Juniper idp overview


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Discussions regarding security gear deployments include IDP appliances in addition to the traditional firewalls. Administrators are aware that traditional firewalls alone is not sufficient to keep ahead of the emerging attacks. In addition to allowing valid traffic and blocking attacks, more and more customers are looking for ways to control applications that are not attacks but are also not mission-critical. P2P and Instant Messaging are common examples but others include music servers and other “personal” applications.
  • Using the projected IPS market as an indication of the concern over security, the data in this slide is from Infonetics Research. The obvious item to note is that the revenue for IDS/IPS continues to climb topping $800 Mil by CY09. The other item to note is how network-based products (which categorizes Juniper IDP products) more than double the host-based products in revenue.
  • Following slides dive more into the customer drivers for IDP products.
  • Despite the amount of varying attacks and threats, external network attacks remain the top reason for purchasing security gears. Basically, the fear of being hacked. While network downtime can directly be correlated to business impact, the graphics illustrate how impact to end-users can also have significant consequences. This is designed to illustrate that overly aggressive security policies can keep network attacks out but can also cause quantifiable impact to the business with the increase in false positives.
  • This slide illustrate why firewall alone is not enough to protect typical enterprise network. ANIMATION 1 st click – Displays the time when vulnerability is discovered and advisory is issued. A good example if Microsoft who provide vulnerability information on a monthly basis. 2 nd click – At some later time after the vulnerability has been discovered, exploits are released to take advantage of the vulnerability. For example, hackers develop an attack to leverage the newly discovered vulnerability. 3 rd click – Worms are released which can leverage the vulnerability for massive attacks. 4 th click – The main point of this graphic is that the time from when the vulnerability is discovered to a full blown worm attack is getting shorter. This requires security products designed to be highly adaptable and the company geared to provide new updates in a timely manner.
  • Business compliance is also a good example for the need for IDP products. The word “compliance” has been crossed and replaced with “practices” to indicate that we are not just talking about regulatory compliance. Any enterprise wishing to conform to their business practices would benefit from IDP products. Good and possibly overly used example is IM where some businesses will allows its use but with the understanding that its use will not hinder critical business applications. One question you can ask the audience is “Do you have the means to easily find out how much IM traffic is in your network?”. Naturally, with Juniper IDP products, you can.
  • Another customer driver for IDP products are new technologies. Many enterprise adopt new technologies to reduce cost and gain competitive edge over competitors. They require security solutions to support the new technologies. Good example is the proliferation of VoIP solutions. Sharing the same network infrastructure as the enterprise data network, an un-secure VoIP solution would be opening the entire enterprise network to attack. Attacking through the phone is a very real possibility. ANIMATION 1 st click – Displays text “New Technologies = New Risks” reiterating that customers need to consider the risks any time a new technology is being introduced.
  • Finishing off the customer driver section, touch on the service provider and managed service provider market. SPs face much of the same issues as the enterprise. The chart in the slide is from Infonetics and illustrates how “Keeping up with new security threats” is the top concern for service providers.
  • This slide outlines how Juniper approach is not just point products. The IDP product as a whole has several components to it including 3 rd party security team, internal research, etc… All these resources are tied to the in-house Juniper Security team and the results of that goes into every IDP product on a daily basis. The discussion should illustrate how there are so many other factors to an IDP product that must be taken into consideration compared to the usual, throughput, price, footprint, etc…
  • This slide is not designed to provide a specific percentage of the data show but only to illustrate that unknown or undiscovered threats and vulnerabilities dwarf the amount of known threats. Some of the threats are known but no effective way to protect from it while others have been identified and there are known protection, patches, etc… Question that will come up is “how to protect against unknown vulnerabilities?”
  • This slide builds on the previous slide and addresses the question of “how do you protect from vulnerabilities that are unknown?” Good portion of unknown vulnerabilities is from protocol anomalies where the use of protocols beyond the defined specification can have adverse effect. The way to prevent such attack is to ensure that all usage of the protocol conforms to the acceptable guidelines. Hence, if an vulnerability is found for a particular protocol and exploits are developed, Juniper IDP would already have the coverage since it’ll treat such attack as protocol anomaly and block it … protection from the unknown.
