We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byJordan Torr
Modified over 2 years ago
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM) Customer Presentation
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 2 Customer Challenges IT “information” overload Flood of logged events from many “point” network and security devices Lack of expertise to manage disparate data silos & tools Compliance mandates Industry specific regulations mandating security best practices Internal IT “risk” assessment programs Evolving internal and external threats Insider abuse, theft of intellectual property Complex integrated attacks Dispersed Threats Industry Regulations IT Overload
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 3 Security Information & Event Management Introducing Junipers SIEM/NBAD Solution STRM – “Security Threat Response Manager” STRM Key application features Log Management Provides long term collection, archival, search and reporting of event logs, flow logs and application data Security Information and Event Management (SIEM) Centralizes heterogeneous event monitoring, correlation and management Network Behavior Anomaly Detection (NBAD) Discovers aberrant network activities using network and application flow data Integrates Mission Critical Network & Security Data Silos Network Behavior Analysis Log Management STRM
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 4 STRM’s Key Value Proposition Threat Detection: Detect New Threats That Others Miss Log Management: Right Threats at the Right Time Compliance: Compliance and Policy Safety Net Complements Juniper’s Enterprise Mgmt Portfolio Juniper’s STRM Appliance Enterprise Value
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 5 STRM Architecture STRM – Real time network & security visibility Data collection provides network, security, application, and identity awareness Embedded intelligence & analytics simplifies security operations Prioritized “offenses” separates the wheat from the chafe Solution enables effective Threat, Compliance & Log Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 6 Log Management Is fundamental to any centralized network security management solution Challenges include STRM enables Log overload for administrators Highly scalable log aggregation; Consistent logging taxonomy Multi-vendor network; Constant change of formats Broad vendor coverage and extensible APIs for less common formats Demanding operational requirements Advanced log management capabilities including tamper proof log archives Log Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 7 Unrivalled Data & log Management Networking events Switches & routers, including flow data Security logs Firewalls, IDS, IPS, VPNs, Vulnerability Scanners, Gateway AV, Desktop AV, & UTM devices Operating Systems/Host logs Microsoft, Unix and Linux Applications Database, mail & web User and asset Authentication data Support for leading vendors including: Networking: Juniper,Cisco, Extreme, Nokia, F5, 3Com, TopLayer and others Security: Juniper, Bluecoat, Checkpoint, Fortinet, ISS, McAfee,Snort, SonicWall, Sourcefire, Secure Computing, Symantec, and others Network flow: NetFlow, JFlow, Packeteer FDR, & SFlow Operating systems: Microsoft, AIX, HP-UX, Linux (RedHat, SuSe), SunOS, and others Applications: Oracle, MS SQL, MS IIS, MS AD, MS Exchange, and others Security map utilities: Maxmine (provides geographies) Shadownet Botnet Customization logs through generic Device Support Module (DSM) Adaptive Logging Exporter (ALE) Integrate proprietary applications and legacy systems Compliance Templates Forensics Search Policy Reporting Log Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 8 STRM Log Management Tamper Proof Log Archives Event and flow logs are protected by storing associated check sum for each log file written to disk Required by specific regulations (i.e. PCI) Highest level of integrity provided by Secure Hashing Algorithm (SHA) from National Institute of Standards & Technology (NIST) Hashing algorithms supported include: MD2: Message Digest algorithm ad defined by RFC1319 MD5: Message Digest algorithm ad defined by RFC1321 SHA-1: Secure Hash Algorithm as defined by NIST FIPS 180-1 SHA-2: Which includes SHA-256, 384 and 512 defined by NIST FIPS 180-2. Log Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 9 Reporting 220+ Out of the box report templates Fully customizable reporting engine: creating, branding and scheduling delivery of reports Compliance reporting packages for PCI, SOX, FISMA, GLBA, and HIPAA Reports based on control frameworks: NIST, ISO and CoBIT Log Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 10 Security Event correlation & threat Management Is necessary to effectively make sense of all of the collected data Challenges include STRM provides Vendor log formats are a moving target QID map provides intelligent mapping of vendor events Simplified out-of-the-box building blocks & rules simplify rule management Constant change on the network Extensive use of historical profiling for improved accuracy of results Correlation rules complex to manage Threat Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 