Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW Jürgen Seitz Systems Engineering Manager
Evolution of Network Security Next-Gen Firewall Application Visibility and Control User-based Controls Intrusion Prevention Services L7 Next-gen firewall L3 Traditional firewall Static Dynamic
Evolution of Network Security Integrating threat intelligence enables an adaptive intelligent firewall Open platform delivers more value Scalable to ensure full enterprise or service provider deployment L7 Next-gen firewall Adaptive intelligent firewall Built for expansive data capacity Improved efficacy through threat scores and tuning Adaptive: from the data source, to data normalization, to syndication at enforcement point L3 Traditional firewall Static Dynamic
Challenges with other Threat Intelligence Platforms Breadth Limited threat intelligence coverage Scale Cannot accept high volume of intelligence Accuracy False positives prevent administrator from enforcing policy based on feed data due to risk of blocking valid traffic Prioritization Noisy feeds bury most critical events
Juniper s Approach to Threat Intelligence for the firewall Dynamic protection against new threats and malware Adds continuous value to threat intelligence feeds Juniper threat feed has the following characteristics: Compilation of data feeds from Juniper s own malware research team and 3rd parties Data feed sets include IP addresses, domains and URLs Highly focused on Command and Control (C&C) traffic related to malware and botnets C&C data is refreshed hourly to ensure it is current and blocking the latest threats Threat severity rating for fewer false positives and increased effectiveness
Improve your defenses Use real-time threat intelligence to detect and mitigate threats Protect From Bots: Juniper threat feeds detect and block malicious Command and Control IPs, Domains and URLs attempting to control bot-infected systems inside your network Integrate Third party or custom feeds Identify Mitigate hackers with Juniper WebApp Secure Create Policy based on GeoIP information
Adaptive Intelligent Firewalling in Action Detect Malware, Disrupt the Kill Chain, Expose Suspicious Behavior Infection
Architecture Spotlight Secure Cloud Junos Space Security Director Spotlight Secure Connector Juniper Attacker Fingerprints Juniper Command & Control feed Juniper GeoIP feed Customer-provided threat data Juniper Web App Secure attacker data SRX Series Services Gateways
Use-case: Detection of infected hosts Spotlight Cloud IP/URL feed Spotlight Connector IP/URL feed Internet SRX Command & Control Blocking Infected devices tries to connect to a known Command & Control server on the Internet. SRX mitigates the traffic based on a realtime feed of known Command & Control IP s and URL s from the Spotlight cloud. The feed data is dynamically loaded and does not require any commit or configuration change.
Juniper Delivers on the Network that Knows Open Consumes virtually any data feed Scalable Robust, scalable architecture supports thousands of firewalls High capacity Capacity for >1M data feed entries, including IP addresses, URLs, and domains Adaptable Policy engine supports fine grained controls for prioritization and categorization of threats
Summary Requirements Juniper Adaptive Intelligent Firewall delivers: Operational efficiency Security efficacy Support for the business Centralized control of dynamic policy updates Visibility and enforcement with tunable controls Open platform supports multiple sources of intelligence Actionable intelligence when and where you need it Open, scalable architecture Capacity and flexibility for specific threat needs
Besuchen Sie unseren Stand (12.0-215) für eine Demo!