Presentation is loading. Please wait.

Presentation is loading. Please wait.

| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 Securing the Enterprise - new trends on networking security SCOP / Bucharest 15th April 2009.

Similar presentations


Presentation on theme: "| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 Securing the Enterprise - new trends on networking security SCOP / Bucharest 15th April 2009."— Presentation transcript:

1 | Copyright © 2009 Juniper Networks, Inc. | 1 Securing the Enterprise - new trends on networking security SCOP / Bucharest 15th April 2009 Uwe Richter Sr. SE Manager Eastern Europe The most flexible, cost-effective solution for mid to large enterprises and service providers

2 | Copyright © 2009 Juniper Networks, Inc. | 2 NS-5400 Juniper Networks - Leadership & Expertise 1G FW & 1G VPN 100 VSYS 2G FW & 1G VPN 250 VSYS A/A-Full Mesh HA 10G & 30G FW 6M & 18M PPS 10 GigE interfaces Jumbo Frames Hardware AES 2000 Now NS1000 NS1000 w Switch 2 4G & 12G FW 3M & 9M PPS 500 VSYS <78 interfaces & 4000 VLANs Source: Infonetics, Jun 2008 Juniper Networks “Upper-right” Firewall & IPSec VPN Gartner’s Magic Quadrant NS-5200 SRX 5600 SRX G & 100+G FW 20G & 40+G IPS 4M & 8M Sessions ISG 2000

3 | Copyright © 2009 Juniper Networks, Inc. | 3 Deliver a superior user experience Faster application and service deployment Total cost of ownership advantage Integrated Services FAST RELIABLE SECURE Operational Simplicity Scalable Performance What customers expect...

4 | Copyright © 2009 Juniper Networks, Inc. | 4 VPN IPSec IPS  Core / Infrastructure: 10 GigE –More traffic, new/next gen apps, video and other streaming media  Customers demand full-fledged security posture for network performance –Deliver all security services at scale 10+ Gbps FW Today’s Enterprise Requirements Enablement versus Constraint

5 | Copyright © 2009 Juniper Networks, Inc. | 5 Business Challenges Performance and Flexibility Compromise  Traditional solutions based on performance/flexibility tradeoff  Limited performance options –Deploy more platforms –Disable “expensive” features  Limited flexibility options –Deploy dedicated appliances Flexibility Performance

6 | Copyright © 2009 Juniper Networks, Inc. | 6 Pitfall of Today’s Security Adaptability  Limited flexibility in adapting to business requirements  Poor service integration resulting in poor business operations –Complex rack space planning –Installation, management and maintenance overhead Network Traffic Requirements Time TODAYFUTURE Security Requirements FW, IPS & VPN (Gbps) 10 5 Rack Space Planning: High CAPEX: High OPEX: High ASA 5540

7 | Copyright © 2009 Juniper Networks, Inc. | 7 Fabric Dynamic Services Architecture ™  Dedicated Control Plane  Built-on Terabit Fabric –Interchangeable I/O and processing cards –Any service, any card  Feature integration on JUNOS –Fast time to market –Tightest integration between features  Carrier-class Reliability Interface Scalability Processing Scalability Dedicated Management Service Integration via JUNOS ™ QoSDoS NATVPN FWIDP

8 | Copyright © 2009 Juniper Networks, Inc. | 8 Dynamic Services Consolidate Management Framework App Layer Forwarding Threat Prevention Access Control SRX Dynamic Services Gateway RoutingFirewallIPS IPSec VPN NAT SRX Services Gateway Family of JUNOS-based Dynamic Services Gateways

9 | Copyright © 2009 Juniper Networks, Inc. | 9 SRX5000 Series Services Gateway  Revolutionary Architecture  Integrated Services  Scalable Performance  Operational Simplicity  World’s Fastest Security Solution  The heritage of ScreenOS on JUNOS SRX Dynamic Services Gateways Sept 2008 Market Introduction

