Taking IPS to the Next Level
Traditionally, Intrusion Prevention
Solutions (IPS) had a singular role: block attacks and malicious
network traffic. But while organizations continue to rely on
IPS to do just that, more and more enterprises are finding that
controlling malicious traffic is half the battle - what is needed
is a means to exert control over which applications are used
and the data that is transmitted over the network. In fact,
the ability for an organization to define which applications
and their associated traffic are considered malicious, and how
they will be treated by the network, requires the next level
of IPS capabilities- capabilities that enable the intelligent
setting of policy and application prioritization for greater
network and application visibility.
"It's no longer good enough to keep bad things off the network,"
explains Sanjay Beri, director of product management for Juniper
Networks' Security Products Group. "Now enterprises must take
traditional IPS capabilities and do more. Addressing the grey
area applications within organizations requires visibility and
the ability to answer the questions: who's using the application
and why? Once we know that, we can stop or rate limit the application
so it doesn't affect business critical applications on the network."
The Grey Area
Of course, each organization must have the ability to determine
what is a business-critical application and what falls into
the grey area between threats and business-critical. For example,
the use of Instant Messenger (IM) applications or a music server
themselves may be considered benign by some enterprises. However,
if usage of these applications can introduce malware into the
network or impact network bandwidth of critical business applications
such as VoIP solutions or databases, these benign applications
could be redefined as threats to accepted business practices.
Ideally, organizations would be able to form security policies
using knowledge of the applications that fall within this grey
area, its users and impact on the network resources. The next
level of IPS must include the ability to create policies for
access to network resources and bandwidth allocations, as well
as the ability to dynamically determine when an "acceptable"
application begins to affect business critical applications.
The IPS solution must be able to block usage of applications
deemed outside of accepted business practices or have the flexibility
to limit their bandwidth usage.
Even if enterprises have the ability to offer granular level
of control, they can only provision their networks effectively
if they know what is running in their network. The next level
of IPS capabilities must go beyond the low-level network information
available from traditional IPS products to deliver application
awareness that helps to answer the questions: What applications
are running on the network? Who's running them? And who's using
them?
Read More
Add Online Web Conferencing with the Secure Meeting Option for
Juniper SSL Appliances
End-of-Life Product Announcements
Get Prepared with Juniper's New ICE (In Case of Emergency) SSL
VPN Solution!
New 5GT Remote Installation Service
Unified Access Control - The Buyer's Guide
High-availability
White Paper Details Importance of Application Acceleration Solutions
A new white paper describes the importance
of high-availability networks and details the critical role
that application acceleration solutions play in such environments.
The white paper, entitled "Essential
It Guide: Ensuring Highly Available Access to Business-critical
Applications," provides some historical background on high-availability
networks and outlines the risks and requirements involved in
ensuring application availability, particularly to branch and
remote offices in today's centralized environment. The
paper then defines how the Juniper WX and WXC application acceleration
platforms can help businesses deliver reliable, accelerated
application availability throughout the distributed enterprise.
Firewall Resource Centre
Thinking about upgrading your
Firewall? - Put Juniper's Competitive Trade-Up promotion to
work!
Now when you trade in your old competitive vendor routing and
security products, you can get a great discounted rate through
Juniper's Trade-Up Program. To find out more - visit
Competitive Trade-Up site.
Already a Juniper Firewall Customer? - Take advantage
of our Loyalty Discount!
If you're already a Juniper customer and want to upgrade to
a new SSG - we'll give you an EXTRA 10% loyalty discount*!..
you don't even have to remove your existing products!
To find out if you're eligible - Contact your Reseller or
us
and we'll help you get the most out of Juniper.
Not sure? - Why not use our
Firewall Resource Centre site to learn all about Junipers
Firewall solutions and decide for yourself?
* Only one promotion can be applied per customer purchase.
Acorn Customer Service Integration
Complete; CTP-series Now Supported in CSC
Juniper Networks has completed
the integration of all of the Acorn support tools, applications,
content and software downloads. To navigate the CSC, simply
choose your product from the CSC "Support by Product" menu interface.
Juniper Networks will continue to keep the legacy Acorn Support
Portal online for former Acorn Support users but recommend that
registered users use the CSC now to gain familiarity with it
as on June 1, 2006, the Acorn Support Portal will be retired.
Complete Acorn-to-Juniper Customer Service transition information
can be found
here.
Read More Juniper Networks News >
New Forest
District Council Provides Councillors with Secure Remote Access
from any Location
"The
key reason the council began to look for a secure remote application,"
explained Paul Fleetwood, Technical Consultant ICT Services
for the New Forest District Council, "was purely
for our councillors who worked remotely but needed regular access
to central information." All councillors require
access from home, because although there are rooms within the
Town Hall that the councillors can use, they don't have offices
as such and are based from home in their own district.
In the past, councillors had dial-up Internet access but this
was too slow and unreliable. When broadband became
available in the district, many of them moved onto that, as
it had the advantage of fixed costs and faster access, but,
at that time, the councillors could only email
each other, and had lost access to shared corporate network
resources such as group calendars, meeting scheduling
etc. For security reasons, network managers have had to restrict
which corporate network resources can be accessed remotely.
As time progressed, councillors wanted to be able to do more
tasks remotely, for instance be able to refer to notes of meetings,
and check on the progress of residents' complaints on a range
of council services – but the security risk continued to be
a "show stopper".
"We were looking for something
that would allow a councillor using broadband to connect to
our network in a secure and relatively simple way. We had councillors
on broadband just using POP3 email, and we needed to get them
connected into the council network so they could use our email
and other corporate applications. "We scanned the market for
a product which would allow us to provide flexible and secure
remote access economically and spotted the Juniper Networks
Secure Access 1000 appliance on the Internet – it looked too
good to be true, to be honest – it appeared to be able to do
everything we needed.
