Upload
darren-todd
View
221
Download
0
Embed Size (px)
Citation preview
TAILORED SECURITY FOR CRITICAL ASSETS
SRX SERIES SERVICES GATEWAYS FOR THE HIGH END
PRESENTER NAME
DECEMBER 29, 2013
COMMITTED TO INNOVATION AND INVESTMENT
Security is core to our business at Juniper
Juniper R&D is $1.027B, or 23% of revenues –a figure no one else in the industry comes closeto on a percentage basis – 2011 Annual Report
New in 2012: A differentiated approach to security with our Intrusion Deception capabilities
Market Leader
High-EndFirewalls
Remote AccessSSL VPN
NetworkSecurity
$1Bglobal
revenue
#1
Dedicated Innovator
Global Powerhouse
#1
#3
Serving customers in over 47 countries, with a worldwide community of over1000 Reseller Partners
Infonetics Research 2012
Keeping up with unpredictable traffic volumes
Ensuring application availability and business continuity
Securing against cyber attacks
CUSTOMER CHALLENGES
MARKET SITUATION
54%
OF THE DATA BREACHES WERE RELATED TO COMPROMISED SERVERS
75%OF ATTACKS ARE DRIVEN BY FINANCIAL MOTIVES
60%OF BREACHES TOOK WEEKS OR MONTHS TO DISCOVER
$11mAVERAGE COST DUE TO DATA BREACH
SOLVING THE PROBLEM
Stop all types of attacks with BEST-IN-CLASS SECURITY
Get maximum PERFORMANCE & easily SCALE to adapt to the future
Ensure your network is always AVAILABLE with easy, secure ACCESS to optimize productivity
Tailored Security for Critical Assets in the Data Center
CARRIER-GRADE AVAILABILITY
SRX SERIES SERVICES GATEWAYS FOR THE HIGH END
Tailored Security for Critical Assets
BEST-IN-CLASS SECURITY
MAXIMUM PERFORMANCE AND SCALE
BEST-IN-CLASS SECURITY
Enables complete application visibility and control
Integrates security for physical and virtual data centers
Strong, dynamic content security: leveraging intelligence from multiple security companies
Secure and resilient even under the most demanding conditions
MAXIMUM PERFORMANCE
AND SCALE
Delivers high-performance throughput, massive session volumes and flexible, large-scale connectivity
Add security services without service interruptions for business continuity
Enables pay as you grow approach
CARRIER-GRADE AVAILABILITY
Delivers uptime continuity with in-service hardware and software upgrades
Enables high availability with redundant components and links
Built on a carrier-class hardware foundation
SRX SERIES SERVICES GATEWAYS
100G
Up to 300 Gbps FW throughput and 100 million concurrent sessions scaling
High-End SRX
Single Junos
Unprecedented ScaleIntegrated Routing, Switching and Security
1G
10GBranch SRX
SRX3400
SRX100SRX210
SRX220SRX240
SRX650
BRANCH CAMPUS DATA CENTER
SRX110
SRX550
SRX1400
SRX3600
SRX5400
SRX5800
SRX5600
DIFFERENTIATORS
HIGH PERFORMANCE
line cards for maximum
throughput, scalability, ISSU,
and ISHU
BEST-IN-CLASS
CONTENT SECURITY leveraging
intelligence from multiple expert
security companies
SECURE AND RESILIENT
under attack with separate control and data planes
and multiple processing cores
INTEGRATION of virtual and
physical solutions (Firefly/SRX) to deliver visibility,
security, and compliance
APPLICATION AWARENESS
with AppSecure to stop
application borne security threats
and manage application usage
PROFESSIONAL AND EDUCATION SERVICES
Juniper Care
Juniper Care Plus
Juniper Professional ServicesJuniper
Premium Care
Juniper Education
CUSTOMER LIFECYCLE
AssessmentDesign
PLAN OPERATEBUILD
Deployment/Onboarding Migration
MaintenanceOptimization
OFFERINGS
MAXIMUM PERFORMANCE AND SCALABILITY
OPERATIONAL EFFICIENCY
“Good options exist for high-throughput, purpose-built appliances, especially in the higher end SRX models.”
