1 / 23

Juniper Security Products and Solutions Overview

Juniper Security Products and Solutions Overview. Stephen Philip Senior Director - Product Marketing Security Products Group. Agenda. Juniper leadership in Security Juniper Product Portfolio Juniper Solutions by Location Campus WAN GW Data Center Distributed Organization

jack-sweeney
Download Presentation

Juniper Security Products and Solutions Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Juniper Security Products and Solutions Overview Stephen Philip Senior Director - Product Marketing Security Products Group

  2. Agenda • Juniper leadership in Security • Juniper Product Portfolio • Juniper Solutions by Location • Campus • WAN GW • Data Center • Distributed Organization • Extended Organization

  3. Juniper Leadership in Security U.S. Department of Labor • # 2 in Network Security • Passed Check Point in Q2 • #1 in High End FW/VPN • #1 in SSL VPN • Growing faster than inline IPS market Recognized as leader by our Customers Source Infonetics Q2-2006 Recognized as leader by Press Recognized as leader by Gartner • Juniper in the Leadership quadrant for: • Firewall • IPSec VPN • SSL VPN • IPS

  4. Proven, Best-in-Class Innovation IC SSG Policy, Control & Visibility Application Front End Routing Security/VPN Secure Access WAN Optimization UAC AAA NSM OAC

  5. Evolving Challenges and Requirements Need a secure and resilient infrastructure able to deliver differentiated applications and services across the network Organization Organization Campus • Single IP infrastructure – demanding applications require network performance • Virtual Organizations - dynamic perimeters, different users, devices, locations and trust levels • Elevated threat environment – application level attacks and worm propagation • Regulatory compliance (now global) – granular access controls and auditing

  6. Solutions for the Extended Organization • Extended Organization Challenges • Deliver applications securely and appropriately to employees, contractors, partners, suppliers anywhere, anytime • Provision and manage 1000s of endpoints • Handle non-owned devices and networks • Extended Organization Solutions • Client-less model reduces mgmt overhead • SSL VPN per user, per application controls • Endpoint integrity, quarantine, remediation • Application Acceleration (AFE) improves download times & availability • Assessment & Containment • Native checks • Client/Server APIs • Remediation • Cache Cleaner • Virtual Environments • Connection Control 1.Endpoint Assessment & Authentication 2. Trusted Xport (IPSec or SSL) IP Network 3. Authorize, Enforce & Log RA or Extranet DMZ Data Center U.S. Department of Labor

  7. Juniper’s Coordinated Threat Control Self-registration technology for easy configuration SA identifies user & takes action on user session IDP detects threat and signals SA Signal Comprehensive Threat Detection and Prevention • Ability to detect and prevent malicious traffic • Full layer 2-7 visibility into all traffic • Proven, market leading technology Correlated Threat Information • Identity • Endpoint • Access history • Detailed traffic & threat information Coordinated Identity-Based Threat Response • Manual or automatic response • Multiple response options: terminate, disable, or quarantine user • Supplements IDP’s threat prevention LAN Business Partner Telecommuter

  8. Solutions for the Campus Campus #2 Departments • Campus Challenges • Protect against outside/inside threats • Segment resources, users, departments • Provide secure WLAN access • Scaling across large or multiple campuses • Campus Solutions • Department & Virtual firewalls protect departmental resources • Intrusion Prevention mitigate and contains threats • 802.1X & SSL VPN secured WLAN • Large L3 Routed Campuses • Unified access control solution • Infranet Controller, Agent and Enforcer Internet Campus #1 Departments

  9. Unified Access Control Overview Protected Resource 802.1X AAA AAA Servers Identity Stores Central Policy Manager User access to protected resources Dynamic Role Provisioning Firewall Enforcers Endpoint profiling, user auth, endpoint policy User admission to network resources Agent

  10. Unified Access Control Overview Protected Resource 802.1X AAA AAA Servers Identity Stores Central Policy Manager User access to protected resources with SBR Dynamic Role Provisioning Firewall Enforcers Endpoint profiling, user auth, endpoint policy User admission to network resources Agent with OAC

  11. Introducing UAC 2.0 Protected Resource 802.1X AAA AAA Servers Identity Stores Central Policy Manager User access to protected resources with SBR • UAC 2.0 interoperates with any 802.1X infrastructure wired or wireless • UAC 2.0 is TNC compliant for truly open architecture • Access control for guests, contractors and employees • UAC 2.0 can be deployed via: • 802.1X only • Overlay w/firewall only • Both, for maximum granularity Dynamic Role Provisioning Endpoint profiling, user auth, endpoint policy Firewall Enforcers User admission to network resources Agent with OAC

  12. Solutions for the Data Center Internet WAN Optimization SLB Web Acc SSL O/L Cache • Data Center Challenges • Protect data, servers, infrastructure • Maximize performance, availability, resiliency • Consolidate and simplify architecture • Terminate 1000s of VPN connections • Data Center Solutions • High performance edge service routers provide 10x over competing solutions • High performance firewall/VPN/security gateway • Intrusion Prevention mitigates threats • SSL for secure access • AFE accelerate applications to users • WAN Optimizer accelerate applications to sites Secure Access (SSL) High performance Routing Integrated IPS/FW/VPN AFE Application Acceleration Web Servers App Servers Data Bases

