Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
Solution Brochure
Junos Pulse: Securing Today’s Mobile Life An Integrated Approach to Mobile Security, Device and Application Management, and Secure Network Access
2
Solution BrochureJunos Pulse: Securing Today’s Mobile Life
Trends and ChallengesWhile today’s mobile, connected life clearly has its benefits, it
also has its challenges and pitfalls.
Business and government must support users who are full- or
part-time telecommuters, remote workers, and mobile workers
across an increasingly global and mobile work environment.
Enabling fast, secure network access for these users is vital
to productivity. Many of these same users demand that their
personal smartphones, tablets, and other personal mobile
devices be allowed access to the corporate network. And, many
companies are now allowing these personal mobile devices
access to their network, public and private clouds, sensitive
data, and resources as part of Bring Your Own Device (BYOD)
initiatives. In many cases, users who are not receiving sanctioned
enterprise network access are sneaking their personal mobile
devices onto the corporate network anyway.
The exploding number, resilience, and virulence of mobile
malware threats, security exploits, and attacks are only
adding to the problems facing those enterprises that are
embracing BYOD or having mobile users go rogue by accessing
the enterprise network on their own with their unmanaged,
unapproved personal devices. Mobile threats, exploits, and
attacks are growing at a magnitude even larger and faster than
what was previously experienced with desktop and laptop PCs.
Combine these factors together, and your IT department is often
overwhelmed and overmatched.
The fact is, consumers—you, me, and everyone else who is a part
of today’s mobile, connected world—use mobile devices for just
about everything. Mobile devices span the scope from laptops,
to tablet devices, to smartphones. Even the smallest form-
factor intelligent mobile devices are just little computers in the
palms of our hands. As such, we have and will continue to store
sensitive, private data such as bank account information, credit
card numbers, social security and other identification numbers,
personal photos and text messages, even medical data on these
devices. This makes smartphones, tablets, and other mobile
devices a gold mine for identity thieves and hackers. It also makes
mobile devices dangerous if lost. Imagine your vital financial,
personal, or business data—even pictures of your children—falling
into the wrong hands.
Juniper Networks Junos Pulse Juniper Networks® Junos® Pulse addresses these mobility
challenges by:
• Delivering connectivity, security, and management for
mobile devices at scale
• Allowing enterprises to secure network access and personal
or corporate-issued mobile devices for employees and
other users
• Enabling service providers to deliver secure access, mobile
security, and device management as managed services for
their enterprise and consumer customers
Junos Pulse delivers secure, mobile remote network access,
reinforced by strong mobile security against malware, viruses,
loss or theft, and other exploits, as well as robust mobile device
and application management. Junos Pulse provides enterprises,
service providers, and users with a complete, end-to-end solution
to secure mobility.
Secure Access and ConnectivityEnterprises and service providers alike are challenged to deliver
secure, mobile remote network access while limiting resource
access based on user authentication, authorization, and identity.
Junos Pulse, through Junos Pulse Secure Access Service, in
conjunction with the Juniper Networks MAG Series Junos
Pulse Gateways or as a virtual appliance, leverages Juniper’s
industry-leading SSL VPN technology to deliver simple, secure,
authenticated access to corporate networks and resources
for mobile users from any supported personal or corporate-
issued smartphone, tablet, or other mobile device. Junos Pulse
Today’s Mobile Life - Overview
Today, our world is digital, mobile, and converging. In the year 2000, there were 284 million Internet
connections. Today, there are over 2 billion. In the year 2000, the number of mobile devices worldwide
was around 700 million. Today, it’s over 4 billion. We’ve moved from chat rooms to video conferences,
from dial-up connections to broadband wireless connections and more.
Just think: It took the radio 38 years to reach 50 million listeners. Television reached 50 million viewers
in 13 years. The Internet took only four years. The Apple iPod reached 50 million users in just three years.
And, it took social networking site Facebook only nine months to reach 50 million users!
In today’s mobile and connected culture, there are more users who are doing more things—all while
they are mobile. The network, particularly the mobile network, has become an integral part of our day-
to-day life.
3
Solution BrochureJunos Pulse: Securing Today’s Mobile Life
is a simple, integrated mobile user interface for Junos Pulse
Secure Access Service on MAG Series gateways or as a virtual
appliance—protecting enterprises, their networks and clouds,
and their sensitive applications and data by securely enabling
granular, role-based mobile remote network and application
access over a broad range of mobile operating platforms and
mobile devices.
Junos Pulse and Junos Pulse Secure Access Service on MAG
Series gateways or as a virtual appliance deliver a broad range
of purpose-driven remote network and application access
methods, including complete Layer 3 VPN access, secure e-mail
and calendaring via secure ActiveSync proxy, as well as browser-
based application access. Junos Pulse provides mobile remote
users and their transmitted information with unparalleled data
in transit security. Junos Pulse enforces a simple, consistent level
of authentication and access control to smartphones, tablets,
and mobile devices, as well as laptops and remote desktop PCs.
