Juniper Networks Software-Defined Secure Network (SDSN) Overview

The Juniper Networks Software-Defined Secure Network (SDSN) provides end-to-end network visibility, allowing enterprises to secure their entire network, both physical and virtual. Using threat detection and policy enforcement, an SDSN solution automates and centrally manages security in a multi-vendor environment.

• A threat detection engine—Cloud-based Sky ATP detects known and unknown malware. Known threats are detected using feed information from a variety of sources, including command control server and GeoIP. Unknown threats are identified using various methods such as sandboxing, machine learning, and threat deception.
• Centralized policy management—Junos Space Security Director, which also manages SRX Series Devices, provides the management interface for the SDSN solution called Policy Enforcer. Policy Enforcer communicates with Juniper devices and third-party devices across the network, globally enforcing security policies and consolidating threat intelligence from different sources. With monitoring capabilities, it can also act as a sensor, providing visibility for intra- and inter-network communications.
• Expansive policy enforcement—In a multi-vendor enterprise, SDSN enforces security across Juniper devices, cloud-based solutions, and third-party devices. By communicating with all enforcement points, SDNS can quickly block or quarantine threat, preventing the spread of bi-lateral attacks within the network.
• User Intent-Based Policies—Create policies according to logical business structures such as users, user groups, geographical locations, sites, tenants, applications, or threat risks. This allows network devices (switches, routers, firewalls and other security devices) to share information, resources, and when threats are detected, remediation actions within the network.

  More about User Intent-Based Policies

  With user intent-based policies, you manage clients based on business objectives or user and group profiles. The following are two examples of a user intent policy:

  • Quarantine users in HR in Sunnyvale when they’re infected with malware that has a threat score greater than 7.
  • Block any user in Marketing when they contact a Command and Control (C&C) server that has a threat score greater than 6 and then send an e-mail to an IT administrator.

  Using user intent-based policies allows network devices (switches, routers, firewalls and other security devices) to share information, resources, and when threats are detected, remediation actions within the network.

  Unlike rule-based policies, which can contain several rules, you can define only one set of parameters for each user intent-based policy defined on a device.

• It extends security to each layer of the network, including routers, switches and firewalls.
• It provides dynamic, automated threat remediation.
• It provides central policy and security management.
• It works within a muli-vendor ecosystem.

Related Documentation

• Understanding Juniper SDSN for VMware NSX Integration(Micro-segmentation via vSRX Integration with NSX Manager and Junos Space Security Director)
• Policy Enforcer Overview
• Policy Enforcer Components and Dependencies