software defined secure networks · 192168.10.1 1. sky identifies 192.168.10.1 as infected 2. ex in...
Post on 28-Oct-2020
2 Views
Preview:
TRANSCRIPT
Software Defined Secure NetworksJan Meinecke | Nov. 2016
Agenda
• DC Security Overview• Security Services – foundation for SDSN• SDSN – Software Defined Secure Networks
DC Security Overview
• Hybrid cloud deployments growing• Device proliferation and BYOD• IoT and big everywhere
• Zero day attacks• Advanced, persistent, targeted attacks• Adaptive malware
• Virtualization and SDN• Applications, data, management
in the cloud
• Application proliferation
Trends Impacting Enterprise Security
INFRASTRUCTURETHREAT SOPHISTICATION CLOUD
Key Challenges
Perimeter Oriented Security
Uncoordinated threat intelligence
Policies disconnected from business outcome
Detection
Enforcement
Policy
Ideal solution
Enforce policy across the network
Gather & distribute threat intelligence
Create and centrally manage intent based policy
Detection
Enforcement
Policy
Security Services
Juniper Security Services Overview
SRX Foundation Services
Next Generation Firewall Services
Firewall NAT VPN Routing
Application Control & Visibility
User-based Firewall
Unified Threat Management (Known Threats)
Anti-virus
Intrusion Prevention Anti-spam
Web Filtering
Threat IntelligencePlatform
Botnets/C&C
GEO-IP
Custom Feeds, APT
Management Reporting Analytics Automation
Advanced Threat Prevention(Zero Day)
Sandboxing
Evasive Malware
Rich Reporting & Analytics
Juniper Security Services Overview
SRX Foundation Services
Next Generation Firewall Services
Firewall NAT VPN Routing
Application Control & Visibility
User-based Firewall
Unified Threat Management (Known Threats)
Anti-virus
Intrusion Prevention Anti-spam
Web Filtering
Threat IntelligencePlatform
Botnets/C&C
GEO-IP
Custom Feeds, APT
Management Reporting Analytics Automation
Advanced Threat Prevention(Zero Day)
Sandboxing
Evasive Malware
Rich Reporting & Analytics
App Secure
SRX, vSRX
UTM Spotlight SecureSecIntel
Sky Advanced Threat Prevention (ATP)
SRX Series FirewallsvSRX Virtual Firewall
Junos Space
Other threatintelligence
Security Director
Spotlight Secure Connector
GeoIP feed
Actionable threat intelligence:• Command and control threats
• GeoIP location information
• Open
• Scalable
• High capacity
• Effective
• Adaptive
Command & control
Spotlight Secure Cloud
SRX
Spotlight Secure Threat IntelligenceThreat Defense Intelligence
01101010 01110101 01101110 01101001 01110000
Sky Advanced Threat PreventionSolution Overview
CustomerSRX
Juniper Cloud
Customer
Sandboxw/Deception
StaticAnalysis
ATP
1. SRX extracts potentially malicious objects and files
2. SRX sends potentially malicious content to Advanced Threat Prevention cloud
3. Advanced Threat Prevention cloud performs static and dynamic analysis
4. Advanced Threat Prevention cloud provides malware results and C&C server data to the SRX
5. SRX blocks known malicious file downloads and outbound C&C traffic
Sky Advanced Threat Prevention Cloud
Cloud Infrastructure
Multiple Anti-Virus
Cache
InlineBlocking
Sandbox
Static Analysis
Sky Advanced Threat Prevention Cloud
Potentially malicious files
BehavioralAnalysis Deception
Machine Learning
• Verdicts determined at every level
• Additive verdict determination ensures accuracy
• Over 50 deception techniques employed to trick malware into exposing itselfStaged analysis:
Combining rapid response and deep analysis
SDSN
SDSN - Software Defined Secure NetworksUnified Security Platform
Detection• Fast, effective protection from advanced threats• Integrated threat intelligence
Policy• Intelligent enforcement to firewalls, switches,
third party devices and routers*• Robust visibility and management
Enforcement• Consistent protection across physical/virtual• Open and programmable environment
Network as a single enforcement domain - Every element is a policy enforcement point
Third PartyThreat Intel