Enterprises can grant complete or limited network and cloud
access, or deny access based on centrally defined corporate
security and access policies.
A host check performed on a user’s device—whether it’s a
remote desktop PC, laptop, smartphone, or tablet, managed
or unmanaged, personal or corporate issued—can determine
whether or not the device is compliant with enterprise security
and access policies. Endpoint computing devices running
Microsoft Windows, Apple Mac OS, and Linux may be checked
prior to and during a network access session to verify if the device
security posture meets enterprise security and access policies.
These device security policies can check for installed and running
endpoint security applications such as antivirus, personal firewall,
antimalware, antispam, as well as custom-built device checks for
specialized customer requirements.
Mobile endpoint devices running Apple iOS and Google Android
can be checked prior to and during a network access session to
restrict access based on mobile operating system version, whether
the device has been jailbroken or rooted, and whether or not
the Junos Pulse Mobile Security Suite has been installed and is
operational on the device. Junos Pulse also supports multifactor
authentication, including the use of soft and hard tokens.
Junos Pulse provides full Layer 3 VPN access for all Apple iOS
devices—including Apple iPhones and iPads, any mobile device
that runs Google Android 4.0 (Ice Cream Sandwich) or 4.1 (Jelly
Bean), and select devices running earlier versions of Android
from various mobile device manufacturers. Please refer to the
Junos Pulse supported platforms document1 for further details
on supported Android devices. Also, in conjunction with the Junos
Pulse Secure Access Service running on MAG Series gateways
or as a virtual appliance, Junos Pulse enables authenticated,
authorized users and their compliant mobile and remote devices
seamless, transparent, single sign-on (SSO) to cloud- and web-
based applications, leveraging their authenticated SSL VPN
session. And, Junos Pulse provides detailed audit logs, perfect for
use in regulatory compliance audits.
Finally, for Apple iOS mobile devices connecting remotely from an
IPv4 network, the capabilities supported in Junos Pulse and the
Junos Pulse Secure Access Service—limited split tunneling, proxy
support, and route policies (except for controlling IPv6 routing
policies)—are also supported for an iOS-based mobile device
connecting to a MAG Series gateway or virtual appliance from
an IPv6 remote network. Session roaming from an IPv4 remote
network to an IPv6 remote network, and from an IPv6 remote
network to an IPv4 remote network, is also supported by Junos
Pulse on Apple iOS mobile endpoints.
Comprehensive Mobile Device and Application Security and ManagementAs users continue to demand mobile remote access to corporate
networks and applications from their personal smartphones,
tablets, and similar mobile devices, enterprises and service
providers—many of whom already deliver managed access
services to their small and medium sized businesses (SMBs) and
enterprise clients—face a complex security problem: A personal
mobile device left unprotected or unchecked can lead to the loss,
theft, and compromise of valuable, confidential data, corporate
or personal.
Junos Pulse and the Junos Pulse Mobile Security Suite deliver
a comprehensive mobile security, management, and control
solution that connects, protects, and manages smartphones,
tablets, and other mobile devices.
• Junos Pulse Mobile Security Suite mitigates the risk of
and cost incurred from viruses, malware, spam, loss, theft,
physical compromise, and other looming threats.
• It delivers zero-day malware protection through its
powerful, heuristics-based antimalware services.
• It also delivers mobile device configuration, provisioning,
management, and control that are purpose-built to secure
BYOD and manage mobility.
• Junos Pulse—through Junos Pulse Mobile Security Suite—
can track and locate a lost or stolen mobile device, back
up data from that device, and wipe and lock the device, all
remotely.
• It can remotely sound an alarm on a mobile device, and
send an alert if its SIM card has been removed, swapped, or
replaced.
• It can also continue to track the device even if the SIM card
has been removed.
1 The Junos Pulse Supported Platforms Guide can be found under “Software Documentation” at www.juniper.net/techpubs/en_US/release-independent/junos-pulse-mobile/.
4
Solution BrochureJunos Pulse: Securing Today’s Mobile Life
Junos Pulse Mobile Security Suite delivers mobile device
configuration, provisioning, and management capabilities for
Apple iOS and Google Android devices, helping enterprises
manage and secure mobile devices connecting to their network.
