Upload
sandra4211
View
902
Download
3
Tags:
Embed Size (px)
Citation preview
Copyright © 2004 Juniper Networks, Inc. 1www.juniper.net
IDP Resale Workshop May 2005
Roland HamannRegional Manager Emerging
Technologies GroupCentral & Eastern Europe
Copyright © 2004 Juniper Networks, Inc. 2www.juniper.net
Agenda IDP Resale Workshop
Welcome The Evolution of FW, IDS & IPS
/ Business Drivers Overview of the IPS offering from Juniper How to sell Juniper´s IDP Roadmap Lunch
Copyright © 2004 Juniper Networks, Inc. 3www.juniper.net
Welcome !
Copyright © 2004 Juniper Networks, Inc. 4www.juniper.net
Emerging Technology´s Strategic Role
Provide a focus on “non-core” product lines Achieve Emerging Product revenue targets Accelerate revenue growth and market
dominance of acquired technologies globally and in the specific region of Central & Eastern Europe
Aggressively penetrate competitor-held accounts with emerging technology for later adoption of Juniper mainstream technology.
Provide strategic commercial input to Juniper acquisition & joint venture committee on potential targets & partners.
Copyright © 2004 Juniper Networks, Inc. 5www.juniper.net
Where we help you – Where you benefit from ?
Use Emerging Technology Products to open the doors Emerging Technology Products will help you to
penetrate existing customer and to identify additional business.
Emerging Technology Group will be your contact to provide product feature recommendations to Juniper engineering group.
Emerging Technology Team should be engage in any strategic IDP and SSL opportunities
Emerging Technology Team will educate and update partners on emerging technology & associated selling strategies
Copyright © 2004 Juniper Networks, Inc. 6www.juniper.net
The Evolution of FW, IDS & IPS/ Business Drivers
Copyright © 2004 Juniper Networks, Inc. 7www.juniper.net
Worms indiscriminately targeting networks
Patch Management
Gateway is not always the point of attack – • Threats propagating via ‘internal’ network• Network boundary blurring
Spyware
Denial of Service
Some Legislation driving customers to a proactive response –
• e.g. Sarbanes Oxley, Basel II
Why IPS ? – Evolving Security Threaths
Copyright © 2004 Juniper Networks, Inc. 8www.juniper.net
Development of Hacker Attacks
Copyright © 2004 Juniper Networks, Inc. 9www.juniper.net
PC Survival Time (from SANS)
Source: Internet Storm Center http://isc.sans.org Octobre 2004
Survivaltime ist defined as the average time between two attacks
Copyright © 2004 Juniper Networks, Inc. 12www.juniper.net
Firewalls Are Only 1st Layer Of Defense
00000000000000000000000000000 000000000000000000000000000 000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000 000000000000000000000
Deny Traffic
Allow Traffic
Deny Some Attacks
Corporate Network
Firewalls Provide Access Control Authentication VPN Network Segmentation DoS protection and
some network layer attack detection
Firewall providesaccess control
Remote
Office
User
User
User
Servers
Modem
MailServe
r
MailServe
rWebServe
r
WebServe
r DMZ
Remote
Office
Firewall
Copyright © 2004 Juniper Networks, Inc. 13www.juniper.net
2nd Layer of Defense = IDS to Monitor for Attack?
00000000000000000000000000000 000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Deny Traffic
Allow TrafficDeny Some Attacks
Corporate Network
Firewall providesaccess control IDS provides
attack monitoring
FalseAlarms
Attacks Reachthe Victim !!!
