Kappa Data 2020

Build a Software-Defined Network to Defend your

Business

Filip VanierschotSystems Engineer

fvanierschot@juniper.net

Software Defined Secure NetworksJuniper’s Innovation in Secure Networks

Filip Vanierschot – Systems Engineerfvanierschot@juniper.net

Juniper Facts

A History Of Innovation

Why is security important?

• Hybrid cloud deployments

growing

• Device proliferation and

BYOD

• IoT

• Zero day attacks

• Advanced, persistent,

targeted attacks

• Adaptive malware

• Virtualization and SDN

• Applications, data,

management in the cloud

• Application proliferation

Security is in Transformation

INFRASTRUCTURETHREAT SOPHISTICATION CLOUD

Causing Network Security Complexity

Centralized DHCP and

other services

DataLoss Prevention

Inline Anti Prevention

ApplicationSecurity

UnifiedThreatManagement

Firewalls

App Servers

Core

LAG

Inline Intrusion Prevention

Multi-vendor, multi-vector solutions deployed

Layered on top of the network

Security tools lagging behind attacker ingenuity

Unmanaged risk to business outcomes and operations

Demanding Software Defined Secure Networks

Global Policy Orchestration, Policy Engine

Open and Unified Threat Detection

Dynamic, Automated Enforcement

IDSDeception Sandbox

AV NGFW

AnalyticsIPS NAT

Uncoordinated and firewall focused

Orchestrated, holistic system encompassing security + infrastructure

Assembling the parts into a solution

PERIMETER

&

ENDPOINT

BASED

HW

MANUAL

CONFIG.

ORIENTED

CLOSED,

SILO

OVERLAYS

PERVASIVE

SW/CLOUD

DEFINED

AUTOMATED

USER

INTENT

OPEN,

STANDARDIZED

Network Configuration

Device/Platform specific configurations

Tough to automate, challenging compliance

Islands of Management

User Intent Policy

User Intent Based Policies

Native automation and compliance support

Comprehensive Security

Users SitesDevices Applications Meta Data

AD CMDB vCenter Custom

ExtensibilityAutomation

Access ControlThreat Prevention

Compliance

Firewall

Rule

Tables

Access

Control

Lists

Routing Tables

& SDN Service

Chains

IP MAC Proto Port

Private Public

SDSN User Intent Policy Model Example

Manual Threat Workflows

Threat Detection Enforcement Delays

Vendor specific threat feeds

Multiple Teams

Threat Management Automation

Automation across Network & Security

Open API and 3rd Party Threat Feed Collation

Cohesive Threat Management System

SDSN – Threat Management Automation Example

Incident Response

Net-Sec Operations

EndpointSecurity

Malware Found

TKT

TKT

Feed

Feed

Software Defined Secure Networks Strategy

Leverage entire network and ecosystem for threat intelligence and detection

Utilize any point of the network as a point of enforcement

Dynamically execute policyacross all network elements including third party devices

Bottoms Up and Top Down Approach

Your Enterprise Network

ThreatIntelligence

Enforcement

Detection

Enforcement

Detection

Cloud-based Threat Defense and Open Intel Platform

Dynamic and Adaptive Policy Engine

Policy

Campus

&

Branch

DCPublic

CloudPrivate

Cloud

Juniper’s Software Defined Secure Network (SDSN) PlatformPervasive, Automated, Intent-driven

ENFORCEMENTAutomatically enforce policy across the infrastructure in site-locations and cloud