11 STRM Offense Management Tracks significant security incidents & threats Leverages building blocks & rules Builds history of supporting & relevant information for significant security incidents Provides “point-in-time” reference of offending users and vulnerability state Provides record of first and last occurrence of security incidents Incorporates network behavior analysis to validate/discredit incidents & detect unknown traffic patterns Provides prioritization based on: credibility, relevance & severity Threat Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 12 The Value of JFLOW Passive flow monitoring creates asset profiles and helps auto-discover/classify hosts Passive vulnerability information for correlation Detection of day-zero attacks that have no signature Policy monitoring and rogue server detection Visibility into all communication made by an attacker, regardless of whether it caused an event Network awareness, visibility and problem solving (not necessarily security related) Mail loops, misconfigured apps, application performance issues Threat Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 13 The Key to Data Management: Reduction and Prioritization Previous 24hr period of network and security activity (2.7M logs) STRM correlation of data sources creates offenses (129) STRM Offenses are a complete history of a threat or violation with full context about accompanying network, asset and user identity information Offenses are further prioritized by business impact Threat Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 14 Offense Management Intelligent Workflow for Operators Who Is attacking ? What is being attacked ? What is the impact ? Where do I investigate ? Threat Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 15 STRM System features Centralized browser based UI Role based access to information Customizable dashboards Real-time & historical visibility Advanced data mining & drill down Easy to use rule engine Hierarchical distribution for scale
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 16 STRM Key Benefits Converged network security management console Integrates typically silo’d network & security data Network, security, application, & identity awareness Unrivaled data management greatly improves ability to meet IT security control objectives Advanced analytics & threat detection Detects threats that other solutions miss Compliance-driven capabilities Enables IT best practices that support compliance initiatives Scalable distributed log collection and archival Network security management scales to any sized organization
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 17 Summary STRM delivers repeatable security and compliance management: Integrated network, security, identity and application aware network security management platform Gain efficiency through use of a single pain of glass across entire infrastructure Advanced correlation to deliver actionable “offenses” Gain unparalleled ability to reduce noise and recognize the most important security incidents Efficient and secure log management Meet logging and auditing requirements for all internal/external IT security mandates Flexible deployment options - Turnkey log management to full Network Security Management Log Management Log Management Threat Management Threat Management Compliance Management Compliance Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 18 STRM Products STRM500 STRM2500 STRM5000 250EPS 15k F 500EPS 15kF 1000EPS 50 & 100k F 2500EPS 50 & 100k F 5000EPS 100 & 200k F STRM - EP 5000 + EPS 100 & 200k F STRM - EP Small Enterprise Small Medium Enterprise Large enterprises &Service Providers Events per sec Flows per Min
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 19 Hardware Summary Market SegmentsSTRM ModelsCPUMemoryStorage Small STRM500-A-BSE STRM500-ADD-250EPS-15KF STRM500-UPG-500EPS-15KF Intel Core 2 Dual8GB 2x 500GB HDD RAID 1 Medium STRM2500-ADD-BSE STRM2500-ADD-1KEPS-50KF STRM2500-UPG-2500EPS-50KF STRM2500-UP-2500EPS-100KF Intel Core 2 Quad8GB 6x 250GB HDD RAID 5 array Large STRM5K-A-BSE STRM5K-ADD-5KEPS STRM5K-ADD-CON STRM5K-ADD-EP-5KEPS STRM5K-ADD-FP-200KF Intel Core 2 Quad8GB 6x 500GB HDD RAID 10 array
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 20 STRM Pricing SKUDescriptionList Price STRM500-A-BSEBase HW Appliance$3,000 STRM500-ADD-250EPS-15KFAdd 250EPS and 15K Flows$12,000 STRM500-UPG-500EPS-15KFUpgrade to 500 EPS with 15K Flows$7,000 STRM2500-A-BSEBase HW Appliance$7,000 STRM2500-ADD-1KEPS-50KFAdd 1000 EPS and 50K Flows$30,000 STRM2500-UPG-2500EPS-50KFUpgrade to 2500 EPS with 50K Flows$30,000 STRM2500-UPG-2500EPS-100KFUpgrade to 100K Flows$20,000 STRM5K-A-BSEBase HW Appliance$11,000 STRM5K-ADD-5KEPS-100KFAdd 5000 EPS and 100K Flows$109,000 STRM5K-UPG-5KEPS-200KFUpgrade to 200K Flows$42,000 STRM5K-ADD-EP-5KEPSAdd Event Processor for 5000 Events Per Sec (Distribution)$90,000 STRM5K-UPG-EP-10KEPSUpgrade Event Processor to 10,000 EPS$90,000 STRM5K-ADD-FP-200KFAdd Flow Processor for 200K Flows (Distribution)$90,000 STRM5K-UPG-FP-400KFUpgrade Flow Processor to 400K Flows$90,000 STRM5K-UPG-FP-600KFUpgrade Flow Processor to 600K Flows$90,000 STRM5K-ADD-CONConsole for Distributed Architecture$35,000
