available right now to deploy. You can effectively deploy a deep inspection application aware policy that ties in identity to that. Those features will be available on the SRX series and being able to interact with the Unified Access Control solution from Juniper, you can enforce which user has access to which application in that level of granularity. Scott Lucas: Great, so that is a, I think, a great overview. If you think about the three things we just heard here about how to help solve these problems, again, it s really robust, high performance security, content security at the branch, consistent protection of all sites across the enterprise, and then as needs evolve, the ability to add application and user awareness as elements of policy. So, Lior, any other technology enablers that we should really highlight for the audience here so that they can understand the full portfolio of capabilities that Juniper can provide? **Slide 07** Lior Cohen: First of all, it s really important to notice that the different intrusion prevention and deep inspection capabilities that are available on the Juniper point products are now available on all products that are based on the JUNOS operating system, and that is a huge enabler in the sense that wherever you deploy your JUNOS devices, you re able to have that application level visibility and application granularity to control access, again, at the application and user identity level. On top of that, you would want the deep content inspection capabilities the anti-virus, the anti-spam, data leak prevention, etc. to be available and, again, that coming

5 on top of the JUNOS operating system and deploying a consistent security throughout the organization is key. Scott Lucas: You know, Lior, one of the things that I also should mention is with this new SRX Series Services Gateway for the Branch, we ve incorporated purpose-built hardware acceleration for some of the really critical content security capabilities. And, here, I m talking about what we call express AV which delivers a flow-based inline anti-virus capability that has a very limited impact on performance of the solution. And, again, also hardware acceleration for intrusion prevention services to really give you a solution that gives content security without too many performance compromises. And so I think the leadership that Juniper can show in these areas is very clear right now. Lior Cohen: Yeah, and important to mention these points in the context really of the fact that we do not want to compromise on the user experience when deploying these advanced security features and functionality. So the way I like to look at these technology enablers is really in a layered approach, right? At the basic and most fundamental layer is really that network operating system, the firewall VPN capabilities that really add on top of it the deep intrusion, detection and prevention capabilities. Scott Lucas: So kind of traditional perimeter security approaches is what you re saying the things that we ve relied on for years and years to provide basic standard protection around the overall enterprise. Lior Cohen: Exactly. Adding to that some of the intrusion prevention specifics is the key point in the foundation for all the security operating systems that we re talking about here. Scott Lucas: So then we re talking content security after that. You add anti-virus, you add UTM types of capabilities, and one of the things that we ve introduced recently is the ability to provide hardware acceleration for some of that content security, to provide inline anti-virus and inline IPS services that are accelerated by some purpose-built hardware. So I think that s a pretty exciting thing. What s next after that? Lior Cohen: And after that, you definitely want to tie these things together. So as we talked a little bit before, we have this deep application awareness capability, we have this deep content security ability, and then we also have this user identity entitlement, and we want to give certain users the right level of access into the network. So what we really want to do is tie the content security together with this identity, and whenever some kind of risk is introduced to the network by that user, we want to make sure that the role-based mechanism that the user was logged into the network with, auto-adjusts itself and provisions a new policy to the user such that that risk does not find its way all the way through the network. Scott Lucas: So here we re talking about coordinating the information we can see across the overall enterprise it sounds like. Lior Cohen: Yeah, exactly, so coordinating the information that the different products have together, and that really leads us into the next part, which is the last one, is really the overall

6 visibility. Having a security deployment throughout the enterprise without being able to know how the different communications between the different areas of the network really relate to each other won t really be that useful. So being able to tie all the information from all the different security enforcement points into one central view is another key capability that the security admin would really want to see. Scott Lucas: Yeah, I mean, after all, if you can t see it you can t really respond to it. So that s an essential component of the solution, too. Lior Cohen: Yeah. **Slide 08** Lior Cohen: What we have covered so far in this presentation is really the cybercrime protection capabilities with a comprehensive technology for each one of the phases of the cybercrime attack, the campus grade protection to really make sure you don t leave that weakest link of your enterprise exposed... Scott Lucas: And consistency there, right? Lior Cohen: Yeah, and the consistency between the applications. And then the application fluent protection which ties in identity with the application entitlement control. Scott Lucas: Yeah, thanks, Lior. And as a result of that at a business level, we re now able to deliver a confident use of ebusiness tools. So as we see these applications becoming more centralized, we can confidently deliver those in a private way, in a high performance way, so that we can enjoy the benefits of that kind of larger IT trend. We also aim to allow our employees to focus on their work, not on recovering from attacks. So to the degree we can prevent attacks and infections, that really does help employees avoid wasted time here. And then finally the flexibility to deploy any security at any site is an essential part of what we can deliver to the business once we address some of these cybercrime-oriented issues. **Slide 09** Scott Lucas: So for more resources, we have a variety of different pages you can go visit. We d ask you to go ahead and explore some of the things you ve heard about today at juniper.net/products if you re interested in some of those specific products that implement these solutions; juniper.net/solutions for a more architectural view of the overall opportunity we have; and we have a user community that you might find very interesting from the perspective of hearing more about security and some of the issues there at forums.juniper.net. My name is Scott Lucas. Lior Cohen: My name is Lior Cohen. Scott Lucas: And thanks for joining us today.