  • Juniper Networks Security Team had traditionally been under-marketed. Yet, they provide market-leading support for IDP products. The key thing to outline regarding the Security Team is its expertise in protocol decodes and partnership with multiple security vendors. The proof of excellent security team is in its response time. How fast the team can provide signature updates based on new vulnerabilities is a good indication of how effective the entire IDP product really is. This is a good lead-in to the next slide. The graphics is a screen capture of the Juniper Security portal indicated by the URL.
  • Continuing the emphasis on response time, this slide outlines the actual timeline for response time based on a Microsoft vulnerability announcement. The “Super Tuesday” refers to Microsoft’s monthly disclosure of security vulnerabilities. ANIMATION 1 st click – The text illustrate that at 10:17 AM, Microsoft announced 3 security bulletins 2 nd click – 4 minutes later, Juniper Security team announced coverage for all three bulletins 3 rd click – After 1.5 hrs, TippingPoint provided unclear message regarding their coverage of the bulletins 4 th click – Close to 2 hours, ISS announced coverage for only one of the bulletins 5 th click – By end of the day, Cisco and McAfee had no announcements regarding the bulletins. Similar to ISS, Symantec announced coverage for only one of the bulletins
  • Following slides dive into the IDP products.
  • Before talking about IDP product features, this slide illustrates some of the basic responses to different malicious activities. It offers high-level view of how the IDP product thwart these activities. ANIMATION 1 st click – Recon (or reconnaissance) is used by attackers to see what resources are out there. IDP can detect this activity through traffic anomaly detection in terms of the change in volume of the traffic as well as network honeypot where the attacker thinks the target resource exists when in actuality, it does not. 2 nd click - To thwart an attack, IDP uses protocol anomaly (already discussed), stateful signatures and features such as Synflood protector. 3 rd click – Reacting to proliferation is designed to stop the spread attacks. Backdoor detection is an obvious feature as it assumes the first level of defense had been compromised and a Trojan is sitting in your network. The key is to continue to provide high level of security even if the first line of defense has been breached.
  • This slide is an example of traffic anomaly detection. The concept being that there are no obvious sign of attack other than suspicious amount of traffic pattern change. ANIMATION 1 st click – Displays the example of ping sweep where administrators see a high traffic volume of network scans to identify target resources.
  • This slides provide example of protocol anomaly detection. The concept should be familiar so an example would be the best way to discuss this slide. ANIMATION 1 st click – The set up graphic shows the FTP client and the FTP server with the IDP appliance in front of the server. 2 nd click – A request is sent from the client to the server requesting an FTP session. No attack has occurred yet. 3 rd click – The client sends a second request to open a connection from the server to the client. However, instead of sending its open address, the address of a different server is sent. If this request were to go though, data can be sent to an unauthorized client. This is the attack. 4 th click – The IDP appliance recognizes that the FTP protocol is not being used as expected and blocks the communication to the FTP server. Attack blocked.
  • Stateful signature refers to the ability to look for attacks in the context of the network traffic. Without it, IDP would need to scan any and all traffic for a specific pattern that matches the attack. This can result in performance degradation and increased false positives. ANIMATION 1 st click – The example shown here is Code Red Worm. The worm utilized HTTP but only the GET request of HTTP. Hence the IDP only scans the specific traffic (in this case, HTTP GET) for a pattern that matches the attack.
  • The slides in this section addresses some of the new features available in IDP 4.0 and NSM 2006.1 release.
  • Security Explorer is a simple, intuitive, interactive graphical user interface released as part of IDP 4.0 and NSM 2006.1 release. Some customer may be aware of this feature as it had been an officially unsupported features in previous versions of IDP Manager. The graphic is a screen capture of Security Explorer and illustrates how you can see the traffic between multiple nodes. The UI is interactive in the sense that you can follow the traffic from one node/user to another simply by clicking the graphic icon of that node/user.
