SRX Series Services Gateways

advertisement
SRX SERIES SERVICES GATEWAYS
AGENDA
Introduction
SRX Portfolio
Solution Differentiators
2
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
JUNIPER SECURITY LEADERSHIP A $1B BUSINESS
3
Market
Leadership
Security
Innovation
 Data Center with HighEnd Firewall #1 at 42%
 Across device, network
and application
 Secure Mobility with
SSL VPN #1 at 25%
 One Junos for Routing,
Switching and Security
 Intelligent Networking
with Secure Routing
#2 at 22%
 Security and Mobile
Threat Research Teams
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
Proven Reach
& Scale
 Protecting 80%+ of
smartphones in North
America
 24 of the Fortune 25
for secure connectivity
 GTM Scale with IBM,
Dell, Ericsson & NSN
SECURITY TRENDS
Notoriety
Profitability
.gov /.com
.me / .you
Attacker
Sophistication
(Maturity)
Threats
Type of Attack
APT
Botnets
Malware
DOS
Trojans
Worms
Virus
New Devices
Target
New Applications
Internet Information Services
ERP
4
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
AGENDA
Industry trends & customer challenges
SRX Portfolio
Solution Differentiators
5
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
SRX PORTFOLIO
Small Office/Branch Office
6
Copyright © 2011 Juniper Networks, Inc.
Data Center
www.juniper.net
SRX FOR THE SMALL OFFICE/
BRANCH OFFICE
7
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
Branch SRX
8
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
Branch SRX
9
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
NETWORKING TRENDS
Too many devices and too much complexity
 Complex Topology
 Service disparity and lack
of integration
 Too many vendors
 Too many Operating-Systems
 Too many Management
interfaces and tools
 Too much cost
10
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
BRANCH SRX ADDRESSES THESE TRENDS
UTM
All-in-One
Best Price/
Performance
Easy to manage all
aspects with Junos, a
single OS platform
Lower TCO and high
performance allows IT to
do more with less
Firewall
VPN
IPS/AppSecure
Anti-Virus
Anti-Spam
Web filtering
Routing / WAN
WLAN, LAN, Switching
Easy to activate new
security layer in UTM
when needed to address
new concerns
11
Unified
Management
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
BRANCH SRX DELIVERS…
CONSOLIDATED SECURITY AND NETWORKING
All-in-One
Firewall
VPN
UTM
IPS/AppSecure
Anti-Virus
Anti-Spam
Web filtering
Routing / WAN
WLAN, LAN, Switching
12
 Single device for routing, switching,
and security
 Comprehensive security with best-inclass partners
 Easy to activate new layers of security
without adding new hardware or software
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
BRANCH SRX OFFERS…
REDUCED IT MANAGEMENT BURDEN
Unified
Management
 Single OS platform for routing, switching,
and security
 Reduces time and effort to plan,
deploy, and manage
 Provides stable delivery of new functionality
in a steady, timely manner
 Flexibility of web device and comprehensive
network security management
13
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
BRANCH SRX ENSURES…
MAXIMIZED CUSTOMER VALUE
Best
Price/Performance
 Lowest cost to deploy (Opex, Capex
savings)
 Single OS/single console reduces training
costs
 Fewer IT staff needed for network
management
 Faster processing performance with
multiple dedicated cores
14
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
BRANCH SRX PORTFOLIO
+ More LAN slots, dual
processors, dual P/S
SRX650
+ 4 WAN slots,
16 x GigE, PoE
SRX240
+ 2 WAN slots,
8 x GigE, PoE
WAN slot,
2 x GigE, PoE
SRX220
SRX210
WAN slot
SRX
100/110
Small Office
15
Small to
Medium Office
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
Large Branch/
Regional Office
SRX FOR DATA CENTER
16
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
17
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
THREE DRAMATIC SHIFTS IN THE DATA CENTER
Mega Consolidation
Virtualization
Efficiency improvements
and simplified administration
Cloud Services &
Virtualization projects
Service Oriented
Architectures
Web 2.0 and
Application Mashups
Each trend is driving changes in networking and security
Sources: AFCOM Data Center Research, Gartner, KRC Research -
18
Copyright
© 2011
Juniper
Networks,Inc.