DETECTIONUnify threat intelligence from multiple sources

POLICYCreate and centrally manage policy with an intent-based system

Sky ATPMachine

Learning,

Analytics, Threat

Feeds

JSA Analytics, Security Director, Policy Enforcer

Visibility, Correlation, Automation, EnforcementPOLICY

Third Party Networking & Security

ENFORCEMENT

DETECTIONSRX / vSRX / cSRXNG Firewalls: Physical & Virtual

MX & PTX Routers

EX & QFX Switches

DETECTION

DETECTION

UTM & IPSMultiple layers of

sensing and detection

technologies

Infrastructure as a Secure Fabric

Third Party

Juniper’s Software Defined Secure Network (SDSN) Platform

AutomationArtificial

Intelligence

Malware Example

SDSN vs. Malware

Automation

Sky

Advanced

Threat Prevention

Device Quarantined

SDSN Simplified: Network As a Firewall

Sandboxw/Deception

StaticAnalysis

ATP

Sky Advanced

Threat Prevention Cloud

Security Director + Policy Enforcer

Policy Enforcement, Visibility, Automation

SRX Physical Firewall

vSRXVirtual Firewall

MX Routers*

EX & QFX Switches

Third Party Elements*

DETECTION

POLICY

Detection(Machine Learning)

Centralized

policy push

EnforcementMulti-cloud

1 2

34

Network asa Firewall

DETECTION

ENFORCEMENT

SDSN Portfolio

Branch Campus Data Center Service Provider

SRX5800SRX5600SRX300 SRX1500SRX500 SRX4100 SRX4200 SRX5400

1RU5Gb/s

1RU20Gb/s

1RU40Gb/s

5RU480Gb/s

8RU960Gb/s

2RU5.5Gb/s

vSRX

4Gb/s (2 vCPU)

25Gb/s (16 vCPU)

Cloud

Security DirectorPolicy Enforcer

16RU2Tb/s

Application Security

SSL Inspection

Intrusion Prevention

User Firewall

UTM

Sky Advanced Threat Prevention

SecureAnalytics

Management, Visibility, Automation

SIEM Advanced Malware Prevention Service

Next Gen Security Services

cSRX*

Beta*

Ecosystem Partners

Ready to Deploy End to End Security Solutions

CASB

• Cloud App Risk Management

• Visibility and Control

• Malware and Threat Protection for Cloud

• Extend Security Policy

Access Security

• Context-based

• BYOD Onboarding

• Role-based Network Access Assignment

• Access Control and Enforcement

Endpoint Security

• Discovery of All Endpoints

• Vulnerability and Patch Management

• Continuous Policy Enforcement

Conclusion: Juniper’s SDSN is a Security Platform

• Nature of a Platform

• Flexible to enable multiple

solutions now

• Extensible to build and

deploy future solutions

• Open to integrate current

and future technologies

Your Enterprise Network

ThreatIntelligenceEnforcement

Detection

Enforcement

Detection

Cloud-based Threat Defense and Open Intel

Platform

Dynamic and Adaptive Policy

Engine

Policy

Internet of T. as an example

IoT Applications: Industrial and Consumer

ConsumerInternet of Things

SMART

Phone

Wearable

TV

Appliances

Home

IndustrialInternet of Things

SMART

Factory

Grid

Machine

City

Car

Network

HighPerformance

HighlySecure

LowLatency

HighlyScalable

IoT History & Forecast - Then, Now and Future

1999

2000

2008

2011

2012

2015

2020

Internet of ThingsFirst Coined- Conceived by Kevin Ashton at P&G

- RFID technologies commercialized

Growth in Connected Devices- First time number of devices surpass global population

IPv6 Launch- Potential for new IP addresses, enabling the future of IoT

Connected Devices to Reach 25 Billion- According to IDC, IoTconnected “things” will account for 60% of total connected devices by 2020

First Commercialized Consumer Product- Toaster and coffee maker

Nest Labs Develops First Product- Later acquired by Google for $3.2B

FitBit IPO- Wearables fitness tracker IPO (NYSE:FIT)

IoT BREACH

SDSN IN ACTION

Automation

What about us IoT consumers ???

Juniper Networks Information

• Software Defined Secure Networks• http://www.juniper.net/uk/en/solutions/software-defined-secure-networks/

• Security Now! Blog• https://forums.juniper.net/t5/Security-Now/bg-p/networkingnow

• Juniper• http://www.juniper.net

Kappa Data 2020

THANKYOU

Together Strong in a changing world

#KappaData2020