Software Defined Secure NetworksJan Meinecke | Nov. 2016

Agenda

• DC Security Overview• Security Services – foundation for SDSN• SDSN – Software Defined Secure Networks

DC Security Overview

• Hybrid cloud deployments growing• Device proliferation and BYOD• IoT and big everywhere

• Zero day attacks• Advanced, persistent, targeted attacks• Adaptive malware

• Virtualization and SDN• Applications, data, management

in the cloud

• Application proliferation

Trends Impacting Enterprise Security

INFRASTRUCTURETHREAT SOPHISTICATION CLOUD

Key Challenges

Perimeter Oriented Security

Uncoordinated threat intelligence

Policies disconnected from business outcome

Detection

Enforcement

Policy

Ideal solution

Enforce policy across the network

Gather & distribute threat intelligence

Create and centrally manage intent based policy

Detection

Enforcement

Policy

Security Services

Juniper Security Services Overview

SRX Foundation Services

Next Generation Firewall Services

Firewall NAT VPN Routing

Application Control & Visibility

User-based Firewall

Unified Threat Management (Known Threats)

Anti-virus

Intrusion Prevention Anti-spam

Web Filtering

Threat IntelligencePlatform

Botnets/C&C

GEO-IP

Custom Feeds, APT

Management Reporting Analytics Automation

Advanced Threat Prevention(Zero Day)

Sandboxing

Evasive Malware

Rich Reporting & Analytics

Juniper Security Services Overview

SRX Foundation Services

Next Generation Firewall Services

Firewall NAT VPN Routing

Application Control & Visibility

User-based Firewall

Unified Threat Management (Known Threats)

Anti-virus

Intrusion Prevention Anti-spam

Web Filtering

Threat IntelligencePlatform

Botnets/C&C

GEO-IP

Custom Feeds, APT

Management Reporting Analytics Automation

Advanced Threat Prevention(Zero Day)

Sandboxing

Evasive Malware

Rich Reporting & Analytics

App Secure

SRX, vSRX

UTM Spotlight SecureSecIntel

Sky Advanced Threat Prevention (ATP)

SRX Series FirewallsvSRX Virtual Firewall

Junos Space

Other threatintelligence

Security Director

Spotlight Secure Connector

GeoIP feed

Actionable threat intelligence:• Command and control threats

• GeoIP location information

• Open

• Scalable

• High capacity

• Effective

• Adaptive

Command & control

Spotlight Secure Cloud

SRX

Spotlight Secure Threat IntelligenceThreat Defense Intelligence

01101010 01110101 01101110 01101001 01110000

Sky Advanced Threat PreventionSolution Overview

CustomerSRX

Juniper Cloud

Customer

Sandboxw/Deception

StaticAnalysis

ATP

1. SRX extracts potentially malicious objects and files

2. SRX sends potentially malicious content to Advanced Threat Prevention cloud

3. Advanced Threat Prevention cloud performs static and dynamic analysis

4. Advanced Threat Prevention cloud provides malware results and C&C server data to the SRX

5. SRX blocks known malicious file downloads and outbound C&C traffic

Sky Advanced Threat Prevention Cloud

Cloud Infrastructure

Multiple Anti-Virus

Cache

InlineBlocking

Sandbox

Static Analysis

Sky Advanced Threat Prevention Cloud

Potentially malicious files

BehavioralAnalysis Deception

Machine Learning

• Verdicts determined at every level

• Additive verdict determination ensures accuracy

• Over 50 deception techniques employed to trick malware into exposing itselfStaged analysis:

Combining rapid response and deep analysis

SDSN

SDSN - Software Defined Secure NetworksUnified Security Platform

Detection• Fast, effective protection from advanced threats• Integrated threat intelligence

Policy• Intelligent enforcement to firewalls, switches,

third party devices and routers*• Robust visibility and management

Enforcement• Consistent protection across physical/virtual• Open and programmable environment

Network as a single enforcement domain - Every element is a policy enforcement point

Third PartyThreat Intel

Security Director + Policy EnforcerPolicy Enforcement, Visibility, Automation

SRX Physical Firewall

vSRXVirtual Firewall

Juniper Security Cloud

Sky Advanced Threat Prevention (ATP)

Spotlight SecureThreat Intelligence

MX Routers*

EX & QFX Switches

Third Party Elements*

DETECTION

POLICY

DETECTION

ENFORCEMENT

*Roadmap

• Enables Policy Enforcer workflows in Security Director for remediation

• Delivers micro services to switches such as EX, QFX

• Updates enforcement criteria automatically with new threat data

• Tracks Infected host/endpoint movement from site to site via MAC address vs IP address

