Sky Advanced Threat Prevention

Agenda Industry Trends Sky Advanced Threat Prevention Description

Industry Trends

54% 60% 75% $11M Market Situation of the data breaches were related to compromised servers 60% of breaches were took weeks or months to discover In today’s security market environment, these statistics offer a telling story of the need for security. Consider: 54% of the data breaches were related to compromised servers Where critical data assets reside 60% of breaches took weeks or months to discover Meaning attackers can continue compromising your business and efforts without your knowing 75% of attacks are driven by financial motives No longer are attackers only seeking notoriety, they are seeking to make money and these groups have $11M is the average cost to a company due to a data breach This loss can certainly set companies back and in some cases even bankrupt them Sources: the first three stats are form the Verizon 2013 Data Breach Investigations Report the fourth stat is from the Ponemon study sponsored by Juniper 75% of attacks are driven by financial motives $11M average cost due to data breach

Market Situation Hacking is a multinational enterprise Security incident every 7 minutes Stats from the Verizon 2015 Data Breach Investigation Report Cost increasing per security incident $ Data breaches – 6 successful per day Source: Verizon 2015 Data Breach Investigation Report.

Sky Advanced Threat Prevention Description

Sky Advanced Threat Prevention Advanced Anti-malware Service in the Cloud Cloud-based Advanced Anti-malware Service With SRX Series Delivers protection against sophisticated “zero-day” threats Watches ingress/egress traffic for malware and indicators of compromise Delivers deep inspection, actionable reporting, inline malware blocking Advanced Threat Prevention Integration with SRX enables detection and prevention of threats Exceptional efficacy against malware via proprietary deception techniques Actionable output (compromised host auto-quarantine, rich reporting) Augments sandboxing with additional analysis to detect evasive malware Cooperative defense –all customers benefit from Juniper global footprint Advanced Threat Prevention is a new cloud-based advanced Anti-Malware service for the SRX Firewall that is scheduled for release in Q4’15. Advanced Threat Prevention will delivers protection against sophisticated “0-day” threats and it does this by watches both ingress and egress traffic for malware and indicators of compromise. The Advanced Threat Prevention service delivers deep inspection – scanning file contents for signs of malicious intent – and actionable reporting. Our goal is to not just report on malware that came across the perimeter, but to offer inline blocking when possible as well. There are three key differentiators for Advanced Threat Prevention: First, Advanced Threat Prevention’s integration with the SRX that allows both detection and prevention of threats Second, we are making a big investment in ensuring that our efficacy against sophisticated malware is world class. To accomplish this, we will be leveraging some Juniper techniques that utilize “deception” to trick malware into identifying itself and, therefore, raising our confidence in alerts that are generated. Much like security intelligence, minimizing false positives is essential as we incorporate this type of technology into an inline device like the SRX. Finally, we will leverage our SecIntel service to push actionable intelligence of compromised hosts to the SRX so that customers can implement quarantine policies when infected clients are detected on the network.

Sky Advanced Threat Prevention Exploit (hacking) Attacks Multiple Attack Vectors to Defend Against Phishing Attacks install Trojans Your Network Off Network Walk-in Threats Infected System Command & Control Documents Containing exploits

Sky Advanced Threat Prevention Solution Overview SRX extracts potentially malicious objects and files SRX sends potentially malicious content to Advanced Threat Prevention cloud Advanced Threat Prevention cloud performs static and dynamic analysis Advanced Threat Prevention cloud provides malware results and C&C server data to the SRX SRX blocks known malicious file downloads and outbound C&C traffic Sky Advanced Threat Prevention Cloud Sandbox w/Deception Static Analysis ATP Juniper Cloud Customer 01101010 01110101 01101110 01101001 01110000 Customer SRX

Sky Advanced Threat Prevention Detail Data Feed Distribution (Spotlight Secure) C&C Feed GeoIP Known C&C Servers Infected Host Feed SRX Malware Inspection Content (File) Extraction on SRX Inspection Pipeline Manager Cache AV and Static Analysis Dynamic Analysis (Sandbox) Fast Verdicts for In-line Blocking Events (C&C “Hits”) Host Analyzer Identified Malware Log Hits Indicators of Compromise Management and Configuration Service Portal Licensing & Entitlement Config & Mgmnt API Reporting API Admin

Sky Advanced Threat Prevention Cloud Machine Learning Verdicts determined at every level Additive verdict determination ensures accuracy Over 50 deception techniques employed to trick malware into exposing itself Cache Inline Blocking Multiple Anti-Virus Static Analysis Sandbox Behavioral Analysis Deception Potentially malicious files Cloud Infrastructure

Freemium Model – Premium Model Limited file types (EXE) No guarantee on when files will reach deception environment (premium customers are highest priority). Attach & Learn Full file support (adds Office docs, PDF, Android applications, ZIP archives, etc.) Auto-quarantine service to automatically stop outbound traffic from compromised hosts inside network. Full detailed reports on dynamic analysis. Innovate & Expand

Thank You