SECURITY FOR VIRTUALIZATION AND CLOUD

Andy Leung
Director, APAC Product Management
 AGENDA

 The MultiCloud Enterprise

 Cloud Security Model
 Advanced threat detection
 Juniper Security Solution
 Summary

2
 THE MULTICLOUD ENTERPRISE

3
 BUYING STRATEGY
CIO IS PIVOTING TOWARDS

4
Source: www.juniper.net
 KEY FINDINGS

100%
of enterprise workloads are shifting from on-
premises to public cloud in the next 1-3 years

73%
of enterprise has a mult-vendor Strategy, with Tech,
Manufacturing, and Public Section leading the way

Security
Is the leading concern for using the cloud
And Automation is also important.

5
 CLOUD SECURITY MODEL

6
 OPERATING AS MULTICLOUD

Secure CONTRAIL
Data Center SECURITY SRX Series

Top to Bottom
Public WAN Campus See

Private WAN
Branch
Public Cloud Orchestrate CONTRAIL
Enterprise Multicloud

Data Center

Connect
EX / MX / QFX vMX / vSRX Junos
Series Software
End to End

7
 Secure

CONTRAIL

CUSTOM CUSTOM

SINGLE SDN / SECURITY DEPLOYMENT

(Offering connectivity & security layer for multiple environments)

8
 CLOUD SECURITY MODELS

Deploying steps:
• Architecture (i.e., Planning the deployment steps)
• Orchestration (i.e., Manage all the instances )
• Detection (i.e., Advanced Threat Detection)
• Mitigation (i.e., Stop the illegal activities and access)
• Report (i.e. Telemetry and Logging )

9
 ADVANCED THREAT DETECTION

10
 DEEP LEARNING SOLVES THE SIGNATURE GAP

Threat
Detection JATP
Capability

Elapsed time to Mitigation

SECURITY APPLICATIONS - MACHINE LEARNING

Behavior Data Static Data

Reputation Data

Machine Learning

Detection, Classification, Risk Assessment

MULTI-LAYER THREAT MITIGATION: STRONGER SECURITY
Perimeter
Machine Learning Mitigation & Enforcement
Publish Blocking Data
To Existing: FW, IPS and SWG
API based or manual

SmartCore
ANALYTICS ENGINE
One-touch mitigation for IR teams

Infection Verification
Verify infection on suspect
endpoints before cleaning
(Native, Carbon-Black, Tanium,
Crowdstrike)

Sandbox HoneyPot
Automate Threat Remediation
MANUAL THREAT WORKFLOWS Automated Threat Remediation

Incident Net-Sec Endpoint

Response Operations Security
Feed

Feed

TKT

Malware TKT

Found

Multiple Teams Cohesive Threat Management

System
Threat Detection  Automation across Network &
Enforcement Delays Security

Vendor specific threat feeds Open API and 3rd Party Threat
Feed Collation
 JUNIPER CLOUD SECURITY SOLUTION

15
 JUNIPER MULTI CLOUD SECURITY

Orchestrate
CONTRAIL SECURITY

Secure the Multi Cloud

Detection
SKY ATP
JATP

Secure
SRXSeries vSRX

Report

16
 Secure
SECURITY PORTFOLIO
Price / Performance, Scale and Efficacy Leadership
SDSN
4Gb/s (2 vCPU)
Sky 30Gb/s (17 vCPU)
16RU
2Tb/s

Security Director
ATP vSRX cSRX
8RU
JATP Appliance 960Gb/s
5RU
480Gb/s
1RU 2RU Q1-18 2H-18
2.3 Gb/s 1RU 1RU 1RU 1RU 3RU
Up to 1.7Gb/s 5Gb/s 20Gb/s 40Gb/s 80Gb/s 320Gb/s

SRX300 SRX550 SRX1500 SRX4100 SRX4200 SRX5400 SRX5600 SRX5800

More NGFW Performance and Features in 2017+2018

Branch Campus Data Center Cloud Service Provider

SKY ATP (ADVANCED THREAT PREVENTION)

1. SRX extracts potentially malicious

Sky Advanced
objects and files and sends them to
Threat Prevention Cloud the cloud for analysis
2. Known malicious files are quickly
Sandbox identified and dropped before they
w/Deception ATP can infect a host
Static
Analysis 3. Multiple techniques identify new
malware, adding it to the Known
Juniper Cloud Bad list and reporting it to SecOps
Customer 4. Correlation between newly
identified malware and known C&C
sites aids analysis
01101010 01110101 01101110 01101001 01110000
5. SRX blocks known malicious file
Customer downloads and outbound C&C
SRX
traffic
*SRX Platforms Supported: 340, 345, 550M, 1500, 4100, 4200, 5000, vSRX
 SKY ATP / JATP: FAST DISCOVERY Integration

Advanced Threat Detection With Complete Visibility Key Platform Features

• Distributed, scale-out architecture

• Deployable in cloud or on-premise

• Web, email (N/S), lateral spread, File upload (E/W)

• Multi-stage behavioral analysis & machine learning

Suspicious web traffic

Email with suspicious file • Full Incident view and RISK based prioritization
Lateral spread from endpoint
• Threats typically detected in less than 15 seconds

• 10x cost savings in MSSP/Cloud deployments

• Certified by ICSA Labs

 Detection
ADVANCED THREAT DETECTION: KILL CHAIN ALIGNMENT
 NSX INTEGRATION – VSRX PROVISIONING AND
MANAGEMENT
NSX SD Policy 0 NSX deployed and SD/PE installed
Manager Enforcer
Cloud Admin Security
1 Admin

1 SD Registers vSRX Service w/ NSX

4
2
2 NSX provisions vSRX on all NSX hosts
3

VM VM vSRX VM VM vSRX 3 NSX provisions vSRX redirection rules

DFW DFW DFW DFW

4 SD provisions licenses & default policy for
vSRX vSRX vSRX vSRX
vSRX

NSX Virtual Switch NSX Virtual Switch

Initial Provisioning Complete
ESXi Host-1 ESXi Host-2

ToR Switch
 SUMMARY

22
SKY ATP: THREATS PREVENTED Detection
WannaCry ✓ Machine Learning at every
stage
• Exploits vulnerabilities in SMBv1 that allows remote code execution
✓ Deception Techniques and
Locky Behavioral analysis are
used to differentiate
• Uses VB macros to download payload, encrypts disk with key malware from good
obtained from C&C server software

Zepto ✓ Thousands of features from

static, dynamic and hybrid
• Locky variant that renames files with .zepto extension analysis are extracted from
a large, continually-
updated collection of
Kovter’s samples – both malicious
and benign – to construct a
• Almost fileless malware! Uses obfuscated Javascript and ‘garbage’ machine learning classifier
batch files that identifies and blocks
previously unseen malware
……………………..and many more! types
JUNIPER NETWORKS ATP CERTIFIED BY ICSA LABS

Juniper Networks ATP solution is

the only one certified by ICSA Labs
in 2017 to provide 100% detection
of advanced threats.
WAVE LEADER IN AUTOMATED MALWARE ANALYSIS

JUNIPER

Source: Forrester Report Malware Analysis 2016

SUMMARY
Pervasive Security, Without Complexity

Cloud Data Center

Juniper SRX & Sky ATP

AWS, Azure for Public

Cloud

Vmware NSX for Private

Cloud

Threat Remediation &

Micro-segmentation
Thank You