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 21 STRMCisco MARSArcsightRSA Envision Mazu/Lancope /Arbor Log Management Strong Weak Disjoint solutions for log and threat management Limited Flow support No NBAD StrongNo Threat Management Strong Cisco-focused Weak Limited flow support No NBAD No event data Flow data only Compliance Management Strong WeakStrong Weak Competitive Summary
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 22 Competitive Pricing Analysis EPSSTRM Cisco MARS Q1 LabsEIQEnvisionLogLogicArcSight 500 $22,000$15,000$39,900$43,795 $27,599$22,000$67,827 1000 $37,000$30,000$39,900$70,695$40,857 $22,000 $85,177 2500 $67,000 $85,700$115,395 $78,219$50,000$119,177 5000 $120,000$101,000$138,700$276,495$117,992$150,000 $259,267 10000 $215,000$176,000$268,600$544,995$280,455$225,000 $506,847
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 23 STRM Release Schedule Q108 STRM 500 STRM 2500 Full Soln Q1 ‘08 Q2 ‘08 Q3 ‘08 Q4 ‘08 Q208 STRM5000 STRM Log Management and Reporting only option Add additional device support EX, M, MX STRM 2008.1 STRM 2008.2 Q308 Reporting Enhancements Time Based Reporting HA STRM 2008.3 Planning Phase Q408 Integration with NSM Australia, Viking support Risk Assessment STRM 2008.4 Planning Phase
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 24 Thank You
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper in the Enterprise & Introducing STRM Stefan Nilsson Marketing.
The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.
2 Industry trends and challenges Windows Server 2012: Modern workstyle, enabled Access from virtually anywhere, any device Full Windows experience.
Technology for the Audit Team Copyright © 2008 ACL Services Ltd. Peter B. Millar Director, Business Development 25 June 2008 ACL AuditExchange 2009.
Juniper Networks CONFIDENTIAL 1 MIGRATION FROM SCREENOS TO JUNOS BASED FIREWALL PRESENTER NAME JULY 2014.
CA Infrastructure Management Solving IT’s Most Complex Problems.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Network security Product Group 2 McAfee Network Security Platform.
Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.
Overview SessionVista™ Enterprise is the first integrated network monitoring and control appliance that combines application layer firewall capabilities.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
1 IT Analytics for Symantec Endpoint Protection Presenter’s Name Here Presenter’s Title Here.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.
What’s New in WatchGuard Dimension v1.2 WatchGuard Training.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN BCMSN Module 1 Lesson 1 Network Requirements.
| © 2013 Axway | All rights reserved. 1 Govern the Flow of Data: Moving from Chaos to Control Steve Jordan Director, Industry Marketing.
BalaBit Shell Control Box New Concept for Privileged User Monitoring.
Yammer Technical Solutions Overview. Audience and Requirements 2 The Yammer Technical Solutions Overview module is an introduction to the Yammer Platform.
WhatsUp Gold powerful network monitoring & management solution.
The Most Analytical and Comprehensive Defense Network in a Box.
Tag line, tag line Operations Manager 4.0 Customer Strategic Presentation March 2010.
CA's Management Database (MDB): The EITM Foundation -WO108SN.
The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
1. 2 Captaris Workflow Microsoft SharePoint User Group 16 May 2006.
© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Copyright Critical Software S.A All Rights Reserved. COTS based approach for the Multilevel Security Problem Bernardo Patrão.
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
December 2010 Partner Support Service Overview. © 2010 Cisco Systems, Inc. All rights reserved. 2 Agenda Collaborative Services, Customer Response Collaborative.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
ManageEngine IT360 Product Overview
Centralized Logging and Reporting for Managed Security Services Providers.
Dell Connected Security Solutions Simplify & unify.
1 Presented by: Ken Williams and Wade Scheffner American Digital Corporation May 21, 2013 UniData to SQL Virtualization & Disaster Recovery.
1© Copyright 2016 EMC Corporation. All rights reserved. VIEWTRUST SOFTWARE OVERVIEW RISK MANAGEMENT AND COMPLIANCE MONITORING.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Introduction to Computer Administration Introduction.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
1 Proofpoint, Inc. Proprietary and Confidential ©2010 Proofpoint Protection/Privacy Offering Proofpoint Privacy Accurately detect ePHI in s Integrated.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Equal or Not
1 HP Quality Center Overview. 2 Deliver optimal business results through high-quality applications HP Quality Center core Supporting key stakeholders.
© 2005 AT&T, All Rights Reserved. 11 July 2005 AT&T Enhanced VPN Services Performance Reporting and Web Tools Presenter : Sam Levine x111.
Polycom Unified Collaboration for IBM Lotus Sametime and IBM Lotus Notes January 2010.
© 2017 SlidePlayer.com Inc. All rights reserved.