Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
It's October. In the States, October ends with Halloween. With Halloween comes scary movies and haunted happenings. I'm actually not too far from Salem, MA where we had some infamous witch trials in 1692. 330 years later, if you visit Salem, you will see all sorts of spooky things: witches, ghosts, ghouls, and demons. It's actually a fun time, but can be pretty scary too.
But you know what is scarier than witches and ghosts?
But hey, it's Feature Friday (my favorite day of the week), so to give you a little ease this Halloween season, I thought I would discuss the Session Smart Router's Intrusion Detection and Prevention or IDP.
What is IDP?
Let's start by defining what IDP is. IDP is actually the term used to describe two function: IDS or Intrusion Detection System and IPS or Intrusion Prevention Systems. IDS or Intrusion Detection System is the process of monitoring your network traffic and analyzing it for signs of intrusions. With an IDS, if an attack is detected, then an alert will be sent out, thus the name. IPS or Intrusion Prevention Systems is the process of stopping any detected incidents. So, noticing behavior that doesn't seem right and then not allowing it to happen, basically blocking bad traffic.
Did you know that the Session Smart Router has Intrusion Detection and Prevention functionality???
That's right, you can use your SSR, which is already doing your routing, to add an additional layer of security to your network. Since traffic is already passing through your SSR, why not have it alert and prevent malicious activity as well? That makes sense to me!
IDP in the SSR
So how does IDP work in the SSR? Well, the SSR's Intrusion Detection and Prevention System leverages the Juniper IDP Signature Database, providing state of the art protection against the most up-to-date vulnerabilities. The database contains definitions of attack objects and application signatures defined in the form of an IDP policy ruleset that is updated regularly. By automatically downloading the latest definitions and application signatures, the SSR is able to provide cutting edge security solutions for your network.
Enabling this functionality is super-easy. All you do is apply a profile to your access-policies. The currently available profiles are:
Thin or Thick Branch?
Ok, so here's the real question, Thin Branch or Thick Branch? No, I'm not talking about trees or the type of kindling you use for your fires here, I'm asking you, do you prefer to have your security done at the branch (Thick Branch) or send the traffic up to the cloud and have it done in the cloud keeping your branch footprint small (Thin Branch). You could always do both too and have some protection done at the branch and some done up in the cloud. For a Thin Branch, I might set my IDP profile to Alert or Standard and then send my traffic up to some of my SaaS Security products. For a Thick Branch, I would choose Standard or Strict and then I can send my traffic directly to the Datacenter or internet.
SD-Branch or SASE?
This comes to mind a debate I recently had with my friends over SASE vs SD-Branch. With SASE, you will have a Thin Branch approach where you do all of your protection in the cloud:
With SD-Branch, you are doing all the work at the Branch, making your branches like tiny fortresses that you manage with one system. Both approaches have very valid use cases, it's really just which approach do you prefer.
One thing I do want to point out is that Juniper offers solutions for both approaches. If you want the SD-Branch, then I would recommend going with the Full Stack where you have wired, wireless and WAN, as well as on-prem security: https://www.juniper.net/us/en/solutions/artificial-intelligence-for-it-operations-aiops.html
To get the full SASE architecture, just add the Secure Edge to your Full Stack: https://www.juniper.net/us/en/solutions/sase.html.
Anyway, I got way more excited about this post than I thought I would. I really love cyber security. On that note, I want to hear from you. Tell me about your feelings towards cyber security or answer any of the questions below:
I hope you have a great October and I can't wait to write to you again right before Halloween! Take care!#FeatureFridays #IDP #ids #IPS #FullStack #SD-WAN #SD-Branch #SASE