UndetectedAttacks
DetectedAttacks
Remote
Office
User
User
User
Servers
Modem
MailServer
MailServer Web
ServerWeb
ServerDMZ
Remote
Office
Firewall
Copyright © 2004 Juniper Networks, Inc. 14www.juniper.net
Problems of Today´s Solutions Firewalls can´t detect Attacks
•Firewalls protect against traffic that is not expected in the network
•not able to detect attacks on the application layer level
IDSes don´t provide Protection
•incomplete detection methods; therefore they miss attacks
IDSes create Management Overhead
•requiring an administrator to constantly investigate each and every alarm
Copyright © 2004 Juniper Networks, Inc. 15www.juniper.net
Result of Today´s Problems
Loss of time spent investigating
Loss of productivity, resulting from disruption in network services
Loss of time and resources spent recovering
Damage from the exploit
Copyright © 2004 Juniper Networks, Inc. 16www.juniper.net
2nd Layer of Defense = IPS to Prevent an Attack
00000000000000000000000000000 000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Deny Traffic
Allow TrafficDeny Some Attacks
Corporate Network
Firewall providesaccess control
NetScreen-IDP providesintrusion prevention
Choose howto respond
Detects attacks
Drops attacks
Remote
Office
User
User
User
Servers
Modem
MailServer
MailServer Web
ServerWeb
ServerDMZ
Remote
Office
Firewall
Copyright © 2004 Juniper Networks, Inc. 18www.juniper.net
Juniper´s IPS offering
Copyright © 2004 Juniper Networks, Inc. 19www.juniper.net
Juniper Networks Today Top three in market share
in all of our key markets Over 3,000 employees
worldwide Offices in all major
countries Serves the world’s top 25
service providers Supports 8 of the top 15
Fortune 500 companies Focuses on customers
who derive strategic value from their networks
Copyright © 2004 Juniper Networks, Inc. 20www.juniper.net
Layered Security
BusinessPartners
Department Servers DMZ-1
Finance
HR
Sales
Mobile Workers
Branch Offices
Teleworkers
Multiple virtual firewall on single
platform
FW/VPN with DoS and access control
Detect / prevent networkand application attacks
Data Center
Site to Site IPSEC VPN forreliable WAN communications
Integrated FW/VPN/AVwith Home/work zone
and HA options
DMZ-2
Secure Meeting for cross-enterprise, online meetings
SSL VPN
Remote access SSL VPN forsecure communication from
mobile access or untrusted networks
Centralized Management
Copyright © 2004 Juniper Networks, Inc. 23www.juniper.net
Security Product Line
Secure Access SSL VPN Solutions 3 product lines for secure LAN, extranet and
intranet access to mobile employees, customers and partners with no client software deployment or changes to LAN infrastructureIntrusion Detection and Prevention Solutions
5 products that help Intrusion prevention appliance protects network, critical resources from attacks through detection and prevention
Integrated Firewall/IPSEC VPN Solutions
Appliances with various security options, interface, power supply and performance configurations for large/med enterprise and Service Providers
Central Policy-based Management Solution
3-tier system provide role-based administration and central control and logging of all NS FW/VPN solutions
Secure Meeting Enables secure cross-enterprise online
meetings and application sharing
Copyright © 2004 Juniper Networks, Inc. 24www.juniper.net
Security Product Line — IDP
Secure Access SSL VPN Solutions 3 product lines for secure LAN, extranet and
intranet access to mobile employees, customers and partners with no client software deployment or changes to LAN infrastructureIntrusion Detection and Prevention Solutions
5 products that help Intrusion prevention appliance protects network, critical resources from attacks through detection and prevention
Integrated Firewall/IPSEC VPN Solutions
Appliances with various security options, interface, power supply and performance configurations for large/med enterprise and Service Providers
Central Policy-based Management Solution
3-tier system provide role-based administration and central control and logging of all NS FW/VPN solutions
Secure Meeting Enables secure cross-enterprise online
meetings and application sharing
Copyright © 2004 Juniper Networks, Inc. 25www.juniper.net
Juniper is #1 in Unit Market Share for Inline-IPS In Q404 Juniper’s Security Team released coverage
for new MS vulnerabilities the same day - no competitor was faster than us
Mid-January 2005 Juniper was awarded the “Editor’s Choice” Award by Network Computing beating out all major competitors for best Intrusion Detection and Prevention system
Mid-January 2005 Juniper was the only IPS vendor to be chosen in Searchnetworking’s annual “Best Security Product” awards
April 05 Juniper released daily signature update service to serve the need of latest protection against vulnerabilities
