Use Case Overview
Coping with a Changing Threat Landscape
Coping with today’s broad and evolving threat landscape requires threat intelligence and immediate threat enforcement, as well as a method of providing a simpler policy mechanism across multivendor security environments.
The paradigm is changing from traditional perimeter security defenses to end-to-end security solutions that can deliver comprehensive yet coordinated protection by:
Integrating and deploying advanced security features to protect systems and data from spyware, viruses, malicious code, denial-of-service attacks, and so on.
Enabling every part of the network to be both a detection and enforcement point, to respond to suspicious activity anywhere in the network, which is the most effective way to deal with threats and intruders.
Closing the gap between threat intelligence and enforcement, because threat intelligence loses most of its value if it is distributed too slowly, or if it does not reach all of an enterprise’s enforcement points.
Using policy automation to adapt and enforce policy in real time, improving both compliance and business agility.
Centralizing the security policy engine so that it can determine trust levels between network segments by collecting real-time threat information and creating a unified security policy, with distributed new policies implemented in real time from a central location.
Providing the centralized management capabilities critical for regulatory compliance, reducing costs, and streamlining operations.
Securing the Network with Juniper Connected Security Building Blocks
The Juniper Connected Security solution provides end-to-end network visibility, allowing enterprises to secure their entire network, both physical and virtual.
Juniper Connected Security solution is comprised of the following components:
Threat detection engine—Cloud-based Sky ATP detects known and unknown malware. Known threats are detected by consolidating threat feed information from a variety of sources—command and control (C&C) servers, GeoIP, and information acquired from in-house log servers.
Unknown threats are identified using methods such as sandboxing, machine learning, and threat deception.
Centralized policy management—Junos Space Security Director, which also manages SRX Series devices, provides a management interface for the Juniper Connected Security solution called Policy Enforcer. Policy Enforcer communicates with Juniper devices and third-party devices across the network, globally enforcing security policies and consolidating threat intelligence from different sources. With monitoring capabilities, it can also act as a sensor, providing visibility for intra- and inter-network communications.
Expansive policy enforcement—In a multivendor enterprise, Juniper Connected Security enforces security across Juniper devices, cloud-based solutions, and third-party devices. By communicating with all enforcement points, Juniper Connected Security can quickly block or quarantine threats, preventing the spread of bi-lateral attacks within the network.
User intent-based policies—Juniper Connected Security supports the creation of policies according to logical business structures, such as: users, user groups, geographical locations, sites, tenants, applications, or threat risks. This allows network devices (switches, routers, firewalls, and other security devices) to share information, resources, and when threats are detected, remediation actions within the network.
The Juniper Connected Security solution provides the following benefits:
Provides dynamic, automated threat remediation—Juniper Connected Security accurately detects known and unknown threats and delivers the ability to rapidly block or quarantine threats to prevent north-south or east-west threat propagation.
Extends security to each layer of the network—Juniper Connected Security uses an inside-out security model because it leverages any network element as an enforcement point and then dynamically enforces security policy with software-defined segmentation designed to provide robust security.
Works within a multivendor ecosystem—Juniper Connected Security adopts an open, multivendor ecosystem to detect and enforce security across Juniper products and solutions. Juniper Connected Security integrates third-party capabilities, enabling users to leverage existing, trusted threat feed sources to provide consistent, automated defense across diverse environments. An open architecture and suite of APIs enable you to select your preferred threat intelligence information sources and remediate across a multivendor network infrastructure.
The Juniper Connected Security solution also enforces threat prevention policies on third-party devices by integrating with 802.1X network access control (NAC) solutions such as Cisco Identity Services Engine (ISE), Aruba ClearPass, and ForeScout CounterACT. This provides a collaborative and comprehensive approach toward complete network security.
Provides centralized policy and security management—Juniper Connected Security communicates with network elements and security products to globally enforce security policies and enables security policy administration through a single pane of glass. This reduces administrative overhead and facilitates a faster, more manageable approach to security as the network grows .