SlideShare une entreprise Scribd logo

Scalable and open NG security by Juniper Networks

MarketingArrowECS_CZ
MarketingArrowECS_CZ

Karel Hendrych, Juniper Networks Juniper Day, Praha, 13.5.2015 Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf (kliknutím na tlačitko v dolní liště snímků).

Technologie
1  sur  30
Télécharger pour lire hors ligne
Scalable and open NG security by Juniper Networks Karel Hendrych Sr. Systems Engineer khendrych@juniper.net April 2015
AGENDA INTRO SECURITY INTELLIGENCE EXAMPLE PLATFORM FRESH IPS COMPETETIVE AUTOMATION NEXT STEPS
JUNIPER NETWORKS TODAY
COMMITTED TO INNOVATION AND INVESTMENT Security is core to our business at Juniper First to ship 100GbE interface Innovating in SDN/NFV, network automation New in 2014: A differentiated approach to security with our open, integrated threat intelligence platform New in 2015: Leveraged custom silicon and software to deliver breakthrough performance and scale in the High End SRX 2 TbpsThroughput Dedicated Innovator Global Powerhouse Serving customers in over 47 countries, with a worldwide community of over 1000 Reseller Partners Significant Market Share High-End Firewalls1 1. Infonetics Research Q2’2014 2. Gartner Carrier Class Network Firewalls Report, Q4’14 Carrier-Class Network Firewalls2 # 2 # 2
FIREWALL REALITY ;-)
Solving the Problem Tailored Security for Critical Assets Get maximum PERFORMANCE & easily SCALE to adapt to the future Stop all types of attacks with BEST-IN-CLASS SECURITY Ensure your network is always AVAILABLE with easy, secure ACCESS to optimize productivity
EVOLUTION OF FIREWALL  Open platform delivers more value  Scalable to ensure full enterprise or service provider deployment  Built for expansive data capacity  Improved efficacy, with fine-tuning  Adaptive in its ability to incorporate many types of data into policy  Security Intelligence! Layer 7 Layer 3 Next-gen firewall Dynamic Adaptive Platform Traditional firewall Closed Open
SRX Differentiators HIGH PERFORMANCE and SCALE with maximum throughput, session scale, ISSU, and ISHU OPEN THREAT INTELLIGENCE leveraging threat feeds from multiple sources to deliver automated enforcement SECURE AND RESILIENT under attack with separate control and data planes and multiple processing cores INTEGRATION of physical and virtual solutions (vSRX) to deliver visibility, security, and compliance APPLICATION AWARENESS with AppSecure to stop application borne security threats and manage application usage
JUNOS Architecture: Separate Data and Control Plane ControlPlaneDataPlane Physical Interfaces PACKET FORWARDING DOS & DDOS ATTACKS Attacks overwhelm the box Administrator loses management access – your network is down Attacks can be thwarted Under attack, administrator maintains management access to modify policy, disallow bad traffic, and process good traffic – your network stays up SHARED PLANE MODULEN INTERFACES MANAGEMENT ROUTING … KERNEL DATA MANAGEMENT ROUTING DOS & DDOS ATTACKS
SRX Series Services Gateways 100G Up to 1.2 Tbps FW throughput and 100 million concurrent sessions scaling High-End SRX Single Junos Unprecedented ScaleIntegrated Routing, Switching and Security 1G 10G Branch SRX SRX3400 SRX100 SRX210 SRX220 SRX240 SRX650 BRANCH CAMPUS DATA CENTER SRX110 SRX550 SRX1400 SRX3600 SRX5400 SRX5800 SRX5600 1 Tbps vSRX
Juniper Security Architecture Overview VR VR Virtualized Servers Multi Tenant Hypervisor VM VM vSRXvSRX Virtualized Host Single Tenant vSRX VR Hypervisor MX Enterprise Branch SRX WAN Hybrid Cloud MX Security Director/ Virtual Director/Log Director Internet OSS/BSS High End SRX Cluster VM VM Customer Portal VM VM
AGENDA INTRO SECURITY INTELLIGENCE EXAMPLE PLATFORM FRESH IPS COMPETETIVE AUTOMATION NEXT STEPS
Firewall Management IPsec VPN Management Network Address Translation (NAT) management Intrusion prevention (IPS) management Application-level policy management Publish WorkFlow: Manage policy changes with review/approve cycle Junos Space Security Director Management AUTOMATES • Delivers scalable and responsive security management • Improves the reach, ease, and accuracy of security policy administration • Enables quick and intuitive web-based management of security policy lifecycle • Integrated with Spotlight Secure, open threat intelligence platform UTM unified threat management Threat Intelligence Enforcement
