srx series services gateways. 2 copyright © 2011 juniper networks, inc. introduction agenda...
TRANSCRIPT
SRX SERIES SERVICES GATEWAYS
2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Introduction
AGENDA
Solution Differentiators
SRX Portfolio
3 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
JUNIPER SECURITY LEADERSHIP A $1B BUSINESS
Market Leadership
Data Center with High-End Firewall #1 at 42%
Secure Mobility with SSL VPN #1 at 25%
Intelligent Networking with Secure Routing #2 at 22%
Security Innovation
Across device, network and application
One Junos for Routing, Switching and Security
Security and Mobile Threat Research Teams
Proven Reach & Scale
Protecting 80%+ of smartphones in North America
24 of the Fortune 25 for secure connectivity
GTM Scale with IBM, Dell, Ericsson & NSN
4 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
SECURITY TRENDS
Sop
hist
icat
ion
(Mat
urity
)
Type of Attack
Botnets
Trojans
Virus
Worms
DOS
APT
Malware
Notoriety Profitability .gov /.com .me / .you
New Devices
ERP
Internet Information Services
New Applications
Target
Threats
Attacker
5 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Industry trends & customer challenges
AGENDA
Solution Differentiators
SRX Portfolio
6 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
SRX PORTFOLIO
Small Office/Branch Office Data Center
7 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
SRX FOR THE SMALL OFFICE/BRANCH OFFICE
8 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Branch SRX
9 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Branch SRX
10 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
NETWORKING TRENDS
Too many devices and too much complexity
Wireless LAN
Content Security
App Visibility
& Security
Applications
LAN switch
Firewall/VPN
Routing
WAN & 3G
Complex Topology
Service disparity and lack of integration
Too many vendors
Too many Operating-Systems
Too many Management interfaces and tools
Too much cost
11 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
BRANCH SRX ADDRESSES THESE TRENDS
Easy to manage all aspects with Junos, a
single OS platform
Easy to activate new security layer in UTM
when needed to address new concerns
Lower TCO and high performance allows IT to
do more with less
All-in-One Best Price/Performance
Firewall
VPN
IPS/AppSecure
Anti-Virus
Anti-SpamWeb filtering
Routing / WAN
UT
M
WLAN, LAN, Switching
UnifiedManagement
12 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
BRANCH SRX DELIVERS…CONSOLIDATED SECURITY AND NETWORKING
All-in-One
Single device for routing, switching, and security
Comprehensive security with best-in-class partners
Easy to activate new layers of security without adding new hardware or software
Firewall
VPN
IPS/AppSecure
Anti-Virus
Anti-Spam
Web filtering
Routing / WAN
UT
M
WLAN, LAN, Switching
13 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Unified Management
BRANCH SRX OFFERS…REDUCED IT MANAGEMENT BURDEN
Single OS platform for routing, switching, and security
Reduces time and effort to plan, deploy, and manage
Provides stable delivery of new functionality in a steady, timely manner
Flexibility of web device and comprehensive network security management
14 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
BRANCH SRX ENSURES…MAXIMIZED CUSTOMER VALUE
Best Price/Performance
Lowest cost to deploy (Opex, Capex savings)
Single OS/single console reduces training costs
Fewer IT staff needed for network management
Faster processing performance with multiple dedicated cores
15 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
BRANCH SRX PORTFOLIO
Small OfficeSmall to
Medium OfficeLarge Branch/Regional Office
SRX100/110
SRX210
WAN slot, 2 x GigE, PoE
SRX220
+ 2 WAN slots, 8 x GigE, PoE
SRX240
+ 4 WAN slots, 16 x GigE, PoE
SRX650
+ More LAN slots, dual
processors, dual P/S
WAN slot
16 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
SRX FOR DATA CENTER
17 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
High-End SRX
18 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
THREE DRAMATIC SHIFTS IN THE DATA CENTER
Sources: AFCOM Data Center Research, Gartner, KRC Research -
Each trend is driving changes in networking and security
Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Mega Consolidation
Efficiency improvements and simplified administration
Cloud Services &Virtualization projects
Virtualization
Web 2.0 and Application Mashups
Service Oriented Architectures
19 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
DATA CENTER SRX ADDRESSES THESE TRENDS
Meets your specific business needs for an integrated physical and virtualized data center
Delivers efficient infrastructure for high-performance network
scale to meet even the most demanding of network productivity
needs
Ensures protection against evolving threats
with next-generation, layered security
services
Consolidationat Scale
Next Generation Security Services
Virtualization Security
20 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