Greg Young, Gartner MQ for Enterprise Network Firewalls 2013
“Junos “achieved a 40% reduction in operation costs…[including] planning and provision, deployment, and planned and unplanned network events…Positive financial payback within 0.8 years or 9 months.”
“The Total Economic Impact of Juniper Networks JUNOS Network Operating System,” Michael Speyer, Forrester Research
WHAT ANALYSTS ARE SAYING…
COMPREHENSIVE THREAT PREVENTION“Juniper is also the only solution with all the advanced features in this evaluation.”
Info-Tech, “Vendor Landscape: Next Generation Firewalls,” James Quin
NEXT STEPS
Arrange for anASSESSMENTof your currentsecurity initiatives
Schedule aDEEP DIVE SESSION and demo
Arrange for anEVALUATION in person or via the virtual proof of concept lab
HIGH PERFORMANCE SERVICES PROCESSING CARDS
Ensures zero downtime and flexibility via in-service software and hardware upgrades to eliminate the need for a maintenance window
Always-On Security
Minimizes upgrade costs with backward compatibility with existing cards and chassis; no “rip and replace” or forklift upgrades
Investment Protection
Delivers 300 Gbps firewall throughput, 150 million concurrent sessions, and up to 100G connectivity to accommodate more users and devices
Superior Performance
SRX Series
PHYSICAL
Hypervisor
Firefly Series
VM VM VM VM
Firefly Virtual Gateway
MANAGEMENT AND SECURITY SERVICES
SecurityDirector
Security Threat Response ManagerSTRM
SERVICES VIRTUAL
Firewall
IPS
DoS Prevention
AppSecure
DoS
INTEGRATED DATA CENTER SECURITY SPANS PHYSICAL AND VIRTUAL NETWORKS
APPSECURE – APPLICATION INTELLIGENCE FOR THE DATA CENTER
• Understand security risks
• Address new user behaviors
• Easy add-on security services for SRX gateways
• Delivers application visibility, enforcement and protection
• Integrates nested application detection/protection, control, and remediation
• Subscription service includes all modules and updates
• Juniper Security Lab provides 800+ application signatures
• Block access to risky apps
• Allows user tailored policies
• Prioritize important apps
• Rate limit less important apps
• Protect apps from bot attacks
• Allow legitimate user traffic
• Remediate security threats
• Stay current with daily signatures
AppTrack AppDoS IPSAppFW AppQoS
Firewall management
IPsec VPN management
Network Address Translation (NAT) management
Intrusion prevention (IPS) signature management
Application-level policy management
Publish WorkFlow: Manage policy work by role for better accuracy+
SCALABLE SECURITY MANAGEMENT• Security Director
– Delivers scalable, responsive, and accurate policy management
– Enables intuitive web-based policy lifecycle management
• STRM– Collects, archives, reports and correlates
events, flow data, and application data– Analyzes network behavior for anomalies
AUTOMATES
ARCHITECTURE:SEPARATE DATA AND CONTROL PLANE
Con
trol
Pla
neD
ata
Pla
ne
Physical Interfaces
PACKET FORWARDING
DOS & DDOS ATTACKS
Attacks overwhelm the boxAdministrator loses management access – your network is down