  • Profiler feature is carried over from IDP Manager to NSM. After being configured, Profiler continually captures information about the network node and traffic relevant to the administrator requirements. The level and detail of information span to the application showing not just the type of applications but details such as the on-line user name, e-mail address, subject of e-mails, etc…
  • New to IDP 4.0, Diffserv marking is the rate limiting capability introduced to IDP product line. Rather than just allowing or blocking traffic based on various criteria, IDP can now set priorities of the traffic. Since the level of granularity can be as detailed as the type of applications, its simple to tag certain application traffic as lower priority (e.g., IM or P2P). Since the Diffserv marking is defined as an action based on IDP rules, the configuration is as simple as any other IDP policy rule configuration. Since the actual enforcement of Diffserv marking is performed by routers, its important to note that this feature will work in networks with Juniper network gear as well as non-Juniper gear.
  • H.225 Protocol is the signaling protocol for the H.323 VoIP solution. Since VoIP attacks utilize the signaling portion of the traffic (rather than the actual voice data), the support for H.225 bolsters the Juniper IDP products which already supported SIP. With fill protocol decode, we can offer day-zero protection against future exploits.
  • Support of GTP decodes is tailored primarily for service providers of cellular data infrastructure. GTP encapsulated standard network traffic for the GPRS cellular data infrastructure. In order to apply the various analysis to the actual traffic, IDP must understand the GTP protocol.
  • Coordinated Threat Control is an example of innovation brought on by collaboration between Juniper Networks products. In this case, tight integration between Juniper IDP and SSL VPN products have resulted in enhanced capability to thwart attacks from remote users. SSL VPN gateways often act as proxy between the remote users and the enterprise resources. While IDP appliances can detect attacks from remote users, pinpointing the actual user to quarantine or block the user has been difficult. SSL VPN gateway acting as a proxy does not make the end-user information available. With Juniper product, once an attack has been detected, the IDP appliance will send the identifying information to the SSL VPN gateway which will in turn, identify the offending end-user and take specific actions (often quarantining the user). This feature is only available from Juniper Networks. ANIMATION The steps are self-explanatory as defined above.
  • 1999 - Juniper Networks IDP was being developed as the industry’s first Intrusion Prevention (IPS) product / platform, launched amidst IDS only offerings 2002 - IDP platforms introduced to market, backed by a dedicated Security Team that provided attack signature creation and updates, protocol decodes, and security response notices 2003 - Integrated Stateful signature and protocol anomaly detection mechanisms from IDP – specifically Internet facing protocols ideal for remote/branch offices – into firewall known as Deep Inspection (DI) 2004 - Industry’s first and only IPS to integrate full ‘forensics’ / ‘network profiling’ capabilities with Profiler 2005 - Juniper launches ISG Series (ASIC-based FW/VPN) with IDP ‘blades’, a fully integrated FW/VPN/IDP system with multi-Gigabit performance and Next-Generation ASICs 2006 – Launch of Coordinated Threat Control feature in collaboration with SSL VPN product line 2006 – Introduction of the next generation of network awareness and control with common management solution as Juniper FW/VPN and integrated security platform (ISG) as well as Security Explorer for graphical, interactive and intuitive user interface.
  • This slide illustrates typical IDP deployments in distributed enterprise environment. Key item to note is that while IDP appliances may be deployed in different geographical locations, only one NSM management server located at the main office/headquarter is needed. This concept extends to Juniper Networks FW/VPN and ISG platforms deployed throughout the network.
  • IDP 50, targeted at small and branch offices, do not support full active-active HA. All other platforms support state sync HA redundancy.
  • This slide is a review of the capabilities of the various platforms, as well as the differences between them. Note the management solution for all three types of platforms is NSM.
  • This is a set up slide for the next one. The graphic illustrates how “hybrid” or networks with different vendor’s firewalls and IDP appliances can result in multiple management solutions. Obviously, not an ideal environment.
