Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
Kappa Data 2020
Build a Software-Defined Network to Defend your
Business
Filip VanierschotSystems Engineer
Software Defined Secure NetworksJuniper’s Innovation in Secure Networks
Filip Vanierschot – Systems [email protected]
Juniper Facts
A History Of Innovation
Why is security important?
• Hybrid cloud deployments
growing
• Device proliferation and
BYOD
• IoT
• Zero day attacks
• Advanced, persistent,
targeted attacks
• Adaptive malware
• Virtualization and SDN
• Applications, data,
management in the cloud
• Application proliferation
Security is in Transformation
INFRASTRUCTURETHREAT SOPHISTICATION CLOUD
Causing Network Security Complexity
Centralized DHCP and
other services
DataLoss Prevention
Inline Anti Prevention
ApplicationSecurity
UnifiedThreatManagement
Firewalls
App Servers
Core
LAG
Inline Intrusion Prevention
Multi-vendor, multi-vector solutions deployed
Layered on top of the network
Security tools lagging behind attacker ingenuity
Unmanaged risk to business outcomes and operations
Demanding Software Defined Secure Networks
Global Policy Orchestration, Policy Engine
Open and Unified Threat Detection
Dynamic, Automated Enforcement
IDSDeception Sandbox
AV NGFW
AnalyticsIPS NAT
Uncoordinated and firewall focused
Orchestrated, holistic system encompassing security + infrastructure
Assembling the parts into a solution
PERIMETER
&
ENDPOINT
BASED
HW
MANUAL
CONFIG.
ORIENTED
CLOSED,
SILO
OVERLAYS
PERVASIVE
SW/CLOUD
DEFINED
AUTOMATED
USER
INTENT
OPEN,
STANDARDIZED
Network Configuration
Device/Platform specific configurations
Tough to automate, challenging compliance
Islands of Management
User Intent Policy
User Intent Based Policies
Native automation and compliance support
Comprehensive Security
Users SitesDevices Applications Meta Data
AD CMDB vCenter Custom
ExtensibilityAutomation
Access ControlThreat Prevention
Compliance
Firewall
Rule
Tables
Access
Control
Lists
Routing Tables
& SDN Service
Chains
IP MAC Proto Port
Private Public
SDSN User Intent Policy Model Example
Manual Threat Workflows
Threat Detection Enforcement Delays
Vendor specific threat feeds
Multiple Teams
Threat Management Automation
Automation across Network & Security
Open API and 3rd Party Threat Feed Collation
Cohesive Threat Management System
SDSN – Threat Management Automation Example
Incident Response
Net-Sec Operations
EndpointSecurity
Malware Found
TKT
TKT
Feed
Feed
Software Defined Secure Networks Strategy
Leverage entire network and ecosystem for threat intelligence and detection
Utilize any point of the network as a point of enforcement
Dynamically execute policyacross all network elements including third party devices
Bottoms Up and Top Down Approach
Your Enterprise Network
ThreatIntelligence
Enforcement
Detection
Enforcement
Detection
Cloud-based Threat Defense and Open Intel Platform
Dynamic and Adaptive Policy Engine
Policy
Campus
&
Branch
DCPublic
CloudPrivate
Cloud
Juniper’s Software Defined Secure Network (SDSN) PlatformPervasive, Automated, Intent-driven
ENFORCEMENTAutomatically enforce policy across the infrastructure in site-locations and cloud
DETECTIONUnify threat intelligence from multiple sources
POLICYCreate and centrally manage policy with an intent-based system
Sky ATPMachine
Learning,
Analytics, Threat
Feeds
JSA Analytics, Security Director, Policy Enforcer
Visibility, Correlation, Automation, EnforcementPOLICY
Third Party Networking & Security
ENFORCEMENT
