Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software-Defined Secure Networks in Action

Published byEvelyn Gardner Modified over 5 years ago

Similar presentations

Presentation on theme: "Software-Defined Secure Networks in Action"— Presentation transcript:

1 Software-Defined Secure Networks in Action
Nguyễn Tiến Đức ASEAN Security Specialist

2 1 2 3 4 Agenda IoT Malware Software-Defined Secure Networks
Juniper IPSec VPN Strategy (Juniper way to the thought leader within IPSec) Juniper IPSec VPN Technologies (What we offer) Auto VPN Phase III (Challenges and what we have done, AD-VPN) Roadmap 1 IoT Malware 2 Software-Defined Secure Networks 3 Software-Defined Secure Networks in Action 4 Summary

3 IoT malware

4 Real world examples of IoT malware/ransomware
Thermostat ransomware1 Amazon cameras malware2 Jeep remote control3

5 Software-Defined Secure Networks

6 Security Director Policy Enforcer Infected Endpoint Scenario
Enables remediation via Policy Enforcer workflows in Security Director Delivers micro security services to switches such as EX, QFX Updates enforcement criteria automatically with new threat data Tracks infected host/endpoint movement from site to site via MAC address vs IP address Sky ATP detects malware; renders verdict 2 Threat Intel Sky ATP vSRX 3 Enforcement policy rendered Firewall 4 Policy Enforcer Security Director Switch 4 Enforcement policy automatically deployed Malware enters 1 5 Infected endpoint quarantined

7 The ATP verdict chain Staged analysis: combining rapid response and deep analysis Suspect file Suspect files enter the analysis chain in the cloud 1 Cache lookup: (~1 second) Files we’ve seen before are identified and a verdict immediately goes back to SRX 2 Anti-virus scanning: (~5 second) Multiple AV engines to return a verdict, which is then cached for future reference 3 Static analysis: (~30 second) The static analysis engine does a deeper inspection, with the verdict again cached for future reference 4 Dynamic analysis: (~7 minutes) Dynamic analysis in a custom sandbox leverages deception and provocation techniques to identify evasive malware

8 Software Defined Secure Networks Policy, Detection, and Enforcement
The Software Defined Secure Network leverages the entire network to deliver a secure network and is comprised of three main components, using a bottoms-up and tops-down approach: First you leverage the entire network infrastructure and the ecosystem itself, which includes all network elements such as switches, routers and firewalls. Each element can provide threat intelligence and detect threats. Next, use cloud-based threat defense, which includes security intelligence feeds from all sources including 3rd party sources. It also includes cloud-based, scalable malware detection. By leveraging the economics and scale of cloud-based intelligence, you amplify your detection capability and significantly widen your capture net. The third element is the centralized policy engine and controller. The policy engine dynamically adapts policy to the constantly evolving threat conditions while the controller serves to execute the policy by communicating it to all network elements including 3rd party network devices such as wireless access points or other 3rd party switches. The SD-SN shares and distributes threat intelligence from all sources. It utilizes any point of the network as an enforcement point. It dynamically executes policy across all network elements including third party devices. Unified and Responsive Automated Malware Defense Dynamic, Adaptive Policy Orchestration Leverage entire network and ecosystem for threat intelligence and detection DETECTION Threat Intelligence POLICY ENFORCEMENT Utilize any element of the network as an enforcement point Dynamically execute policy across all network components including third party devices DETECTION ENFORCEMENT

9 Software-Defined Secure Networks in Action

10 SDSN isolates infected host
State-full filter on Firewall + Access list on the Switch port Threat Intel Sky ATP Infected host = Firewall Firewall Switch Switch

11 SDSN tracks host and enforces
Threat Intel Sky ATP Infected host = Firewall Firewall Switch Switch

12 The Right Policy for the Right Job
Different threat levels need different policies Now…let’s get back to our lightbulb With SDSN, you were able to detect anomalous behavior based on prior, correct network behavior, and make the decision to shut it down -- effectively eliminating the questionable data exchange at the nearest access switch (EX Series) or firewall device (SRX Series). SDSN then created a new security policy based on the correct volume of traffic flow for a smart lightbulb and distributed it to all policy enforcement points on the network, including switches, routers and firewalls. Let’s look at a more complex and critical scenario: what if a core switch becomes compromised. Say a malicious threat makes its way on the core switch that creates a GRE tunnel--then mirrors all traffic on your network out to the illegitimate tunnel. In this scenario, SDSN would kill the illegitimate tunnel without impacting normal traffic through the core switch. All this is dynamically executed leveraging the network as the point of enforcement. Software Defined Secure Networks (SDSN) Policy Orchestration + Enforcement Shut down light bulb Kill illegitimate tunnel Anomalous lightbulb? Quarantine and create new policy for appropriate behavior OR Compromised core switch? Neutralize the threat and shut down the tunnel vs. killing the switch

