Soluciones de Seguridad para Banca & Finanzas

Juniper Confidential.

TRENDS & NETWORK SECURITY
Jaime Castañeda
jaimec@juniper.net
Systems Engineering Manager
CALA – Enterprise.

Juniper Confidential


INSANITY DEFINED…
DOING THE SAME OLD THINGS &
EXPECTING DIFFERENT RESULTS

2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net



SCALABILITY?? --> NETWORK EVOLUTION



Juniper Confidential. For Internal Use Only.

THE TRENDS




CIO TOP 3 BUSINESS TRENDS & IT INITIATIVES - 2012

Employee Productivity Business Agility Cost Efficiency
& Satisfaction

BYOD New Platforms Infrastructure
& Services Consolidation




INVESTMENT FOCUS

BYOD
Mobility NewCloud
Platforms Infrastructure
Data Center,
& Services Consolidation
Campus & Branch




SECURITY IMPACT

Notoriety Profitability .gov /.com .me / .you

Attacker

Type of Attack
APT
Botnets
DOS
Malware
Virus Worms Trojans

Threats

New Devices & Platforms New Applications &
Delivery Models

Targets Internet Information Services




EVERYDAY EXPLOITS

Robert Smith
Funniest video
ever! Check out
the link!
Click Here Intranet Quarter EndEmail
Connect to Sales Results
MALWARE
Corporate
SITE Corporate
Network Financial Data




EVERYDAY EXPLOITS
Can’t inspect content
! in network

Robert Smith
Funniest video
ever! Check out
the link!
Doesn’t have Intelligence Click Here
Intranet Email
to detect Malware
! on Client Connect to
MALWARE
Corporate
SITE Corporate
Network Financial Data

Can’t control access
! to sensitive data

Can’t protect user from
! cloud-based threats




IT INITIATIVES DRIVING NEW SECURITY
REQUIREMENTS

BYOD

Flexible Broad
Deployment Coverage
New Platforms
& Services
Security
Context &
Coordination
Infrastructure
Consolidation




ALWAYS PROTECTED WITH JUNIPER

Mobility Cloud Data Center,
Campus & Branch

Pervasive Security from the Device to the Cloud to the Data Center




BYOD



WHAT ARE THE TRENDS?
 Where would you attack?
 Back? Front?

 Attacks against the client is the most common way of getting into a
company.
 Attacks can be done by either exploiting vulnerabilities in the applications
the client is using (browser, flash, pdf reader, etc.) or by tricking the user
into executing malicious code.
 ALL clients are valuable targets
 Some for direct attacks against the company
 Some for being used as bots when attacking other companies




THE EVOLUTION OF NETWORK SECURITY
Historically:
 People used stationary computers
 Each application was running on a dedicated port
 Threat landscape consisted of curious teenagers.

In this enviroment it worked well to filter network traffic based on IP„s and portnumbers.

Today:
 People are mobile
 People can use any type of device
(both private and corporate)
 Most applications are using the same ports
 Threat landscape consists of well organized criminals
that make millions on attacks over the network

The filtering in the network needs to be more intelligent to meet todays needs!




COMPLIANCE VS. SECURITY
Application Firewalling provides additional security by allowing
administrators to build security based on the application rather
than just the port, right?

HTTP

FTP Permit HTTP HTTP :80




LEAKY APPLICATION FIREWALLS
However, an attacker will recon your network before attacking.

SYN :23

1. RST :23
Permit HTTP HTTP :80

SYN :22
SYN-ACK :22
2. ACK :22

SSH :22 Permit HTTP HTTP :80
SSH :22



LAYERED SECURITY
Security = port-based PLUS application-aware firewalling for Defense-in-
Depth!