10 | Copyright © 2009 Juniper Networks, Inc. | 10 Juniper (mid to high-end) Enterprise Security Portfolio 10 Gbps 30 Gbps 50 Gbps 150 Gbps FW and Integrated Security Designed for enhanced perimeter and DC security Products addressing this segment? ISG/IDP SRX5600 SRX5800 NS5400 Services Gateway Designed for integration and scalability Dynamic Services Architecture Terabit Fabric Technology Dynamic Processing Pool Dynamic I/O Pool JUNOS SW feature delivery

11 | Copyright © 2009 Juniper Networks, Inc. | 11 No Compromise Security: SRX3000-line: The most cost-effective network security solution  Maximum Flexibility without Sacrificing Security  Unmatched Price / Performance  Powered by JUNOS and Juniper’s Dynamic Services Architecture (DSA) Based on Dynamic Services Architecture™ for accelerated new service deployment

12 | Copyright © 2009 Juniper Networks, Inc. | 12 SRX3400 Hardware  Modular chassis –7 slots (4 front, 3 rear) –MGT module – dual, hot swap –3U chassis height  Fixed Interfaces –12 built-in (8-10/100/ SFP) –2 Ethernet Management Ports  Modular Interfaces –16-10/100/1000 –16-SFP –2-XFP Performance & Capacities  FW – 10/20 Gbps  VPN – 6 Gbps  IDP – 6 Gbps  Concurrent sessions – 1M  New and sustained CPS – 175k  Concurrent IPSec VPN tunnels – 10k Front Rear

13 | Copyright © 2009 Juniper Networks, Inc. | 13 SRX3600 Hardware  Modular chassis –12 slots (6 front, 6 rear) –MGT module – dual, hot swap –5U chassis height  Fixed Interfaces –12 built-in (8-10/100/ SFP) –2 Ethernet Management Ports  Modular Interfaces –16-10/100/1000 –16-SFP –2-XFP Performance & Capacities  FW – 10/20/30 Gbps  VPN – 10 Gbps  IDP – 10 Gbps  Concurrent sessions – 2M  New and sustained CPS – 175k  Concurrent IPSec VPN tunnels – 20k Front Rear

14 | Copyright © 2009 Juniper Networks, Inc. | 14 Sample SRX3000 Base Configurations SRX3400 –Minimal Configuration  SRX 3400 Chassis  1 SPC  1 NPC SRX3600 –Minimal Configuration  SRX 3600 Chassis  1 SPC  1 NPC

15 | Copyright © 2009 Juniper Networks, Inc. | 15 System configuration flexibility  Flexible configuration of IOCs, NPCs and SPCs: –SRX3400:  7 slots for Common Form-factor Modules (CFMs): –4 in the front for IOCs and SPCs –3 in the rear for NPCs and SPCs  4 SPCs max (1 min)  2 NPCs max (1 min)  4 IOCs max –SRX3600:  12 slots for Common Form-factor Modules (CFMs): –6 in the front for IOCs and SPCs –6 in the rear for NPCs and SPCs  7 SPCs max (1 min)  3 NPCs max (1 min)  6 IOCs max SRX 3400-DC is limited by power supply capacity. No HA limitations.

16 | Copyright © 2009 Juniper Networks, Inc. | 16 Services Processing Cards  Flow Lookup Classification DoS/DDoS Policing  Ingress Packet  Egress Packet  Services FW/VPN/IDP NAT/Routing RE Routing / Device MGT  QoS/Shaping Fabric Integrated in SRX 5000 IOC Network Processing Cards Oversubscrptn. Control 1.5 Input/Output Cards SRX 3K Packet Flow – Fully Integrated

17 | Copyright © 2009 Juniper Networks, Inc. | 17 Juniper SRXTraditional Appliances Dedicated Control Plane Buildable I/O Pool Buildable Processing Pool Single device to manage      Single policy/configuration Scalable Service Engine  Integrated Services Dynamic Services Architecture Differentiator

