Stop Threats Faster

Vaishali Ghiya & Dwann HallJuniper Networks

This statement of direction sets forth Juniper

Networks’ current intention and is subject to

change at any time without notice. No purchases

are contingent upon Juniper Networks delivering

any feature or functionality depicted in this

presentation.

This presentation contains proprietary roadmap

information and should not be discussed or shared

without a signed non-disclosure agreement (NDA).

Software DefinedSecure Networks

Vaishali Ghiya

Sr. Director, Security Sales

vghiya@juniper.net

Data is the new Gold AS VALUE INCREASES SO DOES CYBERCRIME

80%of black-hat

hackers are

affiliated with

organized

crime

2.1$

Cybercrime will become a

TRILLION

business By 2019

357MNew unique pieces of

malware in 2016

1 IN131In 2016

emails contained malware,

the highest rate in five years

1.1Bidentities were exposed in 2017

360KRansomware attacks in 2016

Source: Symantec Internet Security Threat Report 2017, Verizon 2016 Data Breach Investigations Report

5

Today’s Threats Are More Complex Than Ever

Realize threats are everywhere. They are already inside. They walked in your front door

Recognize perimeter security isn’t enough. Malware walks in with the employee

Detection and Enforcement should be enabled anywhere

Acknowledge security is everyone’s problem – horizontal and vertical

Sandboxw/Deception

StaticAnalysis

ATP

Sky Advanced

Threat Prevention Cloud

Software Defined Secure Networks: Network As A Firewall

Security Director + Policy Enforcer

Policy Enforcement, Visibility, Automation

SRX Physical Firewall

vSRXVirtual Firewall

MX Routers*

EX & QFX Switches

Third Party Elements*

DETECTION

POLICY

Detection(Machine Learning)

Centralized

policy push

EnforcementMulti-cloud

1 2

34

Network asa Firewall

DETECTION

ENFORCEMENT

Manual Threat Workflows

Threat Detection Enforcement Delays

Vendor specific threat feeds

Multiple Teams

Automated Threat Remediation

Automation across Network & Security

Open API and 3rd Party Threat Feed Collation

Cohesive Threat Management System

SDSN – Threat Remediation Use Case

Incident Response

Net-Sec Operations

EndpointSecurity

Malware Found

TKT

TKT

Feed

Feed

SDSN Simplified Scenario: Traveling Employee

!

Arrivals Departures

www.pdf.com

SDSN Simplified Scenario: Sunnyvale HQ

L2 VLAN

!

SDSN Simplified Scenario: Sunnyvale HQ

L2 VLAN

Command & Control Server

01010101010101010 01110101 01101110 01101001 01110000

Customer

SRX

Sandboxw/Deception

StaticAnalysis

ATP

Sky Advanced

Threat Prevention Cloud

Infected Laptop AddressMAC: 3A-34-52-C4-69-b4

IP: 172.16.254.3

Sandboxw/Deception

StaticAnalysis

ATP

Sky Advanced

Threat Prevention Cloud

SDSN Simplified Scenario:Sunnyvale Campus

Command & Control Server

L2 VLAN

Third PartyThreat Intel

Security Director + Policy Enforcer

Policy Enforcement, Visibility, Automation

SRX

Physical Firewall

vSRX

Virtual Firewall

MX Routers*

EX & QFX Switches

Third Party Elements*

DETECTION

POLICY

DETECTION

ENFORCEMENT

POLICY

Quarantined

Sandboxw/Deception

StaticAnalysis

ATP

Sky Advanced

Threat Prevention Cloud

SDSN Simplified Scenario: San Francisco Campus

Command & Control Server

L2 VLAN

Third PartyThreat Intel

Security Director + Policy Enforcer

Policy Enforcement, Visibility, Automation

SRX

Physical Firewall

vSRX

Virtual Firewall

MX Routers*

EX & QFX Switches

Third Party Elements*

POLICY

DETECTION

ENFORCEMENT

Quarantined

DETECTION

Infected Laptop Address MAC: 3A-34-52-C4-69-b4

NEW IP: 174.12.254.3

SDSN Simplified: Network As a Firewall

Sandboxw/Deception

StaticAnalysis

ATP

Sky Advanced

Threat Prevention Cloud

Security Director + Policy Enforcer

Policy Enforcement, Visibility, Automation

SRX Physical Firewall

vSRXVirtual Firewall

MX Routers*

EX & QFX Switches

Third Party Elements*

DETECTION

POLICY

Detection(Machine Learning)