Attacks can be thwartedUnder attack, administrator maintains management access to modify policy, disallow bad traffic, and process good traffic – your network stays up
SHARED PLANE
MO
DU
LE
N
INT
ER
FA
CE
S
MA
NA
GE
ME
NT
RO
UT
ING
…KERNEL
DA
TA
MA
NA
GE
ME
NT
RO
UT
ING
DOS & DDOS ATTACKS
SRX SERIES SPECIFICATION SUMMARYSRX1400 SRX3400 SRX3600 SRX5400 SRX5600 SRX5800
On-board Ethernet 6 10/100/1000 + 6 SFP or 6 10/100/1000 + 3 SFP and 3 10GbE
(on board) 16 SFP GbE, 16 10/100/1000,
or 2 XFP 10GbE
8 10/100/1000 + 4 SFP (on-board) 16
SFP GbE, 16 10/100/1000, or 2
XFP 10 GB (SR or LR)
8 10/100/1000 + 4 SFP (on-board) 16
SFP GbE, 16 10/100/1000, or 2
XFP 10 GB (SR or LR)
100GE-CFP-2X40GE-QSFPP
10XGE-SFPP
40 SFP GbE, 4 XFP 10 GB (SR or LR),
16 GbE (TX or XFP) FlexIOC, or 4 XFP 10 GB (SR or LR)
FlexIOC
40 SFP GbE, 4 XFP 10 GB (SR or LR),
16 GbE (TX or XFP) FlexIOC, or 4 XFP 10 GB (SR or LR)
FlexIOC
JUNOS Software Version Support JUNOS 12.1X46 JUNOS 12.1X46 JUNOS 12.1X46 JUNOS 12.1X46 JUNOS 12.1X46 JUNOS 12.1X46
Firewall Performance (Large Packets)
10 Gbps 30 Gbps 55 Gbps 65 Gbps 100 Gbps 200 Gbps
Firewall Performance (IMIX) 5 Gbps 10 Gbps 20 Gbps 30 Gbps 65 Gbps 130 Gbps
Firewall Performance (Firewall + Routing PPS 64byte)
1.5 Mpps 3.5 Mpps 6.5 Mpps 9.9 Mpps 20 Mpps 50 Mpps
VPN Performance – AES256+SHA-1 or 3DES+SHA 1
4 Gbps 8 Gbps 15 Gbps 40 Gbps 75 Gbps 130 Gbps
AppSecure 6.5 Gbps 16 Gbps 24 Gbps 50 Gbps 80 Gbps 160 Gbps
Intrusion Prevention System 3 Gbps 8 Gbps 15 Gbps 22 Gbps 50 Gbps 100 Gbps
Connections Per Second (CPS) 70 K 150 K 270 K 450 K 400 K 400 K
Maximum Concurrent Sessions 1.5 M 3 M 6 M 28 M 100 M 100 M
High Availability A/A or A/P A/A or A/P A/A or A/P A/A or A/P A/A or A/P A/A or A/P
SRX1400
• Ideal for small to mid-size data centers, enterprise, and Service Provider networks
• Software Security Services– AppSecure and IPS– AV and web filtering
• Combination IOC/SPC card
SRX1400
On-board Ethernet 6 10/100/1000 + 6 SFP or 6 10/100/1000 + 3 SFP and 3 10GbE (on board) 16 SFP
GbE, 16 10/100/1000, or 2 XFP 10GbE
JUNOS Software Version Support JUNOS 12.1X46
Firewall Performance (Large Packets) 10 Gbps
Firewall Performance (IMIX) 5 Gbps
Firewall Performance (Firewall + Routing PPS 64byte)
1.5 Mpps
VPN Performance – AES256+SHA-1 or 3DES+SHA 1
4 Gbps
AppSecure 6.5 Gbps
Intrusion Prevention System 3 Gbps
Connections Per Second (CPS) 70 K
Maximum Concurrent Sessions 1.5 M
High Availability A/A or A/P
fan vent slot coverline cards
SRX3400
• Ideal for medium to large enterprises and Service Provider networks
• Software Security Services– AppSecure and IPS– AV and web filtering
• Combination IOC/SPC card
SRX3400
On-board Ethernet 8 10/100/1000 + 4 SFP (on-board) 16 SFP GbE,
16 10/100/1000, or 2 XFP 10 GB (SR or L)
JUNOS Software Version Support JUNOS 12.1X46
Firewall Performance (Large Packets) 30 Gbps
Firewall Performance (IMIX) 10 Gbps
Firewall Performance (Firewall + Routing PPS 64byte)
3.5 Mpps
VPN Performance – AES256+SHA-1 or 3DES+SHA 1
8 Gbps
AppSecure 16 Gbps