SYN :23

1.
Permit :80, HTTP HTTP :80

SYN :22

2.
Permit :80, HTTP HTTP :80
SSH :22



APPSECURE SERVICE MODULES

NAI
Flow
Ingress
AI Egress
Processing
Application Identification Engine

Application
ID Results

AppTrack IPS

AppFW AppDoS

AppQoS



APPFW – 3-DIMENSIONAL SECURITY POLICES
• Easily restrict application access to necessary users
• Reduce the spread of confidential information
• Stop high-risk and unwanted applications

DC
Firewall(s)
AppTrack

Traditional User and Application
Firewall Group Awareness User Store
Policy Awareness (special UAC)
STRM

DC
Switching
Operations Center

Data Center
Server
Farms




APPQOS – BANDWIDTH MANAGEMENT
Prioritize traffic based on application type
Limit the amount of bandwidth an application can consume
Mark the DSCP values for proper QoS treatment
Leverage Junos Class-of-Service feature set to fully control
application handling at the interface queue level

Give highest priority to
financial applications for
finance and sales

Approved applications
receive normal priority
AppTrack
Traditional User and Group Application
Firewall Policy Awareness Awareness
Lower priority for
multimedia applications,
except for the MM content
group




AppDos
AppDoS PROTECTION
Introducing Application Denial of Service AppDoS

Identifies attacking botnet traffic vs. legitimate clients based on
application layer metrics and remediates against botnet traffic
Employs multi-stage approach from server connection
monitoring, deep protocol analysis to bot-client classification.

 Server connection monitoring

 Protocol analysis

 Bot-client classification

Available on the SRX5000, 3000, and 1000 series of
Services Gateways




IPS – DYNAMIC SECURITY
Signature-based threat protection
Procotol Anomaly protection
 Superior protocol decoding and anomaly
detection – the majority of the unknown
Heuristic Detection Protocol Anomalies
 Detect encrypted traffic that is not SSL (like
Skype, BitTorrent, and many botnet channels.)

SSL Decryption
 Forward- and reverse-proxy are available today

Add STRM to the solution and get:
 Network Behavior Anomaly Detection
 Slow scan detection Unknown Threats &
 Cross network/application correlation Vulnerabilities
 See what happened before and after the attack on
the network




SSL PROXY
DMZ Zone Untrust Zone
SSL Reverse

SRX
Proxy

IDP
Web INTERNET
Server Decrypt

Keys
Server private keys loaded on the SRX

Trust Zone Untrust Zone
SSL Forward
Proxy

SRX
INTERNET SSL-T
AppID
SSL-I
IDP
Decrypt Encrypt

Client Server

Keys
Server keys are unknown, so the server certificate is
modified and signed by the SRX




REDIRECTING TRAFFIC

The captive portal feature is used
to redirect unauthenticated traffic Branch or Campus
to the NAC
 The “unauthenticated” role can
be used to redirect traffic from
Intranet
not-yet-authenticated clients SRX
Enforcer
 Remember to only redirect web
traffic and to allow traffic to the
AD, NAC, and other
infrastructure servers
 In order for the client‟s web
browser to perform a Single Sign Infranet
Controller
On (SSO), the redirect URL must
include the full DNS name of the Headquarters
NAC (more on SSO later)




AD AUTHENTICATION WORKFLOW
The FIREWALL connects to the
1 NAC and downloads the Roles Branch or Campus
table 2
4
5
Client opens his/her web browser
2 1
and gets redirected to the NAC Intranet
SRX
Client gets an authentication Enforcer
3
request
Client contacts the AD server
4 and obtains a Kerberos ticket for the NAC service

Client sends the Kerberos authenticator details 6
7 3
5
to the NAC Infranet
Controller

6
Now equipped with the user information, the
Headquarters
NAC retrieves the user‟s groups from the AD
7
Finally the user->roles mapping info is pushed into the FIREWALL and
the user is redirected to the original URL



WHY A TWO-BOX SOLUTION??
1. Log in to AD
• AD tracks your userID and IP
2. Close your laptop
• AD is not aware of any change
3. Reconnect from a different IP
• AD notes the updated IP

In between #2 and #3 above, if I connect to the network using the
same IP you had before you left, AD does not take note of the fact
that the identity associated with that IP address has changed. This is
because Active Directory does not actively check network state.

