Security Intelligence and Fingerprinted Attackers
Rather than waiting until there has been a compromised host on your system, security intelligence information provided through Spotlight Secure Connector can enable the SecIntel system to filter traffic before an attacker even attempts contact with your network. With WebApp Secure, the information about a fingerprinted attacker from another network is distributed as part of the Spotlight Secure Connector feed, which makes it available to your SRX Series enforcement point. Figure 1 shows how SecIntel handles fingerprinted attackers.
Spotlight Secure delivers threat intelligence that identifies attacker fingerprints to Spotlight Secure Connector. Another instance of WebApp Secure identifies and collects the threat information, which is then uploaded to Juniper Networks to be analyzed and weighted. This amalgamated threat intelligence is then made available as a service to subscribers.
Spotlight Secure Connector makes the attacker fingerprint information available to security policies on the SRX Series enforcement point.
As the threat intelligence is updated on Spotlight Secure Connector, the SRX Series enforcement point can poll Spotlight Secure Connector to keep threat intelligence updated on the deployed security policies.
All traffic that matches the feed data is discarded or redirected. The SRX Series enforcement point security policies perform real-time enforcement.
Enforcement actions include discarding or redirecting network traffic that is identified as a threat. All threat events are logged by Log Director.
Web application traffic is protected.