Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Sky ATP Configuration Type Overview

 

Sky ATP or JATP with Policy Enforcer can be used in four different configuration types, which will be explained here.

Note

The license you purchase determines if you can use the available configurations and feature sets for your selected Sky ATP Configuration Type.

Configuration Type is set here in the UI: Administration > Policy Enforcer > Settings.

The following Sky ATP Configuration Types and corresponding workflows are available. Workflows are the items you configure for each selection.

Sky ATP or JATP with Juniper Connected Security—This is the full version of the product. All Policy Enforcer features and threat prevention types are available.

Here is the Sky ATP with Juniper Connected Security workflow:

  • Secure Fabric

  • Policy Enforcement Group

  • Sky ATP Realm

  • Threat Prevention Policies for the following threat types:

    • C&C Server

    • Infected Hosts

    • Malware

    • Geo IP

Here is the JATP with Juniper Connected Security workflow:

  • Secure Fabric

  • Policy Enforcement Group

  • Threat Prevention Policies for the following threat types:

    • C&C Server

    • Infected Hosts

    • Malware

    • Geo IP

Sky ATP or JATP—This includes all threat prevention types, but does not include the benefits of Secure Fabric, Policy Enforcement Groups, and Threat Prevention policies provided by Policy Enforcer. All enforcement is done through SRX Series Device policies.

Here is the Sky ATP workflow:

  • Sky ATP Realm

  • Threat Prevention Policies for the following threat types:

    • C&C Server

    • Infected Hosts

    • Malware

    • Geo IP

Here is the JATP workflow:

  • Threat Prevention Policies for the following threat types:

    • C&C Server

    • Infected Hosts

    • Malware

    • Geo IP

Cloud feeds only—The prevention types available are command and control server, infections hosts, and Geo IP feeds. Policy Enforcer Secure Fabric, Policy Enforcement Groups, and Threat Prevention policies are also available. All enforcement is done through SRX Series Device policies.

Here is the Cloud feeds only workflow:

  • Secure Fabric

  • Policy Enforcement Group

  • Sky ATP Realm

  • Threat Prevention Policies for the following threat types:

    • C&C Server

    • Infected Hosts

    • Geo IP

No Sky ATP (no selection)—You would make no Sky ATP selection to configure Juniper Connected Security using custom feeds. Custom feeds are available for dynamic address, allowlist, blocklist, and infected hosts. With this setting, there are no feeds available from Sky ATP, but the benefits of Secure Fabric, Policy Enforcement Groups, and Threat Prevention policies provided by Policy Enforcer are available. Infected hosts is the only prevention type available.

Here is the No selection workflow:

  • Secure Fabric

  • Policy Enforcement Group

  • Custom Feeds

  • Threat Prevention Policies for the following threat type:

    • Infected Hosts

Note

Moving between configuration types is not supported in all cases. You can only move from one Sky ATP Configuration Type to a “higher” configuration type. You cannot move to a lower type. Please note the following hierarchy:

  • Sky ATP or JATP with Juniper Connected Security (highest)

  • Sky ATPor JATP

  • Cloud feeds only

  • No Sky ATP or JATP- No selection (lowest)

For each configuration type, certain features and UI pages are available. Please see the links below for details.