To read the full case study, please click
here.
Recent Press Releases
Juniper Networks Joins Microsoft SecureIT Alliance
Juniper Networks Bolsters Intrusion Prevention and Security
Management with Enhanced Application Visibility and Control
Juniper Networks Continues to Lead in Key Security Technology
Markets
Aruba Networks Teams with Juniper to Deliver Secure Enterprise
Mobility Solutions
Adecco Mexico Secures and Assures Distributed Infrastructure
with Juniper Networks Security Appliances
Cedarcom Deploys Comprehensive Juniper Solution to Enable Core
IP Network
MagnaChip Semiconductor Standardizes on Juniper Networks for
Secure Remote Access
End-of-Life Notification for Juniper
Networks IDP 3.0 Release (Software)
Juniper Networks is reiterating the End-of-Life
(EOL) notification for the attack object update service for
Juniper IDP 3.0. The last attack object update for IDP 3.0 will
be no later than December 15, 2006. An announcement of the EOL
for IDP 3.0 was made in March 2006 and details are available
here. To continue to receive regularly and emergency updates,
Juniper recommends IDP 3.0 customers to upgrade to IDP 3.2,
which provides a suite of new features that increase accuracy
and usability.
Further, to minimize future management
upgrade disruptions, Juniper highly recommends IDP 3.0 customers
to upgrade to the latest IDP 4.0, which supports Juniper’s definitive
NetScreen-Security Manager NSM 2006.1 and introduces significant
administrative control, policy management and investigative
tool enhancements for IDP customers for the first time. For
more information on IDP 4.0 and NSM, please click
here. These upgrades are available to existing customers
free of charge.
Product End-of-Service (EOS) Announcements
Visit the Juniper Support
End-of-Life page for specific product milestones and dates.
Improved Serial Number Entitlement
(SNE) Tool Now Available in the Juniper Customer Support Center
(CSC)-Check it Out!
As part of our commitment to online support
excellence and based on feedback from our users, we have enhanced
the SNE Tool to provide more robust functionality, reports and
web usability including:
- Search entitlement by CONTRACT ID in addition to current
search by serial number
- Customers can send email or export data which will be
in MS Excel format
- Improved User Interface
You can find the enhanced SNE Tool
here. Make sure to log into the CSC to access the tool!
Please also take a moment to tell us what you think via the
online feedback link at the top of the
SNE homepage.
Tools/Collateral Updates
New Flash Demo Highlights Application
Acceleration Solutions A new Flash demonstration highlighting
Juniper's application acceleration solutions is now available.
The five-minute demo provides a high-level overview of the Juniper
application acceleration solutions, including the DS and the
WX/WXC platforms. It begins with a description of how the conflicting
trends of globalization and server centralization are impacting
business, followed by introductions to the DX and WX/WXC product
families and how they improve the delivery of mission-critical
applications from the data center and over the WAN, respectively.
The demo can be downloaded
here.
Updated NetScreen-Security Manager
Feature Brief
Read about all the latest features in
the recently released NetScreen-Security Manager 2006.1 including
new Juniper Networks IDP management functionality with the release
of NSM 2006.1 in this
Feature Brief.
Mobile Phones and PDAs and Secure Access SSL VPN = Mobility!
Increase productivity with secure mobile phone and PDA access
capabilities for your remote employees, partners and customers
with Juniper Networks Secure Access SSL VPN! Read more in the
new "Step
Up Your Business Success with Secure Access SSL VPN" Solution
Brief.
IDC's Security Conference 2006
24th August 2006, Hyatt, Zurich, Switzerland
The Secure Enterprise
As organizations struggle to gain control over their information
security - from inside the enterprise core infrastructure, extending
out to anyone, anywhere, any device connectivity - their need
to better understand what constitutes a secure environment for
their company is becoming a top priority. IDC's Security Conference
Security will provide attendees insight into defining the issues
and risks at stake, learn about how to get security messages
out to all part of the organization ad tech best practices for
network. Speaker: Dirk Pfefferle, Area Vice President Enterprise
for Central and East Europe. To register, please click
here.
IT-Security Partner Solution Days
19th September 2006, Bad Homburg
21st September 2006, Düsseldorf
26th September 2006, Munich
IT-Security Partner Solution Days is a high class congress
organized by IT-Business Academy. It will be held in three different
cities in Germany and about 400-500 attendees are expected.
The participants get the opportunity to have an overview of
the most recent solutions and the newest technologies thanks
to keynotes, workshops and individual expert talks. Juniper
Networks will present the Enterprise Infranet, the framework
for integrated IT-security including information on endpoint
security and secure and assured networking. For more information
please click
here or contact Monika Guertl at
mguertl@juniper.net.
If you prefer not to receive this newsletter from Juniper Networks,
please click
here.
To update your profile and contact information, please click
here.
We invite you to forward this newsletter to your associates.
Copyright © 2006, Juniper Networks, Inc.
All rights reserved. Juniper Networks is registered in the U.S.
Patent and Trademark Office and in other countries as a trademark
of Juniper Networks, Inc. ERX, ESP, E-series, Internet Processor,
J-Protect, JUNOS, JUNOScript, JUNOSe, M5, M7i, M10, M10i, M20,
M40, M40e, M160, M320, M-series, NMC-RX, SDX, T320, T640, and
T-series are trademarks of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks, or registered
service marks are the property of their respective owners. All
specifications are subject to change without notice.
Juniper Networks assumes no responsibility for any inaccuracies
in this document. Juniper Networks reserves the right to change,
modify, transfer, or otherwise revise this publication without
notice.
|