  • Much simplified consolidated view of the network with single management server for all the security gears in the network.
  • Domains and Role-based Admin feature deserves to be pointed out in this slide. While often requested by service providers, this feature is also very valuable to enterprise. It is not uncommon for enterprise to logically divide the roles of administrators based on the type of security gears so that specific administrators manage firewall policies while others manage IDP policies, etc… It is also common for enterprise to logically separate admin responsibilities based on their business requirements (e.g., a particular admin manages all security gear at a specific branch office while another manages the headquarter).
  • This slides illustrate how NSM truly integrates the management of IDP products along with other security devices. The main point of this slide is to convey how simple it is to manage IDP policies. ANIMATION 1 st click – Circles the tab section of the screen shot. Within the circle, you can see the different tasks available. In particular, you can see the tab used to configure firewall rules and IDP. 2 nd click – The Attack button from the main page launches the window used for configuring attack detection. 3 rd click – The Action button from the main page launches the window for configuring the response to a particular attack.
  • Some consider the selection of IDP products to be based on throughput first and all else, second. While the product is an inline network device, its important to iterate that the main purpose for the appliance is security. IDP appliance with sub-par security coverage is not much better than a simple router. Do you need another router in your network? Focus needs to be on the level of security coverage and the rapid response of Juniper Networks security team. Reiterate the example from previous slides on how we compare to our competitors on responding to Microsoft vulnerability announcement.
  • While NSM does not provide management of “all” Juniper products, it does manage FW, IDP and ISG platforms which make up the bulk of enterprise security appliances. Multiple deployment options include inline, sniffer mode (traditional IDS), HA, etc… “Profile” the network obviously refers to Profiler feature in NSM and previously in IDP manager where administrators can configure the type of information to gather from the network to better understand the network traffic and application.
  • Juniper idp overview

    1. 1. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential 1 Juniper Networks Intrusion Detection & Prevention June 2006
    2. 2. 3Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Agenda  Security Market Climate • IPS & Security Market • Market Drivers  Juniper Networks IDP Product Overview • Complete Solution – Security Team • Product Features • Product Offering  Management with Juniper Networks NSM  Summary
    3. 3. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential 4 IPS and Security Market
    4. 4. 5Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Security Market  IPS technology is a mainstream part of network security for companies of all sizes  Keeping up with new security threats and finding integrated management systems remain key concerns for security admins  Assuring business critical applications have predictable quality of service over nonessential apps like P2P and IM  Need Visibility, Control and Ease of Use
    5. 5. 6Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Worldwide IPS Market  Market focus on IPS technology exemplified by market forecast  Worldwide IDS/IPS revenue expected to top $800 Million by year 2009  Network-based products continue to account for more than 2/3 of total revenue 277 384 427 544 603 667 752 790 819 0 100 200 300 400 500 600 700 800 900 Revenue ($ Million) CY01 CY02 CY03 CY04 CY05 CY06 CY07 CY08 CY09 Year World Wide IDS/IPS Product Revenue Network-based Host-based Source: Network Security Appliance and Software Quarterly Worldwide Market Share and Forecast for 1Q06
    6. 6. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential 7 Customer Drivers
    7. 7. 8Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Fear of external network attack and internal noncompliance  External attacks remain the top reason for purchasing security appliances • Failure to block viruses, attacks or malware directly impact end-users  A growing concern meanwhile is ensuring users on the network are doing what they’re supposed to be doing Direct impact to end-users •Quantifiable loss of productivity •Impact to revenue •Headaches to administrators •Unauthorized access to critical data
    8. 8. 9Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Firewall alone is not enough  Every organization is connected to the Internet and deploys some form of firewall  Most enterprise realize firewall alone is not sufficient to block sophisticated attacks Vulnerability Discovered Advisory Issued Exploits Released W orm Released Getting Shorter Lifecycle of Vulnerabilities and Threats
    9. 9. 10Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Business compliance  Need to enforce business practices including types and version of applications  Need to ensure non-business applications does not hinder critical business applications practices