Security Intelligence Solution Architecture (1/2) Customer-provided or 3rd Party Threat Data Command & Control GeoIP Attacker Fingerprints Local Attacker Details (API calls) 1 2 3 4 5 SRX Firewalls Aggregated & optimized cloud-based threat intelligence1 Juniper-provided threat intelligence to customer premise2 Local/Customer data incorporated into solution3 Centrally managed by Junos Space Security Director4 Intelligence distributed to SRX enforcement points5 Security Director Spotlight Secure
SecIntel Solution Architecture (2/2) Spotlight Secure Command & Control GeoIP 1 Spotlight Secure Connector 2 Security Director Log Director Space H/W or ESX Space “Fabric” ESX 4 Customer-provided or 3rd Party Threat Data Local Attacker Details 3 1. Aggregated & Optimized cloud-based threat intelligence 2. Juniper-provided threat intelligence to customer premise 3. Local/Customer data aggregated into solution 4. Centralized management by Security Director 5. Scalable (aggregated) intelligence distribution 5
Spotlight Secure cloud service Spotlight Secure – intelligence from the Cloud Spotlight Secure Connector Internal Sources Confidential Sources Mysterious Sources External Sources Spotlight Secure compiles it’s data from multiple sources, using heuristic analysis and machine learning provide the most up to date, actionable, intelligence
USE CASE I. bot command & control mitigation PREVENTING INSIDE TO OUTSIDE COMMUCATION WITH KNOWN BOT COMMAND AND CONTROL CHANNELS – IP/URLs
USE CASE II. Custom whitelists/blacklists and rulebase automation https://provisioning/blacklist1.txt 192.168.2.11 192.168.1.0/24 192.168.1.30-192.168.1.99 https://provisioning/custom1.txt
USE CASE III. GeoIP
AGENDA INTRO SECURITY INTELLIGENCE EXAMPLE PLATFORM FRESH IPS COMPETETIVE AUTOMATION NEXT STEPS
SRX5400 • Ideal for medium to large enterprises and Service Provider networks • Software Security Services • AppSecure and IPS • AV and web filtering • Threat intelligence • Next-generation, high-performance line cards (IOCII) SRX5400 On-board Ethernet 10X10GE-SFPP Optional Ethernet 1GE - SFP 10GE – SFPP 40GE – QSFP 100GE - CFP JUNOS Software Version Support JUNOS 12.3X48 Firewall Performance (w/Express Path) 65 Gbps (240Gbps) Firewall Performance (IMIX) 30 Gbps Firewall Performance (Firewall + Routing PPS 64byte) 8 Mpps (50M PPS) VPN Performance – AES256+SHA-1 or 3DES+SHA 1 20 Gbps AppSecure 50 Gbps Intrusion Prevention System 22 Gbps Connections Per Second (CPS) 420 K Maximum Concurrent Sessions 28 M High Availability A/A or A/P slot cover power supply SPCII Card IOCII card SCB and RE card
AGENDA INTRO SECURITY INTELLIGENCE EXAMPLE PLATFORM FRESH IPS COMPETETIVE AUTOMATION NEXT STEPS
IPS COMPETITIVE • Source: http://forums.juniper.net/t5/Security-Now/7-617-Tests-Later-and- Juniper-s-Firewall-Stops-Threats-Better/ba-p/270404 • Critical/Major/Minor server side protection • Testing Methodology Details: HW/SW version/signature pack: SRX 3400/ 12.1X46D30/ Juniper IDP Signature Database 2454 PAN 500/ 6.0.3/ Signature pack 454-2355 Fortinet VM/ 5.2.2/ Extended IPS DB: 5.00590
AGENDA INTRO SECURITY INTELLIGENCE EXAMPLE PLATFORM FRESH IPS COMPETETIVE AUTOMATION NEXT STEPS
Automation: Unique to SRX and Junos OSS integration Workflow automation NetOps & SecOps tools “off-box” Audits & compliance Change control Troubleshooting & event response “on-box” XML API On the Device Across the Network
PyEZ EXAMPLE dev = Device( user='netconf', host='172.16.0.1', password='test123' ) dev.open() dev.cu.lock() dev.cu.load(set_cfg, format='set') dev.cu.commit() dev.cu.unlock() dev.close() https://techwiki.juniper.net/Projects/Junos_PyEZ
AGENDA INTRO SECURITY INTELLIGENCE EXAMPLE PLATFORM FRESH IPS COMPETETIVE AUTOMATION NEXT STEPS
NEXT STEPS - Q&A session? - Local demo, Partner/Disti/JNPR - Loan of Juniper Equipment - Proof of Concept Labs, nearest in Amsterdam - Mandatory item is a testplan - Professional testing tools - Possibility to bring 3rd party equipment
THANK YOU