Centralized

policy push

EnforcementMulti-cloud

1 2

34

Network asa Firewall

DETECTION

ENFORCEMENT

SRX Product Line EvolutionNew hardware platforms & software innovations

8U, 960Gb/s

1U, 5 Gb/s

SRX5800

00

SRX5600

SRX1500SRX550

SRX5400

5U, 480 Gb/s

16U, 2Tbps

Compact

Campus

Mid-sized Data

Center

Large Data

Center

Very Large

Data Center

/SP

Branch

Refresh

MIDRANGE

HIGH END

SRX300/320/

340/345

LOW END

BRANCH &SECURE ROUTER

SMALL CAMPUS

ENTERPRISE EDGE/SMALL DATA CENTER DATA CENTER

vSRX – Virtual SRX

4 Gb/s (2 vCPU)

20 Gb/s (upto 10 vCPU)

Small Data

Center

NDA: Juniper Networks Company Confidential All performance estimates are IMIX

SRX4100

1U, 20 Gb/s

SRX4200

1U, 40 Gb/s

SRX4600

1U, 80 Gb/s

SRX4800

3U, 320 Gb/s

Small RU footprint 1U, 2 SKUs with 20G and

40G Throughput

Low power consumption

8 ports of 10G

Based on off-the-shelf hardware components

X86 CPU for advanced security services

Platform

Significant improvement in price/performance

Excellent FW/NAT IMIX performance for Mid-

range Firewall (20Gbps to 40Gbps)

Excellent NGFW performance

(5 Gbps to 10 Gbps)

Dramatically improved throughput, session &

connections per second scale

Performance Targets

SRX 4100 & SRX 4200 High Performance Mid-range Platform

Juniper Confidential – Subject to Change

Security Director: Application Visibility1. Interactive/Graphical

Summary of

Applications.

2. Data from different

angles.

3. Who is using what

4. Perform correcting

and troubleshooting

actions - –identify,

allow, block or limit

usage

5. Toggle to launch to

details Grid view

1 2

3

5

4

Security Director: Threat Map1. Map shows threat count

by region

2. Easy to filter according to

threat type, severity, and

source/destination

3. Table has ability to filter

map results and view

related events

- Table shows details of

threat events according to

filters

4. Ability to zoom into a

region for filtered threat

view details

1

2

3

4

01101010 01110101 01101110 01101001 01110000

Sky Advanced Threat PreventionSolution Overview

Customer

SRX

Juniper Cloud

Customer

Sandboxw/Deception

StaticAnalysis

ATP

1. SRX extracts potentially malicious objects and files

2. SRX sends potentially malicious content to Advanced Threat Prevention cloud

3. Advanced Threat Prevention cloud performs static and dynamic analysis

4. Advanced Threat Prevention cloud provides malware results and C&C server data to the SRX

5. SRX blocks known malicious file downloads and outbound C&C traffic

Sky Advanced

Threat Prevention Cloud

Cloud Infrastructure

Multiple

Anti-Virus

Cache

Inline

Blocking

Sandbox

Static

Analysis

Sky Advanced Threat Prevention Cloud

Potentially

malicious files

Behavioral

AnalysisDeception

Machine Learning

• Verdicts determined at every level

• Additive verdict determination ensures accuracy

• Over 50 deception techniques employed to trick malware into exposing itself

Juniper Advanced Threat Detection – Lateral Spread

Internet

Perimeter

SMART ANALYTICS

Lateral threat migration indicates

progression through cyber kill chain.

Collectors capture that traffic too.

