Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Juniper Sky Advanced Threat Prevention License Types

 

Juniper Sky ATP has three service levels:

  • Free—The free model solution is available on all supported SRX Series devices (see the Supported Platforms Guide  ) and for customers that have a valid support contract, but only scans executable file types (see Juniper Sky Advanced Threat Prevention Profile Overview). Based on this result, the SRX Series device can allow the traffic or perform inline blocking.

  • Basic—Includes executable scanning and adds filtering using the following threat feed types: Command and Control, GeoIP, Custom Filtering, and Threat Intel feeds. Threat Intel feeds use APIs that allow you to injects feeds into Juniper Sky ATP.

  • Premium—Includes all features provided in the Free and Basic-Threat Feeds licenses, but provides deeper analysis. All file types are examined using several analysis techniques to give better coverage. Full reporting provides details about the threats found on your network.

Note

You do not need to download any additional software to run Juniper Sky ATP.

Table 1 shows a comparison between the free model and the premium model.

Table 1: Comparing the Juniper Sky ATP Free Model, Basic-Threat Feed, and Premium Model

Free Model

Basic-Threat Feeds Model

Premium Model

Management through cloud interface. Zero-on premise footprint beyond the SRX Series device.

Management through cloud interface. Zero-on premise footprint beyond the SRX Series device.

Management through cloud interface. Zero-on premise footprint beyond the SRX Series device.

Inbound protection.

Inbound protection.

Inbound protection.

Outbound protection.

Outbound protection.

Outbound protection.

C&C feeds.

C&C feeds.

GeoIP filtering.

GeoIP filtering.

Custom feeds

Custom feeds

Infected host based on C&C feed, but not malware hit

Infected host feed/endpoint quarantine

Threat Intelligence APIs only

All APIs including File/Hash

C&C protection with event data returned to the Juniper Sky ATP cloud.

Compromised endpoint dashboard.

Inspects only executable file types. Executables go through the entire pipeline (cache, antivirus, static and dynamic).

Inspects only executable file types. Executables go through the entire pipeline (cache, antivirus, static and dynamic).

No restrictions on object file types inspected beyond those imposed by the Juniper Sky ATP service. You can specify which file types are sent to service for inspection.

Executables, PDF files and Microsoft Office files (Word document, Excel, and PowerPoint) go through the entire pipeline (cache, antivirus, static, and dynamic).

Infected host blocking.

Infected host blocking.

Infected host blocking.

Reporting on malware blocked (counts only, no detailed behaviors exposed).

Reporting on malware blocked (counts only, no detailed behaviors exposed).

Reporting with rich detail on malware behaviors.

For more information on analysis techniques, see How is Malware Analyzed and Detected?. For additional information on product options, see the Juniper Sky ATP datasheet  .

For more information on this and premium license SKUs, contact your local sales representative.

Additional License Requirements

In addition to the Juniper Sky ATP license, you must have the following licenses installed on your devices for Juniper Sky ATP to work correctly:

  • SRX300, SRX320, SRX340 and SRX345 Series devices—Purchase the JSE bundle (which includes AppSecure), or purchase the JSB bundle and the AppSecure license separately.

  • SRX 550m Series devices—Purchase a bundle that includes AppSecure, or purchase the AppSecure license separately.

  • SRX 1500 Series devices—Purchase the JSE bundle (which includes AppSecure.)

  • SRX 5000 Series devices—Purchase a bundle that includes AppSecure, or purchase the AppSecure license separately.

  • vSRX—Purchase a bundle that includes AppSecure, or purchase the AppSecure license separately.