13 SDSN Phase-1 (FRS 2016) Key Features Customer Benefits
Use Case: Threat Remediation of infected hosts DETECTION Sky ATP – Known & Day-0 Malware analysis, Sandboxing, Infected Host identification, Command & Control, GeoIP POLICY Simplified Threat Remediation Policy (Block, Quarantine, Track) defined in Security Director Policy Enforcer ENFORCEMENT Juniper: SRX, vSRX, EX and QFX Security Fabric including Firewalls and Switches Infected Host Blocking Perimeter Firewall level for north – south traffic EX/QFX switches to protect from lateral movement of threats Infected Host Tracking Track infected host movement in network, and Quarantine or block infected hosts even if IP address changes Key Features Automates threat remediation workflows Real-time remediation of infected hosts Reduced time to remediate = Reduced exposure to attacks Leverage Network (EX/QFX) and Firewall (SRX/vSRX) to take remediation actions to address lateral movement of attacks inside the network in addition to limiting attacks from outside world Customer Benefits

14 Juniper and Non Juniper Switches
SDSN Phase 2 Phase 2 SKY ATP 3rd Party Feeds Security Fabric SRX Firewalls EX/QFX/EX Fusion Clear Pass Connectors Sky Realm SRX and PE registered Threat Intelligence from SKY ATP Cloud Feeds Third Party feeds Enforcement On SRX via Security Director ATP policy pushed to SRX from SD SRX pulls Infected host feed from PE On EX/QFX Switches Legacy as P1 On EX/QFX and third party Wired and Wireless networks Enforcement through Clear pass by initiating Radius CoA WLC API 3rd Party connector Policy Enforcer Security Director Juniper and Non Juniper Switches Access Points Radius Server S/W Micro Service SRX Detection Layer 3rd Party connector Southbound API for IH remediation This release Clear pass connector as a reference implementation Connectors for Cisco ISE, Forescout… in the pipeline. EX/QFX

15 SDSN Threat Remediation
Use Case: Mitigation of DDoS attack DETECTION Detection from JSA or a third party detection mechanism is fed to Policy enforcer as a custom Feed POLICY Simplified DDoS Policy (Block, Rate Limit, Forward to) defined in Security Director Policy Enforcer ENFORCEMENT Juniper: SRX, vSRX, MX Security Fabric including Firewalls and MX routers DDoS remediation BGP flow spec is modified to take one of the possible actions Block - Block Route Rate Limit – Limit bandwith on flow route Forward to – next hop to reroute packet for scrubbing Key Features Automates DDoS remediation workflows Reduced time to remediate = Reduced chances of service outage Leverage Network (MX) and BGP flow spec to counter DDoS attack and effectively prevent service outage. Remediation at the perimeter router protects down stream firewall and other devices. Customer Benefits

16

Download ppt "Software-Defined Secure Networks in Action"

Similar presentations

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.

SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Welcome to the Human Network Matt Duke 11/29/06.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Welcome to the Human Network Matt Duke 11/29/06.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Chapter 5: Implementing Intrusion Prevention

Chapter 5: Implementing Intrusion Prevention
1 ABNER GERMANOW DIRECTOR ENTERPRISE MARKETING. 2 NEW ATTACK SURFACES DATACENTER CONSOLIDATIONNEW DEVICESBRANCH LOCATIONS.

1 ABNER GERMANOW DIRECTOR ENTERPRISE MARKETING. 2 NEW ATTACK SURFACES DATACENTER CONSOLIDATIONNEW DEVICESBRANCH LOCATIONS.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Synchronized Security Revolutionizing Advanced Threat Protection

Synchronized Security Revolutionizing Advanced Threat Protection
Sky Advanced Threat Prevention

Sky Advanced Threat Prevention
Copyright © 2014 Juniper Networks, Inc. 1 Juniper Unite Cloud-Enabled Enterprise Juniper’s Innovation in Enterprise Networks.

Copyright © 2014 Juniper Networks, Inc. 1 Juniper Unite Cloud-Enabled Enterprise Juniper’s Innovation in Enterprise Networks.
ORNL Site Report ESCC July 15, 2013 Susan Hicks David Wantland.

ORNL Site Report ESCC July 15, 2013 Susan Hicks David Wantland.

Similar presentations

Ads by Google