Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIGRATION FROM SCREENOS TO JUNOS based firewall

Similar presentations


Presentation on theme: "MIGRATION FROM SCREENOS TO JUNOS based firewall"— Presentation transcript:

1 MIGRATION FROM SCREENOS TO JUNOS based firewall
Introductions and welcome. PRESENTER NAME July 2014

2 agenda KEY FW REQUIREMENTS AND SRX OVERVIEW
CUSTOMER MIGRATION BENEFITS EDUCATION SERVICES RESOURCES

3 KEY FIREWALL REQUIREMENTS
Security efficacy Operational efficiency Support for the business JUNIPER DELIVERS Breadth, depth, threat prevention Scale, performance, centralized control Open architecture: flexible, better TCO When we talk to customers they tell us that they are focused on three main things when they look for security and firewalls. Security Efficacy: or how much protection am I are getting from this solution? Operational efficiency: or how much will this solution add to my administrative work and what kind of performance overhead will it deliver? Support for the business: will this solution help my business run better or will it get in the way of my business? Juniper delivers solutions with these issues in mind. We aim to increase the breadth and depth of our threat prevention by offering a layered security approach. We focus on making our solutions more operationally efficient by enabling them to scale as a business grows, by continually working to improve performance and by delivering strong centralized management and control. Our solutions are excellent for larger or growing environments because we put so much work into making out solutions scalable. We also support our customer’s business by offer an open architecture that is flexible so our customers can get exactly the solution that fits their needs. We also believe in openness so our customers can customize their solution specifically to support their business if they want.

4 Srx series services gateways
CONSOLIDATED, LAYERED NGFW SECURITY All-In-One NGFW Security and Networking EASY TO MANAGE & SCALE OVERALL BEST SECURITY VALUE The SRX offers consolidated, layered next generation firewall security. It includes all-in-one next gen firewall and networking functionality. Why buy networking equipment and a firewall when you can just buy the SRX which will do both. The SRX is easy to manage with Junos Space Security Director. And the nice thing about SRX management is that it is based on the JUNOS operating system, so if you are already familiar with JUNOS because you use it to manage your networking equipment from Juniper, you don’t have to learn a new OS to manage and configure your firewall. The SRX will scale with your business as it grows. It has a very scalable centralized management platform so you can manage just a few firewalls or hundreds or thousands with a single system. Additionally, you can easily add services to your existing SRX so if you want to add capabilities you don’t need to rip and replace, you can simply add a license and turn it on. And you get even more flexibility if you go with a high-end chassis-based SRX because there you can add additional processing power and interface cards if you need to grow your firewall. Overall, the SRX gives you optimal security value when you compare capabilities, performance, and price.

5 Enterprise Security 2014 Areas of focus
NGFW Services Simplified Management Open / Extensible Security Platform Integrated solutions AppID efficacy Threat / app support – full portfolio Integrated solution UX leads engineering Highly scalable Open IPS & app signatures Security intelligence (coming soon) Advanced threat protection (coming soon) We’ve been really busy at Juniper working on a number of key security initiatives. Our focus is in three main areas: NGFW services where we are continuing to integrate our solutions to simplify your deployments, Improving our application identification efficacy so we can identify even those difficult to find evasive apps and continuing to expand our threat and application support portfolio to offer a full range of NGFW capabilities. We continue to simplify our management solution through continued integration of additional capabilities into the core centralized management platform. Customers have said that the industry has a tendency to multiple management solutions as additional security elements are added into an infrastructure. We don’t want to do that to our customers so we have been working hard to get everything into the Junos space management platform for our customers. We also take a user experience led approach to developing our management – not an engineering approach. This means that we aim to deliver a management experience that is useful and easy to use for our customers. We also maintain a strong connection to our roots as a supplier to service providers and very large enterprises – and that means our solutions are highly scalable…able to grow with a growing organization, even those very large operations that can challenge some other security providers who aren’t used to serving those types of customers.