We could write an agent that sits on an AD server to give us a one-
box solution, but we can‟t guarantee that the network state hasn‟t
changed without including something else in the solution.




APPTRACK SIMPLIFIES APPLICATION VISIBILITY AND
CONTROL
SRX collects on-
box application
statistics for
Traffic analyzed Monitoring SIEM reports
1 by AppTrack as it
traverses the SRX
2 3 analyzed by IT
staff
SRX sends
application logs
to a SIEM/Log
collector

3 DC 1
Firewall(s)

2
STRM or
3rd Party
SIEM

DC
Switching
Operations Center

Example STRM
Reports Data Center
Server
Farms




THE WORLD IS ON THE MOVE
THE NETWORK CAN’T STAND STILL

Today’s Flexible, proactive business network
legacy model of the business network

From To
Wired connections Wireless as primary means of connectivity

Corporate owned devices Mix of personal and corporate devices

Corporate operated applications Cloud based, IT or user chosen apps

Perimeter security Security attacks from everywhere

Stable application environments Ever evolving software based applications

Multiple isolated networks Context aware unified network




SMART MOBILE: MORE SCALABLE AND RELIABLE

Centralized Architecture Distributed Architecture

Internet Internet

Security Management Security Management
Reliability Performance Reliability Performance




DISTRIBUTED SWITCHING MAXIMIZES SCALABILITY
Centralized-Only Switching Breaks Down Distributed Switching Handles
Under Increased Load from 802.11n 802.11n without Breaking Down

10x increase exceeds
controller capacity

Internet Internet

11n increases load
by up to 10x

• All traffic gets forwarded by controller • Traffic can be forwarded by the AP
• Twice the traffic through network core • Optimized traffic flows – ideal for voice
• 802.11n increases load up to 10x • 802.11n has no impact on controller
• Can't scale without expensive upgrades • Scales in place without upgrades



THE CLOUD …
… NETWORK VIRTUALIZATION



MEGA TREND – SERVER VIRTUALIZATION

Millions
Installed
Servers
80
Physical Server Installed Base (Millions)
Logical Server Installed Base (Millions)

60
Capital
Savings
40

20

0
1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013

Source: IDC




OTHER VIRTUALIZATION PLATFORMS




SHARE—VIRTUAL PARTITIONING

VLANs


Physical or virtual server instance


SHARE—VIRTUAL PARTITIONING

ZONE 1 ZONE 2

MPLS - VPN

VPLS - VPN
ZONE 4 ZONE 3

DATA CENTER DATA CENTER

VLANs Zones VPNs


Physical or virtual server instance


Challenges of Scale – Application Performance

Location matters in a
Typical tree tree architecture
configuration

Bubbles
Optimal performance

One
VM Hop




Challenges of Scale – Network Services

Location matters in a
Typical tree tree architecture
configuration
Appliances and VLANs

Shadows

VM




TODAY’S DATA CENTER NETWORKS ARE
NOT CLOUD READY
Complex, inefficient
1. High Latency

L2/L3
Switch
L2/L3
Switch
2. Spanning Tree

3. Appliance sprawl
SSL VPN
Firewall
4. Multiple networks
IPSec VPN
IPS
L2/L3 L2/L3
Switch Switch 5. Limited scalability

6. Poor economics

7. Sub-optimal
L2
Switch performance

SERVERS NAS STORAGE

Cluster Network FC SAN




IMPACT ON SERVER VIRTUALIZATION
Juniper is committed to multi-vendor support and open standards
Juniper switches interoperate well with all hypervisors




SERVER VIRTUALIZATION
Server 1 Server 2

O/S O/S
Unused Unused
Traditional Data Centers
App 1 Server App 2 Server  One OS/Application per server
Capacity Capacity
 Low utilization ↔ Highly cost
30% 15%
Utilized Utilized
inefficient

New Data Center –
Resource Sharing
Hypervisor (VMWare)  Many OS/Applications per server
 Better cost efficiency
O/S O/S O/SO/S
U
 Equipment, power, cooling, space
n
u
 Sharing limited to server
App 1 App 2 s
App App
3e 3 boundary
d  Clouds address this problem

VM 1 VM 2 VM 3




VIRTUALIZATION AND CLOUDS
RESOURCE POOLING

Router/Switch

Access Switch Access Switch

Server 1 Server 2
Rack 1 Rack 2

3
Hypervisor (VMWare)
Hypervisor Hypervisor (VMWare)
Hypervisor

O/S O/S O/SO/S U
O/S
O/S O/S O/S U
O/S U
n n n
u u u
s
App 1 App 2 App App 3
6
3 e
App 4 1 App 5
App 2 App 3s
App 3 e s
e
d d d

VM 1 VM 2 VM 6
3 VM 4 VM 5 VM 3




JUNIPER’S VALUE: SIMPLIFICATION AND EFFICIENCY
Router/Switch

Access Switch Access Switch
EX 4200 EX 4200
Server 1 Server 2
Rack 1 Rack 2

3
Hypervisor (VMWare)
Hypervisor Hypervisor (VMWare)
Hypervisor

O/S O/S O/S
U
O/S
O/S O/S O/S U
O/S U
n n n
u u u
s
App 1 App 2 App
e
3 App 4 1 App 5
App 2 Apps
App 3 e 3 s
e
d d d

VM 1 VM 2 VM 3 VM 4 VM 5 VM 3




VIRTUALIZATION WITH VIRTUAL CHASSIS
 Works with any Hypervisor
Aggregation Switch
 Scalable & Rich security and
monitoring features

 VMWare cluster fits within
the span of a VC (64)

EX 4200 EX 4200  Reduces network latency &
Speeds up VM migration

 Reduces number of
managed devices

Server 1 Server 2
NIC NIC NIC NIC
Rack 1 Rack 2

Virtual Switch Virtual Switch

Hypervisor Hypervisor

Virtual Port Virtual Port Virtual Port Virtual Port Virtual Port

O/S O/S O/S O/S O/S
Application
Application Application Application Application Application
4 5 1 2 3
VM 4 VM 5 VM 3 VM 1 VM 2 VM 3


SIMPLIFY



SIMPLIFY THE NETWORK

Core
Consolidated
Access Core
Aggregation
Access
Access

Flat Data Center Fabric
Eliminate the aggregation layer
45 Juniper Confidential Copyright © 2011 Juniper Networks, Inc. www.juniper.net



SIMPLIFY—JUNIPER’S VISION

LEGACY NETWORK

ETHERNET

STORAGE

SERVERS

FC SAN





MX Series
TODAY‟S SOLUTION

SRX5800 EX8216

STORAGE

SERVERS

FC SAN





MX Series
DATA CENTER FABRIC

SRX5800 EX8216

STORAGE

SERVERS

FC SAN





MX Series
DATA CENTER FABRIC

Virtualized
Security &
SRX5800
QFabric
Application
Services

SERVERS STORAGE




INTEGRATING STRATUS FABRIC

MX Series

Stratus Fabric

EX8216

SRX5800

EX4200

50 Copyright © 2011 Juniper Networks, Inc.
4
www.juniper.net

Pod 1 Juniper Confidential. Pod 2


VIRTUALIZATION & SECURITY




SECURITY IMPLICATION OF VIRTUALIZATION

Physical Network Virtual Network

VM1 VM2 VM3

ESX/ESXi Host
Virtual
Switch

HYPERVISOR

Firewall/IDS Sees/Protects Physical Security Is ―Blind‖ to
All Traffic between Servers Traffic between Virtual Machines




APPROACHES TO SECURING VIRTUAL NETWORKS

VLANs & Physical Traditional Security Integrated
1 Segmentation 2 Agents 3 Virtual Security

VM1 VM2 VM3 VM1 VM2 VM3 VM1 VM2 VM3

ESX/ESXi Host
ESX/ESXi Host
ESX/ESXi Host

VS VS
Virtual Security Layer

VS
HYPERVISOR HYPERVISOR

HYPERVISOR

Regular Thick Agent for FW & AV




THE GOAL IS SECURE CLOUD COMPUTING

Virtual Security Layer Virtual Security Layer

ESX 1 ESXi 4


ESXi 2 Hosted ESX 5

Public, Private, Hybrid
Clouds

Remote ESX 3 ESXi 6

Public, private, and hybrid clouds require dynamic and highly
integrated security mechanisms to keep information safe!



