srx series services gateways. 2 copyright © 2011 juniper networks, inc. introduction agenda...

SRX SERIES SERVICES GATEWAYS

2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

Introduction

AGENDA

Solution Differentiators

SRX Portfolio


JUNIPER SECURITY LEADERSHIP A $1B BUSINESS

Market Leadership

Data Center with High-End Firewall #1 at 42%

Secure Mobility with SSL VPN #1 at 25%

Intelligent Networking with Secure Routing #2 at 22%

Security Innovation

Across device, network and application

One Junos for Routing, Switching and Security

Security and Mobile Threat Research Teams

Proven Reach & Scale

Protecting 80%+ of smartphones in North America

24 of the Fortune 25 for secure connectivity

GTM Scale with IBM, Dell, Ericsson & NSN


SECURITY TRENDS

Sop

hist

icat

ion

(Mat

urity

)

Type of Attack

Botnets

Trojans

Virus

Worms

DOS

APT

Malware

Notoriety Profitability .gov /.com .me / .you

New Devices

ERP

Internet Information Services

New Applications

Target

Threats

Attacker


Industry trends & customer challenges

AGENDA


SRX Portfolio


SRX PORTFOLIO

Small Office/Branch Office Data Center


SRX FOR THE SMALL OFFICE/BRANCH OFFICE


Branch SRX


NETWORKING TRENDS

Too many devices and too much complexity

Wireless LAN

Content Security

App Visibility

& Security

Applications

LAN switch

Firewall/VPN

Routing

WAN & 3G

Complex Topology

Service disparity and lack of integration

Too many vendors

Too many Operating-Systems

Too many Management interfaces and tools

Too much cost


BRANCH SRX ADDRESSES THESE TRENDS

Easy to manage all aspects with Junos, a

single OS platform

Easy to activate new security layer in UTM

when needed to address new concerns

Lower TCO and high performance allows IT to

do more with less

All-in-One Best Price/Performance

Firewall

VPN

IPS/AppSecure

Anti-Virus

Anti-SpamWeb filtering

Routing / WAN

UT

M

WLAN, LAN, Switching

UnifiedManagement


BRANCH SRX DELIVERS…CONSOLIDATED SECURITY AND NETWORKING

All-in-One

Single device for routing, switching, and security

Comprehensive security with best-in-class partners

Easy to activate new layers of security without adding new hardware or software

Firewall

VPN

IPS/AppSecure

Anti-Virus

Anti-Spam

Web filtering

Routing / WAN

UT

M

WLAN, LAN, Switching


Unified Management

BRANCH SRX OFFERS…REDUCED IT MANAGEMENT BURDEN

Single OS platform for routing, switching, and security

Reduces time and effort to plan, deploy, and manage

Provides stable delivery of new functionality in a steady, timely manner

Flexibility of web device and comprehensive network security management


BRANCH SRX ENSURES…MAXIMIZED CUSTOMER VALUE

Best Price/Performance

Lowest cost to deploy (Opex, Capex savings)

Single OS/single console reduces training costs

Fewer IT staff needed for network management

Faster processing performance with multiple dedicated cores


BRANCH SRX PORTFOLIO

Small OfficeSmall to

Medium OfficeLarge Branch/Regional Office

SRX100/110

SRX210

WAN slot, 2 x GigE, PoE

SRX220

+ 2 WAN slots, 8 x GigE, PoE

SRX240

+ 4 WAN slots, 16 x GigE, PoE

SRX650

+ More LAN slots, dual

processors, dual P/S

WAN slot


SRX FOR DATA CENTER


High-End SRX


THREE DRAMATIC SHIFTS IN THE DATA CENTER

Sources: AFCOM Data Center Research, Gartner, KRC Research -

Each trend is driving changes in networking and security

Copyright © 2011 Juniper Networks, Inc. www.juniper.net

Mega Consolidation

Efficiency improvements and simplified administration

Cloud Services &Virtualization projects

Virtualization

Web 2.0 and Application Mashups

Service Oriented Architectures


DATA CENTER SRX ADDRESSES THESE TRENDS

Meets your specific business needs for an integrated physical and virtualized data center

