Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1 Juniper Security Threat Response Manager (STRM) Customer Presentation
Apr 02, 2015
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1
Juniper Security Threat Response Manager
(STRM)Customer Presentation
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 2
Customer Challenges IT “information” overload
• Flood of logged events from many “point” network and security devices
• Lack of expertise to manage disparate data silos & tools
Compliance mandates• Industry specific regulations mandating
security best practices• Internal IT “risk” assessment programs
Evolving internal and external threats• Insider abuse, theft of intellectual
property• Complex integrated attacks
Dispersed Threats
Industry Regulations
IT Overload
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 3
SecurityInformation
& EventManagement
Introducing Junipers SIEM/NBAD SolutionSTRM – “Security Threat Response Manager”
STRM Key application features
• Log Management• Provides long term collection,
archival, search and reporting of event logs, flow logs and application data
• Security Information and Event Management (SIEM)
• Centralizes heterogeneous event monitoring, correlation and management
• Network Behavior Anomaly Detection (NBAD)
• Discovers aberrant network activities using network and application flow data
Integrates Mission Critical Network & Security Data Silos
NetworkBehaviorAnalysis
LogManagement
STRM
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 4
STRM’s Key Value Proposition
Threat Detection:Detect New
Threats That Others Miss
Log Management:Right Threats at the
Right Time
Compliance: Compliance and Policy Safety Net
Complements Juniper’s
Enterprise Mgmt PortfolioJuniper’s STRM
Appliance
Enterprise Value
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 5
STRM Architecture
STRM – Real time network & security visibility
Data collection provides network, security, application, and identity awareness
Embedded intelligence & analytics simplifies security operations
Prioritized “offenses” separates the wheat from the chafe
Solution enables effective Threat, Compliance & Log Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 6
Log Management
Is fundamental to any centralized network security management solution
Challenges include STRM enables
Log overload for administrators
Highly scalable log aggregation; Consistent logging taxonomy
Multi-vendor network; Constant change of formats
Broad vendor coverage and extensible APIs for less common formats
Demanding operational requirements
Advanced log management capabilities including tamper proof log archives
Log Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 7
Unrivalled Data & log Management Networking events
• Switches & routers, including flow data
Security logs• Firewalls, IDS, IPS, VPNs, Vulnerability Scanners, Gateway AV, Desktop AV, &
UTM devices
Operating Systems/Host logs• Microsoft, Unix and Linux
Applications• Database, mail & web
User and asset• Authentication data
Support for leading vendors including:• Networking: Juniper,Cisco, Extreme, Nokia, F5, 3Com, TopLayer and others• Security: Juniper, Bluecoat, Checkpoint, Fortinet, ISS, McAfee,Snort, SonicWall,
Sourcefire, Secure Computing, Symantec, and others• Network flow: NetFlow, JFlow, Packeteer FDR, & SFlow• Operating systems: Microsoft, AIX, HP-UX, Linux (RedHat, SuSe), SunOS, and
others• Applications: Oracle, MS SQL, MS IIS, MS AD, MS Exchange, and others
Security map utilities:• Maxmine (provides geographies)• Shadownet• Botnet
Customization logs through generic Device Support Module (DSM) Adaptive Logging Exporter (ALE)
• Integrate proprietary applications and legacy systems
ComplianceTemplates
ForensicsSearch
PolicyReporting
Log Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 8
STRM Log Management Tamper Proof Log Archives
Event and flow logs are protected by storing associated check sum for each log file written to disk
Required by specific regulations (i.e. PCI)
Highest level of integrity provided by Secure Hashing Algorithm (SHA) from National Institute of Standards & Technology (NIST)
Hashing algorithms supported include:• MD2: Message Digest algorithm ad defined by RFC1319 • MD5: Message Digest algorithm ad defined by RFC1321 • SHA-1: Secure Hash Algorithm as defined by NIST FIPS 180-1 • SHA-2: Which includes SHA-256, 384 and 512 defined by NIST FIPS
180-2.