NETWORK SERVICE SECURE
ARCHITECTURE



SECURE—NEW MODEL FOR THE CLOUD

Hotel Model

Castle Model




SECURE—CLOUD ENABLED SECURITY
Clients Global High-Performance Network Data Centers

Client to DC

Server to Server
DC to DC




SECURE—THE FLOW IN THE CLOUD
Clients Global High-Performance Network Data Centers
Securing flows
between servers 1
Client to DC
Securing flows
between VMs 2

Elastic transport
using VPLS 3
Server to Server
DC to DC

Securing flows
from Clients to DC 4

Coordinated
threat control 5




Virtualized
Security REMOTE DATA CENTER
Services




User App
Coordinated
Threat Control
IDENTITY

Virtualized
Security
Services

Services
Policies Reporting
1. AppSecure DoS Protection 5. NAT
2. Firewall 6. Intrusion prevention
Junos Space STRM 3. Authentication 7. Real-time visibility
Management & Compliance 4. Encryption 8. Traffic prioritization




User App
VM VM VM VM
vGW 1 2 3 4

Secure VDI
CLIENTS Hypervisor
Support
IDENTITY Virtual Machines
Internet
SSL VPN

Virtualized HR ZONE
DMZ Security
Services

FINANCE ZONE

Services
Policies Reporting
1. AppSecure DoS Protection 5. NAT
2. Firewall 6. Intrusion prevention
NSM STRM 3. Authentication 7. Real-time visibility
Management & Compliance 4. Encryption 8. Traffic prioritization




VDI CAPABILITY WITH MAG SSL VPN
AAA

Apps Servers

MAG Series Finance
Remote/Mobile User VMware VDI Server
Citrix XenDesktop

 SA interoperates with VMware View Manager and Citrix XenDesktop to enable administrators to
consolidate and deploy virtual desktops with MAG
 Allows IT administrators to configure centralized remote access policies for users who access their
virtual desktops
 Dynamic delivery of Citrix ICA client or VMware View client to users, including dynamic client
fallback options for easy connection to their virtual desktops
 Benefits:
– Seamless access (single sign-on) for remote users to their virtual desktops hosted on VMware or Citrix
servers
– Saves users time and improves their experience accessing their virtual desktops




LOGICAL NETWORK DIAGRAM FOR VIRTUALIZED DC
MPLS/VPLS Network

DCI DCI DCI DCI

MX-1 MX-2 MX-1 MX-2

DCI DCI
SRX SRX
Cluster VR-2 VR-2 Cluster
VR-1 VR-1

EX-VC
EX-VC

Access Tier Access Tier Access Tier Access Tier



INTRA SEGMENT INTRA-DC TRAFFIC FLOW
MPLS/VPLS Network

DCI DCI DCI DCI

MX-1 MX-2 MX-1 MX-2

DCI DCI
SRX SRX
VR-1 VR-1

EX-VC
EX-VC




INTRA SEGMENT INTER-DC TRAFFIC FLOW
MPLS/VPLS Network

DCI DCI DCI DCI

MX-1 MX-2 MX-1 MX-2

DCI DCI
SRX SRX
VR-1 VR-1

EX-VC
EX-VC




INTER SEGMENT INTRA-DC TRAFFIC FLOW
MPLS/VPLS Network

DCI DCI DCI DCI

MX-1 MX-2 MX-1 MX-2

DCI DCI
SRX SRX
VR-1 VR-1

EX-VC
EX-VC




INTER SEGMENT INTER-DC TRAFFIC FLOW
MPLS/VPLS Network

DCI DCI DCI DCI

MX-1 MX-2 MX-1 MX-2

DCI DCI
SRX SRX
VR-1 VR-1

EX-VC
EX-VC




NETWORK MANAGEMENT




LEGACY NETWORK AUTOMATION TOOLS WERE
BUILT TO SOLVE POINT PROBLEMS

Legacy approach

Switch Virtual switch Asset
Security management Diagnostics
management management