    10. 10. 11Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential New Technology Adoption  Adoptions of new technologies continue to increase  Enterprises are not satisfied to wait until security “catches up”  Convergence of networks open up the infrastructure to new attacks New Technologies = New Risks
    11. 11. 12Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Not Only for Enterprise  Service Providers face similar security concerns as enterprise  Keeping ahead of new security threats considered highest technical challenge by SP Source: Service Provider Plans for VPNs and Security North America, Europe, and Asia Pacific 2006
    12. 12. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential 13 IDP Product Overview Security Team
    13. 13. 14Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential The Juniper Approach Complete Solution Service Provider Security Teams Worldwide Juniper Security Team Juniper Customers Juniper Products Technology Vendor Relationships Technology Vendor Relationships Internal ResearchInternal Research 3rd Party Security Teams 3rd Party Security Teams Customer Security Team Customer Security Team Cooperative Security Research Partner MSSP Intelligence Daily Updates
    14. 14. 15Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential The Basic Security Threat Landscape Unknown Threats & Vulnerabilities Known Threats but no known ways to protect Known Threats with available protection
    15. 15. 16Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential The Juniper Advantage  Superior protocol decoding and anomaly detection – the majority of the unknown  Dedicated teams researching protocols and standards  Provide breadth & depth of coverage  Give Security Experts better tools to deal with the unknown Unknown Threats & Vulnerabilities Protocol Anomalies
    16. 16. 17Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Dedicated Security Team  Dedicated team to research vulnerabilities and emerging threats • Protocol decode expertise • Multiple research and vendor partnerships • Reverse engineering experts • Global honey pot network  Industry-leading response time • Daily and Emergency signature updates • Customer Accuracy Program • Team distributed globally • Emergency update within an hour 
    17. 17. 18Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Real-world Example Security Team’s Response 10:17 AM 5/9/2006 Microsoft announces security bulletins; MS06-018, MS06- 019, MS06-20 and posts patches for the vulnerabilities 10:21 AM +4 min Juniper Networks announces coverage for vulnerabilities on all IDP platforms 11:50 AM +1hr 33min TippingPoint provides mixed messages on coverage 11:58 AM +1hr 41min ISS announces coverage only for MS06-019 End of Day No announcements from Cisco or McAfee Symantec announces coverage only for MS06-019  Typical chain of events on recent Microsoft “Super Tuesday”
    18. 18. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential 19 IDP Product Overview Product Features
    19. 19. 20Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Thwart Attacks at Every Turn Multiple Methods of Detection •Traffic Anomaly Detection •Network Honeypot Malicious Activities/Attacks •Protocol Anomaly Detection •Stateful Signatures •Synflood Protector •Backdoor Detection •IP Spoof Detection •Layer-2 Attack Detection Recon Multiple Method of Detection Attack Proliferation • Profiler • Security Explorer
    20. 20. 21Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Traffic Anomaly Detection  Method of identifying abnormal traffic usage  No protocol anomalies or specific attack patterns but unusual traffic usage/volume  Example: Ping Sweep • Scan the network to identify resources for possible attack in the future - reconnaissance • Ping sweep from external/suspicious source should alert administrator
    21. 21. 22Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Protocol Anomaly Detection  Protocols are well defined allowing accurate description of “normal” usage  “Abuse” or abnormal use of the protocol are detected by the IDP appliances  Example: FTP Bounce Attack x.x.x.A x.x.x.B Please connect to x.x.x.B (so unauthorized client can receive data) Please open FTP connection x.x.x.B is not the authorized client machine Possible abuse of FTP protocol Request denied!!! FTP Server FTP Client
    22. 22. 23Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Stateful Signatures  Look for attacks in context  Avoid blindly scanning all traffic for particular pattern • Improve efficiency • Reduce false-positives  Example: Code Red Worm • Utilizes HTTP GET request for attack • IDP appliance only scan for the specific request and not any other HTTP traffic
    23. 23. 24Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Backdoor Detection/Trojan  Well-known “Trojan horse” concept  Challenge is to identify the attack when the first line of defense has been overcome  Heuristic method of analyzing interactive traffic  Example: Traffic originating from web server • Web servers typically respond to requests for information, not initiate one • A sign of infected server/node
    24. 24. 25Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Features Addressing Customer Challenges  How can I uncover new network activities?  How can easily I find out what’s really running on my network?  I don’t want to block non-business apps but how else can I control it?  How can I make sure new technologies doesn’t translate to new threats?  Wireless is great but how can I secure it?
