Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM) Customer Presentation.

Similar presentations


Presentation on theme: "Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM) Customer Presentation."— Presentation transcript:

1 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM) Customer Presentation

2 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 2 Customer Challenges  IT “information” overload Flood of logged events from many “point” network and security devices Lack of expertise to manage disparate data silos & tools  Compliance mandates Industry specific regulations mandating security best practices Internal IT “risk” assessment programs  Evolving internal and external threats Insider abuse, theft of intellectual property Complex integrated attacks Dispersed Threats Industry Regulations IT Overload

3 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 3 Security Information & Event Management Introducing Junipers SIEM/NBAD Solution STRM – “Security Threat Response Manager”  STRM Key application features Log Management Provides long term collection, archival, search and reporting of event logs, flow logs and application data Security Information and Event Management (SIEM) Centralizes heterogeneous event monitoring, correlation and management Network Behavior Anomaly Detection (NBAD) Discovers aberrant network activities using network and application flow data Integrates Mission Critical Network & Security Data Silos Network Behavior Analysis Log Management STRM

4 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 4 STRM’s Key Value Proposition Threat Detection: Detect New Threats That Others Miss Log Management: Right Threats at the Right Time Compliance: Compliance and Policy Safety Net Complements Juniper’s Enterprise Mgmt Portfolio Juniper’s STRM Appliance Enterprise Value

5 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 5 STRM Architecture  STRM – Real time network & security visibility  Data collection provides network, security, application, and identity awareness  Embedded intelligence & analytics simplifies security operations  Prioritized “offenses” separates the wheat from the chafe  Solution enables effective Threat, Compliance & Log Management

6 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 6 Log Management Is fundamental to any centralized network security management solution Challenges include STRM enables  Log overload for administrators Highly scalable log aggregation; Consistent logging taxonomy  Multi-vendor network; Constant change of formats Broad vendor coverage and extensible APIs for less common formats  Demanding operational requirements Advanced log management capabilities including tamper proof log archives Log Management

7 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 7 Unrivalled Data & log Management  Networking events Switches & routers, including flow data  Security logs Firewalls, IDS, IPS, VPNs, Vulnerability Scanners, Gateway AV, Desktop AV, & UTM devices  Operating Systems/Host logs Microsoft, Unix and Linux  Applications Database, mail & web  User and asset Authentication data  Support for leading vendors including: Networking: Juniper,Cisco, Extreme, Nokia, F5, 3Com, TopLayer and others Security: Juniper, Bluecoat, Checkpoint, Fortinet, ISS, McAfee,Snort, SonicWall, Sourcefire, Secure Computing, Symantec, and others Network flow: NetFlow, JFlow, Packeteer FDR, & SFlow Operating systems: Microsoft, AIX, HP-UX, Linux (RedHat, SuSe), SunOS, and others Applications: Oracle, MS SQL, MS IIS, MS AD, MS Exchange, and others  Security map utilities: Maxmine (provides geographies) Shadownet Botnet  Customization logs through generic Device Support Module (DSM) Adaptive Logging Exporter (ALE) Integrate proprietary applications and legacy systems Compliance Templates Forensics Search Policy Reporting Log Management

8 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 8 STRM Log Management Tamper Proof Log Archives  Event and flow logs are protected by storing associated check sum for each log file written to disk  Required by specific regulations (i.e. PCI)  Highest level of integrity provided by Secure Hashing Algorithm (SHA) from National Institute of Standards & Technology (NIST)  Hashing algorithms supported include: MD2: Message Digest algorithm ad defined by RFC1319 MD5: Message Digest algorithm ad defined by RFC1321 SHA-1: Secure Hash Algorithm as defined by NIST FIPS 180-1 SHA-2: Which includes SHA-256, 384 and 512 defined by NIST FIPS 180-2. Log Management

9 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 9 Reporting  220+ Out of the box report templates  Fully customizable reporting engine: creating, branding and scheduling delivery of reports  Compliance reporting packages for PCI, SOX, FISMA, GLBA, and HIPAA  Reports based on control frameworks: NIST, ISO and CoBIT Log Management

10 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 10 Security Event correlation & threat Management Is necessary to effectively make sense of all of the collected data Challenges include STRM provides  Vendor log formats are a moving target QID map provides intelligent mapping of vendor events Simplified out-of-the-box building blocks & rules simplify rule management  Constant change on the network Extensive use of historical profiling for improved accuracy of results  Correlation rules complex to manage Threat Management

11 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 11 STRM Offense Management  Tracks significant security incidents & threats  Leverages building blocks & rules  Builds history of supporting & relevant information for significant security incidents Provides “point-in-time” reference of offending users and vulnerability state Provides record of first and last occurrence of security incidents  Incorporates network behavior analysis to validate/discredit incidents & detect unknown traffic patterns  Provides prioritization based on: credibility, relevance & severity Threat Management

12 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 12 The Value of JFLOW  Passive flow monitoring creates asset profiles and helps auto-discover/classify hosts Passive vulnerability information for correlation  Detection of day-zero attacks that have no signature  Policy monitoring and rogue server detection  Visibility into all communication made by an attacker, regardless of whether it caused an event  Network awareness, visibility and problem solving (not necessarily security related) Mail loops, misconfigured apps, application performance issues Threat Management

13 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 13 The Key to Data Management: Reduction and Prioritization Previous 24hr period of network and security activity (2.7M logs) STRM correlation of data sources creates offenses (129) STRM Offenses are a complete history of a threat or violation with full context about accompanying network, asset and user identity information Offenses are further prioritized by business impact Threat Management

