SlideShare ist ein Scribd-Unternehmen logo

Plnog13 2014 security intelligence_pkedra_v1

Als PPTX, PDF herunterladen
PROIDEA
PROIDEA

Piotr Kędra – network consultant. Since 2007 Piotr has been working as Systems Engineer in Polish entity of Juniper Networks. He is responsible for network solutions for enterprise sector and technical support for channel. Previously he work in Solidex and NextiraOne as presales enginner. He participated in number of audits and many projects in area of LAN, WAN and network security. Topic of Presentation: The role of information in modern security systems Language: Polish Abstract: TBD

Internet
1 von 34
Rola informacji w nowoczesnych systemach bezpieczeństwa Security Intelligence Piotr Kędra Senior Systems Engineer, Channel support pkedra@juniper.net
Agenda • What are we talking about? • Modern warfare • Firewall evolution • Threat landscape • Security Intelligence • Summary
Network-Centric Warfare • 1996, Admiral William Owens described the evolution of a system of intelligence sensors, command and control systems, and precision weapons that enabled enhanced situational awareness, rapid target assessment, and distributed weapon assignment. • An information superiority-enabled concept of operations that generates increased combat power by networking sensors, decision makers and shooters to achieve shared awareness, increased speed of command, higher tempo of operations, greater lethality, increased survivability and a degree of self-synchronization. • Power To The Edge’s
Firewall Technology Overview • State of security – Past and Present • What is a firewall? • How have firewalls been evolving? • Is a firewall still necessary? • High-end customer requirements • Performance • Segmentation • Compliance mandates • Do more with less
What is (was) a firewall? • Software / Hardware barrier between intranet (LAN) and extranet (WAN) • Permit or deny traffic based on policies / rules • Source IP address/port, destination IP address/port, destination service, protocols, source domain, etc. • Stateful – maintains information about existing sessions • Make decisions based on session state rather than individual packets • Perimeter Gateway – common entry point to LAN
How have they evolved? • From Packet Filter to Stateful to NextGen • Addressing the evolving threat landscape • FW/IPsec VPN – secure remote tunnels into corporate • UTM – AV, antispam, URL filtering, DI/IPS, and more • Consolidate security posture into a single appliance • Application / NextGen Gateways • From Perimeter to Infrastructure / Core • Addressing the needs of changing network function / design • Multiple entry points to network • Partner portals, remote connectivity, wireless, etc • Segmentation capabilities – network zoning • Enforcement of user roles / responsibilities
Is firewall still needed? • Still 1st line of defense • DoS/DDoS protection • Ports / protocols usage • White lists, black lists – allow or deny • NATing – transition between IPv4 and IPv6 • Regulatory Compliance • Requires security in depth including firewall • PCI, SCADA, and others • Segmentation of LAN • Separate zones / policies to logically separate traffic • Enforce corporate policies
Firewalls – reality ;-)
Evolution of Integration •Separation of tasks •Expensive, high-touch •No logical integration •Very complex set-up & ongoing maintenance •Uncompromised performance •Complete inheritance •Best in class services Stand-alone Specialized functions •Stateful FW •IPSec VPN •IDP •Routing Bolt-on Loose functional integration & coordination •FW “houses” add-on svcs •Single chassis convenience Fully-integrated HW/SW optimized for full integration – Tight coordination with apps & functions Firewall IPS Firewall IPS +
NG Infantry weapon… • Removable top barrel hurls 20mm high-explosive air-bursting fragmentation rounds more than a half-mile. The lower barrel shoots NATO-standard 5.56mm ammunition. These rounds provide accurate single-round or bursts to about 500 yards. Laser-guided electronics as sophisticated as on a modern tank.
Next-Generation Firewall (NGFW) Emphasis on Visibility • Application Visibility and Control • User-based Controls • Intrusion Prevention Services L7 L3 Next-gen firewall Traditional firewall Static Dynamic
Evolution Of The Firewall  Open platform delivers more value  Scalable to ensure full enterprise or service provider deployment  Built for expansive data capacity  Improved efficacy, with fine-tuning  Adaptive in its ability to incorporate many types of data into policy  Security Intelligence! Layer 7 Layer 3 Next-gen firewall Dynamic Adaptive Platform Traditional firewall Closed Open
The Current Security Threat Landscape • Attacks coming faster; attackers getting smarter • Complex attacks using multiple vulnerabilities • No simple solution works – Patching helps – Firewalls help – AV & attachment removal help – Encrypted passwords/tunnels help • You can’t be “secure”; only “more secure” • We must share information better
Today’s Threats, Yesterday’s Defenses 40 80 5% anti-virus new viruses catch rate 4w coverage Assessing the Effectiveness of Antivirus Solutions, Imperva
