SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.

Slides:

Advertisements

Similar presentations

The leader in session border control for trusted, first class interactive communications.

Advertisements

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Network Systems Sales LLC

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

Guide to Network Defense and Countermeasures Second Edition

Module 5: Configuring Access for Remote Clients and Networks.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Lesson 19: Configuring Windows Firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Department Of Computer Engineering

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

TAILORED SECURITY FOR CRITICAL ASSETS SRX SERIES SERVICES GATEWAYS FOR THE HIGH END PRESENTER NAME DECEMBER 29, 2013.

Polycom Conference Firewall Solutions. 2 The use of Video Conferencing Is Rapidly Growing More and More people are adopting IP conferencing Audio and.

Course 201 – Administration, Content Inspection and SSL VPN

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 IPSec or SSL VPN? Decision Criteria.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Dual WAN Router Brand & Marketing MGMT Dept DrayTek Corp Vigor2912 Series 14 th Jan Based on f/w RC4.

Web Application Firewall (WAF) RSA ® Conference 2013.

NEXT GENERATION FIREWALLS Why NGFWs are Next-Generation FWs?

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Network security Product Group 2 McAfee Network Security Platform.

1 ABNER GERMANOW DIRECTOR ENTERPRISE MARKETING. 2 NEW ATTACK SURFACES DATACENTER CONSOLIDATIONNEW DEVICESBRANCH LOCATIONS.

12/1/2015Faculty : Trần Thị Ngọc Hoa1 ISA server Overview 1. Introducing ISA Server 2. Deployment Scenario for ISA Server.

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.

IS3220 Information Technology Infrastructure Security

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Juniper Networks Mobile Security Solution Nosipho Masilela COSC 356.

Ton den Braber Channel Manager Benelux Dell SonicWALL The Promises and Pitfalls of BYOD.

JUNOS PULSE Junos PULSE for Windows Junos PULSE Mobile Security Suite.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

NSA 240 Overview For End Users. 2 New Challenges To Solve  Threats Are Increasing  Web 2.0 & SaaS  Impacts to servers, users & networks  Threats go.

Presented By Hareesh Pattipati.  Introduction  Firewall Environments  Type of Firewalls  Future of Firewalls  Conclusion.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Barracuda NG Firewall ™

CompTIA Security+ Study Guide (SY0-401)

Cloud App Security vs. O365 Advanced Security Management

Barracuda Firewall The Next-Generation Firewall for Everyone

HP ProCurve Alliance + Dr Carl Windsor CISSP Major Account Manager

Real-time protection for web sites and web apps against ATTACKS

Securing the Network Perimeter with ISA 2004

Forefront Security ISA

CompTIA Security+ Study Guide (SY0-401)

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Software-Defined Secure Networks in Action

Intrusion Prevention Systems

Healthcare Cloud Security Stack for Microsoft Azure

Intrusion Detection system

Introduction to Network Security

Presentation transcript:

SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest

2 Copyright © 2011 Juniper Networks, Inc. APPLICATION-AWARE SECURITY Introducing AppSecure AppSecure is a suite of application based services designed for deploying security in a knowledgeable manner  Builds on existing firewall integrated services to deliver finer-grain policies  Leverages integrated application intelligence Application Intelligence

3 Copyright © 2011 Juniper Networks, Inc. APPSECURE DIRECTION Understand security risks Address new user behaviors Application Intelligence from User to Data Center Subscription service includes all modules and updates Juniper Security Lab provides 800+ application signatures Subscription service includes all modules and updates Juniper Security Lab provides 800+ application signatures AppTrack AppQoS AppDoS IPS Block access to risky apps Allows user tailored policies Prioritize important apps Rate limit less important apps Protect apps from bot attacks Allow legitimate user traffic Remediate security threats Stay current with daily signatures AppFW

4 Copyright © 2011 Juniper Networks, Inc. SAMPLE APPLICATION COVERAGE AND MORE ADDED DAILY 100BaoAimsterApplejuiceAresBitTorrentDirectConnecteDonkey2000 FastTrackFreecastFreenetGnucleusLANGnutellaGnutella2GoBoogy HotlineIceShareICQIRCJapper/XMPP Joltid PeerEnabler Kademlia KuGooKuroManolito/MP2PMMS MSNP (ver 10, 11, 12) MSNP 13MUTE NapsterOpenFT (giFT)Oscar (AOL)PeercastPocoQQRTSP SCTPSkypeSoribadaSoulseekTeslaTOC (AOL)WinNY WPNPXunleiYahoo IMAnd More