Delivers efficient infrastructure for high-performance network

scale to meet even the most demanding of network productivity

needs

Ensures protection against evolving threats

with next-generation, layered security

services

Consolidationat Scale

Next Generation Security Services

Virtualization Security


DATA CENTER SRX DELIVERS…CONSOLIDATED SECURITY AND NETWORKING

Consolidationat Scale

Scalable data center security

More efficient infrastructure with modular SPCs and IOCs

Carrier grade networking powering Top 130 Service Providers & nearly all of Fortune 500

Protecting online assets with AppSecure, IPS, FW, NAT, and more


DATA CENTER SRX ENSURES…APPLICATION VISIBILITY AND PROTECTION

Next Generation Security Services

Rapid response to evolving threats through layered, next-generation security services

Control and enforcement of application usage

Visibility into Web 2.0 threats with application security against latest attacks

Scalable policy enforcement and management via Junos


DATA CENTER SRX PRODUCT LINE

Smaller Data CenterCampus/

Corporate OfficeLarge

Data Center

SRX1400

FW 10 GbpsIPS 2 Gbps

SRX3400


SRX3600


SRX5600


SRX5800



Industry trends & customer challenges

AGENDA


SRX Portfolio


JUNOS OPERATING SYSTEM

SECURITY ROUTERS

J Series

M Series

T Series EX Series

SWITCHES

MX Series

SRXSeries

Reduces time/effort to operate network infrastructure

Simplifies management

One OS One Release Train

Delivers new functionality stably

Reduces OPEX

One Architecture

Ensures available & scalable software for growing needs

Reduces TCO

QFX Series


ARCHITECTURE:SEPARATE DATA AND CONTROL PLANE

Co

ntr

ol P

lan

e

Mo

du

le n

Inte

rfac

es

Man

agem

ent

Ro

uti

ng

…Kernel

Dat

a P

lan

e

Physical Interfaces

Packet ForwardingDOS & DDOS

ATTACKS

Dat

a

Man

agem

ent

Ro

uti

ng

DOS & DDOS ATTACKS

Attacks overwhelm the box Administrator loses management access—your

network is down

Attacks can be thwarted Under attack, administrator maintains management

access to modify policy, disallow bad traffic, and process good traffic—your network stays up

Shared Plane


SRX Series

Physical

Hypervisor

vGW Series

VM VM VM VM

vGW Virtual Gateway

Management and Security Services

Security Design

Security Threat Response ManagerSTRM

Services Virtual

Firewall

IPS

DoS Prevention

AppSecure

DoS

DATA CENTER SECURITY SOLUTION THAT SPANS PHYSICAL AND VIRTUAL NETWORKS


Juniper SRX with IPS and AppSecure

FabricSwitching

Policies

vGW Virtual Gateway

VMware vSphere Hypervisor

…

1. SRX Zone Visibility extends to include VM awareness

2. Firewall Event Syslogs and Netflow for Inter-VM Traffic to STRM

3. VM Traffic Inspection and Enforcement with selective mirroring to SRX IPS

vGW Solution Integration

VM 1 VM 2 VM 3 VM 20

Security Design

Copyright © 2011 Juniper Networks, Inc. www.juniper.net

INTEGRATION WITH vGW VIRTUAL GATEWAY EXTENDING ENFORCEMENT TO ANY FLOW IN THE DATA CENTER


APPSECURE: APPLICATION INTELLIGENCE—BRANCH TO DATA CENTER

Understand security risks

Address new user behaviors

Easy add-on security services for SRX gateways Delivers application visibility, enforcement and protection—up to 100 Gbps Integrates nested application detection/ protection, control, & remediation Subscription service includes all modules and updates Juniper Security Lab provides 800+ application signatures

AppTrack AppDoS IPS

Block access to risky apps

Allows user tailored policies

Prioritize important apps

Rate limit less important apps

Protect apps from bot attacks

Allow legitimate user traffic

Remediate security threats

Stay current with daily signatures

AppFW AppQoS


AppTrack IPS

AppQoS

Flow Processing

AppFW

AI

Application Identification Engine

NAI

Ingress Egress

Application ID Results

AppDoS

APPSECURE SERVICE MODULES


UNIFIED MANAGEMENT

Network Management

Junos Space Security Design

SIEM

Security Threat Response Manager

Web UI

J-Web

Automated configuration and deployment of security

Reduced security risk, faster deployment, and lower TCO

All-in-one log, threat, and compliance management

Greater visibility including web 2.0 and application intelligence for improved security