Recommandé

Juniper for Enterprise
Juniper for EnterpriseJuniper for Enterprise
Juniper for Enterprise
MarketingArrowECS_CZ
 
Juniper round table switching and product overview
Juniper round table switching and product overviewJuniper round table switching and product overview
Juniper round table switching and product overview
Kappa Data
 
Juniper Networks Product Comparisons
Juniper Networks Product ComparisonsJuniper Networks Product Comparisons
Juniper Networks Product Comparisons
Altaware, Inc.
 
Next Generation Security Solution
Next Generation Security SolutionNext Generation Security Solution
Next Generation Security Solution
MarketingArrowECS_CZ
 
Juniper Networks: Virtual Chassis High Availability
Juniper Networks: Virtual Chassis High AvailabilityJuniper Networks: Virtual Chassis High Availability
Juniper Networks: Virtual Chassis High Availability
Juniper Networks
 
Juniper Chassis Cluster Configuration with SRX-1500s
Juniper Chassis Cluster Configuration with SRX-1500sJuniper Chassis Cluster Configuration with SRX-1500s
Juniper Chassis Cluster Configuration with SRX-1500s
Ashutosh Patel
 
Open stackdaystokyo2016
Open stackdaystokyo2016Open stackdaystokyo2016
Open stackdaystokyo2016
Daisuke Nakajima
 
Open contrailday 20150926
Open contrailday 20150926Open contrailday 20150926
Open contrailday 20150926
Daisuke Nakajima
 

Recommandé

Juniper for Enterprise
Juniper for EnterpriseJuniper for Enterprise
Juniper for Enterprise
MarketingArrowECS_CZ
 
Juniper round table switching and product overview
Juniper round table switching and product overviewJuniper round table switching and product overview
Juniper round table switching and product overview
Kappa Data
 
Juniper Networks Product Comparisons
Juniper Networks Product ComparisonsJuniper Networks Product Comparisons
Juniper Networks Product Comparisons
Altaware, Inc.
 
Next Generation Security Solution
Next Generation Security SolutionNext Generation Security Solution
Next Generation Security Solution
MarketingArrowECS_CZ
 
Juniper Networks: Virtual Chassis High Availability
Juniper Networks: Virtual Chassis High AvailabilityJuniper Networks: Virtual Chassis High Availability
Juniper Networks: Virtual Chassis High Availability
Juniper Networks
 
Juniper Chassis Cluster Configuration with SRX-1500s
Juniper Chassis Cluster Configuration with SRX-1500sJuniper Chassis Cluster Configuration with SRX-1500s
Juniper Chassis Cluster Configuration with SRX-1500s
Ashutosh Patel
 
Open stackdaystokyo2016
Open stackdaystokyo2016Open stackdaystokyo2016
Open stackdaystokyo2016
Daisuke Nakajima
 
