Juniper adds global attacker intelligence service to its products

At RSA Conference 2013, Juniper Networks unveiled its next-generation security products for protecting data center environments, fortified by the Junos Spotlight Secure global attacker intelligence service.

Today, companies are struggling to keep pace with the increasing volume and sophistication of cyber attacks, particularly those aimed at web applications and servers, which deal in high-value traffic and typically reside in data centers.

To effectively secure data centers Juniper believes companies must have knowledge of the attacking devices, not just the IP address, and quickly disseminate that intelligence across the data center and into the network.

Junos Spotlight Secure is a cloud-based global attacker intelligence service that identifies individual attackers at the device level and tracks them in a global database. Compared with currently available reputation feeds that rely only on IP addresses, it offers customers more detailed security intelligence about attackers and reduces false positives.

The solution creates a persistent fingerprint of attacker devices based on over 200 unique attributes, delivering precision blocking of attackers without blocking valid users. Once an attacker is identified and fingerprinted on a subscriber’s network using Junos WebApp Secure, the database can immediately share the attacker profiles with other subscribers, providing advanced real-time security across multiple networks.

Junos WebApp Secure (formerly named Mykonos) takes web application protection to the next level by providing more definitive intelligence about attackers. Deployed in front of application servers behind the firewall, it integrates security intelligence from other sources provided by Junos Spotlight Secure. This integrated intelligence enables Juniper to deliver threat mitigation with significantly better accuracy compared to IP address-only approaches like current next-generation firewalls and reputation feeds. In addition, Junos WebApp Secure uses the latest Intrusion Deception technology to misdirect and mislead attackers while simultaneously profiling and fingerprinting them.

Juniper Networks SRX Series Services Gateways integrated with Junos WebApp Secure now benefits from the Intrusion Deception technology, as well as Junos Spotlight Secure. The integration extends the ability of the SRX Series to block attackers that are identified at the security perimeter, and is particularly effective in blocking botnets and large scale web attacks.

Junos DDoS Secure will leverage Juniper’s recent acquisition of certain assets from Webscreen Systems to deliver a fully automated DDoS protection system for websites and web applications. The solution uses a behavior-based approach to DDoS mitigation that provides protection up to 40Gb/s for high-volume attacks, as well as advanced “low-and-slow” application attacks with minimal false positives. Junos DDoS Secure can be deployed as either a hardware appliance or as a virtual machine in private, public, or hybrid cloud environments.

Juniper Networks security solutions will also be incorporated into security service chains, as outlined in the company’s recent Software Defined Networking (SDN) vision and strategy announcement. This approach will allow additional intelligence to be shared across network layers and enable the quick deployment of security services as part of the SDN service chains. Juniper’s vision for implementing SDN includes four steps, beginning with centralized management, which is available today with Juniper Networks Junos Space Security Director.

The first products to leverage Spotlight Secure security intelligence are Junos WebApp Secure and Juniper Networks SRX Series Services Gateways.