SRX Series Services Gateways
advertisement
SRX SERIES SERVICES GATEWAYS AGENDA Introduction SRX Portfolio Solution Differentiators 2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net JUNIPER SECURITY LEADERSHIP A $1B BUSINESS 3 Market Leadership Security Innovation Data Center with HighEnd Firewall #1 at 42% Across device, network and application Secure Mobility with SSL VPN #1 at 25% One Junos for Routing, Switching and Security Intelligent Networking with Secure Routing #2 at 22% Security and Mobile Threat Research Teams Copyright © 2011 Juniper Networks, Inc. www.juniper.net Proven Reach & Scale Protecting 80%+ of smartphones in North America 24 of the Fortune 25 for secure connectivity GTM Scale with IBM, Dell, Ericsson & NSN SECURITY TRENDS Notoriety Profitability .gov /.com .me / .you Attacker Sophistication (Maturity) Threats Type of Attack APT Botnets Malware DOS Trojans Worms Virus New Devices Target New Applications Internet Information Services ERP 4 Copyright © 2011 Juniper Networks, Inc. www.juniper.net AGENDA Industry trends & customer challenges SRX Portfolio Solution Differentiators 5 Copyright © 2011 Juniper Networks, Inc. www.juniper.net SRX PORTFOLIO Small Office/Branch Office 6 Copyright © 2011 Juniper Networks, Inc. Data Center www.juniper.net SRX FOR THE SMALL OFFICE/ BRANCH OFFICE 7 Copyright © 2011 Juniper Networks, Inc. www.juniper.net Branch SRX 8 Copyright © 2011 Juniper Networks, Inc. www.juniper.net Branch SRX 9 Copyright © 2011 Juniper Networks, Inc. www.juniper.net NETWORKING TRENDS Too many devices and too much complexity Complex Topology Service disparity and lack of integration Too many vendors Too many Operating-Systems Too many Management interfaces and tools Too much cost 10 Copyright © 2011 Juniper Networks, Inc. www.juniper.net BRANCH SRX ADDRESSES THESE TRENDS UTM All-in-One Best Price/ Performance Easy to manage all aspects with Junos, a single OS platform Lower TCO and high performance allows IT to do more with less Firewall VPN IPS/AppSecure Anti-Virus Anti-Spam Web filtering Routing / WAN WLAN, LAN, Switching Easy to activate new security layer in UTM when needed to address new concerns 11 Unified Management Copyright © 2011 Juniper Networks, Inc. www.juniper.net BRANCH SRX DELIVERS… CONSOLIDATED SECURITY AND NETWORKING All-in-One Firewall VPN UTM IPS/AppSecure Anti-Virus Anti-Spam Web filtering Routing / WAN WLAN, LAN, Switching 12 Single device for routing, switching, and security Comprehensive security with best-inclass partners Easy to activate new layers of security without adding new hardware or software Copyright © 2011 Juniper Networks, Inc. www.juniper.net BRANCH SRX OFFERS… REDUCED IT MANAGEMENT BURDEN Unified Management Single OS platform for routing, switching, and security Reduces time and effort to plan, deploy, and manage Provides stable delivery of new functionality in a steady, timely manner Flexibility of web device and comprehensive network security management 13 Copyright © 2011 Juniper Networks, Inc. www.juniper.net BRANCH SRX ENSURES… MAXIMIZED CUSTOMER VALUE Best Price/Performance Lowest cost to deploy (Opex, Capex savings) Single OS/single console reduces training costs Fewer IT staff needed for network management Faster processing performance with multiple dedicated cores 14 Copyright © 2011 Juniper Networks, Inc. www.juniper.net BRANCH SRX PORTFOLIO + More LAN slots, dual processors, dual P/S SRX650 + 4 WAN slots, 16 x GigE, PoE SRX240 + 2 WAN slots, 8 x GigE, PoE WAN slot, 2 x GigE, PoE SRX220 SRX210 WAN slot SRX 100/110 Small Office 15 Small to Medium Office Copyright © 2011 Juniper Networks, Inc. www.juniper.net Large Branch/ Regional Office SRX FOR DATA CENTER 16 Copyright © 2011 Juniper Networks, Inc. www.juniper.net 17 Copyright © 2011 Juniper Networks, Inc. www.juniper.net THREE DRAMATIC SHIFTS IN THE DATA CENTER Mega Consolidation Virtualization Efficiency improvements and simplified administration Cloud Services & Virtualization projects Service Oriented Architectures Web 2.0 and Application Mashups Each trend is driving changes in networking and security Sources: AFCOM Data Center Research, Gartner, KRC Research - 18 Copyright © 2011 Juniper Networks,Inc. Inc.www.juniper.net www.juniper.net Copyright © 2011 Juniper Networks, DATA CENTER SRX ADDRESSES THESE TRENDS 19 Consolidation at Scale Virtualization Security Next Generation Security Services Delivers efficient infrastructure for highperformance network scale to meet even the most demanding