SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest
Dec 21, 2015
2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Current Security Services
• IPsec VPNs, IPS, UTM• Stateful FW, NAT, ALG• Routing, FBF, QoS,
Bandwidth Management
APPLICATION-AWARE SECURITYIntroducing AppSecure
AppSecure is a suite of application based services designed for deploying security in a knowledgeable manner
Builds on existing firewall integrated services to deliver finer-grain policies Leverages integrated application intelligence
Advanced Security Services With AppSecure
• Botnet Protection• Application Access
Control• Application Bandwidth
Management
Application
Intelligence
3 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
APPSECURE DIRECTION
Understand security risks
Address new user behaviors
Application Intelligence from User to Data Center
• Subscription service includes all modules and updates• Juniper Security Lab provides 800+ application signatures
AppTrack AppQoS AppDoS IPS
Block access to risky apps
Allows user tailored policies
Prioritize important apps
Rate limit less important apps
Protect apps from bot attacks
Allow legitimate user traffic
Remediate security threats
Stay current with daily signatures
AppFW
4 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
SAMPLE APPLICATION COVERAGE . . . 800+ AND MORE ADDED DAILY
100Bao Aimster Applejuice Ares BitTorre
ntDirectCo
nnecteDonkey
2000
FastTrack
Freecast FreenetGnucleu
sLANGnutella Gnutella
2GoBoog
y
Hotline IceShare ICQ IRC Japper/XMPP
Joltid PeerEnabler
Kademlia
KuGoo Kuro Manolito/MP2P MMS MSNP (ver
10, 11, 12)MSNP
13 MUTE
NapsterOpenFT (giFT)
Oscar (AOL)
Peercast Poco QQ RTSP
SCTP Skype Soribada
Soulseek Tesla TOC
(AOL) WinNY
WPNP Xunlei Yahoo IM
And More
5 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
APPLICATION VISIBILITY AppTrack
Discrete Data Analysis Business Analysis
Deep packet intelligence
Protocol
IP Addr
Port
Data
SAP
Size
Joe
What application?
What user?
User Location?
User device?
• Identify applications running on the network with protocol decoding and Application signatures
• View application ID in session logs to understand network behavior
• Enable data center admins to make informed decisions based on application being accessed to manage security risk
AppTrack
Applications Bytes From Client (Custom) (Sum) Count
FTP 1,047,754 2,097
Windows File Share 1,030,006 31
HTTP 376,296 16
Bit Torrent 316,064 16
None 154,168 302
NETBlog 151,632 16
VoIP 128,266 16
Facebook 104,735 16
TFIP 67,920 16Telnet 54,768 16
6 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Control & Enforce Web 2.0 AppsAppFWAppFW
AppFW: BEYOND JUST FW OR APP CONTROL
Inspect ports and protocols
Control nested apps, chat, file sharing and other Web 2.0 activitiesDynamic application security
Web 2.0 policy enforcement
Threat detection & prevention
HTTPUncover tunneled apps
Stop multiple threat types
7 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Protect Valuable On-line BusinessAppDoSAppDoS
AppDOS THREAT MITIGATION
Detect and mitigate botnet activity
Benchmark “normal” behavior to detect anomalies
Botnet detection & remediation
DoS monitoring & remediation
On-going anomaly detection
Uncover misuse of routine Web functionalityPurchase Item
Select ItemView Item
Check bill
Adapt security policy and QOS based on insights
8 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
HOW AppDOS WORKS
Attack traffic
Legitimate traffic
Botnets targeting services for disruption
Mixture of legitimate and attack traffic
INTERNET
Server Connection Monitoring
Protocol Analysis
Bot / Client Classification
Cloud Provider / Data Center
Web
Ser
vice
s /
Ap
plic
atio
ns
SRX Series
9 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Prioritize & Control App BandwidthAppQoSAppQoS
AppQOS FOR SCALE & PERFORMANCE
Monitor Web 2.0 bandwidth consumption
Dynamic application quality-of-service (QoS)
Application prioritization
Performance management
Throttle bit rates based on security and usage insights
Prioritize business critical apps
X
10 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Monitor & Mitigate Custom AttacksIPSIPS
IPS FOR CUSTOMIZABLE PROTECTION
Detect and monitor suspicious behavior
Address vulnerabilities instead of ever-changing exploits of the vulnerability
On-going threat protection
Mobile traffic monitoring
Custom attack mitigation
Tune open signatures to detect and mitigate tailored attacks
Uncover attacks exploiting encrypted methods
Exploits
VULNERABILITY
AppSecure IPS
Other IPS’s
11 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
AppSECURE DEPLOYMENT SCENARIOSIN-LINE SERVICE PROTECTION
Advanced protection for infrastructure and Hosted Services
Data Center
DNS Services HTTP/Web Services
Network Core
Remote Network
Other Services
AppSecure
12 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
APPSECURE DEPLOYMENT SCENARIOSSRX Corporate Data Center with Bot protection and Application Tracking
Remote Access
Apps Apps Apps Apps Apps Apps
Full suite of DC services: firewall, IPS, NAT, IPsec VPN, AppTrack, AppDoS
Corporate HQ / Data Center
AppSecure
13 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
APPSECURE SUMMARY
•iPhone and other mobile devices consuming many applications and bandwidth•Increased security risk with Web 2.0 applications
Internet end-points are changing and increasing
exponentially
•Fine-grain detection and control of application access•Deep and wide visibility into all traffic flowing through the network
Expands administrative control over network traffic
•AppDOS combines statistical and deterministic methods to counter DDoS attacks at the right level•Mitigates sophisticated attacks with minimal service impact
Botnet attacks are growing
•SRX Services Gateways offer control and security without compromise
Scalable performance