Administration Portal Help Center Product Info Getting Started FAQs Release Notes
 
Product Info
Getting Started
FAQs
Release Notes
Table Of Contents  

Sky Advanced Threat Prevention Overview

Juniper Networks Sky Advanced Threat Prevention is a security framework that protects all hosts in your network against evolving security threats by employing cloud-based threat detection software with a next-generation firewall system.

Figure 1: Sky Advanced Threat Prevention Overview

Sky Advanced Threat Prevention Overview

Sky Advanced Threat Prevention protects your network by performing the following tasks:

The Web UI is hosted by Juniper Networks in the cloud. The tabs across the top of the web UI provide workspaces in which an administrator can perform specific tasks. Table 1 shows the names of the tabs along with brief descriptions of what is accessible in that workspace.

Table 3: Tabs and What Their Workspaces Access

Tab Name

Accesses

Dashboard

Provides graphical widgets that can be added, removed, and rearranged on a per-user basis. These widgets offer each user a customized view of malware detection categorized in a variety of ways.

Monitor

Provides information on the following:

  • Malware detection status for registered hosts
  • C&C servers that have attempted to contact and compromise hosts on your network.
  • Files downloaded by hosts that are suspicious

Devices

Lists all devices that have been registered with Sky ATP. From here you can:

  • Enroll new devices
  • Disenroll devices
  • Search for devices in the list by their serial number

Configure

Configure the following:

  • Whitelists—Add your own trusted IP addresses, URLs, and domains to the global items in the whitelist.
  • Blacklists—Add your own untrusted IP addresses, URLs, and domains to the global items in the blacklist.
  • Devices profiles—Group types of files to be scanned together under a common name.

Administration

Edit your user profile and create new user profiles. You can also:

  • Change user passwords
  • Set a global alert threshold level, which when reached, triggers an alert to all listed e-mail addresses

Sky Advanced Threat Prevention Features

Sky Advanced Threat Prevention is a cloud-based solution. Cloud environments are flexible and scalable, and a shared environment ensures that everyone benefits from new threat intelligence in near real-time. Your sensitive data is secured even though it is in a cloud shared environment. Security analysts can update their defense when new attack techniques are discovered and distribute the threat intelligence with very little delay.

In addition, Sky Advanced Threat Prevention offers the following features:

Sky Advanced Threat Prevention Components

The following table describes how the components of the Sky Advanced Threat Prevention solution work together.

Table 4: Sky Advanced Threat Prevention Components

Component

Description

Security intelligence cloud feeds

A feed distribution point that delivers feeds to the SRX Series device. These include:

  • C&C
  • Compromised hosts
  • GeoIP
  • Whitelists and blacklists

C&C feeds are essentially a list of servers that are known Command and Control servers for botnets. The list also includes servers that are known sources for malware downloads.

Compromised hosts, or infected hosts, indicate local devices that are potentially compromised because they appear to be part of a C&C network or exhibit other symptoms.

GeoIP feeds is an up-to-date mapping of IP addresses to geographical regions. This gives you the ability to filter traffic to and from specific geographies in the world.

A whitelist is a list of known IP addresses that you trust, and a blacklist is a list that you do not trust.

Note: C&C and GeoIP filtering feeds are only available with a Premium license. For information on licensed features, see Sky ATP Licensing.

SRX Series device

Submits extracted file content for analysis and detected C&C hits inside the customer network.

Performs inline blocking based on verdicts from the analysis cluster.

Malware inspection pipeline

Performs malware analysis and threat detection.

Internal compromise detection

Inspects files,metadata, and other information.

Service portal (Web UI)

Graphics interface displaying information about detected threats inside the customer network.

Configuration management tool where customers can fine-tune which file categories can be submitted into the cloud for processing.

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:          
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit