Presentation is loading. Please wait.

Presentation is loading. Please wait.

Juniper’s Enterprise Security Solutions

Published byNathaniel Rice Modified over 8 years ago

Similar presentations

Presentation on theme: "Juniper’s Enterprise Security Solutions"— Presentation transcript:

1 Juniper’s Enterprise Security Solutions
Innovations for Securing the Cloud Enabled Enterprise

2 Cybercrime on the Rise… Business Profits and Productivity in Peril
Cybercrime is happening. And it is getting worse. If you look at the stats: - Cybercriminals are getting faster - Increasing number of companies are being attacked – cybercriminals are reaching wider - Cybercrime is expensive, and it goes up about 10% per year In today’s security market environment, these statistics offer a telling story of the need for security. The results of a cyber attack can be devastating to any company. From increased costs to even losing your job. Bottom line, when building a network, security must be considered in the design. That is why it’s so important for Juniper to be focused on security. 60% Of initial compromises took 1 minute or less time – there is a security incident every 7 minutes Results in: Increased costs Lost revenue Reputation damage Performance degradation Heavy fines Career limiting 43% Of companies experienced a data breach in the past year – on average, now 6 successful data breaches occurring a day $20m Average cost due to data breach – these costs are increasing 10% a year Source: Verizon 2015 Data Breach Investigations Report (worldwide findings)

3 The Business Problem and Security’s Role
THREATS ARE EVERYWHERE ORGANIZATIONS MUST STAY COMPETITIVE NETWORK SECURITY MUST ENABLE BUSINESS GOALS Advanced adversaries and emerging threat factors Malware walks in with your employees Zero day and targeted attacks Security technology sprawl Threat surfaces expanding Attack frequency and cost increasing Move to Virtualized Services Delivery (NFV/SDN) DevOps BYOD Cloud as a platform for innovation Security analytics (what’s happening on my network?) Physical and Virtual security Performance, resilience, and efficacy where it matters Centralized intelligence and control OPEN – for the broadest and most effective threat defense THE BOTTOM LINE: Effective security must tackle a multitude of issues and… Reduce time to protect Not inhibit end user experience or productivity

4 Juniper Security Solutions Solve Business Problems
Security Technology Sprawl Network Visibility: Centralized, instant policy updates across network Proliferation of security devices Visibility is obscured Sea of alerts: signal to noise Threat Surfaces Expanding Consistent Enforcement: physical and virtual Virtualized and hybrid models BYOD Internet of everything Attack Frequency And Cost Threat Defense and Intelligence: Reduces time to protect Average cost of breach: $20m Increasing 10% per year Damage…incalculable

5 Centralized Management and Analytics

6 Security Director – Centralized Management
Dashboard Firewall Policy Threat Map Events and Logs Application Visibility

7 Newly Enhanced Security Director Graphical, Intuitive, Network Wide Visibility
Dashboard Fully and easily customizable, reduced click navigation! Thirty-eight predefined widgets to view what is important to you Firewall Policy Separate views for policy rules and device rules Instant analysis during creation of rules, with recommendations Threat Map Integrated map and table of threat event data Blacklist threatening IP’s with a single click and detailed regional threat data Events and Logs Industry leading visualization for easy scanning across event types for better analysis Application Visibility Granular control & visualization for applications, users and features Rate limit or block user from application with one click

8 Juniper Secure Analytics
Extensive analysis of data and events for real time analysis and anomaly detection in the network Extensive Data Sources… … Suspected Incidents Security devices Servers and mainframes Embedded Intelligence Network and virtual activity Automated data collection, asset discovery and profiling Automated, real-time, and integrated analytics Massive data reduction Activity baselining and anomaly detection Out-of-the box rules and templates True Offenses Data activity Application activity Automated Offense Identification Configuration information Vulnerabilities and threats Users and identities Global threat intelligence

