Coordinated Threat Control Overview
The Juniper Networks coordinated threat control solution requires deployment of both IDP Series and SA Series SSL VPN appliances.
When the IDP Series appliance detects a security event (be it a threat or any traffic that breaks an administrator configured policy), it can, in addition to blocking that threat, signal the SA Series appliance in real time.
The SA Series appliance then uses the information from the IDP Series appliance to identify the user session that is the source of the undesired traffic. It can take appropriate actions on the endpoint, such as notifying the administrator, terminating the user session, disabling the user account, or mapping the user to a quarantine role.
Administrators can configure the quarantine role to provide users with a lower level of access and inform them why they have been quarantined and what they should do next. During remediation, administrators can enforce additional endpoint security checks or push additional endpoint protection software.