The Malware Workflow Infection Download, C&C Lateral Movement Data Exfiltration
Conceptual Overview Spotlight Secure SRX Global Attacker Fingerprints Command & Control Spotlight Connector Custom Lists Malware Domains, IPs • Centrally managed threat intelligence • Open platform for custom threat data • Scalable solution supports many SRX • Future-proof framework • Precise attacker identification Suspicious APT Behaviors Local Attacker IDs GeoIP Compromised Hosts
Solution Architecture Customer-provided or 3rd Party Threat Data Command & Control GeoIP Attacker Fingerprints Spotlight Secure Local Attacker Details (e.g. WebApp Secure) 1 2 3 4 5 SRX Firewalls Aggregated 1 & optimized cloud-based threat intelligence 2 Juniper-provided threat intelligence to customer premise 3 Local/Customer data incorporated into solution 4 Centrally managed by Junos Space Security Director 5 Intelligence distributed to SRX enforcement points Security Director
Spotlight Secure Today Sharing Attacker Fingerprints in Real-Time Spotlight Secure Attacker from San Francisco Attacker fingerprint uploaded WebApp Secure protected site in UK records fingerprint Attacker fingerprint available for all sites protected by WebApp Secure Global Attacker Intelligence Service Detect Anywhere, Stop Everywhere 1 2 3 4
Juniper “Feed” Creation & Structure The Optimization Process • Consolidate data • Weed out false positives • Add/normalize scores • Prioritize based on current threat landscape The Juniper Threat Feed 192.168.3.101 5 192.168.4.25 3 www.bad.com/xyz 1 … • Juniper threat feeds are designed to maximize enforcement point resources • Policy can be fine-tuned using threat scores Not all threat intelligence is created equal Sourcing Threat Data Threat intelligence is collected from a variety of sources • Juniper is committed to delivering focused threat intelligence (C&C, botnet) • We utilize a variety of threat data sources and techniques to ensure intelligence is current and actionable • All data sources are carefully evaluated by Juniper’s threat research team Rinse & Repeat • Threats change often • Refresh all data sources at regular intervals • Spotlight Secure ensures that data delivered to customer premise is fresh and actionable
Support for Custom Feeds • Security intelligence solution supports customer choice • Multi vendor data can easily be integrated into the solution • Scalable component within SD aggregates all data for customer • Management still occurs through same SD-based tools • Support for blacklist and whitelist – Customer defines policy that uses data • Update Mechanisms • File PUSH through Security Director • Web server PULL • Local appliance/service PUSH interface
Use-case #1: Detection of infected hosts Spotlight Connector Internet Spotlight Cloud IP/URL feed IP/URL feed SRX
Use-case #2: Mitigation of fingerprinted attackers Spotlight Cloud Customer-A Spotlight Connector Internet WebApp Secure Customer-B SRX WebApp Secure SRX SRX NAT-Gateway
Use-case #3: GEOIP based traffic Inspection Dynamic Address Groups • Dynamic Address Groups can be used as either “Source Address” or “Destination Address” in a firewall rule. • A Dynamic Address Group is updated dynamically and does not require any configuration commit. • The following type of feeds are supported in the first version: • Custom IP-list feeds • GeoIP feed (from Spotlight Cloud)
Use-case #4: Custom IP feeds Spotlight Connector Internet IP feed IP feed
Juniper Security Framework Looking across Threat Vectors Users Datacenters Security Intelligence IPS Firewall Security Management Content Security Network Security Web Security Application Visibility & Control Emerging Threat Protection Intrusion Deception Client DDoS
Summary • Status • Competitive intelligence is a work-in-progress • More details will be made available as we near formal launch (we are almost ready) • Highlights • Centralized and open threat intelligence framework • Highly scalable and performant firewall implementation • Emphasis on efficacy, particularly with integration of attacker fingerprinting
Authentication, Authorization, and Accounting Server (Radius or AD) NAC integration NAC policy server Policy met? Identity correct? Switches and WLAN Protected Resources Firewall Local User Remote User Allow or Disallow? Authorized?  Set access policy  Enforce policies before users get on the network  Identify who gets access  Allow access to authorized resources
Security Information and Event Management
SIEM, NBAD, VA, etc…
Big Data Platforms and Security Intelligence Customers looking to combine Big Data Platforms and Security Intelligence to derive further security insights including: • Beaconing • Identify a pattern of connectivity from internal hosts or users to external endpoints over a long period of time. • Advanced base lining • Model normal behavior of users, apps, assets and other organizational entities so that anomalous behavior can be identified • Users susceptible to spear phishing • Enumerate users who are prone to spear phishing attacks because of their propensity to click suspicious URL links and who may require additional security training
Q&A
Thank You!