    25. 25. 26Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Security Explorer  Interactive and dynamic touchgraph providing comprehensive network and application layer views • Integrated with Log Viewer and Profiler  Identifies what’s running on a network host • Uncovers attacks, peer IP addresses, open ports, available applications and operating systems NEW - IDP 4.0
    26. 26. 27Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Enhanced Profiler  Uncovers new activities and traffic information across network and application levels  Identifies new protocols, applications and operating systems • Alerts on rogue hosts, servers or IP addresses • Detect unwanted applications like P2P and IM  Records information on active hosts, devices, protocols and services in various contexts • Instant Messaging alias, FTP username, e-mail address, subject heading, etc… NEW - NSM 2006.1
    27. 27. 28Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Diffserv (DSCP) Marking  Controls bandwidth allocation based on specific types of application  Marks on a packet that match an IDP signature  Allows upstream router to enforce on markings (value 1-63) to assure quality of service on critical applications or appropriate response to nonessential apps  Available as an action per IDP rule for full granular control NEW - IDP 4.0
    28. 28. 29Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Securing VoIP Applications  New Protocol Decode – H.225  Assures that the VoIP signaling and control protocol cannot be used as a source of network attacks or abuse  Protocol decode capability protects underlying vulnerability of protocol  Allows creation of custom attack objects with contexts  VoIP protection on top of existing SIP protocol support  Proactively prevent future exploits NEW - IDP 4.0
    29. 29. 30Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Securing Database Applications  New Protocol Decode – Oracle TNS  Protects database applications from an increasing number of exploits and buffer overflows in the internal network  Blocks unauthorized users to Oracle servers  Protects the underlying vulnerability of Oracle TNS protocol  Prevents future threats at day zero NEW - IDP 4.0
    30. 30. 31Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Securing Mobile Data Networks  New Inspection Capability – GTP Encapsulated Traffic • Protects an inherently unsecured traffic • Supports UDP tunnel packets per GTPv0 and GTPv1  Ensures users on cellular network aren’t exposing the entire network to possible attacks  Carrier protection on top of existing inspection for GRE encapsulated traffic NEW - IDP 4.0
    31. 31. 32Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Coordinated Threat Control  Identify specific attacks originating from remote user via SSL VPN and quarantine the user (and only the offending user) Only from Juniper Networks ! Available IDP 3.2r2 Infected Attack 1. User logs in using SSL VPN & deliberate or inadvertent attacks are launched 2. IDP detect the attack and block requests to the internal resources 3. IDP sends identifying data to SA SSL VPN gateway 4. Based on data from IDP, SA quarantine and notifies the user Attack Identifying Data Quarantine
    32. 32. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential 33 IDP Product Overview Product Offering
    33. 33. 34Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential IDP Product Overview -Timeline 2002 2004 2005 2006 •IDP platform introduced •Integrated Stateful Signature creation and updates •Protocol decodes •Secure response notices •First and only IPS integrating Profiler for best-in-class network awareness •Introduction of fully integrated multi-gigabit FW/VPN/IDP system (ISG 1000 and 2000) •First to introduce daily signature updates •Next generation of network visibility and control •Consolidated security management solution •First to introduce Integrated Threat Control for SSL and IDP appliances
    34. 34. 35Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Typical IPS Deployment Regional Head Office Satellite Office Main Office NSM