• Junos Pulse Mobile Security Suite can detect when a
rooted Google Android device or jailbroken Apple iOS
device attempts network or cloud access. Jailbroken and
rooted mobile devices represent new risk points for SMBs,
enterprises, and service providers. Jailbroken iOS devices
and rooted Android devices may bring with them many
severe security issues, such as leaving protected features
and file system areas open to infestation by malware, or the
ability to “sideload” potentially malware-infested apps from
unapproved and unknown application stores. Junos Pulse
Mobile Secure protects you, your users, your network, and
your data against these threats.
• For Apple iOS devices, Junos Pulse Mobile Security Suite
can enforce and set policies, including stringent passcode
and encryption policies. These policies can secure on-
device data, provision and remove Microsoft Exchange
profiles (which also removes corporate-synched e-mail,
contacts) and calendar events), provision VPN and Wi-Fi
settings, provision certificates through Simple Certificate
Enrollment Protocol (SCEP) configurations, and perform
a remote device locate and track2. Junos Pulse Mobile
Security Suite on iOS devices can also remotely lock
and wipe a lost or stolen device, inventory and restrict
applications, restrict services (such as screen capture as
well as Siri and other Apple convenience services), enable
or disable access to iCloud services, and limit browser and
Apple App Store access.
• Junos Pulse Mobile Security Suite also leverages Apple’s
iPhone Configuration Utility (IPCU), a tool which helps
administrators build Apple iOS profile configurations,
allowing them to export configuration profiles for Apple iOS
devices. By supporting Apple’s IPCU, Pulse Mobile Security
Suite enables fast, simple support for new Apple iOS mobile
device management (MDM) features as soon as Apple has
released them. Support for importing existing configuration
profiles into Junos Pulse Mobile Security Suite, and the
application of those profiles to iOS devices, can be a huge
time saver for your IT and security staff.
• On Google Android devices, Junos Pulse Mobile Security
Suite sets and enforces strict passcode policies, ensures
that data-at-rest and stored on the device is safely
encrypted, and, on select Android devices, sets and enforces
encryption policies on data-at-rest stored on the device’s
Secure Digital (SD) card3, in addition to securing on-device
data. Junos Pulse Mobile Security Suite can also restrict
access to an Android device’s camera based on the user’s
profile, and can even block downloaded third-party camera
apps from use.
• Junos Pulse Mobile Security Suite can remotely configure
VPN and Wi-Fi settings for Android devices, The Android Wi-
Fi provisioning within Pulse Mobile Security Suite can also
control the changing of an active service set identifier (SSID),
simplifying and making more intuitive the provisioning of
captive portals by wireless LAN (WLAN) devices.
2 Please note: Supports Apple iPhones and 3G- and 4G-enabled Apple iPads only. Apple iPod touch devices and Wi-Fi only Apple iPads do not allow GPS location data to be accessed and collected.
Junos Pulse Mobile Security Suite
Mobile Security and
Device Management
Secure Connectivity
MAG Series Junos Pulse Gateway with
Junos Pulse Secure Access Service
+
+
PersonalFirewall
• Inbound and outbound filtering• Alerts and logging• Customizable
Antimalware
• Real-time protection• Heuristics based• Scans all files• Scans all connections
Antispam• Blocks SMS and voice spam• Blacklist filtering• Automatic denial options
Loss and The�Protection
• Remote lock and wipe• Backup and restore• GPS locate and track• SIM change notification
Monitor and Control
• Mobile Device Management (MDM) • Application inventory and removal• Content monitoring
Junos Pulse: Securing Mobility
5
Solution BrochureJunos Pulse: Securing Today’s Mobile Life
• Junos Pulse Mobile Security Suite also supports Google
Cloud Messaging (GCM), a framework from Google that
allows application servers to send lightweight messages
to Android applications. GCM is available for all devices
running Pulse Mobile Security Suite supported Android
versions (note that the devices must also have Google
Play installed to be eligible). GCM enhances the command
delivery mechanism in Pulse Mobile Security Suite, saving
cost and increasing its reliability.
• Junos Pulse Mobile Security Suite allows apps on certain
Google Android devices to be automatically removed from
a user’s mobile device without user intervention, with the
proper permissions and access rights.
• Junos Pulse Mobile Security Suite also allows an
administrator to automatically remove malware, if detected
on an Android device, once again without user interaction.
• The ability to disable Bluetooth and Wi-Fi on specific
Android devices is also available in Junos Pulse Mobile
Security Suite. With Pulse Mobile Security Suite and specific
Android devices, administrators can quickly define—and
just as easily tear down—Microsoft Exchange ActiveSync
(EAS) profiles, which contain configuration data to allow
for synchronization of e-mail, contacts, calendar, tasks,
and notes from a messaging server to a mobile device.
Pulse Mobile Security Suite also enables administrators
to remotely configure Microsoft EAS account information,
such as adding, modifying, or removing an EAS profile from
certain Android devices.