of network productivity needs Meets your specific business needs for an integrated physical and virtualized data center Ensures protection against evolving threats with next-generation, layered security services Copyright © 2011 Juniper Networks, Inc. www.juniper.net DATA CENTER SRX DELIVERS… CONSOLIDATED SECURITY AND NETWORKING Consolidation at Scale Scalable data center security More efficient infrastructure with modular SPCs and IOCs Carrier grade networking powering Top 130 Service Providers & nearly all of Fortune 500 Protecting online assets with AppSecure, IPS, FW, NAT, and more 20 Copyright © 2011 Juniper Networks, Inc. www.juniper.net DATA CENTER SRX ENSURES… APPLICATION VISIBILITY AND PROTECTION Next Generation Security Services Rapid response to evolving threats through layered, next-generation security services Control and enforcement of application usage Visibility into Web 2.0 threats with application security against latest attacks Scalable policy enforcement and management via Junos 21 Copyright © 2011 Juniper Networks, Inc. www.juniper.net DATA CENTER SRX PRODUCT LINE FW 150 Gbps IPS 30 Gbps SRX5800 FW 70 Gbps IPS 15 Gbps SRX5600 FW 30 Gbps IPS 10 Gbps SRX3600 FW 20 Gbps IPS 6 Gbps SRX3400 FW 10 Gbps IPS 2 Gbps SRX1400 Smaller Data Center 22 Campus/ Corporate Office Copyright © 2011 Juniper Networks, Inc. www.juniper.net Large Data Center AGENDA Industry trends & customer challenges SRX Portfolio Solution Differentiators 23 Copyright © 2011 Juniper Networks, Inc. www.juniper.net JUNOS OPERATING SYSTEM T Series EX Series QFX Series SRX Series MX Series M Series J Series SECURITY One OS Reduces time/effort to operate network infrastructure ROUTERS SWITCHES One Release Train Delivers new Ensures available & functionality stably Reduces OPEX Simplifies management 24 One Architecture scalable software for growing needs Reduces TCO Copyright © 2011 Juniper Networks, Inc. www.juniper.net 25 Module n Interfaces Routing … Kernel Packet Forwarding Physical Interfaces DOS & DDOS ATTACKS Attacks can be thwarted Attacks overwhelm the box Administrator loses management access—your network is down Management Control Plane Data Plane Routing Data DOS & DDOS ATTACKS Management ARCHITECTURE: SEPARATE DATA AND CONTROL PLANE Shared Plane Under attack, administrator maintains management access to modify policy, disallow bad traffic, and process good traffic—your network stays up Copyright © 2011 Juniper Networks, Inc. www.juniper.net DATA CENTER SECURITY SOLUTION THAT SPANS PHYSICAL AND VIRTUAL NETWORKS Management and Security Services Security Design STRM Security Threat Response Manager Services Physical Virtual Firewall VM VM VM vGW Series IPS DoS VM Hypervisor DoS Prevention AppSecure vGW Virtual Gateway SRX Series 26 Copyright © 2011 Juniper Networks, Inc. www.juniper.net INTEGRATION WITH vGW VIRTUAL GATEWAY EXTENDING ENFORCEMENT TO ANY FLOW IN THE DATA CENTER Juniper SRX with IPS and AppSecure Fabric Switching Policies vGW Solution Integration Security Design 1. SRX Zone Visibility extends to include VM awareness VM 1 VM 2 VM 3 … VM 20 vGW Virtual Gateway VMware vSphere Hypervisor 27 2. Firewall Event Syslogs and Netflow for Inter-VM Traffic to STRM 3. VM Traffic Inspection and Enforcement with selective mirroring to SRX IPS Copyright 2011 Juniper Networks, www.juniper.net Copyright © 2011©Juniper Networks, Inc. Inc. www.juniper.net APPSECURE: APPLICATION INTELLIGENCE— BRANCH TO DATA CENTER AppTrack AppFW AppQoS AppDoS IPS Understand security risks Block access to risky apps Prioritize important apps Protect apps from bot attacks Remediate security threats Address new user behaviors Allows user tailored policies Rate limit less important apps Allow legitimate user traffic Stay current with daily signatures Easy add-on security services for SRX gateways Delivers application visibility, enforcement and protection—up to 100 Gbps Integrates nested application detection/ protection, control, & remediation Subscription service includes all modules and updates Juniper Security Lab provides 800+ application signatures 28 Copyright © 2011 Juniper Networks, Inc. www.juniper.net APPSECURE SERVICE MODULES Flow Processing Ingress AI NAI Egress Application Identification Engine Application ID Results IPS AppTrack AppDoS AppFW AppQoS 29 Copyright © 2011 Juniper Networks, Inc. www.juniper.net UNIFIED MANAGEMENT Network Management Automated configuration and deployment of security Reduced security risk, faster deployment, and lower TCO Junos