q2 2016 juniper networks education...
TRANSCRIPT
Q2 2016 Juniper Networks Education and Certification WebcastMay 24, 2016
Thank you for joining us!Introducing today’s speakers• Lawrence Rust, Sr. Marketing Manager, Education Services• Elna Samuelsen, Director, Curriculum Development and Certification• Jasun Rutter, Sr. Manager, Curriculum Development and Certification• GUEST SPEAKER – John Lehane, Sr. Product Marketing Manager
Welcome
What’s New
Course and Certification Program Updates
Learning Bytes Update
Software-Defined Secure Networks (SDSN)
1
2
3
4
Agenda
Stay Connected5
• Increase credential validity from 2 to 3 years (removing inactive phase)
• Digital credentialing • Improved lab exam experience• New recertification options
JNCP Enhancements: Update
• Multi-device and multi-user support added• Additional exams being added this year• Stay tuned for more enhancements in the
coming quarters!
Junos Genius Update
What’s New
Course and Certification Program Updates
Learning Bytes Update
Software-Defined Secure Networks (SDSN)
1
2
3
4
Agenda
Stay Connected5
• Two exams will lead to JNCIP-ENT certification• JN0-643 based on non-ELS code• JN0-646 based on ELS code
• Design exam track• JNCDS-SEC (JN0-1330)• JNCDS-WAN (JN0-1360)
New: JNCIP-ENT, JNCDS-WAN, JNCDS-SEC
Watch http://www.juniper.net/certification for ongoing news about all JNCP credentials
• JNCIA-E, JNCIS-E, JNCIP-E• JNCIA-IDP• JNCIA-WLAN• JNCIA-WX
Certifications EOLing May 31st
Watch http://www.juniper.net/certification for ongoing news about all JNCP credentials
• JNCP exams are updated on an ongoing basis• JNCIA up to JNCIE level• Exams are updated/refreshed on a development cycle
• Sometimes visible (ex. JNCIA-Junos .. JN0-101 -> JN0-102)• Sometimes not
• Ensures freshness of item pool• Ensures security of exams
Ongoing Update for JNCP Exams
Q1 2016• New
• Junos MPLS Fundamentals (JMF)
• Updates• Network Automation Using
Contrail Cloud (NACC) 2.21• Formerly Configuring and
Monitoring Contrail (CMC)• Now 2 days
• Junos Space Essentials (JSE) 15.1
New and Updated Courseware
Q2 2016• New
• Junos Layer 2 VPNs (JL2V)• Advanced Data Center Switching
(ADCX)• Juniper Networks Design in the
WAN (JND-WAN)
• Updates• Junos Space – Security Director
(JS-SD) 15.1• Now 2 days
• New data center professional-level certification in Q3• Resources will include:
• Data Center Switching (DCX)• Troubleshooting Data Center Switching (TDCX)• Advanced Data Center Switching (ADCX)
Coming Soon: JNCIP-Data Center (DC)
Watch http://www.juniper.net/certification for ongoing news about all JNCP credentials
JNCP Website Resources page:http://www.juniper.net/us/en/training/certification/resources.html
J-Net Training, Certification Career Forum:http://forums.juniper.net > Training, Certification, and Career Topics
Courseware: www.juniper.net/courses
Labs and Learning: www.juniper.net/labsandlearning
Junos Genius mobile app: www.juniper.net/junosgenius
Other Learning Resources
What’s New
Course and Certification Program Updates
Learning Bytes Update
Software-Defined Secure Networks (SDSN)
1
2
3
4
Agenda
Stay Connected5
Learning Bytes…View the Latest
www.juniper.net/learningbytes or www.youtube.com/junipernetworks