Seamless GUI access to Junos features & functions

Quick configurations/ wizards

Cost effective & intuitive

Routing Security Switching


VIRTUALIZATION


VIRTUALIZATION CHALLENGES

Physical Network

• One server is one server

• Firewall can see all traffic

• Applications don’t move much

=

Complexity

• One physical server represents many virtual ones

Dynamic Applications

• As applications move, how does the physical security follow?

V-Motion

Hidden Traffic

• Traffic on the same hypervisor isn’t sent to the physical firewall


vGW


VGW MODULES

NetworkTraffic flows

IDSIntrospect

ionReports

View of IDS alerts VM “x-ray” (OS, apps, etc.)

Granular reportsand scheduler

MainDashboard view of virtual data center

Firewall AntiVirusComplian

ceFirewall policy and logs

AV protection w/ quarantine

Alerts on VM/host non-compliance


Service Provider & Enterprise Grade Three-tiered Model VMware Certified Protects each VM and the hypervisor Fault-tolerant architecture (i.e., HA)

Virtualization-aware “Secure VMotion” scales to

1,000+ hosts “Auto Secure” detects/protects

new VMs

Granular, Tiered Defense Stateful firewall, integrated IDS,

and AV Flexible Policy Enforcement

THE VGW PURPOSE-BUILT APPROACH

THE vGW ENGINE

Virtual Center VM

VM1 VM2 VM3

Partner Server(IDS, SIM,

Syslog, Netflow)

Packet Data

VMWARE API’s

Any vSwitch (Standard, DVS, 3rd Party)

HYPERVISOR

VM

ware K

ernel

ES

X or E

SX

i Host

Security Design

for vGW

12

3


PERFORMANCE & SCALABILITY


SECURITY SOLUTION SUMMARY

No new hardware needed to add AppSecure, UTM or robust network security

Massive advantage in scale over all other competitors accommodates growth

Performance andScalability Leader

Modular architecture allows pay-as-you-grow approach and simplifies operations

Security leadership (Gartner leader quadrant in five cate-gories*), and financial stability

Strong Company

Carrier-grade networking performance and robust feature set integration

Top performance and lower TCO in a better networking and security solution

High Overall Value

* Sources: Gartner 2010 Magic Quadrants for Enterprise Network Firewalls, Network Intrusion Prevention Systems, SSL VPN, SIEM (2011) , and Network Access Controls

Better Security Superior Design Superior Networking


3RD PARTY VALIDATION


ANALYST AND CUSTOMER RECOGNITION

“Juniper’s maturing and expanding SRX family of security gateway appliances are threatening, because they deliver an impressive combination of performance, functionality, and product family breadth.” Andrew Braunberg, Current Analysis

“Juniper has consistently shown exceptional differentiation in terms of feature-set, performance and implementation flexibility in a market that is getting increasingly crowded. It continues to excel as a value differentiator.” Subha Rama, ABI Research

“The simplicity of Junos providing integrated routing, switching, and security, coupled with the automation that Junos Space provides, is a nice value-add for CIOs who are constantly being asked to do more with less in a tighter economic environment.” IDC Link“I can sum up Juniper Networks in three words: security, performance, and reliability.”

Rich Acevedo, Network Engineer, Romano’s Macaroni Grill

“One of the key aspects of the relationship with Juniper is their ability to listen to what the customer needs. We’ve developed a long-term relationship. We have helped influence some of the evolution of the products and features that we as well as other customers would see as a benefit.” Eric Walters, Network Manager, 7-Eleven

“The foundational strength of the SRX family is Juniper’s new Dynamic Services Architecture, which allows a much more intelligent sharing of resources among security services running on the gateway.” Current Analysis, 2010

srx series services gateways. 2 copyright © 2011 juniper networks, inc. introduction agenda...

Documents