Open contrailday 20150926
Open contrailday 20150926Open contrailday 20150926
Open contrailday 20150926
Daisuke Nakajima
 
Juniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCOJuniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCO
Juniper Networks
 
Test
TestTest
Test
Suhendra
 
Aws
AwsAws
Aws
Nyros Technologies
 
Brookfield - White Paper - LGBT Assignees
Brookfield - White Paper - LGBT AssigneesBrookfield - White Paper - LGBT Assignees
Brookfield - White Paper - LGBT Assignees
ymcnulty
 
120409 Ane Flyer
120409 Ane Flyer120409 Ane Flyer
120409 Ane Flyer
dgamache
 
La perdurabilidad en las empresas amiliasde
La perdurabilidad en las empresas amiliasdeLa perdurabilidad en las empresas amiliasde
La perdurabilidad en las empresas amiliasde
mariaperezgamboa
 
Talentis
Talentis Talentis
Talentis
Talentis
 
Jquery Example PPT
Jquery Example PPTJquery Example PPT
Jquery Example PPT
Kaml Sah
 
Student c
Student cStudent c
Student c
workrp80
 
Bicaramu celakamu @rgesit
Bicaramu celakamu @rgesitBicaramu celakamu @rgesit
Bicaramu celakamu @rgesit
R. Gesit Prasasti Alam, PSM®
 
Dela u2 act5_el_contrato_y_su_contenido
Dela u2 act5_el_contrato_y_su_contenidoDela u2 act5_el_contrato_y_su_contenido
Dela u2 act5_el_contrato_y_su_contenido
Soporte_Esca_ST
 
Designing London 2012: the story behind the venues
Designing London 2012: the story behind the venuesDesigning London 2012: the story behind the venues
Designing London 2012: the story behind the venues
dcmsdigital
 
Kenali bentuk asas huruf
Kenali bentuk asas hurufKenali bentuk asas huruf
Kenali bentuk asas huruf
Aiza Husna A Rahim
 
Coastal Georgia Comprehensive Academy: Transition to Home School
Coastal Georgia Comprehensive Academy: Transition to Home SchoolCoastal Georgia Comprehensive Academy: Transition to Home School
Coastal Georgia Comprehensive Academy: Transition to Home School
eeniarrol
 
Pengaruh jenis media tanam
Pengaruh jenis media tanamPengaruh jenis media tanam
Pengaruh jenis media tanam
cahjatilengger
 
INFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfINFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdf
MarketingArrowECS_CZ
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
MarketingArrowECS_CZ
 
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
MarketingArrowECS_CZ
 
Chráníte správně svoje data?
Chráníte správně svoje data?Chráníte správně svoje data?
Chráníte správně svoje data?
MarketingArrowECS_CZ
 
Oracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaOracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management Platforma
MarketingArrowECS_CZ
 
Nové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceNové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database Appliance
MarketingArrowECS_CZ
 
Infinidat InfiniGuard
Infinidat InfiniGuardInfinidat InfiniGuard
Infinidat InfiniGuard
MarketingArrowECS_CZ
 

Contenu connexe

En vedette

Brookfield - White Paper - LGBT Assignees
Brookfield - White Paper - LGBT AssigneesBrookfield - White Paper - LGBT Assignees
Brookfield - White Paper - LGBT Assignees
ymcnulty
 
120409 Ane Flyer
120409 Ane Flyer120409 Ane Flyer
120409 Ane Flyer
dgamache
 
La perdurabilidad en las empresas amiliasde
La perdurabilidad en las empresas amiliasdeLa perdurabilidad en las empresas amiliasde
La perdurabilidad en las empresas amiliasde
mariaperezgamboa
 
Coastal Georgia Comprehensive Academy: Transition to Home School
Coastal Georgia Comprehensive Academy: Transition to Home SchoolCoastal Georgia Comprehensive Academy: Transition to Home School
Coastal Georgia Comprehensive Academy: Transition to Home School
eeniarrol
 

En vedette (15)

Juniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCOJuniper vSRX - Fast Performance, Low TCO
Juniper vSRX - Fast Performance, Low TCO
 