9 SRX Series – Campus and Branch Portfolio

10 Branch SRX Series Retail Office <50 Users Small Branch Users Mid Branch Users Mid-Large Branch Users Large Branch Users 8xGE (w/ 2xSFP) Desktop form factor Fanless design MAC-Sec (2xSFP) IMIX Performance Routing : 500 Mbps Firewall : 500 Mbps IPSec : 100 Mbps NGFW* : 50 Mbps 8xGE (w/ 2xSFP) 2x MPIM Slots MAC-Sec (2xSFP) Optional POE SKU IMIX Performance Routing : 500 Mbps Firewall : 500 Mbps IPSec : 100 Mbps NGFW* : 50 Mbps 16xGE (w/ 8xSFP) 1U Rack Mount 4x MPIM Slots MAC-Sec (16xGE) OOB Mgmt port (1xGE) IMIX Performance Routing : 1.0 Gbps Firewall : 1.0 Gbps IPSec : 200 Mbps NGFW* : 100 Mbps 16xGE (w/ 8xSFP) 1U Rack Mount 4x MPIM Slots MAC-Sec (16xGE) OOB Mgmt port (1xGE) IMIX Performance Routing : 2.0 Gbps Firewall : 2.0 Gbps IPSec : 300 Mbps NGFW* : 200 Mbps 10xGE (w/ 4xSFP) 2U Rack Mount 2x MPIM + 6x GPIM 1 + 1 AC / DC PSU IMIX Performance Routing : 3.0 Gbps Firewall : 3.0 Gbps IPSec : 350 Mbps NGFW* : 300 Mbps SRX300 SRX320 SRX340 SRX345 SRX550-M Extending our lead in branch SRX with performance boost and new management enhancements (UI) *NGFW = Client Side IPS + AppFW + External Logging

11 New Look and Feel On-box GUI
Improved On-box UI: Easier on-box configuration Phased enhancements to on-box UI modeled after Security Director UI for consistency in experience Workflow improvements Available for all SRX models (physical and virtual) Ability to store 6 months of logging and reporting (SSD)

12 Proven Branch SRX Success
Key Highlights Top Customers More than 500,000 devices deployed in last 4 years 30,000+ customers from 47 countries 7 out of top 10 customers are run-rate business First half of 2015 is growing faster than 2014 Recent Largest Wins 7-Eleven – 6,500 (+7,000) Stores (SRX210) Genuine Parts – 6,000 Stores (SRX210 POE) Starbucks – 8,000 Stores (SRX100 & SRX220) Barclays – 2,500 Branch Offices (SRX220) Russian Police – 3,500 Branch Offices (SRX240) RESTRICTED JUNIPER CONTENT – ONLY SHARE UNDER SIGNED NDA

13 1 2 3 Branch SRX Key Differentiators High Performance
2X – 5X higher performance than comparable Cisco ISR Higher scale for distributed enterprise networks 2 Junos & Automation Robust routing, high availability and zero touch deployment Automation capabilities reduce time to deployment, simplifies management 3 Cost Effective Extensive connectivity options with high on-board density Pay as you grow, utilize only what you need

14 Mid-Range SRX1500 for Campus
High performance threat protection for cloud enabled enterprise Open, Flexible Architecture High-Performance Hardware Advanced Security Services X86 based, VMWare support Virtualized architecture Fast integration of new services Consistency across physical and virtual environments FPGA based PFE L3/L4 firewall fast path in FPGA Layer 7 and crypto on x86 CPU 5x improvement in small packet size perf; 6-7µs latency Support for Advanced Threat Defense and Intelligence Full suite of NGFW and layer 7 security services (AppSecure, UTM, IPS) *NGFW = Client Side IPS + AppFW + External Logging

15 Positioning the Branch and Campus SRX Series
SRX550-M SRX1500 Retail Office <50 Users Small Branch Users Mid Branch Users Mid-Large Branch Users Large Branch Users Campus >500 Users Routing* 500 Mbps 1 Gbps 2 Gbps 3 Gbps 10 Gbps Firewall* 500 Mbps 1 Gbps 2 Gbps 3 Gbps 10 Gbps IPSec* 100 Mbps 200 Mbps 300 Mbps 350 Mbps 1 Gbps NGFW* 50 Mbps 100 Mbps 200 Mbps 300 Mbps 1.5 Gbps *NGFW = Client Side IPS + AppFW + External Logging – ALL numbers are projections

