IT SECURITY SEMINAR "STALLION 141113" Security, NGFW fallacy & going Beyond IP? Juniper Networks - Jaro Pietikäinen

Similar documents
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS. Junos WebApp Secure Junos Spotlight Secure

RETHINK SECURITY FOR UNKNOWN ATTACKS

INTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI

SECURE THE DATACENTER. Dennis de Leest Sr. Systems Engineer

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

JUNOS DDoS SECURE. Advanced DDoS Mitigation Technology

The Global Attacker Security Intelligence Service Explained

FIREWALL INTELLIGENCE. 1 Copyright 2014 Juniper Networks, Inc.

EVOLVED DATA CENTER ARCHITECTURE

Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager

Why Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc.

Secure Cloud-Ready Data Centers Juniper Networks

DECODING SOFTWARE DEFINED NETWORKING (SDN) Nico Siebelink Technical Director Northern Europe

Junos WebApp Secure (formerly Mykonos)

AGENDA. 資 訊 網 路 發 展 趨 勢 Juniper Cloud Solution Cloud Security 解 決 方 案 共 同 供 應 契 約 採 購 建 議 為 何 選 擇 Juniper

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Netzwerkvirtualisierung? Aber mit Sicherheit!

F5 Intelligent DNS Scale. Philippe Bogaerts Senior Field Systems Engineer mailto: Mob.:

Secure networks are crucial for IT systems and their

How Network Virtualization can improve your Data Center Security

SSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

PART D NETWORK SERVICES

White Paper. Copyright 2012, Juniper Networks, Inc. 1

NGFW is yesterdays news what is next in scope for the firewall in the threat intelligence age

Stephen Coty Director, Threat Research

Enterprise Buyer Guide

Cyberoam Security-as-a-Service on Amazon Web Services Cloud.

Threat-Centric Security for Service Providers

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

Streamlining Web and Security

Pravail 2.0 Technical Overview. Exclusive Networks

Inspection of Encrypted HTTPS Traffic

Network Security Solution. Arktos Lam

Juniper Solutions for Turnkey, Managed Cloud Services

NSFOCUS Web Application Firewall White Paper

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Next Generation Enterprise Network Security Platform

Cisco Remote Management Services for Security

PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY

Active Visibility for Multi-Tiered Security. Juergen Kirchmann Director Enterprise Sales EMEA

The Hillstone and Trend Micro Joint Solution

Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Beyond passwords: Protect the mobile enterprise with smarter security solutions

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

VMware vcloud Networking and Security Overview

Dell SonicWALL Portfolio

Security Advisory. Some IPS systems can be easily fingerprinted using simple techniques.

How Lastline Has Better Breach Detection Capabilities. By David Strom December 2014

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

EasyConnect. Any application - Any device - Anywhere. Faster, Simpler & Safer Networks

Huawei One Net Campus Network Solution

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

Security Solutions for the New Threads

PRODUCT CATEGORY BROCHURE

The Attacker s Target: The Small Business

The Web AppSec How-to: The Defenders Toolbox

Sample Global Network Security Market. 1 technavio insights

Veranderende bedreigingen Security in het virtuele datacenter

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

Security Testing Summary of Next-Generation Enterprise VoIP Solution: Unify Inc. OpenScape SBC V8

Putting Web Threat Protection and Content Filtering in the Cloud

Firewall and UTM Solutions Guide

CS5008: Internet Computing

DNS Server Security Survey

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

Internet Content Provider Safeguards Customer Networks and Services

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

NSFOCUS Web Vulnerability Scanning System

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

Vladimir Yordanov Director of Technology F5 Networks, Asia Pacific Developments in Web Application and Cloud Security

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

MOBILITY BEYOND BYOD. Jonas Gyllenhammar. Consulting Engineer Junos Pulse solutions

Transcription:

IT SECURITY SEMINAR "STALLION 141113" Security, NGFW fallacy & going Beyond IP? Juniper Networks - Jaro Pietikäinen

JUNIPER TODAY 2012 Revenue: $4.4 Billion Global Presence: Offices In 47 Countries +9000 Employees #4 In Ethernet Switching #3 In Edge Routing #2 In Core Routing, SP Routing, Network Security #1 In High-end Firewall Doing Business With 100% Of Fortune 100 Powering 6 Of The World s 7 Largest Stock Exchanges Mission: Build the BEST Copyright 2013 Juniper Networks, Inc. www.juniper.net 2 Content Guides: T: 2.5 B: 2.95 L&R: 4.5

COMMITTED TO INNOVATION AND INVESTMENT Security is core to our business at Juniper $1B global revenue Market Leader Global Powerhouse # 1 # 1 # 3 Remote Access SSL VPN High-End Firewalls Network Security Serving customers in 47 countries, with a worldwide community of over 1000 Reseller Partners Dedicated Innovator Juniper R&D is 23% of revenues a figure no one else in the industry comes close to on a percentage basis New in 2012: WebApp Secure - A differentiated approach to security with our Intrusion Deception capabilities New in 2013: Juniper DDoS Secure to prevent volumetric and low and slow DDoS attacks Infonetics Research 2012 Copyright 2013 Juniper Networks, Inc. 3 www.juniper.net

