Security Director Insights Overview
Security Director Insights is a single virtual appliance (Service VM) that runs on the VMware vSphere infrastructure. It facilitates automated security operations. It enables you to take effective actions on security events logged by Juniper Networks security products. The events that affect a host or events that are impacted by a particular threat source are presented by Security Director Insights from different security modules. These events provide instantaneous information about the extent and stage of an attack. Security Director Insights also detects the hosts and servers under attack by analyzing events that are not severe enough to block. The application contains an option to verify the incidents using your trusted threat intelligence providers. After you have verified the incidents, you can take preventive and remedial actions using the rich capabilities of our security products.
Reduce the number of alerts across disparate security solutions
Quickly react to active threats with one-click mitigation
Improve the security operations center (SOC) teams’ ability to focus on the highest priority threats
Security Director Insights Architecture
The Service VM provides the following functionality, as shown in Figure 1.
The Service VM works with the Security Director ecosystem. The Security Director Insights GUI is integrated into the Security Director GUI.
The Log Collector and Policy Enforcer are integrated within the Security Director Insights VM.