Space Security Design Web UI All-in-one log, threat, and compliance management Greater visibility including web 2.0 and application intelligence for improved security Seamless GUI access to Junos features & functions Quick configurations/ wizards Cost effective & intuitive Security Threat Response Manager Routing 30 SIEM Security Copyright © 2011 Juniper Networks, Inc. J-Web Switching www.juniper.net VIRTUALIZATION 31 Copyright © 2011 Juniper Networks, Inc. www.juniper.net VIRTUALIZATION CHALLENGES Physical Network Hidden Traffic Complexity Dynamic Applications V-Motion = • • • One server is one server Firewall can see all traffic Applications don’t move much 32 • Traffic on the same hypervisor isn’t sent to the physical firewall • One physical server represents many virtual ones Copyright © 2011 Juniper Networks, Inc. www.juniper.net • As applications move, how does the physical security follow? 33 Copyright © 2011 Juniper Networks, Inc. www.juniper.net VGW MODULES Main Firewall Dashboard view of virtual data center Firewall policy and logs Network Traffic flows AntiVirus AV protection w/ quarantine IDS View of IDS alerts Complian ceVM/host Alerts on non-compliance Introspect ion VM “x-ray” (OS, apps, etc.) 34 Copyright © 2011 Juniper Networks, Inc. www.juniper.net Reports Granular reports and scheduler THE VGW PURPOSE-BUILT APPROACH Service Provider & Enterprise Grade Three-tiered Model 1 VMware Certified Protects each VM and the hypervisor Virtual Center 2 Security Design for vGW VM Fault-tolerant architecture (i.e., HA) VM1 VM2 VM3 ESX or ESXi Host Virtualization-aware “Secure VMotion” scales to 3 Packet Data THE vGW ENGINE VMWARE API’s Any vSwitch (Standard, DVS, 3rd Party) Granular, Tiered Defense Stateful firewall, integrated IDS, HYPERVISOR and AV Flexible Policy Enforcement 35 Copyright © 2011 Juniper Networks, Inc. www.juniper.net VMware Kernel 1,000+ hosts “Auto Secure” detects/protects new VMs Partner Server (IDS, SIM, Syslog, Netflow) PERFORMANCE & SCALABILITY 36 Copyright © 2011 Juniper Networks, Inc. www.juniper.net SECURITY SOLUTION SUMMARY Better Security No new hardware needed to add AppSecure, UTM or robust network security Performance and Scalability Leader Massive advantage in scale over all other competitors accommodates growth 37 Superior Design Modular architecture allows pay-as-you-grow approach and simplifies operations Strong Company Security leadership (Gartner leader quadrant in five categories*), and financial stability Superior Networking Carrier-grade networking performance and robust feature set integration High Overall Value Top performance and lower TCO in a better networking and security solution Copyright © 2011 Juniper Networks, Inc. www.juniper.net * Sources: Gartner 2010 Magic Quadrants for Enterprise Network Firewalls, Network Intrusion Prevention Systems, SSL VPN, SIEM (2011) , and Network Access Controls 3RD PARTY VALIDATION 38 Copyright © 2011 Juniper Networks, Inc. www.juniper.net ANALYST AND CUSTOMER RECOGNITION “The foundational strength of the SRX family is Juniper’s new Dynamic Services Architecture, which allows a much more intelligent sharing of resources among security services running on the gateway.” Current Analysis, 2010 “Juniper’s maturing and expanding SRX family of security gateway appliances are threatening, because they deliver an impressive combination of performance, functionality, and product family breadth.” Andrew Braunberg, Current Analysis “Juniper has consistently shown exceptional differentiation in terms of feature-set, performance and implementation flexibility in a market that is getting increasingly crowded. It continues to excel as a value differentiator.” Subha Rama, ABI Research “The simplicity of Junos providing integrated routing, switching, and security, coupled with the automation that Junos Space provides, is a nice value-add for CIOs who are constantly being asked to do more with less in a tighter economic environment.” IDC Link “I can sum up Juniper Networks in three words: security, performance, and reliability.” Rich Acevedo, Network Engineer, Romano’s Macaroni Grill “One of the key aspects of the relationship with Juniper is their ability to listen to what the customer needs. We’ve developed a long-term relationship. We have helped influence some of the evolution of the products and features that we as well as other customers would see as a benefit.” Eric Walters, Network Manager, 7-Eleven 39 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