Log Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 9
Reporting 220+ Out of the box report templates Fully customizable reporting engine: creating,
branding and scheduling delivery of reports
Compliance reporting packages for PCI, SOX, FISMA, GLBA, and HIPAA
Reports based on control frameworks: NIST, ISO and CoBIT
Log Management
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 10
Security Event correlation & threat Management
Is necessary to effectively make sense of all of the collected data
Challenges include STRM provides
Vendor log formats are a moving target
QID map provides intelligent mapping of vendor events
Simplified out-of-the-box building blocks & rules simplify rule management
Constant change on the network
Extensive use of historical profiling for improved accuracy of results
Correlation rules complex to manage
ThreatManagement
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 11
STRM Offense Management
Tracks significant security incidents & threats Leverages building blocks & rules Builds history of supporting & relevant information for significant
security incidents• Provides “point-in-time” reference of offending users and vulnerability state• Provides record of first and last occurrence of security incidents
Incorporates network behavior analysis to validate/discredit incidents & detect unknown traffic patterns
Provides prioritization based on: credibility, relevance & severity
ThreatManagement
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 12
The Value of JFLOW Passive flow monitoring creates asset
profiles and helps auto-discover/classify hosts
• Passive vulnerability information for correlation
Detection of day-zero attacks that have no signature
Policy monitoring and rogue server detection
Visibility into all communication made by an attacker, regardless of whether it caused an event
Network awareness, visibility and problem solving (not necessarily security related)
• Mail loops, misconfigured apps, application performance issues
ThreatManagement
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 13
The Key to Data Management: Reduction and Prioritization
Previous 24hr period of network and security activity
(2.7M logs)
STRM correlation of data sources creates
offenses (129)
STRM
Offenses are a complete history of a
threat or violation with full context
about accompanying network, asset and
user identity information
Offenses are further prioritized by
business impact
ThreatManagement
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 14
Offense ManagementIntelligent Workflow for Operators
WhoIs attacking ?
What is being attacked ?
What is the impact ?
Where do I investigate ?
ThreatManagement
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 15
STRM System features
Centralized browser based UI
Role based access to information
Customizable dashboards
Real-time & historical visibility
Advanced data mining & drill down
Easy to use rule engine Hierarchical distribution
for scale
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 16
STRM Key Benefits Converged network security management console
• Integrates typically silo’d network & security data
Network, security, application, & identity awareness• Unrivaled data management greatly improves ability to meet IT
security control objectives
Advanced analytics & threat detection• Detects threats that other solutions miss
Compliance-driven capabilities• Enables IT best practices that support compliance initiatives
Scalable distributed log collection and archival• Network security management scales to any sized organization
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 17
Summary
STRM delivers repeatable security and compliance management:
• Integrated network, security, identity and application aware network security management platform