    35. 35. 36Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential IDP Product Line • Med Bus • Large BO • Enterprise Perimeter • Enterprise Perimeter • Enterprise Perimeter • Internal LAN IDP 50 @ 50Mbps IDP 200 @ 200Mbps IDP 600 @ 500Mbps IDP 1100@ 1 Gbps • SMB • Branch Office • Service Provider • Large Enterprise Perimeter • Internal LAN ISG 1000/2000
    36. 36. 37Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential IDP Standalone – 1100 C/F  1100C 1100F IDP 1100 C/FIDP 1100 C/F Optimal for largeOptimal for large enterprise / Gigenterprise / Gig environmentsenvironments Up to 1 Gbps throughput 500,000 max sessions 10 CG or 8 Fiber SX + 2 CG traffic, 1 CG mgmt & 1 CG HA ports HA clustering option Integrated bypass for CG traffic ports
    37. 37. 38Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential High Availability Options Standalone HA state-sync Third-party HA state-sync Bypass Bypass Unit for Fiber Gig networks - IDP 600F - IDP 1100F - ISG
    38. 38. 39Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Solutions for Every Need Juniper IDP Standalone Appliances • 50 Mbps – 1 Gbps • HA Clustering • Centralized policy management •Complement existing FW/VPN •Protect network segments •DMZ •LAN •Departmental servers Juniper ISG Series •Next-Gen Security ASIC (GigaScreen) •Multi-Gigabit FW/VPN/IDP •Centralized policy management •High performance for demanding networks •Virtualization features •Granular rule-by-rule management
    39. 39. 40Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential ISG – Under the hood  Integrated Best-of-breed Security & Networking gear  Multi-Gig 2-way Layer 7 IDP Security Modules  Module “blades” available for ISG-1000 and ISG-2000
    40. 40. 41Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential ISG Series Architecture I/O I/O I/O I/O GigaScreen3 ASIC 1GB RAM Programmable Processors Security modules Dual 1Ghz PowerPC CPU 1GB RAM Management Processing • Dedicated processing helps ensure linear performance • High performance interconnect & flow setup Security Module Processing • Dedicated processing for other security applications Network Level Security Processing • ASIC-accelerated security •Stateful FW, NAT, VPN, DoS/DDoS •Intelligent Intrusion Prevention session load balancing •Embedded programmable processor facilitate new feature acceleration Unmatched processing power!
    41. 41. 42Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential ISG Series Summary: ISG 1000 and ISG 2000 ISG 1000 ISG 2000 Max Throughput: Firewall 1 Gbps 2 Gbps Max Throughput: IPSec VPN (3DES/AES) 1 Gbps 1 Gbps Packets per second: FW/VPN 1.5/1.5 Million 3/1.5 Million Max sessions 500,000 1,000,000 VPN tunnels 2000 10000 Max Throughput: Deep Inspection 200 Mbps 300 Mbps Max Throughput: IDP Up to 1 Gbps Up to 2 Gbps Number of supported security modules (IDP) Up to 2 Up to 3 Number of fixed I/O interfaces 4 – 10/100/1000 0 Max interfaces Up to 20 Up to 28 Number of I/O modules 2 4
    42. 42. 43Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Product Details Juniper Firewall/VPN, with Screen OS Deep Inspection Juniper Stand-alone IDP Juniper ISG Series with IDP Hardware •NS-5XT •NS-5GT •NS-25 •NS-50 •NS-204 •NS-208 •NS-500 •ISG 1000 •ISG 2000 •NS-5200 •NS-5400 •IDP 50 •IDP 200 •IDP 600C •IDP 600F •IDP 1100C •IDP 1100F •ISG 2000 with IDP •ISG 1000 with IDP Software ScreenOS 5.0, 5.1, 5.2 IDP 4.0 ScreenOS 5.0-IDP Management NSM NSM 2006.1 NSM 2004 FP3-IDP1
    43. 43. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential 44 Management
    44. 44. 45Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential 3-Tier Management – Secure and Scalable Distributed IDP Sensors Distributed ISG with IDP Centralized NSM Server Common User Interface NSM Standalone IDP appliances requires IDP 4.0 for NSM support
    45. 45. 46Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Customers with a Hybrid Network Regional Head Office Satellite Office Main Office FW Mgmt IPS Mgmt FW Mgmt IPS Mgmt FW Mgmt IPS Mgmt  Business Challenges • What is on my network? • Who is on my network?  Product Challenges • Complex network environments • Multi-vendor FW and IPS systems • Multiple Management Systems