6 Ngfw capabilities INTEGRATED USER / ROLE FIREWALL
Easy agent-less SRX AD integration APPSECURE & UTM Better app visibility & control including evasive app & tunneled app detection Open app & IPS signatures Best-in-class content security SIMPLIFIED MANAGEMENT Centralized management of complete security services suite Integrated logging & reporting Role-based access control Customers get a full NGFW solution with some extra bonus elements with the SRX. SRX automatically comes with an integrated user firewall capability so the SRX can integrate with your Active Directory to enforce user identity-based security policies. This user firewall is very easy to use and set up and does not require any additional devices or agents. You get application-based capabilities with the SRX as well as content security. We offer better application visibility and control. And unlike other suppliers, Juniper gives you the ability to add your own custom application signatures or IPS signatures to your implementation. This is popular with customers who are running custom applications in their environment that they want to control with security policies or customers in industries that create their own specialized IPS signatures to protect their organizations against specialized, targeted threats. You can also get a best-in-class content security solution that runs on the SRX with services from several companies that specialize in different specialized security services. Finally you save time with a simplified management approach. You can centrally manage all your security services from Junos Space and Security Director. You can create and manage policies as well as get visibility with integrated logging and reporting. If you have several administrators you can make their access granular based on their roles by taking advantage of role-based access controls for the management platform.

7 Integrated User Firewall role-based Security
Allows different users to have different application policies based on their role and group P2P apps blocked Youtube allowed Anti-virus applied Marketing WF profile A Firewall P2P, Youtube blocked Anti-virus applied Sales User controls enable your firewall to dynamically enforce security policies based on user information from your Active Directory. Static addresses are not the best way to apply security policies to a user considering one user may use several devices and is mobile both inside and outside your infrastructure. The SRX comes with AD integration built into it. This integration is very easy to use and does not require any additional devices or agents to be installed. By adding user identify information from AD to your firewall policies and connecting it to application awareness in the firewall you can set controls on what users can use what application by user or user role or user group. For example: Marketing employees can use Facebook posts and chat but they can’t place Facebook games or Sales is restricted from using YouTube but they can Skype and Engineering can use YouTube but they can’t use Skype. WF profile B No apps blocked Anti-virus applied CEO WF profile C 7

8 New core: Appsecure w/ appid 2.0
Better heuristics for evasive & tunneled apps More signatures Flow Processing Ingress Egress App Tracking Application ID Results IPS Remediate security threats Understand security risks Address new user behaviors App FW SSL Proxy App QoS You get several additional layers of security and control along with application awareness in the SRX. These features are part of the AppSecure services offering. You can track what applications are running on your network and you can decide to block or apply tailored access to specific applications. You can apply quality of service to applications in order to preserve your network bandwidth for the most important applications. You get industry-leading high performance SSL decryption. This is increasingly important as more and more traffic is encrypted. Additionally you get IPS to identify and remediate security threats targeting applications. These capabilities deliver two categories of benefits. You get additional protection by catching exploits and you can restrict dangerous applications from your environment – apps such as P2P that we all know tend to be rife with malware. You also get controls that will help you save your limited resources for the important traffic to your organization by limiting non-essential applications. Block access to risky apps Allows user tailored policies Packet inspection w/ SSL Prioritize important apps Rate limit less important apps

9 Virtual firewall security
Junos Space Security Director, Hypervisor Management, Secure Analytics Traditional Firewall/Secure Router Next Generation Firewall Firewall VPN NAT Routing UTM: AV, Anti-spam, web/Content Filtering Application Awareness & Control, IPS, SSL Proxy You can also go virtual for your firewall if you want. You get the same capabilities on Firefly Perimeter as on the SRX for the most part. All the great traditional firewall capabilities, plus UTM and AppSecure for NGFW protection and control. And you get the flexibility of a fully virtual solution. Management is easy with Firefly Perimeter. Provision your firewalls using Virtual Director and manage your policies in the same place you manage your physical firewall policies – in Security Director. You can get extended management reporting for both through Juniper Secure Analytics, our full SEIM solution.

10 Best fit firewall platforms
BRANCH  EDGE  DATA CENTER  CORE 300G PHYSICAL SRX or VIRTUAL FIREFLY SRX5800 100G SRX5600 SRX5400 SRX3600 SRX3400 SRX1400 SRX650 10G SRX550 Firefly 1G All your NGFW services are available on pretty much any SRX platform and we offer a wide range of platforms to choose from. Just get the platform that fits your deployment environment and performance needs. If you aren’t sure what services you want, start with with traditional firewall services and add next generation capabilities as you want them. It’s really easy – you don’t need to buy a new device just because you want to add a new service. SRX240 SRX110 SRX210 SRX220 SRX100 SINGLE OPERATING PLATFORM: JUNOS -- CENTRALIZED MANAGEMENT: SECURITY DIRECTOR

11 Scalable security management
Junos Space Security Director Scalable, responsive & accurate policy mgmt. Manage all security services Visibility, logging & reporting Secure Analytics Market-leading SIEM solution Collects, archives, reports and correlates events, flow data, and application data Analyzes network behavior for anomalies Juniper offers two security management options for customers looking for centralized event logging, reporting and analytics. Junos Space Security Director enables SRX policy management plus event logging and reporting via the Junos Space network management platform. It is highly scalable to accommodate management for 1000s of devices from a single UI. Secure Analytics provides complete SIEM capabilities including security event logging and reporting and analytics as a separate offering in the form of an appliance or software VM. SO customers have a choice based on what level of analytics they need in the short term and long term.