Empfohlen

Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01EduclentMegasoftel
 
Symantec Endpoint Suite
Symantec Endpoint SuiteSymantec Endpoint Suite
Symantec Endpoint SuiteMarketingArrowECS_CZ
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
Simplifying SDN Networking Across Private and Public Clouds
Simplifying SDN Networking Across Private and Public CloudsSimplifying SDN Networking Across Private and Public Clouds
Simplifying SDN Networking Across Private and Public Clouds5nine
 
Next Generation Firewall and IPS
Next Generation Firewall and IPSNext Generation Firewall and IPS
Next Generation Firewall and IPSData#3 Limited
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GSavvius, Inc
 
Next-Generation Network Security: TechNet Augusta 2015
Next-Generation Network Security: TechNet Augusta 2015Next-Generation Network Security: TechNet Augusta 2015
Next-Generation Network Security: TechNet Augusta 2015AFCEA International
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 

Empfohlen

Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01EduclentMegasoftel
 
Symantec Endpoint Suite
Symantec Endpoint SuiteSymantec Endpoint Suite
Symantec Endpoint SuiteMarketingArrowECS_CZ
 
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliMarta Pacyga
 
Simplifying SDN Networking Across Private and Public Clouds
Simplifying SDN Networking Across Private and Public CloudsSimplifying SDN Networking Across Private and Public Clouds
Simplifying SDN Networking Across Private and Public Clouds5nine
 
Next Generation Firewall and IPS
Next Generation Firewall and IPSNext Generation Firewall and IPS
Next Generation Firewall and IPSData#3 Limited
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GSavvius, Inc
 
Next-Generation Network Security: TechNet Augusta 2015
Next-Generation Network Security: TechNet Augusta 2015Next-Generation Network Security: TechNet Augusta 2015
Next-Generation Network Security: TechNet Augusta 2015AFCEA International
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP FRSecure
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
Incident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIncident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIben Rodriguez
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forcescommandersaini
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point FirewallsBen Rothke
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
Security Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingSecurity Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingPriyanka Aash
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersIben Rodriguez
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeCisco Enterprise Networks
 
Radware DefensePipe: Cloud-Based Attack Mitigation Solution
Radware DefensePipe: Cloud-Based Attack Mitigation SolutionRadware DefensePipe: Cloud-Based Attack Mitigation Solution
Radware DefensePipe: Cloud-Based Attack Mitigation SolutionRadware
 
Windows Service Hardening
Windows Service HardeningWindows Service Hardening
Windows Service HardeningDigital Bond
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010Affan Basalamah
 
Industry Best Practice against DDoS Attacks
Industry Best Practice against DDoS AttacksIndustry Best Practice against DDoS Attacks
Industry Best Practice against DDoS AttacksMarcelo Silva
 
Security Framework from SANS
Security Framework from SANSSecurity Framework from SANS
Security Framework from SANSJeffrey Reed
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 
Sophos XG Firewall
Sophos XG FirewallSophos XG Firewall
Sophos XG FirewallDeServ - Tecnologia e Servços
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraRogerChaucaZea
 

Weitere ähnliche Inhalte

Was ist angesagt?

Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP FRSecure
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitShah Sheikh
 
Incident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIncident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIben Rodriguez
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forcescommandersaini
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point FirewallsBen Rothke
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
Security Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingSecurity Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingPriyanka Aash
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersIben Rodriguez
 
Radware DefensePipe: Cloud-Based Attack Mitigation Solution
Radware DefensePipe: Cloud-Based Attack Mitigation SolutionRadware DefensePipe: Cloud-Based Attack Mitigation Solution
Radware DefensePipe: Cloud-Based Attack Mitigation SolutionRadware
 
Windows Service Hardening
Windows Service HardeningWindows Service Hardening
Windows Service HardeningDigital Bond
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010Affan Basalamah
 
Industry Best Practice against DDoS Attacks
Industry Best Practice against DDoS AttacksIndustry Best Practice against DDoS Attacks
Industry Best Practice against DDoS AttacksMarcelo Silva
 
Security Framework from SANS
Security Framework from SANSSecurity Framework from SANS
Security Framework from SANSJeffrey Reed
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 

Was ist angesagt? (20)

Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
 
Incident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIncident Handling in a BYOD Environment
Incident Handling in a BYOD Environment
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forces
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_final
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point Firewalls
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
 
Security Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingSecurity Advantages of Software-Defined Networking
Security Advantages of Software-Defined Networking
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data Centers
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and Lancope
 
Radware DefensePipe: Cloud-Based Attack Mitigation Solution
Radware DefensePipe: Cloud-Based Attack Mitigation SolutionRadware DefensePipe: Cloud-Based Attack Mitigation Solution
Radware DefensePipe: Cloud-Based Attack Mitigation Solution
 
Windows Service Hardening
Windows Service HardeningWindows Service Hardening
Windows Service Hardening
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010DNS Measurement Activity on ITB 2010
DNS Measurement Activity on ITB 2010
 
Industry Best Practice against DDoS Attacks
Industry Best Practice against DDoS AttacksIndustry Best Practice against DDoS Attacks
Industry Best Practice against DDoS Attacks
 
Security Framework from SANS
Security Framework from SANSSecurity Framework from SANS
Security Framework from SANS
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
 

Ähnlich wie Plnog13 2014 security intelligence_pkedra_v1

Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraRogerChaucaZea
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallAli Kapucu
 
TechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityTechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityRobb Boyd
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotServicePilot
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 
Data Governance and Management in Cloud pak nam
Data Governance and Management in Cloud pak namData Governance and Management in Cloud pak nam
Data Governance and Management in Cloud pak namPT Datacomm Diangraha
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...NetworkCollaborators
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics NetworkCollaborators
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Alert Logic
 
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshellAll about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshellHishan Shouketh
 
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Schneider Electric
 

Ähnlich wie Plnog13 2014 security intelligence_pkedra_v1 (20)

Sophos XG Firewall
Sophos XG FirewallSophos XG Firewall
Sophos XG Firewall
 
Presentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion seguraPresentacion de solucion cloud de navegacion segura
Presentacion de solucion cloud de navegacion segura
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation Firewall
 
TechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityTechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN Security
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilot
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
 
Data Governance and Management in Cloud pak nam
Data Governance and Management in Cloud pak namData Governance and Management in Cloud pak nam
Data Governance and Management in Cloud pak nam
 
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
Cisco Connect 2018 Thailand - Security automation and programmability mr. kho...
 
Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics Cisco Connect 2018 Thailand - Telco service provider network analytics
Cisco Connect 2018 Thailand - Telco service provider network analytics
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation Firewalls
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud
 
Spo1 w25 spo1-w25
Spo1 w25 spo1-w25Spo1 w25 spo1-w25
Spo1 w25 spo1-w25
 
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshellAll about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
 
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 

Kürzlich hochgeladen

Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...SUHANI PANDEY
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...SUHANI PANDEY
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiEscorts Call Girls
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...SUHANI PANDEY
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...roncy bisnoi
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceEscorts Call Girls
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 

Kürzlich hochgeladen (20)

Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 

Plnog13 2014 security intelligence_pkedra_v1

  • 1. Rola informacji w nowoczesnych systemach bezpieczeństwa Security Intelligence Piotr Kędra Senior Systems Engineer, Channel support pkedra@juniper.net
  • 2. Agenda • What are we talking about? • Modern warfare • Firewall evolution • Threat landscape • Security Intelligence • Summary
  • 3. Network-Centric Warfare • 1996, Admiral William Owens described the evolution of a system of intelligence sensors, command and control systems, and precision weapons that enabled enhanced situational awareness, rapid target assessment, and distributed weapon assignment. • An information superiority-enabled concept of operations that generates increased combat power by networking sensors, decision makers and shooters to achieve shared awareness, increased speed of command, higher tempo of operations, greater lethality, increased survivability and a degree of self-synchronization. • Power To The Edge’s
  • 4.
  • 5. Firewall Technology Overview • State of security – Past and Present • What is a firewall? • How have firewalls been evolving? • Is a firewall still necessary? • High-end customer requirements • Performance • Segmentation • Compliance mandates • Do more with less
  • 6. What is (was) a firewall? • Software / Hardware barrier between intranet (LAN) and extranet (WAN) • Permit or deny traffic based on policies / rules • Source IP address/port, destination IP address/port, destination service, protocols, source domain, etc. • Stateful – maintains information about existing sessions • Make decisions based on session state rather than individual packets • Perimeter Gateway – common entry point to LAN
  • 7. How have they evolved? • From Packet Filter to Stateful to NextGen • Addressing the evolving threat landscape • FW/IPsec VPN – secure remote tunnels into corporate • UTM – AV, antispam, URL filtering, DI/IPS, and more • Consolidate security posture into a single appliance • Application / NextGen Gateways • From Perimeter to Infrastructure / Core • Addressing the needs of changing network function / design • Multiple entry points to network • Partner portals, remote connectivity, wireless, etc • Segmentation capabilities – network zoning • Enforcement of user roles / responsibilities
  • 8. Is firewall still needed? • Still 1st line of defense • DoS/DDoS protection • Ports / protocols usage • White lists, black lists – allow or deny • NATing – transition between IPv4 and IPv6 • Regulatory Compliance • Requires security in depth including firewall • PCI, SCADA, and others • Segmentation of LAN • Separate zones / policies to logically separate traffic • Enforce corporate policies
  • 10. Evolution of Integration •Separation of tasks •Expensive, high-touch •No logical integration •Very complex set-up & ongoing maintenance •Uncompromised performance •Complete inheritance •Best in class services Stand-alone Specialized functions •Stateful FW •IPSec VPN •IDP •Routing Bolt-on Loose functional integration & coordination •FW “houses” add-on svcs •Single chassis convenience Fully-integrated HW/SW optimized for full integration – Tight coordination with apps & functions Firewall IPS Firewall IPS +
  • 11. NG Infantry weapon… • Removable top barrel hurls 20mm high-explosive air-bursting fragmentation rounds more than a half-mile. The lower barrel shoots NATO-standard 5.56mm ammunition. These rounds provide accurate single-round or bursts to about 500 yards. Laser-guided electronics as sophisticated as on a modern tank.
  • 12. Next-Generation Firewall (NGFW) Emphasis on Visibility • Application Visibility and Control • User-based Controls • Intrusion Prevention Services L7 L3 Next-gen firewall Traditional firewall Static Dynamic
  • 13. Evolution Of The Firewall  Open platform delivers more value  Scalable to ensure full enterprise or service provider deployment  Built for expansive data capacity  Improved efficacy, with fine-tuning  Adaptive in its ability to incorporate many types of data into policy  Security Intelligence! Layer 7 Layer 3 Next-gen firewall Dynamic Adaptive Platform Traditional firewall Closed Open
  • 14. The Current Security Threat Landscape • Attacks coming faster; attackers getting smarter • Complex attacks using multiple vulnerabilities • No simple solution works – Patching helps – Firewalls help – AV & attachment removal help – Encrypted passwords/tunnels help • You can’t be “secure”; only “more secure” • We must share information better
  • 15. Today’s Threats, Yesterday’s Defenses 40 80 5% anti-virus new viruses catch rate 4w coverage Assessing the Effectiveness of Antivirus Solutions, Imperva
  • 16. The Malware Workflow Infection Download, C&C Lateral Movement Data Exfiltration
  • 17. Conceptual Overview Spotlight Secure SRX Global Attacker Fingerprints Command & Control Spotlight Connector Custom Lists Malware Domains, IPs • Centrally managed threat intelligence • Open platform for custom threat data • Scalable solution supports many SRX • Future-proof framework • Precise attacker identification Suspicious APT Behaviors Local Attacker IDs GeoIP Compromised Hosts