Test
TestTest
Test
 
Aws
AwsAws
Aws
 
Brookfield - White Paper - LGBT Assignees
Brookfield - White Paper - LGBT AssigneesBrookfield - White Paper - LGBT Assignees
Brookfield - White Paper - LGBT Assignees
 
120409 Ane Flyer
120409 Ane Flyer120409 Ane Flyer
120409 Ane Flyer
 
La perdurabilidad en las empresas amiliasde
La perdurabilidad en las empresas amiliasdeLa perdurabilidad en las empresas amiliasde
La perdurabilidad en las empresas amiliasde
 
Talentis
Talentis Talentis
Talentis
 
Jquery Example PPT
Jquery Example PPTJquery Example PPT
Jquery Example PPT
 
Student c
Student cStudent c
Student c
 
Bicaramu celakamu @rgesit
Bicaramu celakamu @rgesitBicaramu celakamu @rgesit
Bicaramu celakamu @rgesit
 
Dela u2 act5_el_contrato_y_su_contenido
Dela u2 act5_el_contrato_y_su_contenidoDela u2 act5_el_contrato_y_su_contenido
Dela u2 act5_el_contrato_y_su_contenido
 
Designing London 2012: the story behind the venues
Designing London 2012: the story behind the venuesDesigning London 2012: the story behind the venues
Designing London 2012: the story behind the venues
 
Kenali bentuk asas huruf
Kenali bentuk asas hurufKenali bentuk asas huruf
Kenali bentuk asas huruf
 
Coastal Georgia Comprehensive Academy: Transition to Home School
Coastal Georgia Comprehensive Academy: Transition to Home SchoolCoastal Georgia Comprehensive Academy: Transition to Home School
Coastal Georgia Comprehensive Academy: Transition to Home School
 
Pengaruh jenis media tanam
Pengaruh jenis media tanamPengaruh jenis media tanam
Pengaruh jenis media tanam
 

Plus de MarketingArrowECS_CZ

Plus de MarketingArrowECS_CZ (20)

INFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfINFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdf
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
 
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
 
Chráníte správně svoje data?
Chráníte správně svoje data?Chráníte správně svoje data?
Chráníte správně svoje data?
 
Oracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaOracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management Platforma
 
Nové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceNové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database Appliance
 
Infinidat InfiniGuard
Infinidat InfiniGuardInfinidat InfiniGuard
Infinidat InfiniGuard
 
Infinidat InfiniBox
Infinidat InfiniBoxInfinidat InfiniBox
Infinidat InfiniBox
 
Novinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeNovinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databáze
 
Základy licencování Oracle software
Základy licencování Oracle softwareZáklady licencování Oracle software
Základy licencování Oracle software
 
Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplno
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. část
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. část
 
Benefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageBenefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): Storage
 
Benefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeBenefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): Compute
 
InfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníkaInfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníka
 
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částExadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
 
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částExadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
 
Úvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyÚvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastruktury
 

Dernier

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Dernier (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Scalable and open NG security by Juniper Networks

