Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

Similar documents
Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager

NGFW is yesterdays news what is next in scope for the firewall in the threat intelligence age

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

RETHINK SECURITY FOR UNKNOWN ATTACKS

FIREWALL INTELLIGENCE. 1 Copyright 2014 Juniper Networks, Inc.

Why Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor

IT SECURITY SEMINAR "STALLION " Security, NGFW fallacy & going Beyond IP? Juniper Networks - Jaro Pietikäinen

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS. Junos WebApp Secure Junos Spotlight Secure

REVOLUTIONIZING ADVANCED THREAT PROTECTION

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

The Global Attacker Security Intelligence Service Explained

Secure Cloud-Ready Data Centers Juniper Networks

Modular Network Security. Tyler Carter, McAfee Network Security

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

McAfee Network Security Platform

Next Generation IPS and Reputation Services

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

SECURE THE DATACENTER. Dennis de Leest Sr. Systems Engineer

INTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI

Stop advanced targeted attacks, identify high risk users and control Insider Threats

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

APPLICATION PROGRAMMING INTERFACE

The Hillstone and Trend Micro Joint Solution

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Fighting Advanced Threats

Moving Towards An Adaptive, Intelligent Firewall

Palo Alto Networks. October 6

Integrating MSS, SEP and NGFW to catch targeted APTs

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Unified Security, ATP and more

CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY

High End Information Security Services

End-user Security Analytics Strengthens Protection with ArcSight

SourceFireNext-Generation IPS

Bridging the gap between COTS tool alerting and raw data analysis

FROM PRODUCT TO PLATFORM

Distributed Denial of Service (DDoS) attacks. Imminent danger for financial systems. Tata Communications Arbor Networks.

Cisco Security Intelligence Operations

QRadar SIEM and FireEye MPS Integration

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

Vulnerability Management

Junos WebApp Secure (formerly Mykonos)

DYNAMIC DNS: DATA EXFILTRATION

Security strategies to stay off the Børsen front page

WEBSENSE TRITON SOLUTIONS

Requirements When Considering a Next- Generation Firewall

Comprehensive real-time protection against Advanced Threats and data theft

IBM Security X-Force Threat Intelligence

ENABLING FAST RESPONSES THREAT MONITORING

Cenzic Product Guide. Cloud, Mobile and Web Application Security

Concierge SIEM Reporting Overview

Securing Your Business with DNS Servers That Protect Themselves

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

A New Era of Cybersecurity Neil Mohammed, Sales Engineer

An New Approach to Security. Chris Ellis McAfee Senior System Engineer

Threat Intelligence for Dummies. Karen Scarfone Scarfone Cybersecurity

On-Premises DDoS Mitigation for the Enterprise

Cisco & Big Data Security

Hillstone Intelligent Next Generation Firewall

How To Integrate Intelligence Based Security Into Your Organisation

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Reduce Your Network's Attack Surface

Protection Against Advanced Persistent Threats

Data Center security trends

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Top 10 Reasons Enterprises are Moving Security to the Cloud

IBM Advanced Threat Protection Solution

RSA Security Analytics

Securing Cloud-Based

SPEAR PHISHING AN ENTRY POINT FOR APTS

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Veranderende bedreigingen Security in het virtuele datacenter

Agenda , Palo Alto Networks. Confidential and Proprietary.

Content Security: Protect Your Network with Five Must-Haves

FortiGuard Security Services

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Ty Miller. Director, Threat Intelligence Pty Ltd

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Next-Generation Firewalls: Critical to SMB Network Security

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

Introducing IBM s Advanced Threat Protection Platform

Transcription:

Network that Know Rasmus Andersen Lead Security Sales Specialist North & RESE

Email Gateway vendor CERT AV vendor Law enforcement Web Security Vendor Network security appliance vendor IT Department App Vendor HR Department Risk Management DDOS Security Vendor Service Provider SIEM vendor Cloud Provider APT / AET protecfon vendor Infrastructure vendor VerFcal knowledge sharing End point Security vendor Forensic vendor

5 of Gartner top 10 for information security in 2014 1. SoNware- defined Security 2. Big Data Security AnalyFcs at the Heart of Next- generafon Security PlaTorms 3. Machine- readable Threat Intelligence, Including ReputaFon Services 4. Pervasive Sandboxing (Content DetonaFon) and IOC ConfirmaFon 5. Security Gateways, Brokers and Firewalls to Deal with the Internet of Things

Cyber Security kill chain Pre infection Reconnaissance WeaponizaFon Delivery Exploit InstallaFon Command & Control AcFons 7

The WebApp Secure advantage Deception Based Security Detect Track Profile Respond Tar Traps detect threats without false positives. Track IPs, browsers, software and scripts. Understand attacker s capabilities and intents. Adaptive responses, including block, warn and deceive.