Malicious Email

Malicious Web

Hybrid Cloud: vSRX in Transit VPC for AWS

vSRX vSRX

VPC 1 VPC 2 VPC N

Internet

Transit VPC

VPN overDirect Connect

Backup VPN

AZ 1 AZ 2

Transit VPC

• Inter-VPC connectivity over VPN

• Security group securing VPC workloads

• Inter-VPC security (IDS/IPS, NextGen Firewall) on vSRX

• Redundancy through dynamic routing - BGP

• Fully automated – VPNconnections to new VPCs with zero touch

vSRX differentiators

• High performance

• Integrated routing and security

• Higher scale of VPC support

Juniper Security Services Overview

SRX Foundation Services

Next Generation Firewall

Services

Firewall NAT VPN Routing

Application Control &

Visibility

User-based Firewall

Unified Threat Management

(Known Threats)

Anti-virus

Intrusion Prevention Web/Content Filtering

Anti-spam

Threat Intelligence

Platform

Botnets/C&C

GEO-IP

Custom Feeds, APT

Management Reporting Analytics Automation

Cloud Based

Advanced Anti-Malware

(Zero Day)

Sandboxing

Evasive Malware

Rich Reporting, Analytics

Advanced Policy Based Routing (AppRoute/APBR)

Applications N

MPLS

Internet

Corporate HQ

Branch

Enterprise App Server

PY-EZ

One JUNOS Software

OPEN PLATFORM

Juniper Automation and Orchestration Solution

ON-BOX

OFF-BOX

THIRD PARTY

API BASED

Ruby-EZ SLAX ZTP

SDN

NETCONF

MHNorthStar

JUNOS Space

Contrail

JUNOS SDK Network Director Security Director

Puppet Chef Ansible

OpenClosJuniper Openstack Plug-in Juniper Cloudstack Plug-in

JUNOS SDK

26

Live Demo

Software Defined Secure Network Demo – Aruba

Enforcement on Cisco Switch

Dwann A. Hall

Sr. Security Solutions Specialist

Solution Components

Product Description

Junos Space 17.1R2 Network Management Platform

Security Director 17.1R2 PE UI and SRX policy deployment

Policy Enforcer 17.1R2 (PE) User intent policy for threat management, deployment with

Juniper Switches as well as integration with Aruba Clear

Pass and Cisco ISE for 3rd party Switch enforcement

SRX with Sky ATP Sky ATP for threat detection and feeds

v/SRX for malware file scanning and policy enforcement

Aruba Clear Pass / Cisco ISE Integration w/ Network Access Control (Radius/802.1x)

Juniper and (or) 3rd party

Switches

Infected host tracking and enforcement (block/quarantine)

SDSN in a Third-Party Switched NetworkSKY ATP

SRX

EX/QFX

EX/Cisco

Radius Access Server

Cisco S/W

1. End user authenticates to

network via 802.1x or mac

authentication

2. Sky detects End Point getting

the infected

3. Policy Enforcer downloads the

Infected Host Feed.

4. PE enforces the Infected Host

policy with the 3rd Party SW

Connector calling the generic

API

5. 3rd Party Connector

• queries AAA Server for

Endpoint details for Infected

Host IP

• initiates CoA for the Infected

Host mac.

6. CoA action could be block or

quarantine vlan.

7. Enforcement happens on the

NAC device End Point

authenticated on.

8. Policy enforcer Communicated

the end host details back to sky

1

2

3

6

7

Juniper 3rd Party Wireless

Policy Enforcer

3rd Party

SW

Connector

Cloud

Feed

Server

Feed

Collector

Policy

Controller

Remote

Feed

Server

Connector

Framework

Connector

API

4

5

Demo SDSN Enforcement via Aruba Clear Pass

User vlan 10Quarantine vlan 99

DEMO

Juniper SDSN Network as a FirewallKey Take Aways

Deploy alongside your existing firewalls • No changes required to existing firewalls

Automates the threat remediation in a significantly reduced time• Block or quarantine any infected host from connecting to the network

Stop threats faster - minimize horizontal spread of malware• Significantly reduce business impact