16 vSRX 2.0 - The Industry’s Fastest and Most Efficient Virtual Firewall Now Shipping
Industry’s Highest Efficiency per Core 17Gbps large packet FW performance and 4Gbps IMIX Highest performance – and lowest TCO – per core 4x performance boost over vSRX 1.0! IMIX FW Throughput (Gbps) Rich Routing & Network Capabilities VPN connectivity and routing features in a flexible virtual machine format based on proven Junos OS foundation Full HA, dedicated management interface Advanced Security Services Integrated UTM including IPS, Full Anti-virus, Anti-spam, Web-filtering, Content filtering and AppSecure Managed by Junos Space Security Director JUNIPER NETWORKS COMPANY CONFIDENTIAL. NDA ONLY

17 2T The Right Fit - SRX Series Product Line Branch Edge Data Center
Data Center Core SRX and vSRX scale across many dimensions: throughput, connections per second, use case Move slide 19 & 20 to after the slide 16. Then talk about 2Tbps off of slide 19. Up to 2Tbps IMIX throughput and 100 million concurrent sessions scaling SRX5800 2T SRX5600 Capacity 1T SRX5400 SRX3600 SRX3400 100G SRX1500 vSRX 2.0 (Virtual SRX) SRX1400 vSRX (Virtual SRX) 10G SRX550-M SRX650 SRX550 SRX300 SRX320 SRX340 SRX345 SRX240 1G SRX220 SRX110 SRX210 SRX100 Integrated Routing, Switching and Security Unprecedented Scale Common Junos Operating System

18 Advanced Security Services

19 Juniper Security Services
Next Generation Firewall Unified Threat Management Threat Defense and Intelligence Application Control & Visibility Anti-virus Spotlight Secure Threat Intelligence Intrusion Prevention System Web / Content Filtering Sky Advanced Threat Prevention User-based Firewall Anti-spam Rich Reporting and Analytics SRX Foundation Stateful Firewall Management Reporting Analytics NAT IPSec VPN Routing Automation

20 Next Generation Firewall
Application Security AppSecure NGFW Traffic App Visibility AppID Meta data IPS App Control User Role FW AppQoS

21 Unified Threat Management Services
We also provide UTM services, like Anti-Virus, and Anti spam For these services, we partner with best-of-breed providers, like Sophos for Anti-virus. And WebSense for Web filtering. These are deployed as software modules for SRX or add-in for Firefly – easy to install and of course centrally managed through Security Director. And all of these services are optional, so you can pick and choose the ones you want, and have them execute in specific firewalls. This gives our customers a lot of flexibility, and they pay only for what they use. Anti-Virus Anti-Spam Web Filtering Content Filtering Protection from top- tier AV partner Reputation-enhanced capabilities Multilayered spam protection from security experts Protection against APTs Block malicious URLs Prevent lost productivity Filter out extraneous or malicious content Maintain bandwidth for essential traffic

22 Spotlight Secure Threat Intelligence
Threat Defense and Intelligence Spotlight Secure Cloud Actionable threat intelligence: Command and control threats GeoIP location information Open Scalable High capacity Effective Adaptive Command & Control GeoIP feed Other threat intelligence Junos Space Security Director Spotlight Secure Connector SRX

23 Sky Advanced Threat Prevention
NEW Sky Advanced Threat Prevention QUARANTINE AREA Threat Defense and Intelligence SRX Series Sky Advanced Threat Prevention Sandbox (Dynamic Analysis) Static Analysis, AV, Caching ATP Cloud-based, network sandbox Integrated in SRX for inline detection and blocking Protects against unknown and zero day network threats Key Differentiators: Bi-directional integration and communication with Spotlight Secure delivers wealth of threat data for analytics and network wide remediation Utilization of techniques beyond sandboxing to expose evasive malware