Some notable Juniper IDP News
Copyright © 2004 Juniper Networks, Inc. 27www.juniper.net
Advanced Attack Protection
Using Multi-Method attack detection
to maximize attack detection
Conserves Resources
• 8 in 1 detection
• Integrated investigation tools
• Granular control over how to respond to attacks
Anomaly
Anomaly
Copyright © 2004 Juniper Networks, Inc. 30www.juniper.net
All contain full IDP features and are managed using the same management interface
= Increased Security throughout the Network & Lower TCO
The Old Standalone IDP Product Range
IDP 10Optimal for small network segments or low speed links
20 MB nominal throughput
10,000 maximum sessions
512 MB memory Fail open with
bypass unit
IDP 1000Optimal for enterprise or GB environments
1000 MB max throughput 500,000 maximum
sessions 4 GB memory HA clustering – scale to
Gig speeds Fiber Gigabit Ethernet
Standard
IDP 100Optimal for medium central site and large branch offices
200 MB max throughput
70,000 maximum sessions
1 GB memory HA clustering
(recommended) and fail open with bypass unit options
IDP 500Optimal for large central site or high traffic areas
500 MB max throughput 220,000 maximum
sessions 4 GB memory HA clustering –
scale to gig speeds Fiber Gigabit
Ethernet Standard
Copyright © 2004 Juniper Networks, Inc. 31www.juniper.net
IDP
IDP 50Small network segments or low speed links• 50Mb Throughput• 10,000 Maximum Sessions• 1 GB Memory• Integrated Bypass Ports
IDP 200Medium central site and large branch offices• 250Mb Throughput• 50,000 Maximum Sessions• 1 GB Memory• HA Clustering and Integrated Bypass Ports
IDP 600C/FMedium to large central site or high traffic areas• 500Mb Throughput• 200,000 Maximum Sessions• 4 GB Memory• HA Clustering• Fiber or Copper Gigabit Port Versions•Dual SCSI drives and redundant power
All contain full IDP features and are
managed using the same interface
= Increased Security
throughout the Network & Lower TCO
IDP 1100C/FLarge central site or high traffic areas• 1 GB Max Throughput*• 500,000 Maximum Sessions• 4 GB Memory• HA Clustering• Fiber or Copper Gigabit Port Versions•Dual SCSI drives and redundant power
*As tested with IDP 3.0 software
The New Standalone IDP Product Range
Copyright © 2004 Juniper Networks, Inc. 32www.juniper.net
IDP 50IDP 50Optimal for small network segments or low speed Optimal for small network segments or low speed linkslinks
Throughput: Up to 50 MbpsMax sessions: 10, 000Memory : 1 GB memoryInterfaces/Ports: 2 CG for traffic + 1 CG for mgmtIntegrated bypass*No HA*No physical power Redundancy
IDP 50
Copyright © 2004 Juniper Networks, Inc. 33www.juniper.net
IDP 200IDP 200Optimal for medium central site and large branch officesOptimal for medium central site and large branch offices
Up to 250 Mbps throughput70,000 max sessions1 GB memory8 CG traffic, 1 CG mgmt & 1 CG HA portsHA clustering Integrated bypassOptional Redundant power
IDP 200
Copyright © 2004 Juniper Networks, Inc. 34www.juniper.net
IDP 600F
IDP 600C
IDP 600 C / FIDP 600 C / FOptimal for large Optimal for large central site or high central site or high traffic areastraffic areas
Up to 500 Mbps throughput
220,000 max sessions
4 GB memory10 CG or 8 Fiber SX + 2 CG traffic, 1 CG mgmt & 1 CG HA ports
HA clustering optionIntegrated bypass for CG traffic ports
IDP 600
Copyright © 2004 Juniper Networks, Inc. 35www.juniper.net
1100C
1100F
IDP 1100 C / FIDP 1100 C / FOptimal for Optimal for enterprise or enterprise or GB environmentsGB environments
Up to 1 Gbps throughput
500,000 max sessions
4 GB memory10 CG or 8 Fiber SX + 2 CG traffic, 1 CG mgmt & 1 CG HA ports
HA clustering option
Integrated bypass for CG traffic ports
IDP 1100
Copyright © 2004 Juniper Networks, Inc. 36www.juniper.net
CG = Copper Gig, 10/100/1000Copper interfaces with integrated bypass
CG = Copper Gig, 10/100/1000Copper interfaces with integrated bypass
Old & New IDP Platform Comparison
Copyright © 2004 Juniper Networks, Inc. 37www.juniper.net
IDP Platforms - Throughput Comparison
Copyright © 2004 Juniper Networks, Inc. 38www.juniper.net
NetScreen-ISG 2000
High performance•2 Gbps Stateful Firewall
•Any packet size•1 Gbps VPN
•3DES/SHA1 & AES/SHA1
•Any packet size•1 Gbps+ IDP (future)
Increased capacity•10,000 IPSec tunnels
•512,000 concurrent sessions
•30,000+ new sessions/second Versatile form factor
•3U, 19” Rack-mountable
•3 interface modules•4 and 8 port, 10/100•Dual port, mini-GBIC Gig•Dual port, 10/100/1000
Robust security•Deep Inspection FW/VPN
•FW/VPN/IDP
Copyright © 2004 Juniper Networks, Inc. 39www.juniper.net
Redefines System Performance & Scalability
Base System – Designed for flexibility • 4 slots for I/O modules allow various port
configurations ASIC module – High Speed Flow Processing
• NetScreen’s next Generation ASIC Management module – Dedicated to Ensure