Policy EnforcerInfected Endpoint Scenario

Sky ATP

SRX

EX/QFX Switch

Security Director

Policy Enforcer

ThreatIntel

vSRX

1

2

3

5

Malware enters

Sky ATP detects malware;renders verdict

Infected endpoint quarantined

Enforcement policy rendered

4 Enforcement policy automatically deployed

4

Product ComponentsComponents Needed For Deployment

Product Description

Junos Space 16.1 Network Management Platform

Security Director 16.1 Policy Enforcer UI and SRX policy deployment

Security Policy Enforcer For user intent policy for Threat Management and to deploy to Juniper switches

SKY ATP Threat Detection and Feeds

SRX Firewalls for Malware file scanning and policy enforcement

EX, QFX Infected host tracking and enforcement

Support for SKY feedsFeed SRX EX/QFX

Command&Control

Supportedby SD+SkyaswellasPolicyEnforcer+Sky

CnC willbesupportedonperimeterdevicesonlyintheinitialphasetoreduceACLoverloadonswitches

GeoIP Supportedby SD+SkyaswellasPolicyEnforcer+Sky

GeoIP willbesupportedonperimeterdevicesonlyintheinitialphasetoreduceACLoverloadonswitches

InfectedHost(Sky)

Supportedby SD+SkyaswellasPolicyEnforcer+Sky

• Need PolicyEnforcerforthis• Feedsthemselvesneverreach

EX/QFX• PolicyEnforcerdeploysACLs

basedonPolicyConfiguration

Sky ATP

EX/QFX

SDSDSN Policy

Enforcer

SRX

Support for SRX models

Function SRXmodelsthatsupportSKY

SRXmodelsthatdonotsupportSKY

Registrationw/SKY

SRXdirectlyregistersw/Sky

SRXs cannotregistertoSKY

FeedDownload

SRXdirectlydownloadsallfeeds

SDSNPolicyEnforceractsasthefeeddestination

PolicyPush SDSNPolicyEnforcer+SDpushesrightpolicy

SDSNPolicyEnforcer+SDpushesrightpolicyintheform ofFirewallRules

Sky ATP

SDSDSN Policy

Enforcer

SRX 1500

SRX 2xx

100G

Up to 2Tbps FW throughput and 258M concurrent sessions scaling

Single Junos

Unprecedented ScaleIntegrated Routing, Switching and Security

40G

SRX300SRX320

SRX340 SRX345SRX550

SRX1500

vSRX (Virtual SRX)

Data CenterEdgeBranch

1T

2T

1G

Latest SRX Product Line up

SRX4100SRX4200

SRX5600

SRX5800

SRX5400

20G

SkyATP

Infected Host Tracking

SKY ATP

SRX

EX/QFX

SVL-A192.168.10.1

SRX

EX/QFX

SVL-B192.168.20.2

Infected Host = 192168.10.1

1. Sky identifies 192.168.10.1 as infected

2. EX in SVL-A quarantines infected host

3. Infected Host receives new IP address as it moves to a different location

4. Switch Micro Service tracks MAC ànew IP mapping

5. EX on SVL-B automatically quarantines infected host

6. Policy Enforcer informs Sky about the updated MACàIP binding

Unique Value Proposition – SDSN

•WithSKY+PolicyEnforcer+EX/QFXaninfectedhostcanbequarantined•Perimeter FirewallworkflowscanonlyblockN-StrafficQuarantineInfectedHosts

•WithSKY+PolicyEnforcer+EX/QFXaninfectedhostcanbeblockedfromsendingeast-westtraffic(alamicro-segmentation)•Perimeter FirewallworkflowscanonlyblockN-Straffic

BlockE-Wtraffic

•WithPolicyEnforcer+EX/QFX,achangeofIPaddressofaninfectedhostcanbetracked andconsistentpolicyapplied•Toughto achievewithperimeterfirewallonlyworkflows

InfectedHostTracking

•PolicyEnforcersupportscustomon-prem feedswithexactlysameAPIasSKY(forcloudfeeds)CustomOn-Prem Feeds

•PolicyEnforcersupportsSRXmodelsthatsupportSKYaswellasSRXmodelsthatdonotdirectlysupportSKY

SupportfordiverseSRXmodels

SDSN - Recap

Enforce policy across the network

Gather & distribute threat intelligence

Create and centrally manage intent based policy

Detection

Enforcement

Policy

SDSN Policy Enforcer (video)

Thank you