24 Summary

25 Juniper Security Architecture
Pervasive and Dynamic Security Reduces Time to Protect Comprehensive Solutions: Centralize and automate security Juniper Threat Defense Intelligence in the Cloud Spotlight Secure Threat Intelligence Sky Advanced Threat Prevention C&C, GeoIP feed, other threat intelligence Threat Defense and Intelligence Juniper Secure Analytics Centralized policy management Security Director Central Mgmt Policy, App Visibility, Threat Map, Events High Performance Network Security Application Security Services AppSecure, IPS, AV, Web Filtering, AS, APT Right size firewall for every need – physical or virtual SRX Series Physical Firewall vSRX Virtual Firewall Network Infrastructure

26 Securing Your Network is Now Simpler and Faster
Comprehensive and nimble: Centralize and automate security Pervasive and Dynamic Security INSTANT THREAT INTELLIGENCE, ADVANCED THREAT PREVENTION Onsite Security Security Director vSRX Virtual SRX Physical Secure at all points, all layers Now that you can clearly see your network as a single logical switch, you are also able to secure it at any point and at any network layer. Malware and bad actors can lurk in many layers of the network and cannot always be caught in an overlay situation. Sandboxing intruders and bad actors can be done many ways, but the technology available today is inferior when it requires replication of an exact environment for the intruder. For example, if you have to re-spin a new virtual machine that’s the same exact environment where the existing intruder exists, you’ll have to figure out the software compatibility of virtual machines and then those virtual machines with operating systems. Having to maintain an ecosystem of software compatibility to be able to isolate intruders becomes a large project in itself. [Click] A much more effective way, is to immediately segment out the intruder or bad actor by putting them into a quarantine area for example. The technology exists and it is much easier to utilize existing network capabilities rather than creating yet another layer of complication and operational headache. Juniper can provide visibility and centralized network policy control utilizing policy engine and SDN controller functionality to stop threats faster and more effectively from cost and efficiency perspective. Instantly update, deploy access policy throughout entire network Junos Fusion Enterprise Greater visibility allows for faster location and isolation of intruder QUARANTINE AREA

27 Thank You

Download ppt "Juniper’s Enterprise Security Solutions"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.

THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
1 © Copyright 2013 Fortinet Inc. All rights reserved. Fortinet High Performance Network Security Data Connectors – Los Angeles Edwin Mendoza – Manager.

1 © Copyright 2013 Fortinet Inc. All rights reserved. Fortinet High Performance Network Security Data Connectors – Los Angeles Edwin Mendoza – Manager.
Www.cyberoam.com © Copyright 2012 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. Securing You Cyberoam Virtual UTM Our Products Unified Threat Management.

© Copyright 2012 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. Securing You Cyberoam Virtual UTM Our Products Unified Threat Management.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Bucharest, July 31, 2012 | Bitdefender 2012 Cloud Security for Endpoints Customer Presentation.

Bucharest, July 31, 2012 | Bitdefender 2012 Cloud Security for Endpoints Customer Presentation.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Citrix Partner Update The Citrix Delivery Centre.

Citrix Partner Update The Citrix Delivery Centre.
SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.

SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
©2015 Check Point Software Technologies Ltd. 1 Dallas Data Connectors 2015 Hank Johnson, Area Manager Check Point Software Technologies SECURITY OBSERVATIONS.

©2015 Check Point Software Technologies Ltd. 1 Dallas Data Connectors 2015 Hank Johnson, Area Manager Check Point Software Technologies SECURITY OBSERVATIONS.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
PURE SECURITY Check Point UTM-1 Luděk Hrdina Marketing Manager, Eastern Europe Check Point Software Technologies Kongres bezpečnosti sítí 11. dubna 2007,

PURE SECURITY Check Point UTM-1 Luděk Hrdina Marketing Manager, Eastern Europe Check Point Software Technologies Kongres bezpečnosti sítí 11. dubna 2007,
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Barracuda Load Balancer Server Availability and Scalability.

Barracuda Load Balancer Server Availability and Scalability.

Similar presentations

Ads by Google