14 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 14 Offense Management Intelligent Workflow for Operators Who Is attacking ? What is being attacked ? What is the impact ? Where do I investigate ? Threat Management

15 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 15 STRM System features  Centralized browser based UI  Role based access to information  Customizable dashboards  Real-time & historical visibility  Advanced data mining & drill down  Easy to use rule engine  Hierarchical distribution for scale

16 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 16 STRM Key Benefits  Converged network security management console Integrates typically silo’d network & security data  Network, security, application, & identity awareness Unrivaled data management greatly improves ability to meet IT security control objectives  Advanced analytics & threat detection Detects threats that other solutions miss  Compliance-driven capabilities Enables IT best practices that support compliance initiatives  Scalable distributed log collection and archival Network security management scales to any sized organization

17 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 17 Summary STRM delivers repeatable security and compliance management: Integrated network, security, identity and application aware network security management platform Gain efficiency through use of a single pain of glass across entire infrastructure Advanced correlation to deliver actionable “offenses” Gain unparalleled ability to reduce noise and recognize the most important security incidents Efficient and secure log management Meet logging and auditing requirements for all internal/external IT security mandates Flexible deployment options - Turnkey log management to full Network Security Management Log Management Log Management Threat Management Threat Management Compliance Management Compliance Management

18 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 18 STRM Products STRM500 STRM2500 STRM5000 250EPS 15k F 500EPS 15kF 1000EPS 50 & 100k F 2500EPS 50 & 100k F 5000EPS 100 & 200k F STRM - EP 5000 + EPS 100 & 200k F STRM - EP Small Enterprise Small Medium Enterprise Large enterprises &Service Providers Events per sec Flows per Min

19 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 19 Hardware Summary Market SegmentsSTRM ModelsCPUMemoryStorage Small STRM500-A-BSE STRM500-ADD-250EPS-15KF STRM500-UPG-500EPS-15KF Intel Core 2 Dual8GB 2x 500GB HDD RAID 1 Medium STRM2500-ADD-BSE STRM2500-ADD-1KEPS-50KF STRM2500-UPG-2500EPS-50KF STRM2500-UP-2500EPS-100KF Intel Core 2 Quad8GB 6x 250GB HDD RAID 5 array Large STRM5K-A-BSE STRM5K-ADD-5KEPS STRM5K-ADD-CON STRM5K-ADD-EP-5KEPS STRM5K-ADD-FP-200KF Intel Core 2 Quad8GB 6x 500GB HDD RAID 10 array

20 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 20 STRM Pricing SKUDescriptionList Price STRM500-A-BSEBase HW Appliance$3,000 STRM500-ADD-250EPS-15KFAdd 250EPS and 15K Flows$12,000 STRM500-UPG-500EPS-15KFUpgrade to 500 EPS with 15K Flows$7,000 STRM2500-A-BSEBase HW Appliance$7,000 STRM2500-ADD-1KEPS-50KFAdd 1000 EPS and 50K Flows$30,000 STRM2500-UPG-2500EPS-50KFUpgrade to 2500 EPS with 50K Flows$30,000 STRM2500-UPG-2500EPS-100KFUpgrade to 100K Flows$20,000 STRM5K-A-BSEBase HW Appliance$11,000 STRM5K-ADD-5KEPS-100KFAdd 5000 EPS and 100K Flows$109,000 STRM5K-UPG-5KEPS-200KFUpgrade to 200K Flows$42,000 STRM5K-ADD-EP-5KEPSAdd Event Processor for 5000 Events Per Sec (Distribution)$90,000 STRM5K-UPG-EP-10KEPSUpgrade Event Processor to 10,000 EPS$90,000 STRM5K-ADD-FP-200KFAdd Flow Processor for 200K Flows (Distribution)$90,000 STRM5K-UPG-FP-400KFUpgrade Flow Processor to 400K Flows$90,000 STRM5K-UPG-FP-600KFUpgrade Flow Processor to 600K Flows$90,000 STRM5K-ADD-CONConsole for Distributed Architecture$35,000

21 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 21 STRMCisco MARSArcsightRSA Envision Mazu/Lancope /Arbor Log Management Strong Weak  Disjoint solutions for log and threat management  Limited Flow support  No NBAD StrongNo Threat Management Strong Cisco-focused  Weak  Limited flow support  No NBAD  No event data  Flow data only Compliance Management Strong WeakStrong Weak Competitive Summary

22 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 22 Competitive Pricing Analysis EPSSTRM Cisco MARS Q1 LabsEIQEnvisionLogLogicArcSight 500 $22,000$15,000$39,900$43,795 $27,599$22,000$67,827 1000 $37,000$30,000$39,900$70,695$40,857 $22,000 $85,177 2500 $67,000 $85,700$115,395 $78,219$50,000$119,177 5000 $120,000$101,000$138,700$276,495$117,992$150,000 $259,267 10000 $215,000$176,000$268,600$544,995$280,455$225,000 $506,847

23 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 23 STRM Release Schedule Q108 STRM 500 STRM 2500 Full Soln Q1 ‘08 Q2 ‘08 Q3 ‘08 Q4 ‘08 Q208 STRM5000 STRM Log Management and Reporting only option Add additional device support EX, M, MX STRM 2008.1 STRM 2008.2 Q308 Reporting Enhancements Time Based Reporting HA STRM 2008.3 Planning Phase Q408 Integration with NSM Australia, Viking support Risk Assessment STRM 2008.4 Planning Phase

24 Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 24 Thank You


Download ppt "Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM) Customer Presentation."

Similar presentations


Ads by Google