12 Choose the extensiveness of your solution
SRX Series Gateway Security Director SRX Series Gateway Security Director WebApp Secure Spotlight Secure You have the flexibility to get the solution you need and want. You can go simple with just SRX and Security Director or you can go for the full extensive security solution with the addition of WebApp Secure, Spotlight Secure, and Secure Analytics. And don’t worry if you change your mind later, you can start simple and easily add on to your solution later if you want. Secure Analytics

13 Centralized & Scalable Management
differentiators Centralized & Scalable Management for all security services All-in-one device for security, routing, and switching Next-generation firewall with AppSecure and user role-based firewall BEST-IN-CLASS CONTENT Security UTM with intelligence from multiple expert security companies Always Available management access even under attack delivered by separate control and data planes Juniper aims to deliver the solution that is right for you. We specialize in strong centralized management that is very scalable. You save by getting an all-in-one device for security, routing and switching. You get the added security and controls that come with next generation firewall capabilities. You can protect your environment against malware with best-in-class content security. And you get the added confidence that your security will be there when you need with the resiliency designed into the SRX through our unique architecture based on separate control and data planes. This unique architecture ensures you will still be able to manage your SRX even if is under attack.

14 Highlights Security efficacy ANSWERING CUSTOMER REQUIREMENTS
Operational efficiency Support for the business ANSWERING CUSTOMER REQUIREMENTS Open / Extensible Security Platform Open signatures More new features coming soon NGFW Services Integrated user firewall AppSecure, UTM Full portfolio: SRX/Firefly Perimeter Simplified Management Security Director Complete Security Services Management Integrated logging & reporting If, like other organizations, you are looking for a security solution that deliver strong, effective security and is easy and efficient to operate and is flexible and open to optimally support your business, the SRX is a good option. It delivers strong NGFW services, simplified management, on an open/extensible security platform.

15 Customer migration benefits
MODERN PLATFORM FOR PROTECTION AGAINST NEW THREATS Junos Advantages SRX Advantages Advanced application security User-role FW Enhanced antivirus (Sophos) Integrated IPS with hardware-based Content Security Acceleration Engine Dynamic IPsec VPN w/Junos Pulse Broad WAN Interface portfolio Class of Service Rich switching Group VPN Deep traffic reporting and monitoring Separate control and data plane Broad routing protocol support and MPLS Flexible forwarding Customer empowered automation with Junoscript 3rd party integration with SDK Junos CLI philosophy (Commit, Rollback, etc.) Virtualization Service Now Junos benefits: Separation of control and data plane Broad routing protocol support and MPLS Flexible forwarding (flow, packet, mixed) Customer empowered automation with Junoscript 3rd party integration with SDK Junos CLI philosophy (Commit, Rollback, etc.) Virtualization Service Now SRX Features: Advanced application security User-role FW Enhanced antivirus (Sophos) Integrated IPS with hardware-based Content Security Acceleration Engine (Regex ASIC) Dynamic IPsec VPN w/Junos Pulse Broad WAN Interface portfolio (VDSL2, 3G/4G Wireless, Cable Modem) Class of Service support Switching (Trunking, STP, 802.3ad, 802.1x, etc.) Group VPN Deep traffic reporting and monitoring (RPM, J-Flow, packet capture)

16 Educational services Partner/Customer Technical Enablement
Junos Certification Fast Track – Free access to study materials for JNCIx Junos and Junos for Security Certifications Junos for Security Learning & Certification Track Junos for Security Instructor Lead Training Schedule On-demand E-learning – Networking Fundamentals - Junos as Second Language - Junos as a Security Language -

17 resources SRX Series: Firefly Perimeter: Security Management and Intelligence: services/security/management-intelligence/ Overview of Benefits for customers upgrading from ScreenOS to SRX:

18


Download ppt "MIGRATION FROM SCREENOS TO JUNOS based firewall"

Similar presentations


Ads by Google