Inc.www.juniper.net
www.juniper.net
Copyright
© 2011
Juniper
Networks,
DATA CENTER SRX ADDRESSES THESE TRENDS
19
Consolidation
at Scale
Virtualization
Security
Next Generation
Security Services
Delivers efficient
infrastructure for highperformance network
scale to meet even the
most demanding of
network productivity
needs
Meets your specific
business needs for an
integrated physical and
virtualized data center
Ensures protection
against evolving threats
with next-generation,
layered security
services
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
DATA CENTER SRX DELIVERS…
CONSOLIDATED SECURITY AND NETWORKING
Consolidation
at Scale
 Scalable data center security
 More efficient infrastructure with modular
SPCs and IOCs
 Carrier grade networking powering Top 130
Service Providers & nearly all of Fortune 500
 Protecting online assets with AppSecure, IPS,
FW, NAT, and more
20
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
DATA CENTER SRX ENSURES…
APPLICATION VISIBILITY AND PROTECTION
Next Generation
Security Services
 Rapid response to evolving threats through
layered, next-generation security services
 Control and enforcement of application usage
 Visibility into Web 2.0 threats with application
security against latest attacks
 Scalable policy enforcement and management
via Junos
21
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
DATA CENTER SRX PRODUCT LINE
FW 150 Gbps
IPS 30 Gbps
SRX5800
FW 70 Gbps
IPS 15 Gbps
SRX5600
FW 30 Gbps
IPS 10 Gbps
SRX3600
FW 20 Gbps
IPS 6 Gbps
SRX3400
FW 10 Gbps
IPS 2 Gbps
SRX1400
Smaller Data Center
22
Campus/
Corporate Office
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
Large
Data Center
AGENDA
Industry trends & customer challenges
SRX Portfolio
Solution Differentiators
23
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
JUNOS OPERATING SYSTEM
T Series
EX Series
QFX Series
SRX
Series
MX Series
M Series
J Series
SECURITY
One OS
 Reduces time/effort
to operate network
infrastructure
ROUTERS
SWITCHES
One Release Train
 Delivers new
 Ensures available &
functionality stably
 Reduces OPEX
 Simplifies management
24
One Architecture
scalable software for
growing needs
 Reduces TCO
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
25
Module n
Interfaces
Routing
…
Kernel
Packet Forwarding
Physical Interfaces
DOS &
DDOS
ATTACKS
Attacks can be thwarted
Attacks overwhelm the box
 Administrator loses management access—your
network is down
Management
Control Plane
Data Plane
Routing
Data
DOS & DDOS
ATTACKS
Management
ARCHITECTURE:
SEPARATE DATA AND CONTROL PLANE
Shared Plane
 Under attack, administrator maintains management
access to modify policy, disallow bad traffic, and
process good traffic—your network stays up
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
DATA CENTER SECURITY SOLUTION THAT SPANS
PHYSICAL AND VIRTUAL NETWORKS
Management and Security Services
Security
Design
STRM
Security Threat
Response Manager
Services
Physical
Virtual
Firewall
VM
VM
VM
vGW Series
IPS
DoS
VM
Hypervisor
DoS Prevention
AppSecure
vGW Virtual Gateway
SRX Series
26
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
INTEGRATION WITH vGW VIRTUAL GATEWAY
EXTENDING ENFORCEMENT TO ANY FLOW IN THE DATA CENTER
Juniper SRX
with IPS and
AppSecure
Fabric
Switching
Policies
vGW Solution Integration
Security
Design
1. SRX Zone Visibility
extends to include VM
awareness
VM 1
VM 2
VM 3
…
VM 20
vGW Virtual Gateway
VMware vSphere Hypervisor
27
2. Firewall Event Syslogs
and Netflow for Inter-VM
Traffic to STRM
3. VM Traffic Inspection and
Enforcement with
selective mirroring to
SRX IPS
Copyright
2011 Juniper
Networks,
www.juniper.net
Copyright
© 2011©Juniper
Networks,
Inc. Inc.
www.juniper.net
APPSECURE: APPLICATION INTELLIGENCE—
BRANCH TO DATA CENTER
AppTrack
AppFW
AppQoS
AppDoS
IPS
 Understand
security risks
 Block access to
risky apps
 Prioritize
important apps
 Protect apps
from bot attacks
 Remediate
security threats
 Address new
user behaviors
 Allows user
tailored policies
 Rate limit less
important apps
 Allow legitimate
user traffic
 Stay current with
daily signatures
 Easy add-on security services for SRX gateways
 Delivers application visibility, enforcement and protection—up to 100 Gbps
 Integrates nested application detection/ protection, control, & remediation
 Subscription service includes all modules and updates
 Juniper Security Lab provides 800+ application signatures
28
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
APPSECURE SERVICE MODULES
Flow
Processing
Ingress
AI
NAI
Egress
Application Identification Engine
Application
ID Results
IPS
AppTrack
AppDoS
AppFW
AppQoS
29
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
UNIFIED MANAGEMENT
Network Management
 Automated configuration
and deployment of
security
 Reduced security risk,
faster deployment, and
lower TCO
Junos Space
Security Design
Web UI
 All-in-one log, threat, and
compliance management
 Greater visibility including
web 2.0 and application
intelligence for improved
security
 Seamless GUI access to
Junos features & functions
 Quick configurations/
wizards
 Cost effective & intuitive
Security Threat
Response Manager
Routing
30
SIEM
Security
Copyright © 2011 Juniper Networks, Inc.