    46. 46. 47Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Juniper Networks Customers Regional Head Office Satellite Office Main Office NSM  Juniper Offering • Juniper Networks IDPs & Firewalls • Single Management System • Single User Interface  Business Benefits • Enhanced Network Visibility • Granular Control • Ease of Use
    47. 47. 48Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential NSM Management Features Scheduled Security Updates Automatically update devices with new attack objects. Domains Service providers and distributed enterprises may use this mechanism to logically separate devices, policies, reports, objects, etc… Role-based Administration granular approach in which all 100+ activities in the system may be assigned as separate permissions. Object Locking Multiple administrators can safely and concurrently modify different objects in the system at the same time. Audit Logs Sortable and filterable record of who made which changes to which objects in the system. Device Templates Manage shared configuration such as sensor settings in one place. Job Manager View pending and completed directives (such as device updates) and their status. High Availability Active/passive high availability of the management server. Scheduled Database Backups Copies of the NSM database may be saved on a daily basis. NEW - NSM 2006.1
    48. 48. 49Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Granular IDP Control w/NSM Firewall and IDP management from same user interface Configure attack detectionConfigure desired response
    49. 49. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential 50 Summary
    50. 50. 51Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Why Juniper Networks IDP products?  Security Coverage  Product Innovation  Trusted Company  Market Recognition
    51. 51. 52Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Security Coverage  Multiple prevention methods for protection against entire 'Vulnerability & Attack Lifecycle’  Complete packet capture and protocol decode @ Layer 7, including VoIP protocols  2-way Layer 7 inspection: blocks attacks from client-to-server and server-to-client  100% prevention and accuracy for Shellcode/buffer overflow attacks  100% prevention in protecting against Microsoft Vulnerabilities: Same day & Zero protection on “Patch Tuesday’s”  Comprehensive Spyware protection, including 700+ signatures and growing daily  Daily signature updates, including auto signature updates and auto policy push
    52. 52. 53Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Product Innovation  Next generation of network visibility w/ Security Explorer  Granular, Flexible Management solution for all Juniper Networks security appliances  Automatic custom reports  Multi Gigabit Performance  Multiple Deployment Options  “Profile” the network to understand applications and network traffic  Carrier Class IDP: Multi-Gbps combined with SDX / JNPR Router integration  Custom Signature Editor / Open Signatures Database
    53. 53. 54Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Trusted Company  Financial Strength / $2 Billion in Revenue / Profitable / Cash Reserves  Investment in R&D 25% - 30% of revenue  Product Roadmap – IDP plays a key role in Juniper’s Infranet solution  Global Support & Relationships
    54. 54. 55Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential Market Recognition  Most decorated IPS product in 2005 • Winner ‘Editors Choice’ – Network Computing: ‘The Great IPS Test’ • Winner ‘Best Multifunction Appliance’ – Network Computing (Well-Connected) • Winner ‘Best IPS Appliance’ – Network Computing (Well-Connected) • Winner ‘Product of the Year’ – • Winner ‘Product of the Year’ – IDG Research / TechWorld • Winner ‘Best Deployment Scenario’ ISP Guide: City of Burbank, Juniper IDP Customer • Awarded ‘NSS Certification’ for Industry Approved IPS: IDP 600F • Winner ‘Product of the Year’ – ISG 1000 - ZDnet Australia • Winner ‘Editors Choice’ – IDP 200 - ZDnet Australia
    55. 55. Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential 56 Thanks You!