1.

1 Juniper SRX and IDP

Juniper SRX The Juniper Networks SRX5600 and SRX5800 Services Gateways are next-generation security platforms based on a revolutionary new architecture that provides market-leading performance, scalability, and service integration. These devices are ideally suited for service provider, large enterprise and public sector networks including: Cloud and hosting provider data centers Securing mobile operator environments Managed service providers Securing core service provider infrastructure Large enterprise data centers Aggregation of departmental and segmented security solutions Based on Junipers dynamic services architecture, the SRX5000 line provides unrivaled scalability and performance. Each services gateway can support near linear scalability, with the addition of services processing cards (SPC) enabling a fully equipped SRX5800 to support more than 120 Gbps firewall throughput. The SPCs are designed to support a wide range of services enabling future support of new capabilities without the need for service-specific hardware. Using SPCs on all services ensures that there are no idle resources based on specific services being usedmaximizing hardware utilization. The scalability and flexibility of the SRX5000 line is supported by equally robust interfaces. The SRX5000 line employs a modular approach to interfaces where each platform can be equipped with a flexible number of input/output cards (IOCs). With the IOCs sharing the same interface

slot as the SPCs, the gateway can be configured as needed to support the ideal balance of processing and I/O. Hence, each deployment of the SRX Series can be tailored to specific network requirements. With this flexibility, the SRX5800 can be configured to support more than 400 Gigabit Ethernet ports or 88 10-Gigabit Ethernet ports. The scalability of both SPCs and IOCs in the SRX5000 line is enabled by the custom designed switch fabric. Supporting up to 960 Gbps of data transfer, the fabric enables realization of maximum processing and I/O capability available in any particular configuration. This level of scalability and flexibility facilitates future expansion and growth of the network infrastructure, providing unrivaled investment protection.

Juniper IDP

Employing a traditional layered security approach, where an intrusion protection system is positioned behind the SSL VPN gateway in order to identify and block attacks, is not flexible enough to provide true network protection. The inherent problem with such an approach is that all user traffic appears as if it were initiated from the same IP address (the SSL VPN device). Even with Network Connect, IP addresses from the pool of addresses being reused by different users are not an accurate enough indicator to identify who the real user/attacker is. It would be possible to derive some conclusions by manually analyzing SSL and IDP logs, but for all intents and purposes, this is both impractical and a virtually impossible task to perform on a daily basis. Coordinated Threat Control, on the other hand, enables Juniper Networks SA Series SSL VPN Appliances and IDP Series Intrusion Detection and Prevention Appliances to correlate the users identity or session from the SSL VPN with the threat detection capabilities of the IDP Series. This effectively identifies, stops, and remediates users who pose network or application-level threats within the remote access deployment. With this technology, when the IDP Series appliance detects a security event (be it a threat or any traffic that breaks an administrator configured policy), it can, in addition to blocking that threat, signal the SA Series device in real time. The SA Series then uses the information from the IDP Series appliance to identify the user session that is the source of the undesired traffic, and can take actions on the endpoint that

include terminating the user session, disabling the users account or mapping the user into a quarantine role, or simply notifying the administrator via Syslog. Administrators can configure the quarantine role to provide users with a lower level of access and inform them why they have been quarantined and what they should do next. Administrators can also execute additional endpoint security checks or download additional endpoint protection software. The SA Series allows administrators to take action on user sessions either manually, by selecting an active user session and executing the desired action, or automatically by creating policies that will execute the desired actions as soon as a signal that matches the policy criteria is received from the IDP Series appliance.