J-Web
Switching
www.juniper.net
VIRTUALIZATION
31
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
VIRTUALIZATION CHALLENGES
Physical Network
Hidden Traffic
Complexity
Dynamic Applications
V-Motion
=
•
•
•
One server is
one server
Firewall can
see all traffic
Applications
don’t move
much
32
•
Traffic on the
same
hypervisor isn’t
sent to the
physical
firewall
•
One physical
server
represents
many virtual
ones
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
•
As applications move,
how does the physical
security follow?
33
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
VGW MODULES
Main
Firewall
Dashboard view of
virtual data center
Firewall policy
and logs
Network
Traffic flows
AntiVirus
AV protection w/
quarantine
IDS
View of IDS alerts
Complian
ceVM/host
Alerts on
non-compliance
Introspect
ion
VM “x-ray”
(OS, apps, etc.)
34
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
Reports
Granular reports
and scheduler
THE VGW PURPOSE-BUILT APPROACH
Service Provider & Enterprise Grade
 Three-tiered Model
1
 VMware Certified
 Protects each VM and the hypervisor
Virtual
Center
2
Security
Design
for vGW
VM
 Fault-tolerant architecture (i.e., HA)
VM1
VM2
VM3
ESX or ESXi Host
Virtualization-aware
 “Secure VMotion” scales to
3
Packet Data
THE vGW ENGINE
VMWARE API’s
Any vSwitch
(Standard, DVS, 3rd Party)
Granular, Tiered Defense
 Stateful firewall, integrated IDS,
HYPERVISOR
and AV
 Flexible Policy Enforcement
35
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
VMware Kernel
1,000+ hosts
 “Auto Secure” detects/protects
new VMs
Partner Server
(IDS, SIM,
Syslog, Netflow)
PERFORMANCE & SCALABILITY
36
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
SECURITY SOLUTION SUMMARY
Better Security
No new hardware
needed to add AppSecure,
UTM or robust network security
Performance and
Scalability Leader
Massive advantage in scale
over all other competitors
accommodates growth
37
Superior Design
Modular architecture allows
pay-as-you-grow approach
and simplifies operations
Strong Company
Security leadership (Gartner
leader quadrant in five categories*), and financial stability
Superior Networking
Carrier-grade networking
performance and robust
feature set integration
High Overall Value
Top performance and lower
TCO in a better networking
and security solution
Copyright © 2011 Juniper Networks, Inc. www.juniper.net
* Sources: Gartner 2010 Magic Quadrants for Enterprise Network Firewalls, Network Intrusion Prevention Systems, SSL VPN, SIEM (2011) ,
and Network Access Controls
3RD PARTY VALIDATION
38
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
ANALYST AND CUSTOMER RECOGNITION
“The foundational strength of the SRX family is Juniper’s new Dynamic Services Architecture, which allows a much more
intelligent sharing of resources among security services running on the gateway.”
Current Analysis, 2010
“Juniper’s maturing and expanding SRX family of security gateway appliances are threatening, because they deliver an
impressive combination of performance, functionality, and product family breadth.”
Andrew Braunberg, Current Analysis
“Juniper has consistently shown exceptional differentiation in terms of feature-set, performance and implementation
flexibility in a market that is getting increasingly crowded. It continues to excel as a value differentiator.”
Subha Rama, ABI Research
“The simplicity of Junos providing integrated routing, switching, and security, coupled with the automation that
Junos Space provides, is a nice value-add for CIOs who are constantly being asked to do more with less in a tighter
economic environment.”
IDC
Link
“I can sum up Juniper Networks in three words: security, performance, and reliability.”
Rich Acevedo, Network Engineer, Romano’s Macaroni Grill
“One of the key aspects of the relationship with Juniper is their ability to listen to what the customer needs. We’ve developed
a long-term relationship. We have helped influence some of the evolution of the products and features that we as well as
other customers would see as a benefit.”
Eric Walters, Network Manager, 7-Eleven
39
Copyright © 2011 Juniper Networks, Inc.
www.juniper.net
Download