DATA CENTER SRX DELIVERS…CONSOLIDATED SECURITY AND NETWORKING
Consolidationat Scale
Scalable data center security
More efficient infrastructure with modular SPCs and IOCs
Carrier grade networking powering Top 130 Service Providers & nearly all of Fortune 500
Protecting online assets with AppSecure, IPS, FW, NAT, and more
21 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
DATA CENTER SRX ENSURES…APPLICATION VISIBILITY AND PROTECTION
Next Generation Security Services
Rapid response to evolving threats through layered, next-generation security services
Control and enforcement of application usage
Visibility into Web 2.0 threats with application security against latest attacks
Scalable policy enforcement and management via Junos
22 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
DATA CENTER SRX PRODUCT LINE
Smaller Data CenterCampus/
Corporate OfficeLarge
Data Center
SRX1400
FW 10 GbpsIPS 2 Gbps
SRX3400
FW 20 GbpsIPS 6 Gbps
SRX3600
FW 30 GbpsIPS 10 Gbps
SRX5600
FW 70 GbpsIPS 15 Gbps
SRX5800
FW 150 GbpsIPS 30 Gbps
23 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Industry trends & customer challenges
AGENDA
Solution Differentiators
SRX Portfolio
24 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
JUNOS OPERATING SYSTEM
SECURITY ROUTERS
J Series
M Series
T Series EX Series
SWITCHES
MX Series
SRXSeries
Reduces time/effort to operate network infrastructure
Simplifies management
One OS One Release Train
Delivers new functionality stably
Reduces OPEX
One Architecture
Ensures available & scalable software for growing needs
Reduces TCO
QFX Series
25 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
ARCHITECTURE:SEPARATE DATA AND CONTROL PLANE
Co
ntr
ol P
lan
e
Mo
du
le n
Inte
rfac
es
Man
agem
ent
Ro
uti
ng
…Kernel
Dat
a P
lan
e
Physical Interfaces
Packet ForwardingDOS & DDOS
ATTACKS
Dat
a
Man
agem
ent
Ro
uti
ng
DOS & DDOS ATTACKS
Attacks overwhelm the box Administrator loses management access—your
network is down
Attacks can be thwarted Under attack, administrator maintains management
access to modify policy, disallow bad traffic, and process good traffic—your network stays up
Shared Plane
26 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
SRX Series
Physical
Hypervisor
vGW Series
VM VM VM VM
vGW Virtual Gateway
Management and Security Services
Security Design
Security Threat Response ManagerSTRM
Services Virtual
Firewall
IPS
DoS Prevention
AppSecure
DoS
DATA CENTER SECURITY SOLUTION THAT SPANS PHYSICAL AND VIRTUAL NETWORKS
27 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Juniper SRX with IPS and AppSecure
FabricSwitching
Policies
vGW Virtual Gateway
VMware vSphere Hypervisor
…
1. SRX Zone Visibility extends to include VM awareness
2. Firewall Event Syslogs and Netflow for Inter-VM Traffic to STRM
3. VM Traffic Inspection and Enforcement with selective mirroring to SRX IPS
vGW Solution Integration
VM 1 VM 2 VM 3 VM 20
Security Design
Copyright © 2011 Juniper Networks, Inc. www.juniper.net
INTEGRATION WITH vGW VIRTUAL GATEWAY EXTENDING ENFORCEMENT TO ANY FLOW IN THE DATA CENTER
28 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
APPSECURE: APPLICATION INTELLIGENCE—BRANCH TO DATA CENTER
Understand security risks
Address new user behaviors
Easy add-on security services for SRX gateways Delivers application visibility, enforcement and protection—up to 100 Gbps Integrates nested application detection/ protection, control, & remediation Subscription service includes all modules and updates Juniper Security Lab provides 800+ application signatures
AppTrack AppDoS IPS
Block access to risky apps
Allows user tailored policies
Prioritize important apps
Rate limit less important apps
Protect apps from bot attacks
Allow legitimate user traffic
Remediate security threats
Stay current with daily signatures
AppFW AppQoS
29 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
AppTrack IPS
AppQoS
Flow Processing
AppFW
AI
Application Identification Engine
NAI
Ingress Egress
Application ID Results
AppDoS
APPSECURE SERVICE MODULES
30 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
UNIFIED MANAGEMENT
Network Management
Junos Space Security Design
SIEM
Security Threat Response Manager
Web UI
J-Web
Automated configuration and deployment of security
Reduced security risk, faster deployment, and lower TCO
All-in-one log, threat, and compliance management
Greater visibility including web 2.0 and application intelligence for improved security
Seamless GUI access to Junos features & functions
Quick configurations/ wizards
Cost effective & intuitive
Routing Security Switching
31 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
VIRTUALIZATION
32 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
VIRTUALIZATION CHALLENGES
Physical Network
• One server is one server
• Firewall can see all traffic
• Applications don’t move much
=
Complexity
• One physical server represents many virtual ones
Dynamic Applications
• As applications move, how does the physical security follow?