Intrusion Prevention System 8 Gbps
Connections Per Second (CPS) 150 K
Maximum Concurrent Sessions 3 M
High Availability A/A or A/P
line cards
slot coverpower supply
SRX3600
• Ideal for medium to large enterprises and Service Provider networks
• Software Security Services– AppSecure and IPS– AV and web filtering
• Combination IOC/SPC card
SRX3600
On-board Ethernet 8 10/100/1000 + 4 SFP (on-board) 16 SFP GbE,
16 10/100/1000, or 2 XFP 10 GB (SR or LR)
JUNOS Software Version Support JUNOS 12.1X46
Firewall Performance (Large Packets) 55 Gbps
Firewall Performance (IMIX) 20 Gbps
Firewall Performance (Firewall + Routing PPS 64byte)
6.5 Mpps
VPN Performance – AES256+SHA-1 or 3DES+SHA 1
15 Gbps
AppSecure 24 Gbps
Intrusion Prevention System 15 Gbps
Connections Per Second (CPS) 270 K
Maximum Concurrent Sessions 6 M
High Availability A/A or A/P
line cards slot cover
power supply
SRX5400
• Ideal for medium to large enterprises and Service Provider networks
• Software Security Services– AppSecure and IPS– AV and web filtering
• Next-generation, high-performance line cards
SRX5400
On-board Ethernet 100GE-CFP-2X40GE-QSFPP
10XGE-SFPP
JUNOS Software Version Support JUNOS 12.1X46
Firewall Performance (Large Packets) 65 Gbps
Firewall Performance (IMIX) 30 Gbps
Firewall Performance (Firewall + Routing PPS 64byte)
9.9 Mpps
VPN Performance – AES256+SHA-1 or 3DES+SHA 1
40 Gbps
AppSecure 50 Gbps
Intrusion Prevention System 22 Gbps
Connections Per Second (CPS) 450 K
Maximum Concurrent Sessions 28 M
High Availability A/A or A/P
line cards slot cover
power supply
SRX5600
• Ideal for large enterprise, Service Provider, and public sector networks
• Software Security Services– AppSecure and IPS– AV and web filtering
• Next-generation, high-performance line cards
SRX5600
On-board Ethernet 40 SFP GbE, 4 XFP 10 GB (SR or LR), 16 GbE (TX or XFP) FlexIOC, or 4 XFP
10 GB (SR or LR) FlexIOC
JUNOS Software Version Support JUNOS 12.1X46
Firewall Performance (Large Packets) 100 Gbps
Firewall Performance (IMIX) 65 Gbps
Firewall Performance (Firewall + Routing PPS 64byte)
20 Mpps
VPN Performance – AES256+SHA-1 or 3DES+SHA 1
75 Gbps
AppSecure 80 Gbps
Intrusion Prevention System 50 Gbps
Connections Per Second (CPS) 400 K
Maximum Concurrent Sessions 100 M
High Availability A/A or A/P
IOC card
SPC card
slot cover
SRX5800
• Ideal for large enterprise, Service Provider, and public sector networks
• Software Security Services– AppSecure and IPS– AV and web filtering (X46)
• Next-generation, high-performance line cards
SRX5800
On-board Ethernet 40 SFP GbE, 4 XFP 10 GB (SR or LR), 16 GbE (TX or XFP) FlexIOC, or 4 XFP
10 GB (SR or LR) FlexIOC
JUNOS Software Version Support JUNOS 12.1X46
Firewall Performance (Large Packets) 200 Gbps
Firewall Performance (IMIX) 130 Gbps
Firewall Performance (Firewall + Routing PPS 64byte)
50 Mpps
VPN Performance – AES256+SHA-1 or 3DES+SHA 1
130 Gbps
AppSecure 160 Gbps
Intrusion Prevention System 100 Gbps
Connections Per Second (CPS) 400 K
Maximum Concurrent Sessions 100 M
High Availability A/A or A/P
IOC card
SPC card