Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Security Director Cloud Insights Overview

Security Director Cloud Insights facilitates automated security operations. It enables you to take effective actions on security events logged by Juniper Networks security products and third party security products. Security Director Cloud Insights displays events that affect a host or events that are impacted by a particular threat source from different security modules. These events provide instantaneous information about the extent of an attack. The application contains an option to verify the incidents using your trusted threat intelligence provider. After you have verified the incidents, you can take preventive and remedial actions using the rich capabilities of our security products.

Benefits

  • Reduce the number of alerts across disparate security solutions.

  • Quickly react to active threats with one-click mitigation.

  • Improve the security operations center (SOC) teams’ ability to focus on the highest priority threats.

Security Director Cloud Insights Architecture

Figure 1: Security Director Cloud Insights Architecture Security Director Cloud Insights Architecture

Security Director Cloud Insights collector collects and aggregates SRX logs and the third party logs. Some of the features in Security Director Cloud uses the SRX logs. You can monitor the incidents and mitigate the events based on your network requirements.

Security Director Cloud Insights receives SRX logs from Juniper Secure Edge or Juniper SRX firewall that are managed by Security Director Cloud. If you have third party security products, then Security Director Cloud Insights receives logs from third party security products. Security Director Cloud Insights correlates the security application logs to tell you what are the most important security incidents in your organization. Security Director Cloud ingests all the security events from different sources and provides unified view to the users.

Security Director Cloud Insights supports the following log collector types:

  • Cloud collector—Enable the cloud collector if you receive SRX logs from Juniper Secure Edge or Security Director Cloud managed SRX firewalls. By default, the cloud collector is enabled.

  • On-premises collector—If you have a third party log source, such as McAfee, you can deploy Security Director Cloud Insights on-premises collector. You can redirect the output from third party security products to Security Director Cloud Insights on-premises collector. Logs are then filtered and sent to Security Director Cloud.

    If you have any third party security product, you’ll need to download Security Director Cloud Insights on-premises collector OVA file from the download site and deploy. See Deploy and Configure Security Director Cloud Insights On-premises Collector.