Anycast-RPBasic Session LoggingChassis Cluster IP MonitoringHow to View the Rescue ConfigurationJuniper Technical Assistance Center (JTAC) Recommended Junos Software VersionLog FilteringMSDPRequest Support InformationWANDL DemandsWANDL Failure Simulation ScenariosWANDL Interactive ScenariosWANDL Report ManagerWelcome to WANDL IP/MPLSViewWho's Logged In
What’s New
Course and Certification Program Updates
Learning Bytes Update
Software-Defined Secure Networks (SDSN)
1
2
3
4
Agenda
Stay Connected5
Software-Defined Secure Networks(SDSN)John LehaneMay 24, 2016
Agenda
• SDSN Overview• Enhanced Security Director• Sky ATP• cSRX• vSRX• Summary
• Hybrid cloud deployments growing
• Device proliferation and BYOD
• IoT and big everywhere
• Zero day attacks
• Advanced, persistent, targeted attacks
• Adaptive malware
• Virtualization and SDN
• Applications, data, management in the cloud
• Application proliferation
Trends Impacting Enterprise Security
INFRASTRUCTURETHREAT SOPHISTICATION CLOUD
Perimeter Oriented Security
Complex Security Policies
Lateral Threat Propagation
Limited Visibility
Hyper-connected Network Security at Perimeter
Perimeter
Outside(Untrusted)
Internal(Trusted)
Software Defined Secure Network
Perimeter
Outside(Untrusted)
Internal(Also Untrusted)
Simplified Security Policy
Block Lateral Threat Propagation
Comprehensive Visibility
Secure Network
Delivers Zero Trust Security Model
Software Defined Secure Network
Unify and rate threat intelligence, from multiple sources
Create and centrally manage security policy through user-intent based system
Enforce policy in near real time across the network; ability to adapt to network changes
Detection
Enforcement
PolicyUsers & Roles
Departments & Sites
Devices
ApplicationsBusiness
Needs
IT View
Switch PortsVLANsACLs
IPs/SubnetsVRFsACLs
Firewall ZonesRules
Users & Apps
Threats
Location
Your Enterprise Network
Software-Defined Secure Network Juniper Building Blocks
Security from the Cloud
Third Party Cloud Security Feeds
Security DirectorMgmt/UI: Policy, App Visibility, Threat Map, Events
Virtual FirewallsvSRX
SRX SeriesPhysical Firewall
Juniper Cloud Security
Sky Advanced Threat Prevention
Spotlight SecureThreat Intelligence
MX Series Routers
EX & QFX Series Switches
Comprehensive suite of products: Centralize and automate security
Instant threat intelligence and detection
Dynamically adapting policy, deployed in real-time
Consistent firewall capabilities –physical and virtual
Detection
Detection
Detection
Enforcement
Enforcement
PolicySecurity Policy
Controller
Policy
Third Party Network Elements
Juniper Confidential – NDA Only
Enhanced Security Director
Firewall Policy
Threat Map
Events and Logs
Application Visibility
Dashboard
01101010 01110101 01101110 01101001 01110000
Sky Advanced Threat PreventionSolution Overview
CustomerSRX
Juniper Cloud
Customer
Sandboxw/Deception
StaticAnalysis
ATP
1. SRX extracts potentially malicious objects and files
2. SRX sends potentially malicious content to Advanced Threat Prevention cloud
3. Advanced Threat Prevention cloud performs static and dynamic analysis
4. Advanced Threat Prevention cloud provides malware results and C&C server data to the SRX
5. SRX blocks known malicious file downloads and outbound C&C traffic
Sky Advanced Threat Prevention Cloud
100G vSRX VALUE PROPOSITION
5x Increase throughput to the endpoint for mobility and high-bandwidth applications
Multi vCPU allows SPs to scale up and scale out virtual FW
The industry’s highest performance virtual firewall!