Security Director + Policy EnforcerPolicy Enforcement, Visibility, Automation
SRX Physical Firewall
vSRXVirtual Firewall
Juniper Security Cloud
Sky Advanced Threat Prevention (ATP)
Spotlight SecureThreat Intelligence
MX Routers*
EX & QFX Switches
Third Party Elements*
DETECTION
POLICY
DETECTION
ENFORCEMENT
*Roadmap
• Enables Policy Enforcer workflows in Security Director for remediation
• Delivers micro services to switches such as EX, QFX
• Updates enforcement criteria automatically with new threat data
• Tracks Infected host/endpoint movement from site to site via MAC address vs IP address
Policy EnforcerInfected Endpoint Scenario
Sky ATP
SRX
EX/QFX Switch
Security Director
Policy Enforcer
ThreatIntel
vSRX
1
2
3
5
Malware enters
Sky ATP detects malware;renders verdict
Infected endpoint quarantined
Enforcement policy rendered
4 Enforcement policy automatically deployed
4
Product ComponentsComponents Needed For Deployment
Product Description
Junos Space 16.1 Network Management Platform
Security Director 16.1 Policy Enforcer UI and SRX policy deployment
Security Policy Enforcer For user intent policy for Threat Management and to deploy to Juniper switches
SKY ATP Threat Detection and Feeds
SRX Firewalls for Malware file scanning and policy enforcement
EX, QFX Infected host tracking and enforcement
Support for SKY feedsFeed SRX EX/QFX
Command&Control
Supportedby SD+SkyaswellasPolicyEnforcer+Sky
CnC willbesupportedonperimeterdevicesonlyintheinitialphasetoreduceACLoverloadonswitches
GeoIP Supportedby SD+SkyaswellasPolicyEnforcer+Sky
GeoIP willbesupportedonperimeterdevicesonlyintheinitialphasetoreduceACLoverloadonswitches
InfectedHost(Sky)
Supportedby SD+SkyaswellasPolicyEnforcer+Sky
• Need PolicyEnforcerforthis• Feedsthemselvesneverreach
EX/QFX• PolicyEnforcerdeploysACLs
basedonPolicyConfiguration
Sky ATP
EX/QFX
SDSDSN Policy
Enforcer
SRX
Support for SRX models
Function SRXmodelsthatsupportSKY
SRXmodelsthatdonotsupportSKY
Registrationw/SKY
SRXdirectlyregistersw/Sky
SRXs cannotregistertoSKY
FeedDownload
SRXdirectlydownloadsallfeeds
SDSNPolicyEnforceractsasthefeeddestination
PolicyPush SDSNPolicyEnforcer+SDpushesrightpolicy
SDSNPolicyEnforcer+SDpushesrightpolicyintheform ofFirewallRules
Sky ATP
SDSDSN Policy
Enforcer
SRX 1500
SRX 2xx
100G
Up to 2Tbps FW throughput and 258M concurrent sessions scaling
Single Junos
Unprecedented ScaleIntegrated Routing, Switching and Security
40G
SRX300SRX320
SRX340 SRX345SRX550
SRX1500
vSRX (Virtual SRX)
Data CenterEdgeBranch
1T
2T
1G
Latest SRX Product Line up
SRX4100SRX4200
SRX5600
SRX5800
SRX5400
20G
SkyATP
Infected Host Tracking
SKY ATP
SRX
EX/QFX
SVL-A192.168.10.1
SRX
EX/QFX
SVL-B192.168.20.2
Infected Host = 192168.10.1
1. Sky identifies 192.168.10.1 as infected
2. EX in SVL-A quarantines infected host
3. Infected Host receives new IP address as it moves to a different location
4. Switch Micro Service tracks MAC ànew IP mapping
5. EX on SVL-B automatically quarantines infected host
6. Policy Enforcer informs Sky about the updated MACàIP binding
Unique Value Proposition – SDSN
•WithSKY+PolicyEnforcer+EX/QFXaninfectedhostcanbequarantined•Perimeter FirewallworkflowscanonlyblockN-StrafficQuarantineInfectedHosts
•WithSKY+PolicyEnforcer+EX/QFXaninfectedhostcanbeblockedfromsendingeast-westtraffic(alamicro-segmentation)•Perimeter FirewallworkflowscanonlyblockN-Straffic
BlockE-Wtraffic
•WithPolicyEnforcer+EX/QFX,achangeofIPaddressofaninfectedhostcanbetracked andconsistentpolicyapplied•Toughto achievewithperimeterfirewallonlyworkflows
InfectedHostTracking
•PolicyEnforcersupportscustomon-prem feedswithexactlysameAPIasSKY(forcloudfeeds)CustomOn-Prem Feeds
•PolicyEnforcersupportsSRXmodelsthatsupportSKYaswellasSRXmodelsthatdonotdirectlysupportSKY
SupportfordiverseSRXmodels
SDSN - Recap
Enforce policy across the network
Gather & distribute threat intelligence
Create and centrally manage intent based policy
Detection
Enforcement
Policy
SDSN Policy Enforcer (video)
Thank you
top related