Gain efficiency through use of a single pain of glass across entire infrastructure
• Advanced correlation to deliver actionable “offenses” Gain unparalleled ability to reduce noise and recognize the
most important security incidents
• Efficient and secure log management Meet logging and auditing requirements for all
internal/external IT security mandates Flexible deployment options - Turnkey log management to
full Network Security Management
Log Management
Log Management
ThreatManagement
ThreatManagement
ComplianceManagement
ComplianceManagement
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 18
STRM Products
STRM500
STRM2500
STRM5000
250EPS
15k F
500EPS
15kF
1000EPS
50 & 100k F
2500EPS
50 & 100k F
5000EPS
100 & 200k F
STRM - EP
5000 + EPS
100 & 200k F
STRM - EP
Sm
all
E
nte
rpri
se
Sm
all
M
ed
ium
E
nte
rpri
se
La
rge
e
nte
rpri
se
s
&S
erv
ice
P
rov
ide
rs
Events per sec
Flows per Min
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 19
Hardware Summary
Market Segments STRM Models CPU Memory Storage
Small
STRM500-A-BSE
STRM500-ADD-250EPS-15KF
STRM500-UPG-500EPS-15KF
Intel Core 2 Dual 8GB2x 500GB
HDD
RAID 1
Medium
STRM2500-ADD-BSE
STRM2500-ADD-1KEPS-50KF
STRM2500-UPG-2500EPS-50KFSTRM2500-UP-2500EPS-100KF
Intel Core 2 Quad 8GB6x 250GB
HDD RAID 5 array
Large
STRM5K-A-BSE
STRM5K-ADD-5KEPS
STRM5K-ADD-CON
STRM5K-ADD-EP-5KEPS
STRM5K-ADD-FP-200KF
Intel Core 2 Quad 8GB6x 500GB
HDD RAID 10 array
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 20
STRM PricingSKU Description List Price
STRM500-A-BSE Base HW Appliance $3,000
STRM500-ADD-250EPS-15KF Add 250EPS and 15K Flows $12,000
STRM500-UPG-500EPS-15KF Upgrade to 500 EPS with 15K Flows $7,000
STRM2500-A-BSE Base HW Appliance $7,000
STRM2500-ADD-1KEPS-50KF Add 1000 EPS and 50K Flows $30,000
STRM2500-UPG-2500EPS-50KF Upgrade to 2500 EPS with 50K Flows $30,000
STRM2500-UPG-2500EPS-100KF Upgrade to 100K Flows $20,000
STRM5K-A-BSE Base HW Appliance $11,000
STRM5K-ADD-5KEPS-100KF Add 5000 EPS and 100K Flows $109,000
STRM5K-UPG-5KEPS-200KF Upgrade to 200K Flows $42,000
STRM5K-ADD-EP-5KEPS Add Event Processor for 5000 Events Per Sec (Distribution) $90,000
STRM5K-UPG-EP-10KEPS Upgrade Event Processor to 10,000 EPS $90,000
STRM5K-ADD-FP-200KF Add Flow Processor for 200K Flows (Distribution) $90,000
STRM5K-UPG-FP-400KF Upgrade Flow Processor to 400K Flows $90,000
STRM5K-UPG-FP-600KF Upgrade Flow Processor to 600K Flows $90,000
STRM5K-ADD-CON Console for Distributed Architecture $35,000
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 21
STRM Cisco MARS Arcsight RSA EnvisionMazu/Lancope
/Arbor
Log Management Strong Weak
Disjoint solutions for log and threat management
Limited Flow support
No NBAD
Strong No
Threat Management Strong Cisco-focused Weak
Limited flow support
No NBAD
No event data
Flow data only
Compliance Management Strong Weak Strong Strong Weak
Competitive Summary
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 22
Competitive Pricing Analysis
EPS STRM Cisco MARS Q1 Labs EIQ Envision LogLogic ArcSight
500 $22,000 $15,000 $39,900 $43,795 $27,599 $22,000 $67,827
1000 $37,000 $30,000 $39,900 $70,695 $40,857 $22,000 $85,177
2500 $67,000 $67,000 $85,700 $115,395 $78,219 $50,000 $119,177
5000 $120,000 $101,000 $138,700 $276,495 $117,992 $150,000 $259,267
10000 $215,000 $176,000 $268,600 $544,995 $280,455 $225,000 $506,847
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 23
STRM Release Schedule
Q108
STRM 500
STRM 2500
Full Soln
Q1 ‘08 Q2 ‘08 Q3 ‘08 Q4 ‘08
Q208
STRM5000
STRM
Log Management and Reporting
only option
Add additional device support
EX, M, MX
STRM 2008.1 STRM 2008.2
Q308
Reporting Enhancements
Time Based Reporting
HA
STRM 2008.3
Planning PhasePlanning Phase
Q408
Integration with NSM
Australia, Viking support
Risk Assessment
STRM 2008.4
Planning Phase
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 24
Thank You