• Finally, on certain Android devices, Junos Pulse Mobile
Security Suite can disable the USB port on a lost or
stolen device to ensure that the device lock cannot be
circumvented by connecting it to a computer to access its
contents. These capabilities are available for Android-based
mobile devices from specific manufacturers. Please refer to
the Junos Pulse supported platforms document3 for further
details about supported Android devices.
As a managed service, Junos Pulse Mobile Security Suite delivers
robust security against malware and viruses, which translates
into increased breadth of offerings and revenues for service
providers, mobile network operators (MNOs), and managed
service providers (MSPs).
Summary—Delivering Peace of Mind for Today’s Mobile Life Junos Pulse Mobile Security Suite protects you, your children, and
your financial security by securing your smartphones, tablets,
or other mobile devices from viruses, malware, and spam,
preventing lost or stolen devices from ruining your economic
security, alleviating identity theft, and protecting your family
by securing your mobile device from and monitoring it for
inappropriate use and contact.
Junos Pulse Mobile Security Suite is flexible, securing and
managing mobile devices through a zero touch deployment model.
A cloud-based, Software-as-a-Service (SaaS) offering, Junos
Pulse Mobile Security Suite speeds and simplifies deployment
and user rollout. It expedites the mitigation of risk of infection,
exploitation, or infiltration from insecure or poorly secured mobile
devices accessing the corporate network, and it decreases overall
security costs—specifically, mobile security costs. It is highly-
scalable and enables enterprises and service providers to add new
mobile security features or take advantage of security features
and capabilities quickly and remotely. Junos Pulse Mobile Security
Defend kids fromcyber misuse and abuse
Monitor email, texts, photos for inappropriate
content or use
Remotely wipe data and contacts from
lost or stolen devices
Monetize innovativemobile device
security and remote access services
Protect your network
Enforce consistent mobile security and
access policies
Secure mobile, remote network
access
Scale with a single solution
Protect against viruses, trojans
and other malware
Dierentiate your o�erings
Prevent data loss due to lost or stolen
mobile devices
Reduce IT overheadand burden
For Service Providers
For Consumers
For The Enterprise
Junos Pulse Delivers Secure Mobility to Mobile Device Users
Corporate and Sales Headquarters
Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089 USA
Phone: 888.JUNIPER (888.586.4737)
or +1.408.745.2000
Fax: +1.408.745.2100
www.juniper.net
Copyright 2015 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos
and QFabric are registered trademarks of Juniper Networks, Inc. in the United States and other countries.
All other trademarks, service marks, registered marks, or registered service marks are the property of their
respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper
Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
APAC and EMEA Headquarters
Juniper Networks International B.V.
Boeing Avenue 240
1119 PZ Schiphol-Rijk
Amsterdam, The Netherlands
Phone: +31.0.207.125.700
Fax: +31.0.207.125.701
Solution BrochureJunos Pulse: Securing Today’s Mobile Life
1600055-005-EN May 2015
Suite includes the Juniper Networks Junos Pulse Mobile Security
Gateway, a hosted, web-based, administrative management
console from which Junos Pulse Mobile Security Suite features,
services, policies, and profiles are provisioned, managed, and
maintained by enterprises and service providers.
Junos Pulse, through Junos Pulse Mobile Security Suite, enables
service providers to offer profitable premium, managed services
to their enterprise and consumer subscribers, increasing average
revenue per user (ARPU), providing competitive differentiation,
and raising user satisfaction levels.
Junos Pulse Mobile Security Suite eases an enterprise’s mobile
device management (MDM) burden, extends corporate security
policies (even addressing and insuring BYOD policies), simplifies
and protects the continued consumerization of IT, and ensures
that corporate information cannot be exploited on a lost or stolen
mobile device.
Junos Pulse powerfully yet simply centralizes mobile security,
device and configuration management, application management,
mobile 1600055data security, and access services—enabling
secure, mobile remote access while insuring the integrity and
secure use of managed and unmanaged, personal, and corporate
issued smartphones, tablets, and other mobile devices. Junos
Pulse, enabling and integrating Juniper’s SSL VPN offerings,
and Junos Pulse Mobile Security Suite, delivers a robust, secure,
trusted mobility solution supporting most major mobile devices
and operating systems with an unparalleled depth and breadth
of mobile access, security, management, and control services.
Junos Pulse connects, protects, and manages the critical aspects
of your mobile digital life, 24/7—securing your company, your
corporate and personal data, your identity, and your family.
About Juniper NetworksJuniper Networks is in the business of network innovation. From
devices to data centers, from consumers to cloud providers,
Juniper Networks delivers the software, silicon and systems that
transform the experience and economics of networking. The
company serves customers and partners worldwide. Additional
information can be found at www.juniper.net.