Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Automated Threat Remediation for the Enterprise

This use case deploys Juniper Connected Security for an enterprise and illustrates how to secure your network.

Protecting the Campus and Branch

Maintaining reliable and secure campus and branch networks is vital to organizations. With the proliferation of mobile devices and cloud services, securing them has become a fundamental strategic part of enterprise cybersecurity.

Threat remediation is comprised of 2 parts:

  • Threat detection

  • Enforcement

Threat Detection

Figure 1: Advanced Threat Prevention Cloud OverviewCybersecurity architecture diagram showing data flow: Inputs include CnC Geo IP feeds, customer feeds, and JSA/SIEM to Advanced Threat Protection Cloud, outputting to Juniper Connected Security Policy Enforcer for network protection.

Advanced Threat Prevention Cloud (ATP Cloud) receives threat intelligence and detects threats from these sources:

  • ATP Cloud feeds, where zero-day and known malware can be detected.

  • Custom and third-party feeds, where custom blacklists, whitelists, infected hosts, dynamic addresses, and DDoS threats can be detected.

  • Command & Control (C&C) and Geo IP feeds, where botnet traffic and geo-specific security controls can be detected.

The Juniper Connected Security Policy Controller (comprised of Security Director and Policy Enforcer) controls and enforces threat remediation policies across the network framework (firewalls, routers, and switches). The JSA Series Secure Analytics Appliance (physical and virtual) feeds into the Juniper Connected Security Policy Controller.

Enforcement

Figure 2: Juniper Connected Security Enforcement in a Branch Network OverviewNetwork topology diagram for a branch office showing internet connectivity via a cloud, SRX Series Cluster firewall, core switches, access layer switches, end-user devices, and a blocked laptop.

With information learned from threat detection, Policy Enforcer automatically updates security policies in the campus and branch with dynamic address entries and deploys new enforcement to the following network levels:

  • Security and firewall level: Juniper Networks SRX Series devices

  • Core and distribution level: Juniper Networks MX/vMX Series routers

  • Access level containing the following switches:

    • Juniper Networks EX Series and QFX Series switches

    • Access switches configured with third-party connectors, such as ForeScout CounterACT

Figure 3: Threat Remediation = Threat Detection + EnforcementNetwork security architecture with Juniper Networks: Internet connects to branch network via SRX Series Cluster firewalls. Juniper ATP Cloud analyzes threats. Connected Security Policy Enforcer integrates third-party systems and uses API calls for security. RADIUS server manages device authentication. A blocked laptop indicates a threat.

Juniper Connected Security protects the campus and branch physical network by performing real-time remediation of infected hosts and prevents infected end points from moving across different parts of the network. By reducing the time to remediate threats, the amount of time that the network is exposed to attacks is reduced.