September, 2021 Release
New and Changed Features: September, 2021
- Advanced Strike Engine
- Support for New Third-Party Internet Service Feeds
- Support for Multiple Mist Deployments
- Deprecation of Malware Domain List Feeds
- Change in Update Interval for Adaptive Threat Profiling Feeds
Advanced Strike Engine
Starting in Junos OS Release 21.3R1, a new high performance malware inspection engine has been added to SRX Series Firewalls. The device can block a malicious file immediately inline when an advanced anti-malware (AAMW) policy is configured with the block action. This enhancement to Juniper ATP Cloud block mode is supported on HTTP, IMAP and, SMB protocols.
Starting in Junos OS Release 21.3R1, AAMW HTTP hash solution is deprecated.
Use the existing set services advanced-anti-malware policy
policy-name http action block
command to configure block
mode. To view the malware statistics, use the show services advanced-anti-malware
malware-db-statistics
operational command.
To view the malware signature details, log in to Juniper ATP Cloud Web portal and go to the following page:
- Monitor > File Scanning > HTTP File Downloads > Partial File.
- Monitor > File Scanning > Email Attachments > Partial File.
- Monitor > File Scanning > SMB File Downloads > Partial File.
[See Signature Details, advanced-anti-malware policy, and show services advanced-anti-malware statistics.]
Support for New Third-Party Internet Service Feeds
We’ve added new third-party Internet service feeds in addition to the existing office365 feeds. By default, the feeds are disabled in the Juniper ATP Cloud Portal. Log in to the portal and enable the new feeds at Configure > SecIntel Feeds.
Support for Multiple Mist Deployments
We now support multiple Mist deployments to a single region in Juniper ATP Cloud. You can select the Mist cloud to which you want to stream the security events. To select the Mist cloud, log in to Juniper ATP Cloud Portal, navigate to Configure > Global Configuration > Mist, and select the Target Mist Cloud from the drop-down list.
Deprecation of Malware Domain List Feeds
The third party IP threat feed, Malware Domain list is deprecated and hence it is no longer supported on Juniper ATP Cloud. If you had enabled this feed earlier, you will stop receiving the feed.
Change in Update Interval for Adaptive Threat Profiling Feeds
We've optimized the update interval for adaptive threat profiling feed in Juniper ATP Cloud. The SRX Series Firewalls will now receive the feeds 10 times faster than earlier releases.