Network Security: It’s a Zero-Sum Game

By Elevate posted 10-01-2015 11:42


Make sure you win it with Juniper’s new network security solutions.


Cybercriminals. They’re inside your network perimeter. Already.


Or at least that’s what you should assume. If you want to be nimble enough to catch them and throw them out before they do damage, that is.


Today’s attackers range from advanced persistent threat (APT) groups—typically sponsored by nation-states—looking for intellectual property (IP) and trade secrets, to cybercriminals seeking financial data and personally identifiable information (PII) so they can commit fraud or identity theft. And then there are your run-of-the-mill malicious malware creators, who wreak havoc if they succeed in infecting you. The most serious of all are the increasing numbers of malicious actors creating sophisticated malware designed to circumvent signatures and traditional security mechanisms.


You need effective security that covers these and a multitude of other scenarios. But you can’t ruin your users’ experiences or slow down their ability to be productive. And you have to keep your time to remediation—that’s the time that lapses between detecting a breach and kicking the attackers off your network—to the shortest time possible to minimize the damage they do.


Don’t worry, Juniper has you covered.


On September 29, we announced some major security news that should make you very happy. Our new, enhanced portfolio of security solutions stops threats faster while providing network wide visibility, deeper and broader security efficacy, and new policy management capabilities. And we provide all this at speeds and price points that are now the best in the industry.


Here’s what you get:


The newly enhanced Security Director: Closing the gap between "knowing" and "doing"



Our most significant announcement is a major redesign of Security Director, Juniper’s centralized management system for our physical and virtual SRX firewalls. With this release, you get a new dashboard with dozens of predefined widgets for monitoring the network as well as a drag-and-drop object palette. You also get an updated firewall policy, a brand-new threat map, an enhanced event viewer that is integrated with the threat map, and new application visibility capabilities that give you better insight for quick analysis.


How do you benefit from all this? In a nutshell: actionable intelligence that you can use against the bad guys. We have made it really easy for you to see which users are accessing which applications, and whether it violates policy. What threats have been detected. What the top threats are. And, most importantly, you get a list of suggested actions for remediation that provides you with actionable advice in real time. You close the gap between knowing and doing. Fast. That’s a big win for you against the bad guys.


Along with these central management enhancements, the new and improved SRX on-box GUI makes it easier for IT to manage and configure SRX devices, especially for remote offices with few or no IT staff. This improves the efficiency of your security staff, and cuts the cost of securing branches and distributed offices.


vSRX 2.0: Now the fastest virtual firewall in the industry


The latest version of our virtual firewall has been shipping since July. At 17Gbps large-packet performance and 4Gbps Internet mix (IMIX) throughput achieved with only two virtual cores, vSRX is now the industry’s most efficient virtual firewall. It delivers the highest performance and lowest total cost of ownership (TCO) in the world. No other virtual firewall even comes close.


Add in the fact that vSRX comes fully equipped with advanced security services such as AppSecure, an intrusion protection system (IPS), and unified threat management, and you have more—and more comprehensive—ways to protect your virtual assets, whether on-premises or in the cloud.


We’ve made it really easy for you to experience the new vSRX. You can download a copy and enjoy a 60-day free trial of vSRX 2.0.

Branch SRX: Extending our lead with affordable protection for distributed enterprises


We also announced a complete refresh of our immensely popular Branch SRX Series. The new models, which replace existing ones, can serve any sized remote office or branch, from the small under 50-person retail office to large branches with more than 500 users. You want performance? You get performance. The new Branch SRX has firewall (IMIX) performance that is two to three times that of existing models. And, at attractive price points, we’ve raised the bar on price/performance: we now offer five-to-10-times-better price/performance than our closest competitors.


SRX1500: Enabling consistency of experience across physical and virtual environments


This new midrange SRX Series platform for campus and small data centers offers new attributes that are unique to our physical SRX solutions.


Graphic_SRX1500.jpgFirst, it’s built on an open architecture that leverages x86 hardware and virtualization. It supports VMware. In fact, the Junos control plane is a virtual machine. This allows us to utilize the latest technologies and quickly integrate them, to support new use cases. And this platform independent architecture enables consistency of services across both physical and virtual SRX Series solutions.


Another important attribute of the SRX1500 is that the packet-forwarding engine (PFE) is in hardware. So all L3/L4 firewall services are delivered with consistent performance across packet sizes, delivering very fast small-packet performance with low latency.


Sky Advanced Threat Protection: Juniper’s network sandbox protects you against zero-day and unknown threats


We announced Sky Advanced Threat Prevention (Sky ATP), a cloud-based anti-malware service that defends against unknown and zero-day threats. By using a pipeline of inspection technologies to augment its malware sandboxing, detonation, and dynamic analysis, Sky ATP is able to identify and isolate even the most evasive malware.


One of the most significant features of Sky ATP is its tight integration with our SRX NGFW. Because it has a zero deployment footprint on premises, you avoid the complexity of introducing yet another security tool to your network.

Another key difference between Sky ATP and competitors’ sandboxes is its integration with our Spotlight Secure threat intelligence service. This integration allows Sky ATP to share malware intelligence that it gathers with the rest of the network, as well as deliver a complete view of potential threats and compromises.



Unite_Logo_nobackground.png: Focus on securing the enterprise


All of these announcements are part of Juniper’s “Unite” campaign focusing on securing the entire enterprise—including campuses and branches—although some of their capabilities will extend to the data center part of your enterprise as well.


Want more info on Unite? To get the whole story, go to the press release and the Juniper Unite solution page


Watch these two short videos explaining the benefits of these announcements and Juniper's security solutions.