Attackers on JUNIPER.NET

Cyber Security kill chain Post infection Reconnaissance WeaponizaFon Delivery Exploit InstallaFon Command & Control AcFons 10

Security Analytics SIEM Collects all flow and data in one place Compliance repor2ng Visibility Anomaly Detec2on 11

TRADITIONAL SECURITY IS NOT ENOUGH AEackers will not be stopped by current NGFW services!!

Evolution of Network Security Next-Gen Firewall L7 Next-gen firewall User-based Controls L3 Traditional firewall Application Visibility and Control Intrusion Prevention Services Static Dynamic 13

Evolution of Network Security Integrating threat intelligence enables an adaptive intelligent firewall L7 Next-gen firewall Adaptive intelligent firewall Open platform delivers more value Scalable to ensure full enterprise or service provider deployment Built for expansive data capacity L3 Static Traditional firewall Dynamic Improved efficacy through threat scores and tuning Adaptive: from the data source, to data normalization, to syndication at enforcement point 14

Juniper s Threat Intelligence for the firewall Dynamic protection against new threats Adds continuous value to threat intelligence feeds Juniper threat feed has the following characteristics: Compilation of data feeds from Juniper s own malware research team and leading 3rd parties Data feed sets include IP addresses, domains and URLs Highly focused on Command and Control (C&C) traffic related to malware and botnets C&C data is refreshed hourly to ensure it is current and blocking the latest threats Threat severity rating for fewer false positives and increased effectiveness 15

Effectiveness via Juniper Optimized Threat Feed Creation & Structure 192.168.3.101 5 192.168.4.25 3 www.bad.com/xyz 1 Source Data Optimi ze Generat e Feed Sourcing Threat Data Focused threat intelligence Variety of data sources and techniques Carefully evaluate sources Optimization Process Not all threat intelligence should be treated equally: Consolidate data Remove false positives Add/normalize scores Prioritize data Juniper Threat Feed Maximize FW resources Fine-tune policy Rinse & Repeat Threats change often, so refresh sources regularly Ensures data delivered to customer premise is up-to-date and actionable 16

Solution Architecture Spotlight Secure 2 1 Command & Control GeoIP Attacker Fingerprints 1. Aggregated & optimized cloud-based threat intelligence 2. Juniper-provided threat intelligence to customer premise 3. Local/Customer data aggregated into solution 4. Centrally managed by Junos Space Security Director 5. Intelligence distributed to SRX enforcement points 4 5 Security Director 3 SRX Firewalls Customer-provided or 3rd Party Threat Data Local Attacker Details (e.g. WebApp Secure) 17

Improve Your Defenses Use real-time threat intelligence to detect and mitigate threats PROTECT INTEGRATE IDENTIFY CREATE From Bots: Juniper threat feeds detect and block malicious Command and Control IPs, Domains and URLs attempting to control botinfected systems inside your network. Third party or custom feeds Know and control hackers with Juniper WebApp Secure Policy based on GeoIP information 18

Juniper Delivers on the Network that Knows Open Consumes virtually any data feed Scalable Robust, scalable architecture supports thousands of firewalls High capacity Capacity for >1M data feed entries, including IP addresses, URLs, and domains Adaptable Policy engine supports fine grained controls for prioritization and categorization of threats 19

Benefits Effective Actionable and high-quality feeds maximize firewall resources Open Intelligence platform enables customer control and is futureproof Extensible Customer choice for applying most effective protection Operationally efficient Centralized intelligence aggregation and policy management 20

Summary Requirements Security Efficacy Operational Efficiency Support For The Business Juniper Delivers: Actionable intelligence when and where you need it Visibility and enforcement with tunable controls Centralized control of dynamic policy updates Open platform supports multiple sources of intelligence Open, scalable architecture Capacity and flexibility for specific threat needs 21