  • 1. Scalable and open NG security by Juniper Networks Karel Hendrych Sr. Systems Engineer khendrych@juniper.net April 2015
  • 2. AGENDA INTRO SECURITY INTELLIGENCE EXAMPLE PLATFORM FRESH IPS COMPETETIVE AUTOMATION NEXT STEPS
  • 4. COMMITTED TO INNOVATION AND INVESTMENT Security is core to our business at Juniper First to ship 100GbE interface Innovating in SDN/NFV, network automation New in 2014: A differentiated approach to security with our open, integrated threat intelligence platform New in 2015: Leveraged custom silicon and software to deliver breakthrough performance and scale in the High End SRX 2 TbpsThroughput Dedicated Innovator Global Powerhouse Serving customers in over 47 countries, with a worldwide community of over 1000 Reseller Partners Significant Market Share High-End Firewalls1 1. Infonetics Research Q2’2014 2. Gartner Carrier Class Network Firewalls Report, Q4’14 Carrier-Class Network Firewalls2 # 2 # 2
  • 6. Solving the Problem Tailored Security for Critical Assets Get maximum PERFORMANCE & easily SCALE to adapt to the future Stop all types of attacks with BEST-IN-CLASS SECURITY Ensure your network is always AVAILABLE with easy, secure ACCESS to optimize productivity
  • 7. EVOLUTION OF FIREWALL  Open platform delivers more value  Scalable to ensure full enterprise or service provider deployment  Built for expansive data capacity  Improved efficacy, with fine-tuning  Adaptive in its ability to incorporate many types of data into policy  Security Intelligence! Layer 7 Layer 3 Next-gen firewall Dynamic Adaptive Platform Traditional firewall Closed Open
  • 8. SRX Differentiators HIGH PERFORMANCE and SCALE with maximum throughput, session scale, ISSU, and ISHU OPEN THREAT INTELLIGENCE leveraging threat feeds from multiple sources to deliver automated enforcement SECURE AND RESILIENT under attack with separate control and data planes and multiple processing cores INTEGRATION of physical and virtual solutions (vSRX) to deliver visibility, security, and compliance APPLICATION AWARENESS with AppSecure to stop application borne security threats and manage application usage
  • 9. JUNOS Architecture: Separate Data and Control Plane ControlPlaneDataPlane Physical Interfaces PACKET FORWARDING DOS & DDOS ATTACKS Attacks overwhelm the box Administrator loses management access – your network is down Attacks can be thwarted Under attack, administrator maintains management access to modify policy, disallow bad traffic, and process good traffic – your network stays up SHARED PLANE MODULEN INTERFACES MANAGEMENT ROUTING … KERNEL DATA MANAGEMENT ROUTING DOS & DDOS ATTACKS
  • 10. SRX Series Services Gateways 100G Up to 1.2 Tbps FW throughput and 100 million concurrent sessions scaling High-End SRX Single Junos Unprecedented ScaleIntegrated Routing, Switching and Security 1G 10G Branch SRX SRX3400 SRX100 SRX210 SRX220 SRX240 SRX650 BRANCH CAMPUS DATA CENTER SRX110 SRX550 SRX1400 SRX3600 SRX5400 SRX5800 SRX5600 1 Tbps vSRX
  • 11. Juniper Security Architecture Overview VR VR Virtualized Servers Multi Tenant Hypervisor VM VM vSRXvSRX Virtualized Host Single Tenant vSRX VR Hypervisor MX Enterprise Branch SRX WAN Hybrid Cloud MX Security Director/ Virtual Director/Log Director Internet OSS/BSS High End SRX Cluster VM VM Customer Portal VM VM
  • 12. AGENDA INTRO SECURITY INTELLIGENCE EXAMPLE PLATFORM FRESH IPS COMPETETIVE AUTOMATION NEXT STEPS
  • 13. Firewall Management IPsec VPN Management Network Address Translation (NAT) management Intrusion prevention (IPS) management Application-level policy management Publish WorkFlow: Manage policy changes with review/approve cycle Junos Space Security Director Management AUTOMATES • Delivers scalable and responsive security management • Improves the reach, ease, and accuracy of security policy administration • Enables quick and intuitive web-based management of security policy lifecycle • Integrated with Spotlight Secure, open threat intelligence platform UTM unified threat management Threat Intelligence Enforcement