Characteristics: Consequences:
• Disparate point products • High operations costs, low operator
productivity
• Different interfaces
• Long, error-prone cycle times
• Device-centric
• Poor network-wide visibility and control
• Hard to use
• Lack of operator -based automation
• Siloed network view




LEGACY NETWORK MANAGEMENT




JUNOS SPACE ORCHESTRATES
THE NEW NETWORK

The New Network With Junos Space

In One Location:
Switch Virtual switch Asset
Security management management • Security Design
Diagnostics
management
• Ethernet Design
• Virtual Control
• Service Now
• Service Insight
• Network Activate

Characteristics: Consequences:
• Common, cross-device platform for • Improved top and bottom line benefits
automation of virtual and physical networks o Rapid scaling of application infrastructure
• Plug/Play application environment o Reduced Opex
• User-centric, task-oriented interface • Optimal security, scale and resource efficiency
• Correlated network, security, app and user
intelligence




VISIBILITY
Consolidation of security services (everywhere)
Comprehensive Application Visibility and Control

Global High-Performance Network

What User
Branch
What Application
Source to

Data Center
Destination
User Device
User Location
Campus

Mobile Clients




STRM’S KEY VALUE PROPOSITION

Threat Detection:
Detect New
Threats That Others Miss

Log Management:
Right Threats at the
Right Time

Compliance:
Compliance and Policy
Safety Net
Enterprise
Value
Complements
Juniper‟s Enterprise
Mgmt Portfolio



Security: Always Protected




A HISTORY OF INNOVATION
1996 1998 1999 2002 2004 2005 2006 2007 2008 2009 2010 2011 2012

FORTUNE

1
THOUSAND
#789

SRX
MX Series
IC Series
Incorporated Series
Acorn
PTX
T Series
“Falcon” for
Mobility

SSG
Series
EX
M Series T1600 Series MX 3D QFabric ACX

Revenue $1.3B $2B $2.3B $2.8B $3.5B $3.3B $4.1B $4.5B
Employees 1500 2500 3500 4800 5300 7000 7200 8800 9000

76 Copyright © 2012 Juniper Networks, Inc. www.juniper.net Confidential – Not for distribution


THE SMARTEST WAY TO PROTECT
WEBSITES AND WEB APPS FROM
ATTACKS




HACKER THREATS
ScriptsKiddie Exploits
Script & Tool IP Scan
Library Attacks Targeted Scan
Scans
Generic scripts and tools against one site. Script run against multiple sites seeking a Targets a specific site for any vulnerability.
specific vulnerability.

Botnet Human Hacker
Advanced Persistent Threat (APT)
Script loaded onto a bot network to carry out attack. Sophisticated, targeted attack (APT).
Low and slow to avoid detection.

JAN JUNE DEC




WEB APP SECURITY TECHNOLOGY

Web Application Web Intrusion
Firewall Prevention System
Detection Signatures   Q1 2012
Tar Traps 
Tracking IP address  
Browser, software and scripts 
Profiling IP address  
Browser, software and scripts 
Responses Block IP  
Block, warn and deceive attacker 
PCI Section 6.6  



THE MYKONOS ADVANTAGE
DECEPTION-BASED SECURITY

Detect Track Profile Respond
“Tar Traps” detect Track IPs, browsers, Understand Adaptive responses,
threats without false software and scripts. attacker’s including block, warn and
positives. capabilities and deceive.
intents




DETECTION BY DECEPTION
Tar Traps

Query String Parameters
Network
Perimeter

Hidden Input Fields

Client Firewall
App Database
Server
Server Configuration




TRACK ATTACKERS BEYOND THE IP

Track IP Address

Track Browser Attacks Track Software and Script Attacks
Persistent Token Fingerprinting
Capacity to persist in all browsers including various HTTP communications.
privacy control features.