  • 18. Solution Architecture Customer-provided or 3rd Party Threat Data Command & Control GeoIP Attacker Fingerprints Spotlight Secure Local Attacker Details (e.g. WebApp Secure) 1 2 3 4 5 SRX Firewalls Aggregated 1 & optimized cloud-based threat intelligence 2 Juniper-provided threat intelligence to customer premise 3 Local/Customer data incorporated into solution 4 Centrally managed by Junos Space Security Director 5 Intelligence distributed to SRX enforcement points Security Director
  • 19. Spotlight Secure Today Sharing Attacker Fingerprints in Real-Time Spotlight Secure Attacker from San Francisco Attacker fingerprint uploaded WebApp Secure protected site in UK records fingerprint Attacker fingerprint available for all sites protected by WebApp Secure Global Attacker Intelligence Service Detect Anywhere, Stop Everywhere 1 2 3 4
  • 20. Juniper “Feed” Creation & Structure The Optimization Process • Consolidate data • Weed out false positives • Add/normalize scores • Prioritize based on current threat landscape The Juniper Threat Feed 192.168.3.101 5 192.168.4.25 3 www.bad.com/xyz 1 … • Juniper threat feeds are designed to maximize enforcement point resources • Policy can be fine-tuned using threat scores Not all threat intelligence is created equal Sourcing Threat Data Threat intelligence is collected from a variety of sources • Juniper is committed to delivering focused threat intelligence (C&C, botnet) • We utilize a variety of threat data sources and techniques to ensure intelligence is current and actionable • All data sources are carefully evaluated by Juniper’s threat research team Rinse & Repeat • Threats change often • Refresh all data sources at regular intervals • Spotlight Secure ensures that data delivered to customer premise is fresh and actionable
  • 21. Support for Custom Feeds • Security intelligence solution supports customer choice • Multi vendor data can easily be integrated into the solution • Scalable component within SD aggregates all data for customer • Management still occurs through same SD-based tools • Support for blacklist and whitelist – Customer defines policy that uses data • Update Mechanisms • File PUSH through Security Director • Web server PULL • Local appliance/service PUSH interface
  • 22. Use-case #1: Detection of infected hosts Spotlight Connector Internet Spotlight Cloud IP/URL feed IP/URL feed SRX
  • 23. Use-case #2: Mitigation of fingerprinted attackers Spotlight Cloud Customer-A Spotlight Connector Internet WebApp Secure Customer-B SRX WebApp Secure SRX SRX NAT-Gateway
  • 24. Use-case #3: GEOIP based traffic Inspection Dynamic Address Groups • Dynamic Address Groups can be used as either “Source Address” or “Destination Address” in a firewall rule. • A Dynamic Address Group is updated dynamically and does not require any configuration commit. • The following type of feeds are supported in the first version: • Custom IP-list feeds • GeoIP feed (from Spotlight Cloud)
  • 25. Use-case #4: Custom IP feeds Spotlight Connector Internet IP feed IP feed
  • 26. Juniper Security Framework Looking across Threat Vectors Users Datacenters Security Intelligence IPS Firewall Security Management Content Security Network Security Web Security Application Visibility & Control Emerging Threat Protection Intrusion Deception Client DDoS
  • 27. Summary • Status • Competitive intelligence is a work-in-progress • More details will be made available as we near formal launch (we are almost ready) • Highlights • Centralized and open threat intelligence framework • Highly scalable and performant firewall implementation • Emphasis on efficacy, particularly with integration of attacker fingerprinting
  • 28. Authentication, Authorization, and Accounting Server (Radius or AD) NAC integration NAC policy server Policy met? Identity correct? Switches and WLAN Protected Resources Firewall Local User Remote User Allow or Disallow? Authorized?  Set access policy  Enforce policies before users get on the network  Identify who gets access  Allow access to authorized resources
  • 29. Security Information and Event Management
  • 30. SIEM, NBAD, VA, etc…
  • 31. Big Data Platforms and Security Intelligence Customers looking to combine Big Data Platforms and Security Intelligence to derive further security insights including: • Beaconing • Identify a pattern of connectivity from internal hosts or users to external endpoints over a long period of time. • Advanced base lining • Model normal behavior of users, apps, assets and other organizational entities so that anomalous behavior can be identified • Users susceptible to spear phishing • Enumerate users who are prone to spear phishing attacks because of their propensity to click suspicious URL links and who may require additional security training
  • 32. Q&A
  • 33.