SECURE CLOUD-READY DATA CENTERS

AppSecure development

IDC IT Security conference – 2011 Budapest

2 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

Current Security Services

• IPsec VPNs, IPS, UTM• Stateful FW, NAT, ALG• Routing, FBF, QoS,

Bandwidth Management

APPLICATION-AWARE SECURITYIntroducing AppSecure

AppSecure is a suite of application based services designed for deploying security in a knowledgeable manner

Builds on existing firewall integrated services to deliver finer-grain policies Leverages integrated application intelligence

Advanced Security Services With AppSecure

• Botnet Protection• Application Access

Control• Application Bandwidth

Management

Application

Intelligence

3 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

APPSECURE DIRECTION

Understand security risks

Address new user behaviors

Application Intelligence from User to Data Center

• Subscription service includes all modules and updates• Juniper Security Lab provides 800+ application signatures

AppTrack AppQoS AppDoS IPS

Block access to risky apps

Allows user tailored policies

Prioritize important apps

Rate limit less important apps

Protect apps from bot attacks

Allow legitimate user traffic

Remediate security threats

Stay current with daily signatures

AppFW

4 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

SAMPLE APPLICATION COVERAGE . . . 800+ AND MORE ADDED DAILY100Bao Aimster Applejui

ce Ares BitTorrent

DirectConnect

eDonkey2000

FastTrack Freecast Freenet Gnucleus

LAN Gnutella Gnutella2

GoBoogy

Hotline IceShare ICQ IRC Japper/XMPP

Joltid PeerEnabler

Kademlia

KuGoo Kuro Manolito/MP2P MMS MSNP (ver

10, 11, 12) MSNP 13 MUTE

Napster OpenFT (giFT)

Oscar (AOL) Peercast Poco QQ RTSP

SCTP Skype Soribada Soulseek Tesla TOC

(AOL) WinNY

WPNP Xunlei Yahoo IM

And More

5 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

APPLICATION VISIBILITY AppTrack

Discrete Data Analysis Business Analysis

Deep packet intelligence

Protocol

IP Addr Port

Data

SAPSize

Joe

What application?What user?

User Location?User device?

• Identify applications running on the network with protocol decoding and Application signatures

• View application ID in session logs to understand network behavior

• Enable data center admins to make informed decisions based on application being accessed to manage security risk

AppTrack

Applications Bytes From Client (Custom) (Sum) Count

FTP 1,047,754 2,097Windows File Share 1,030,006 31HTTP 376,296 16Bit Torrent 316,064 16None 154,168 302NETBlog 151,632 16VoIP 128,266 16Facebook 104,735 16TFIP 67,920 16Telnet 54,768 16

6 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

Control & Enforce Web 2.0 AppsAppFW

AppFW: BEYOND JUST FW OR APP CONTROL

Inspect ports and protocols

Control nested apps, chat, file sharing and other Web 2.0 activitiesDynamic application security

Web 2.0 policy enforcement

Threat detection & prevention

HTTP Uncover tunneled apps

Stop multiple threat types

7 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

Protect Valuable On-line BusinessAppDoS

AppDOS THREAT MITIGATION

Detect and mitigate botnet activity

Benchmark “normal” behavior to detect anomalies

Botnet detection & remediation

DoS monitoring & remediation

On-going anomaly detection

Uncover misuse of routine Web functionalityPurchase Item

Select ItemView Item

Check bill

Adapt security policy and QOS based on insights

8 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

HOW AppDOS WORKS

Attack traffic

Legitimate traffic

Botnets targeting services for disruption

Mixture of legitimate and attack traffic

INTERNET

Server Connection Monitoring

Protocol Analysis

Bot / Client Classification

Cloud Provider / Data Center

Web

Ser

vice

s /

App

licat

ions

SRX Series

9 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

Prioritize & Control App BandwidthAppQoS

AppQOS FOR SCALE & PERFORMANCE

Monitor Web 2.0 bandwidth consumption

Dynamic application quality-of-service (QoS)

Application prioritization

Performance management

Throttle bit rates based on security and usage insights

Prioritize business critical apps

X

10 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

Monitor & Mitigate Custom AttacksIPS

IPS FOR CUSTOMIZABLE PROTECTION

Detect and monitor suspicious behavior

Address vulnerabilities instead of ever-changing exploits of the vulnerability

On-going threat protection

Mobile traffic monitoring

Custom attack mitigation

Tune open signatures to detect and mitigate tailored attacks

Uncover attacks exploiting encrypted methods

Exploits

VULNERABILITY

AppSecure IPS

Other IPS’s

11 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

AppSECURE DEPLOYMENT SCENARIOSIN-LINE SERVICE PROTECTION

Advanced protection for infrastructure and Hosted Services

Data Center

DNS Services HTTP/Web Services

Network Core

Remote Network

Other Services

AppSecure

12 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

APPSECURE DEPLOYMENT SCENARIOSSRX Corporate Data Center with Bot protection and Application Tracking

Remote Access

Apps Apps Apps Apps Apps Apps

Full suite of DC services: firewall, IPS, NAT, IPsec VPN, AppTrack, AppDoS

Corporate HQ / Data Center

AppSecure

13 Copyright © 2011 Juniper Networks, Inc. www.juniper.net

APPSECURE SUMMARY

•iPhone and other mobile devices consuming many applications and bandwidth•Increased security risk with Web 2.0 applications

Internet end-points are changing and

increasing exponentially

•Fine-grain detection and control of application access•Deep and wide visibility into all traffic flowing through the network

Expands administrative control over network traffic

•AppDOS combines statistical and deterministic methods to counter DDoS attacks at the right level•Mitigates sophisticated attacks with minimal service impact

Botnet attacks are growing

•SRX Services Gateways offer control and security without compromise

Scalable performance