  13. How the WAN slows applications SAP Oracle Manageability Web Application Contention VoIP Limited Bandwidth The WAN Pipe Latency Lower-priority apps slow down critical ones More rich content Protocol chattiness Inability to understand application and WAN performance Compression, Caching Application Control Acceleration Visibility and Reporting Accelerating Applications over the WAN

  14. Solutions for the WAN Gateway Campus • WAN Gateway Challenges • Maximize availability, resiliency, quality • Protect public facing servers and infrastructure • Optimal support for broad mix of app & traffic • Massive # VPN Connections or Large BW single tunnels • WAN Gateway Solutions • High performance Enteprise routersprovide 10x over competing solutions • MPLS for improved quality and traffic engineering • High performance firewall/VPN, security gateway • Intrusion Prevention mitigates threats • SSL VPN Gateway for secure access • WAN Optimization to remote locations IP Network DMZ VoIP DMZ RA or Extranet DMZ Data Center City of Burbank

  15. WAN Gateway Requirements • Provide high performance for large and small packet traffic mix • Make traffic decisions with low latency to ensure applications are not affected • Handle traffic load, complexity & availability requirements as # & value of connections increase • Understand application requirements and prevent/mitigate application-level attacks Value & Number of Connections VPN DMZ Partner DMZ Ave Packet Size FTP RADIUS Web SSL Application Awareness / Protection Latency & Sensitivity SSL Internet DMZ

  16. Juniper Networks ISG Ground-up Design ISG 1000 Dual 1GHz PowerPC CPU2 GB RAM Dual 1GHz PowerPC CPU2 GB RAM, FPGA Dual 1GHz PowerPC CPU2 GB RAM, FPGA GigaScreen3 ASIC, 1 GB RAMProgrammable Processors Fixed I/O I/O Network Traffic I/O I/O I/O I/O ISG 2000 Dual 1GHz PowerPC CPU2 GB RAM Management Module 1 Dual 1GHz PowerPC CPU2 GB RAM, FPGA 1 Security Modules (for IPS) 2 Dual 1GHz PowerPC CPU2 GB RAM, FPGA 2 3 Dual 1GHz PowerPC CPU2 GB RAM, FPGA GigaScreen3 ASIC, 1 GB RAMProgrammable Processors ASIC Module I/O Modules Network Traffic Processing power unmatched by any competitive offering

  17. Solutions for the Distributed Organization Remote Campus w Split Tunnel Internet Retail Office (1000s) WiFi Access Back-hauled Branch Small Branch (1000s) w Split Tunnels IP/MPLS Network • Distributed Organization Challenges • Protect data, servers, infrastructure • Improve application performance • Maximize availability, resiliency • Simplify architecture, management • Distributed Organization Solutions • Intrusion Prevention mitigates threats • Dedicated & multi-function firewalls • WAN Optimization for branch offices • Resilient, secure VPN to branch offices • MPLS VPN for QoS and traffic engineering to regional offices Regional Office Regional Office HQ

  18. Best in Class Security – Secure Services Gateway New Secure Services Gateway Models • Advanced Security - Integrated Branch Routing and WAN interfaces • FW, VPN , AV (including - phishing, - spyware) & Anti SPAM • ADSL2+, T1, E1, ISDN BRI S/T, V.92, Gig E • SSG 5 - Six fixed form factor models • 7 Fast Ethernet + 1 WAN interface • ISDN BRI S/T, V.92, Serial • Dual radio 802.11a + 802.11 b/g variants of each • 160 Mbps FW / 40 Mbps VPN • SSG 20 – 2 modular models • 5 Fast Ethernet + 2 Mini I/O slots • Mini PIM options include ADSL2+, T1, E1, ISDN BRI S/T, V.92 at FCS • Dual radio 802.11a + 802.11 b/g variant • 160 Mbps FW / 40 Mbps VPN • SSG 140 • 8 FE and 2 GE Interfaces • 4 WAN PIM slots • Standard J Series WAN interfaces • ISDN, Dual E1 and Dual T1 • 350 Mbps FW / 100 Mbps VPN • SSG 550/520 • 4 on-board 10/100/1000 ports • 6 WAN/LAN I/O expansion slots • Up to 1 Gbps FW/NAT / 500Mbps IPSec / 500 Mbps IPS (DI)

  19. Deploy Once – Add Services later • Firewall Service • Access Routing & VPN Service • Choose WAN connection & Deploy Device Base System Cost + WAN I/F

  20. Deploy Once – Add Services later Additional license cost • Spam (Symantec) • AV Service (Kaspersky) • Web Filtering Service (SurfControl) • IPS Service • Firewall Service • Access Routing & VPN Service • Choose WAN connection & Deploy Device Base System Cost + WAN I/F

  21. Deploy Once – Add Services later Additional license cost • Spam (Symantec) • AV Service (Kaspersky) • Web Filtering Service (SurfControl) • IPS Service Additional HW Requirements = None • Firewall Service • Access Routing & VPN Service • Choose WAN connection & Deploy Device Base System Cost + WAN I/F

  22. Centralized Management Network Network Security Security Operations Operations • Centralized control over Integrated Security Devices • Remote Management • Secure remote management of firewall, VPN, content security, and routing across all devices from one location • Role-based administration • Delegate administrative access to key support people with Assign specific tasks to specific individuals • Centralized activation/deactivation of security features • Application attack protection, Web usage control, Payload attack protection, Spam Control Security Network Operations

  23. Thanks

More Related