Security Intelligence and Undesired Locales
Identified locations and their associated IP addresses can be profiled within a Spotlight Secure GeoIP data feed. In the event of fraudulent activity or known illegal traffic that is sourced from a particular geography, SecIntel can filter network traffic based on the location of a host. You can base packet filtering on blocks of IP addresses that have been identified and attributed to a particular geography. Figure 1 shows how SecIntel handles threats based on locales.
Spotlight Secure delivers threat intelligence that identifies geographic locations that pose a threat to network security to Spotlight Secure Connector. Another instance of WebApp Secure identifies and collects the threat information, which is then uploaded to Juniper Networks to be analyzed and weighted. This amalgamated threat intelligence is then made available as a service to subscribers.
Spotlight Secure Connector makes the information available to security policies on the SRX Series enforcement point.
As the threat intelligence is updated on Spotlight Secure Connector, the SRX Series enforcement point can poll Spotlight Secure Connector to keep security policy threat intelligence updated on the deployed security policies.
All traffic that matches the feed data is discarded or redirected. The SRX Series enforcement point security policies perform real-time enforcement.
Enforcement actions include discarding or redirecting network traffic that is identified as a threat. All threat events are logged by Log Director.
Web application traffic is protected.