5 Copyright © 2011 Juniper Networks, Inc. APPLICATION VISIBILITY AppTrack Discrete Data AnalysisBusiness Analysis Deep packet intelligence Protocol IP Addr Port Data SAP Size Joe What application? What user? User Location? User device? What application? What user? User Location? User device? Identify applications running on the network with protocol decoding and Application signatures View application ID in session logs to understand network behavior Enable data center admins to make informed decisions based on application being accessed to manage security risk AppTrack ApplicationsBytes From Client (Custom) (Sum)Count FTP1,047,7542,097 Windows File Share1,030,00631 HTTP376,29616 Bit Torrent316,06416 None154, NETBlog151,63216 VoIP128,26616 Facebook104,73516 TFIP67,92016 Telnet54,76816

6 Copyright © 2011 Juniper Networks, Inc. Control & Enforce Web 2.0 Apps AppFW AppFW: BEYOND JUST FW OR APP CONTROL Inspect ports and protocols Control nested apps, chat, file sharing and other Web 2.0 activities Dynamic application security Web 2.0 policy enforcement Threat detection & prevention HTTP Uncover tunneled apps Stop multiple threat types

7 Copyright © 2011 Juniper Networks, Inc. Protect Valuable On-line Business AppDoS AppDOS THREAT MITIGATION Detect and mitigate botnet activity Benchmark “normal” behavior to detect anomalies Botnet detection & remediation DoS monitoring & remediation On-going anomaly detection Uncover misuse of routine Web functionality Purchase Item Select Item View Item Check bill Adapt security policy and QOS based on insights

8 Copyright © 2011 Juniper Networks, Inc. HOW AppDOS WORKS Attack traffic Legitimate traffic Botnets targeting services for disruption Mixture of legitimate and attack traffic INTERNET Server Connection Monitoring Protocol Analysis Bot / Client Classification Cloud Provider / Data Center Web Services / Applications SRX Series

9 Copyright © 2011 Juniper Networks, Inc. Prioritize & Control App Bandwidth AppQoS AppQOS FOR SCALE & PERFORMANCE Monitor Web 2.0 bandwidth consumption Dynamic application quality-of-service (QoS) Application prioritization Performance management Throttle bit rates based on security and usage insights Prioritize business critical apps X

10 Copyright © 2011 Juniper Networks, Inc. Monitor & Mitigate Custom Attacks IPS IPS FOR CUSTOMIZABLE PROTECTION Detect and monitor suspicious behavior Address vulnerabilities instead of ever-changing exploits of the vulnerability On-going threat protection Mobile traffic monitoring Custom attack mitigation Tune open signatures to detect and mitigate tailored attacks Uncover attacks exploiting encrypted methods Exploits VULNERABILITY AppSecure IPS Other IPS’s

11 Copyright © 2011 Juniper Networks, Inc. AppSECURE DEPLOYMENT SCENARIOS IN-LINE SERVICE PROTECTION Advanced protection for infrastructure and Hosted Services Data Center DNS ServicesHTTP/Web Services Network Core Remote Network Other Services AppSecure

12 Copyright © 2011 Juniper Networks, Inc. APPSECURE DEPLOYMENT SCENARIOS SRX Corporate Data Center with Bot protection and Application Tracking Remote Access Apps Full suite of DC services: firewall, IPS, NAT, IPsec VPN, AppTrack, AppDoS Corporate HQ / Data Center AppSecure

13 Copyright © 2011 Juniper Networks, Inc. APPSECURE SUMMARY iPhone and other mobile devices consuming many applications and bandwidth Increased security risk with Web 2.0 applications Internet end-points are changing and increasing exponentially Fine-grain detection and control of application access Deep and wide visibility into all traffic flowing through the network Expands administrative control over network traffic AppDOS combines statistical and deterministic methods to counter DDoS attacks at the right level Mitigates sophisticated attacks with minimal service impact Botnet attacks are growing SRX Services Gateways offer control and security without compromise Scalable performance