Elastic
Comprehensive & Consistent
vSRX Virtual ApplianceAgile
Junos Routing Protocols and SDK
Junos Rich and Extensible Security Stack
Junos Space – Security Director & Virtual Director, CLI, JWEB, SNMP, HA
Firewall
VPN
NAT
Routing
Anti-Virus
IPS
Web Filtering
Anti-Spam
AppID
AppFW
AppQoS
AppTrack
Perimeter Security
Content Security
Application Security
Complete firewall feature set for common features across all firewalls and L4-L7 services
Juniper Confidential – NDA Only
cSRX – SRX in a Containerized Environment
Junos Rich and Extensible Security Stack
Junos Space – Security Director & Virtual Director, CLI, JWEB, SNMP, HA
Firewall
VPN*
NAT*
Anti-Virus
IPS
Web Filtering
Anti-Spam
AppID
AppFW
AppQoS
AppTrack
Perimeter Security
Content Security
Application Security
The industry’s first firewall purpose built for container applications!
Elastic
Comprehensive & Consistent
Container applications are inherently isolated but not securecSRX Container Virtual Appliance
AgilePurpose built virtual appliance delivering L2 - L7 Firewall services for container applications and delivering micro-services
Small memory and compute footprint delivering higher number of instances with sub-second boot-up times
Comprehensive security services with the agility required by container environments for distributed applications
Juniper Confidential – NDA Only
*roadmap items
Example Use Case: Enterprises with Applications Running Containerized Workloads
1. Simplify management with a single pane of glass with Security Director, providing visibility of security policies
2. Dynamic & automated micro-segmentation with Contrail integration
3. Enable elasticity to spin up new services quickly with minimal system resource; quickly repurpose resources when not needed
4. Deploy with agility for security ofmicro-services, distributed applications requiring scale-out security.
Juniper Confidential – NDA Only
Internal Firewall
Finance HR Engineering
APP
DMZ
DB
North
South
EastWest
L4-L7 security
cSRX
cSRX
cSRX
L4-L7 security
L4-L7 security
L4-L7 Traffic
L4-L7 Traffic
Security Director
SDSN – Core principles User-intent based policy definition Expressed through either WebUI, Declarative language (e.g., Datalog) Different presentation layers built on top of same REST APIs
Policy definition based on requirements rather than traffic pattern E.g., north-to-south, east-to-west
Pervasive security A solution approach to security
Provision policies instead of individual feature and functionality on a device Every device in network (switches, routers, firewall) a enforcement point
Unified framework for policy and threat management A single pane of glass for all policy configuration & management A single pane of glass for managing threat information
Sky ATP, Spotlight Secure, Attivo, etc.
• SDSN Video• https://www.youtube.com/watch?v=dTMGw5Byi8E
• Sky ATP Video• https://www.youtube.com/watch?v=K-Tqm3xmOcQ
• Security Director• https://youtu.be/IN0g7SUfFQ0• SD App is available on iTunes and Google Store
Summary
User-intent – Policy definition (1/2) Detect and track infected hosts in a department on Campus Define Campus A user created object that represent a site (campus)
Define department/group User (HR-users), device (Windows machines), application (Web servers)
o LDAP, DNS, RADIUS, CMDB, systems for identity mappingDefine Infected host (provision threat management service) Configure external threat sources
o Sky ATP, Spotlight Cloud Configure malware detection profile
o Files to be examined by Sky ATP Configure infected host detection profile
o Infected host detection by Sky ATP
User-intent – Policy definition (2/2)Use rules and other construct to create policy Rules
o Block C&C servers based on threat management profileo Detect and block malware based on threat management profileo Identify and block/quarantine infected hosto Track the infected host
• DHCP server/ARP for IP-MAC binding• Detect MAC moves
Wheno One-time, Always, Periodically
Whereo Policy Enforcement zone (A group within a site or a site/site-group)
User-Intent – Presentation layerPolicy definition workflow
What’s New
Course and Certification Program Updates
Learning Bytes Update
Software-Defined Secure Networks (SDSN)
1
2
3
4
Agenda
Stay Connected5
Program Director – Elna Samuelsen – [email protected]
@JuniperCertify
Training, Certification, and Career Forum
Certification Program website: www.juniper.net/certification
Customer Service alias: [email protected]
Stay Connected
Thank youThank you