Juniper Apstra Demo: Threat Detection with Flow Data

0:00 [Music]

0:08 Juniper abra's flow data feature is a

0:10 robust multivendor solution for

0:12 collecting and analyzing data center

0:14 Network flow traffic in this demo I'll

0:17 be focused on this solution's impressive

0:20 threat detection capability it detects a

0:23 wide range of potential threats

0:25 including dods attacks port scan or

0:28 Recon Brute Force attempts

0:30 malicious or unusual activity and S

0:33 flood dods

0:35 attacks this is a demo topology with

0:38 just two servers and two

0:40 leaves which is connected to a single

0:43 spine what I'm going to do is send a

0:46 large number of SSH sessions repeatedly

0:49 from server 2 to server one so it will

0:51 Traverse all these devices we'll use H

0:55 ping 3 by simulated repeated SSH

0:58 attempts on our server it will appear

1:00 very similar to a Brute Force password

1:03 guessing attempt so here we

1:07 go after we kick off that hping it is

1:10 going to send repeated SSH attempts to

1:13 our server we'll let that run a bit and

1:16 now that hping has sent a number of SSH

1:19 connections we now see that we have lit

1:21 up this

1:25 screen this shows that abstra flow has

1:28 detected these attempted sessions and

1:30 you can also see here that it shows you

1:32 our source and destination so this is

1:34 the server that I sent the hping from to

1:37 our second server and you can see that

1:39 flow has detected nearly 4,000 attempts

1:43 if we refresh we'll see that number

1:45 climb even

1:46 higher at this point to nearly 7,000 a

1:51 clear indication of suspicious activity

1:54 threat detection is another great

1:55 feature of flow as it helps you diagnose

1:58 issues and detect security anomalies in

2:00 your data center fabric thanks for

2:04 [Music]

2:10 watching