1 Introduction Securing Web Applications in the Datacenter Juniper Proprietary & Confidential Distribution or Reproduction Prohibited

2 NGFW Use Cases Securing Web Applications in the Datacenter Juniper Proprietary & Confidential Distribution or Reproduction Prohibited

3 Protecting Campus/Branch Securing Web Applications in the Datacenter Juniper Proprietary & Confidential Distribution or Reproduction Prohibited

4 Egress vs. Ingress Securing Web Applications in the Datacenter Juniper Proprietary & Confidential Distribution or Reproduction Prohibited

5 DDoS & AppDoS Securing Web Applications in the Datacenter Juniper Proprietary & Confidential Distribution or Reproduction Prohibited

6 Web App Security Securing Web Applications in the Datacenter Juniper Proprietary & Confidential Distribution or Reproduction Prohibited

7 Certainty Securing Web Applications in the Datacenter Juniper Proprietary & Confidential Distribution or Reproduction Prohibited

8 Specificity Securing Web Applications in the Datacenter Juniper Proprietary & Confidential Distribution or Reproduction Prohibited

9 Spotlight & Next Steps Securing Web Applications in the Datacenter Juniper Proprietary & Confidential Distribution or Reproduction Prohibited

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS Junos WebApp Secure Junos Spotlight Secure

THE JUNOS WEBAPP SECURE ADVANTAGE DECEPTION-BASED SECURITY Detect Track Profile Respond Tar Traps detect threats without false positives. Track IPs, browsers, software and scripts. Understand attacker s capabilities and intents. Adaptive responses, including block, warn and deceive. Copyright 2013 Juniper Networks, Inc. www.juniper.net 16

DETECTION BY DECEPTION Tar Traps Query String Parameters Network Perimeter Hidden Input Fields Client Firewall App Server Database Server Configura-on Copyright 2013 Juniper Networks, Inc. www.juniper.net 17

FINGERPRINT OF AN ATTACKER Timezone Browser version Fonts Browser add-ons 200+ attributes used to create the fingerprint. ~ Real Time availability of fingerprints IP Address False Positives nearly zero Copyright 2013 Juniper Networks, Inc. www.juniper.net 18

SMART PROFILE OF ATTACKER Attacker local name (on machine) Attacker global name (in Spotlight) Attacker threat level Incident history Copyright 2013 Juniper Networks, Inc. www.juniper.net 19

JUNOS SPOTLIGHT SECURE Junos Spotlight Secure Global Attacker Intelligence Service Attacker from San Francisco Junos WebApp Secure protected site in UK Attacker fingerprint uploaded Attacker fingerprint available for all sites protected by Junos WebApp Secure Detect Anywhere, Stop Everywhere Copyright 2013 Juniper Networks, Inc. www.juniper.net 20

RESPOND AND DECEIVE Junos WebApp Secure Responses Human Hacker Botnet Targeted Scan IP Scan Scripts &Tools Exploits Warn attacker l Block user l l l l l Force CAPTCHA l l l l l Slow connection l l l l l Simulate broken application l l l l l Force log-out l l l All responses are available for any type of threat. Highlighted responses are most appropriate for each type of threat. Copyright 2013 Juniper Networks, Inc. www.juniper.net 21

UNIFIED PROTECTION ACROSS PLATFORMS Internal Virtualized Cloud Copyright 2013 Juniper Networks, Inc. www.juniper.net 22

INTRODUCTION TO JUNOS DDOS SECURE Advanced DDoS Mitigation Technology

DDOS SECURE Prevents volumetric and low and slow DDoS attacks Normal Internet Traffic DDoS Attack Traffic Normal Internet Traffic Resources Normal Internet Traffic Junos DDoS Secure Heuristic Analysis DDoS Attack Traffic Management PC Comprehensive DDoS prevention Identifies and deters DDoS attacks, including those targeting specific apps Ensures availability for legitimate users while blocking malicious traffic, even under the most extreme attack conditions What s unique? 80% effective 10 minutes after installation 99.999% effective after 6-12 hours Dynamic Heuristic Technology Delivered in 1Gb to 40Gb HA appliances Multi tenanted and fully IPv6 compliant Copyright 2013 Juniper Networks, Inc. www.juniper.net 24

JUNOS DDoS SECURE VARIANTS Variants 1U 100M/1G/3G/10G 10U 40G Standalone Fail-safe Card Fiber (1G SX/LX 10G SR/LR) Copper (10M/100M/1G) Active Standby Active Active (Asymmetric Routing) VMware Instance Copyright 2013 Juniper Networks, Inc. www.juniper.net 26

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information