18 | Copyright © 2009 Juniper Networks, Inc. | 18 Adapting to Changing Security Requirements  High integration supporting wide range of services  Scales as your business grows  Minimal/No policy changes required Rack Space Planning: NONE CAPEX: LOW OPEX: LOW Network Traffic Requirements Time TODAYFUTURE Security Requirements FW, IPS & VPN (Gbps) 10 5

19 | Copyright © 2009 Juniper Networks, Inc. | 19 Price per FW Gbps 44%SAVINGS Price per Gbps FW/IPS/IPSec VPN 83%SAVINGS Power Savings 84%SAVINGS Cisco ASA 5580 Juniper SRX % SPACE SAVINGS 10 Gbps FW, IPS & IPSec VPN Solution 31 Appliances Cisco ASA 5540Juniper SRX 3600 Industry’s Most cost-effective security solution

20 | Copyright © 2009 Juniper Networks, Inc. | 20 Juniper (mid to high-end) Enterprise Security Portfolio 10 Gbps 30 Gbps 50 Gbps 150 Gbps FW and Integrated Security Designed for enhanced perimeter and DC security Services Gateway Designed for integration and scalability Dynamic Services Architecture Terabit Fabric Technology Dynamic Processing Pool Dynamic I/O Pool JUNOS SW feature delivery ISG/IDP SRX5600 SRX5800 NS5400 SRX3400 SRX3600

21 | Copyright © 2009 Juniper Networks, Inc. | 21 Juniper Networks Security Manager A comprehensive approach to security management  Device-lifecycle management –Manages through every phase of device lifecycle: design, deploy, configure, monitor, maintain, upgrade, adjust  Manage all aspects of configuration –Manage configuration tasks at device, networking and security levels  Delegation of administrative access –Provides needed power and tools to the right groups (access and control) –Control to provide/restrict information to different people within the organization, allowing them to make appropriate decisions The Device Lifecycle

22 | Copyright © 2009 Juniper Networks, Inc. | 22 NSM Management Features FeaturesDescription Scheduled Security UpdatesAutomatically update devices with new attack objects Domains Service providers and distributed enterprises may use this mechanism to logically separate devices, policies, reports, objects, etc… Role-based Administration Granular approach in which all 100+ activities in the system may be assigned as a separate permissions Object Locking Multiple administrators can safely and concurrently modify different objects in the system at the same time Audit Logs Sort-able and filterable record of who made which changes to which objects in the system Device TemplatesManage shared configuration such as sensor settings in one place Job Manager View pending and completed directives (such as device update) and their status High AvailabilityActive/passive high availability of the management server Scheduled Database BackupsCopies of the NSM database may be saved on a daily basis

23 | Copyright © 2009 Juniper Networks, Inc. | Tier Management Network-Security Manager (NSM) IDP Appliances ISG / ISG with IDP Centralized NSM Server Common User Interface NSM SSG Series NS-5000 Series

24 | Copyright © 2009 Juniper Networks, Inc. | 24 Future Direction Best-in-Class Routing Best-in-Class Security Continued leadership in networking Continued leadership in security Integrated security and networking on JUNOS JUNOS

25 | Copyright © 2009 Juniper Networks, Inc. | 25 The High-Value Branch When remote sites are essential to the organization’s strategic mission, you can WIN! Ministry of Foreign Affairs

26 | Copyright © 2009 Juniper Networks, Inc. | 26 RoleMissionChanges The Humble Storefront Revenue Gateway Create new sources of revenue and operational efficiencies  Support partners, guests, and devices  Reputation and compliance The Mission Critical Clinic Service Gateway Attract and retain valuable clients  Centralization of applications and databases; SaaS  Privacy and compliance The High-Powered Center of Excellence Innovation Gateway Retain and activate a high quality workforce  Advanced collaboration  Unrestricted Internet access for employees What Are High-Value Remote Locations? Gateways to Better Businesses

27 | Copyright © 2009 Juniper Networks, Inc. | 27 THANK YOU


Download ppt "| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 Securing the Enterprise - new trends on networking security SCOP / Bucharest 15th April 2009."

Similar presentations


Ads by Google