DETECTIONSRX / vSRX / cSRXNG Firewalls: Physical & Virtual
MX & PTX Routers
EX & QFX Switches
DETECTION
DETECTION
UTM & IPSMultiple layers of
sensing and detection
technologies
Infrastructure as a Secure Fabric
Third Party
Juniper’s Software Defined Secure Network (SDSN) Platform
AutomationArtificial
Intelligence
Malware Example
SDSN vs. Malware
Automation
Sky
Advanced
Threat Prevention
Device Quarantined
SDSN Simplified: Network As a Firewall
Sandboxw/Deception
StaticAnalysis
ATP
Sky Advanced
Threat Prevention Cloud
Security Director + Policy Enforcer
Policy Enforcement, Visibility, Automation
SRX Physical Firewall
vSRXVirtual Firewall
MX Routers*
EX & QFX Switches
Third Party Elements*
DETECTION
POLICY
Detection(Machine Learning)
Centralized
policy push
EnforcementMulti-cloud
1 2
34
Network asa Firewall
DETECTION
ENFORCEMENT
SDSN Portfolio
Branch Campus Data Center Service Provider
SRX5800SRX5600SRX300 SRX1500SRX500 SRX4100 SRX4200 SRX5400
1RU5Gb/s
1RU20Gb/s
1RU40Gb/s
5RU480Gb/s
8RU960Gb/s
2RU5.5Gb/s
vSRX
4Gb/s (2 vCPU)
25Gb/s (16 vCPU)
Cloud
Security DirectorPolicy Enforcer
16RU2Tb/s
Application Security
SSL Inspection
Intrusion Prevention
User Firewall
UTM
Sky Advanced Threat Prevention
SecureAnalytics
Management, Visibility, Automation
SIEM Advanced Malware Prevention Service
Next Gen Security Services
cSRX*
Beta*
Ecosystem Partners
Ready to Deploy End to End Security Solutions
CASB
• Cloud App Risk Management
• Visibility and Control
• Malware and Threat Protection for Cloud
• Extend Security Policy
Access Security
• Context-based
• BYOD Onboarding
• Role-based Network Access Assignment
• Access Control and Enforcement
Endpoint Security
• Discovery of All Endpoints
• Vulnerability and Patch Management
• Continuous Policy Enforcement
Conclusion: Juniper’s SDSN is a Security Platform
• Nature of a Platform
• Flexible to enable multiple
solutions now
• Extensible to build and
deploy future solutions
• Open to integrate current
and future technologies
Your Enterprise Network
ThreatIntelligenceEnforcement
Detection
Enforcement
Detection
Cloud-based Threat Defense and Open Intel
Platform
Dynamic and Adaptive Policy
Engine
Policy
Internet of T. as an example
IoT Applications: Industrial and Consumer
ConsumerInternet of Things
SMART
Phone
Wearable
TV
Appliances
Home
IndustrialInternet of Things
SMART
Factory
Grid
Machine
City
Car
Network
HighPerformance
HighlySecure
LowLatency
HighlyScalable
IoT History & Forecast - Then, Now and Future
1999
2000
2008
2011
2012
2015
2020
Internet of ThingsFirst Coined- Conceived by Kevin Ashton at P&G
- RFID technologies commercialized
Growth in Connected Devices- First time number of devices surpass global population
IPv6 Launch- Potential for new IP addresses, enabling the future of IoT
Connected Devices to Reach 25 Billion- According to IDC, IoTconnected “things” will account for 60% of total connected devices by 2020
First Commercialized Consumer Product- Toaster and coffee maker
Nest Labs Develops First Product- Later acquired by Google for $3.2B
FitBit IPO- Wearables fitness tracker IPO (NYSE:FIT)
IoT BREACH
SDSN IN ACTION
Automation
What about us IoT consumers ???
Juniper Networks Information
• Software Defined Secure Networks• http://www.juniper.net/uk/en/solutions/software-defined-secure-networks/
• Security Now! Blog• https://forums.juniper.net/t5/Security-Now/bg-p/networkingnow
• Juniper• http://www.juniper.net
Kappa Data 2020
THANKYOU
Together Strong in a changing world
#KappaData2020