  • 14. Security Intelligence Solution Architecture (1/2) Customer-provided or 3rd Party Threat Data Command & Control GeoIP Attacker Fingerprints Local Attacker Details (API calls) 1 2 3 4 5 SRX Firewalls Aggregated & optimized cloud-based threat intelligence1 Juniper-provided threat intelligence to customer premise2 Local/Customer data incorporated into solution3 Centrally managed by Junos Space Security Director4 Intelligence distributed to SRX enforcement points5 Security Director Spotlight Secure
  • 15. SecIntel Solution Architecture (2/2) Spotlight Secure Command & Control GeoIP 1 Spotlight Secure Connector 2 Security Director Log Director Space H/W or ESX Space “Fabric” ESX 4 Customer-provided or 3rd Party Threat Data Local Attacker Details 3 1. Aggregated & Optimized cloud-based threat intelligence 2. Juniper-provided threat intelligence to customer premise 3. Local/Customer data aggregated into solution 4. Centralized management by Security Director 5. Scalable (aggregated) intelligence distribution 5
  • 16. Spotlight Secure cloud service Spotlight Secure – intelligence from the Cloud Spotlight Secure Connector Internal Sources Confidential Sources Mysterious Sources External Sources Spotlight Secure compiles it’s data from multiple sources, using heuristic analysis and machine learning provide the most up to date, actionable, intelligence
  • 17. USE CASE I. bot command & control mitigation PREVENTING INSIDE TO OUTSIDE COMMUCATION WITH KNOWN BOT COMMAND AND CONTROL CHANNELS – IP/URLs
  • 18. USE CASE II. Custom whitelists/blacklists and rulebase automation https://provisioning/blacklist1.txt 192.168.2.11 192.168.1.0/24 192.168.1.30-192.168.1.99 https://provisioning/custom1.txt
  • 19. USE CASE III. GeoIP
  • 20. AGENDA INTRO SECURITY INTELLIGENCE EXAMPLE PLATFORM FRESH IPS COMPETETIVE AUTOMATION NEXT STEPS
  • 21. SRX5400 • Ideal for medium to large enterprises and Service Provider networks • Software Security Services • AppSecure and IPS • AV and web filtering • Threat intelligence • Next-generation, high-performance line cards (IOCII) SRX5400 On-board Ethernet 10X10GE-SFPP Optional Ethernet 1GE - SFP 10GE – SFPP 40GE – QSFP 100GE - CFP JUNOS Software Version Support JUNOS 12.3X48 Firewall Performance (w/Express Path) 65 Gbps (240Gbps) Firewall Performance (IMIX) 30 Gbps Firewall Performance (Firewall + Routing PPS 64byte) 8 Mpps (50M PPS) VPN Performance – AES256+SHA-1 or 3DES+SHA 1 20 Gbps AppSecure 50 Gbps Intrusion Prevention System 22 Gbps Connections Per Second (CPS) 420 K Maximum Concurrent Sessions 28 M High Availability A/A or A/P slot cover power supply SPCII Card IOCII card SCB and RE card
  • 22. AGENDA INTRO SECURITY INTELLIGENCE EXAMPLE PLATFORM FRESH IPS COMPETETIVE AUTOMATION NEXT STEPS
  • 23. IPS COMPETITIVE • Source: http://forums.juniper.net/t5/Security-Now/7-617-Tests-Later-and- Juniper-s-Firewall-Stops-Threats-Better/ba-p/270404 • Critical/Major/Minor server side protection • Testing Methodology Details: HW/SW version/signature pack: SRX 3400/ 12.1X46D30/ Juniper IDP Signature Database 2454 PAN 500/ 6.0.3/ Signature pack 454-2355 Fortinet VM/ 5.2.2/ Extended IPS DB: 5.00590
  • 24.
  • 25. AGENDA INTRO SECURITY INTELLIGENCE EXAMPLE PLATFORM FRESH IPS COMPETETIVE AUTOMATION NEXT STEPS
  • 26. Automation: Unique to SRX and Junos OSS integration Workflow automation NetOps & SecOps tools “off-box” Audits & compliance Change control Troubleshooting & event response “on-box” XML API On the Device Across the Network
  • 27. PyEZ EXAMPLE dev = Device( user='netconf', host='172.16.0.1', password='test123' ) dev.open() dev.cu.lock() dev.cu.load(set_cfg, format='set') dev.cu.commit() dev.cu.unlock() dev.close() https://techwiki.juniper.net/Projects/Junos_PyEZ
  • 28. AGENDA INTRO SECURITY INTELLIGENCE EXAMPLE PLATFORM FRESH IPS COMPETETIVE AUTOMATION NEXT STEPS
  • 29. NEXT STEPS - Q&A session? - Local demo, Partner/Disti/JNPR - Loan of Juniper Equipment - Proof of Concept Labs, nearest in Amsterdam - Mandatory item is a testplan - Professional testing tools - Possibility to bring 3rd party equipment