V-Motion
Hidden Traffic
• Traffic on the same hypervisor isn’t sent to the physical firewall
33 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
vGW
34 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
VGW MODULES
NetworkTraffic flows
IDSIntrospect
ionReports
View of IDS alerts VM “x-ray” (OS, apps, etc.)
Granular reportsand scheduler
MainDashboard view of virtual data center
Firewall AntiVirusComplian
ceFirewall policy and logs
AV protection w/ quarantine
Alerts on VM/host non-compliance
35 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
Service Provider & Enterprise Grade Three-tiered Model VMware Certified Protects each VM and the hypervisor Fault-tolerant architecture (i.e., HA)
Virtualization-aware “Secure VMotion” scales to
1,000+ hosts “Auto Secure” detects/protects
new VMs
Granular, Tiered Defense Stateful firewall, integrated IDS,
and AV Flexible Policy Enforcement
THE VGW PURPOSE-BUILT APPROACH
THE vGW ENGINE
Virtual Center VM
VM1 VM2 VM3
Partner Server(IDS, SIM,
Syslog, Netflow)
Packet Data
VMWARE API’s
Any vSwitch (Standard, DVS, 3rd Party)
HYPERVISOR
VM
ware K
ernel
ES
X or E
SX
i Host
Security Design
for vGW
12
3
36 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
PERFORMANCE & SCALABILITY
37 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
SECURITY SOLUTION SUMMARY
No new hardware needed to add AppSecure, UTM or robust network security
Massive advantage in scale over all other competitors accommodates growth
Performance andScalability Leader
Modular architecture allows pay-as-you-grow approach and simplifies operations
Security leadership (Gartner leader quadrant in five cate-gories*), and financial stability
Strong Company
Carrier-grade networking performance and robust feature set integration
Top performance and lower TCO in a better networking and security solution
High Overall Value
* Sources: Gartner 2010 Magic Quadrants for Enterprise Network Firewalls, Network Intrusion Prevention Systems, SSL VPN, SIEM (2011) , and Network Access Controls
Better Security Superior Design Superior Networking
38 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
3RD PARTY VALIDATION
39 Copyright © 2011 Juniper Networks, Inc. www.juniper.net
ANALYST AND CUSTOMER RECOGNITION
“Juniper’s maturing and expanding SRX family of security gateway appliances are threatening, because they deliver an impressive combination of performance, functionality, and product family breadth.” Andrew Braunberg, Current Analysis
“Juniper has consistently shown exceptional differentiation in terms of feature-set, performance and implementation flexibility in a market that is getting increasingly crowded. It continues to excel as a value differentiator.” Subha Rama, ABI Research
“The simplicity of Junos providing integrated routing, switching, and security, coupled with the automation that Junos Space provides, is a nice value-add for CIOs who are constantly being asked to do more with less in a tighter economic environment.” IDC Link“I can sum up Juniper Networks in three words: security, performance, and reliability.”
Rich Acevedo, Network Engineer, Romano’s Macaroni Grill
“One of the key aspects of the relationship with Juniper is their ability to listen to what the customer needs. We’ve developed a long-term relationship. We have helped influence some of the evolution of the products and features that we as well as other customers would see as a benefit.” Eric Walters, Network Manager, 7-Eleven
“The foundational strength of the SRX family is Juniper’s new Dynamic Services Architecture, which allows a much more intelligent sharing of resources among security services running on the gateway.” Current Analysis, 2010