About Security Intelligence

Security Intelligence describes a security solution comprised of several Juniper Networks security products. An essential part of the solution is the Spotlight Connector which is a virtual appliance. The Spotlight Connector is an on-premise component which serves as an intermediary between the SRX series and various sources of security intelligence feeds. The Spotlight Connector publishes the submitted threat data as a standard feed to the SRX series device for automatically filtering traffic on both network and application layers.

WebApp Secure contributes to the effectiveness of Security Intelligence by publishing attacker information to the Spotlight Connector. The Spotlight Connector can then determine SRX series security actions to take against known attackers and publish these actions to SRX series devices.

Note: In the WebApp Secure Web UI, under the Juniper Spotlight menu item, you can choose to enable Spotlight Secure and/or Spotlight Connector if you are using these services. Both are part of Security Intelligence, although they are different types of services. Spotlight Secure provides a database of known attackers to WebApp Secure for use throughout the appliance. See About Spotlight Secure for more information.

In overview, the flow of information between components is as follows:

• WebApp Secure sends IP addresses and session cookies to the Spotlight Connector.
• For each IP address or cookie, WebApp Secure suggests a threat level (1-10)and a time-frame (TTL) in seconds.
• The SRX series reads the updated feeds from the Spotlight Connector, including the WebApp Secure attacker feed, and takes the configured actions.

Figure 54: WebApp Secure-Spotlight Connector Data Flow

Related Documentation

• Enable the Spotlight Connector Service
• Spotlight Connector Session Cookies and Locations
• About Spotlight Secure
• Enable Spotlight Secure