SMART PROFILE OF ATTACKER
Every attacker
assigned a name

Attacker Incident history
threat level




RESPOND AND DECEIVE

Human Botnet Targeted IP Scan Scripts
Mykonos Responses Hacker Scan &Tools
Exploits
Warn attacker 
Block user     
Force CAPTCHA     
Slow connection     
Simulate broken application     
Force log-out   
All responses are available for any type of threat. Highlighted responses are most appropriate for each type of threat.




SECURITY ADMINISTRATION

• Web-based console • SMTP alerting
• Real-time • Reporting (Pdf, HTML)
• On-demand threat information • CLI for exporting data into SIEM tool




UNIFIED PROTECTION ACROSS PLATFORMS

Internal
App Server Database

Virtualized

Cloud




WHY JUNIPER

Users Data Centers

Security Intelligence

Internal
Web Application Intrusion Content
Attack
Security Visibility Deception Security
Protection
Client
IPS Network
Security
FIrewall

Security Management



ARCHITECTURE:
SEPARATE DATA AND CONTROL PLANE
Shared Plane

Control Plane

Management

Interfaces

Module n
Routing
DOS & DDOS
ATTACKS
Management …
Routing
Kernel
Data

Data Plane
Packet Forwarding
DOS &
DDOS
Physical Interfaces ATTACKS

Attacks overwhelm the box Attacks can be thwarted
 Administrator loses management access—your  Under attack, administrator maintains management
network is down access to modify policy, disallow bad traffic, and
process good traffic—your network stays up




JUNIPER‟S VISION:
A CONSOLIDATED SECURITY PLATFORM

FW

VPN IDP

SIMPLIFIED
Firewall Management:
Security Design
 Increased automation
 Scale for thousands
of devices
 Consistent policies
02.445.16

NAT AppSecure




SRX SERIES AWARDS
SRX1400 Wins Best Security SRX650 Wins Best of Interop Award,
Hardware Product Category Infrastructure Category

SRX1400
SRX650

SRX210 Wins Tokyo Interop Grand SRX5600 Wins Grand Prix, Highest
Prix, Highest Honor for SMB Infrastructure Honor for Best of Show Awards

SRX5600

SRX210




INDUSTRY ACCOLADES
#1 UTM
Vendor

Feb 25, 2011

https://www.abiresearch.com/research/1006397?ll




ANALYST AND CUSTOMER RECOGNITION

“The foundational strength of the SRX family is Juniper’s new Dynamic Services Architecture, which allows a much more
intelligent sharing of resources among security services running on the gateway.”
Current Analysis, 2010

“Juniper’s maturing and expanding SRX family of security gateway appliances are threatening, because they deliver an
impressive combination of performance, functionality, and product family breadth.”
Andrew Braunberg, Current Analysis

“Juniper has consistently shown exceptional differentiation in terms of feature-set, performance and implementation
flexibility in a market that is getting increasingly crowded. It continues to excel as a value differentiator.”
Subha Rama, ABI Research

“The simplicity of Junos providing integrated routing, switching, and security, coupled with the automation that
Junos Space provides, is a nice value-add for CIOs who are constantly being asked to do more with less in a tighter
economic environment.” IDC
Link
“I can sum up Juniper Networks in three words: security, performance, and reliability.”

Rich Acevedo, Network Engineer, Romano’s Macaroni Grill

“One of the key aspects of the relationship with Juniper is their ability to listen to what the customer needs. We’ve developed
a long-term relationship. We have helped influence some of the evolution of the products and features that we as well as
other customers would see as a benefit.” Eric Walters, Network Manager, 7-Eleven



Soluciones de Seguridad para Banca & Finanzas

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (18)

Destaque

Destaque (20)

Semelhante a Soluciones de Seguridad para Banca & Finanzas

Semelhante a Soluciones de Seguridad para Banca & Finanzas (20)

Mais de AEC Networks

Mais de AEC Networks (18)

Último

Último (20)

Soluciones de Seguridad para Banca & Finanzas

Notas do Editor