Availability• Handle high system load
Security modules – Processing for Additional Applications
• 0-3 modules enable multiple price/performance points
Single ScreenOS image & configuration (not a patched together solution)I/ O
Port Module
I/ O Port Module
I/ O Port Module
I/ O Port Module
All FlowsIDP FlowIDP Flow
First Packet, IKE, IDP, etc
Management Module
ASIC Module
I/ O Port Module
I/ O Port Module
I/ O Port Module
Security Module
Security Module
Security Module
NetScreen-ISG 2000
Copyright © 2004 Juniper Networks, Inc. 40www.juniper.net
Current NetScreen-IDP Management:3-Tier Architecture based on IDP Manager
Distributed GraphicalUser Interface
Centralized Management Server
• Collect all logs• Store all policy,
configuration, user information
• Distributed access to centralized policy and logs
• Detect and prevent intrusions• Operate in sniffer or inline mode• Kernel operation
All communication authenticated and encryptedRSA and Blowfish encryption
Distributed Sensors
Copyright © 2004 Juniper Networks, Inc. 41www.juniper.net
How to sell Juniper´s IDP
Copyright © 2004 Juniper Networks, Inc. 42www.juniper.net
Customer Problems
Unaware of new applications and servers being added to the network
Locations of vulnerable applications/servers is unknown due to dynamic nature of the network
With Worm attacks increasing, IT staff may not have ability to determine Worm origin
Attack investigative process is slow, requiring significant manual log investigation and correlation
IT staff unable to dedicate time to analyze logs in order to make incremental policy modifications
Attacks are becoming more complex and making them therefore more difficult to identify
Copyright © 2004 Juniper Networks, Inc. 43www.juniper.net
To have a security policy, which includes
•a clear definition of what is allowed
•a clear definition of what is forbidden or restricted
•mindset to use and improve this policy continously
To have network awareness, which means
•know how the network currently is setup and used(which hosts, applications, users, services ...)
And finally to have the power to enforce the security policy
•incident reactions supported by company management
•right tools, technologies and processes in place to enforce the security policy and maintain network awareness
What is required to improve security ?
Copyright © 2004 Juniper Networks, Inc. 44www.juniper.net
Management is often the biggest cost of an IDS/IPS solution
As much as 80% of the TCO of IDS was in management !
Management systems need to be :
•Easy to use !
•Be granular and rules based (like firewalls !)
•Be open, allowing user to fully understand why an alert fired
•Allow for further investigation (i.e. forensics, correlation etc.)
•Work across multiple teams within an organisation (i.e. workflow)
•Be scalable and work with other security based systems
Management
Copyright © 2004 Juniper Networks, Inc. 45www.juniper.net
Superior Attack Coverage•Methods for whole “Vulnerability
Lifecycle”•Coverage for All Phases of an
Attack Granular & Flexible
Management•“Rules Based” logic•Custom Signature Editor
Enterprise Security Profiler•Multiple Applications & Benefits
The “Juniper Factor”•Company Strength & Capabilities•Product line Direction•Superior Support & Relationship
Why Juniper´s IDP wins !
Copyright © 2004 Juniper Networks, Inc. 47www.juniper.net
Advanced Policy Management
IDP uses granular rules based (firewall like) polices
Allows you to create granular polices in line with your security policy
Granular control on which attacks to stop, and which to just monitor for – drop by packet, session or block address for x period of time
Easily controls Peer to Peer and Instant Messenger usage Change default severity warnings based on server Controls bandwidth through Session Rate limiting
Copyright © 2004 Juniper Networks, Inc. 48www.juniper.net
The 5 Key Differentiators of Juniper´s IDP
ESP (Enterprise Security Profiler) – Provides an advanced level of network Awareness.
Determine abnormal network traffic or abnormal user behavior in an enterprise network and block if required.
ESP can stop worm propagation by identifying contaminated user’s machines and allow you to quarantine them from the network.
It can also help to identify users who are downloading and running applications against security policy.
ESP can correlate resources on their network that have potential threats and allow an administrator to quickly understand the severity of a threat.
Copyright © 2004 Juniper Networks, Inc. 49www.juniper.net
How to Qualify1. Has your company been affected by a worm or other security breach
that you are aware of ?
2. Do you have an incident response policy &/or team ?
3. How does your company measure and track risk profile of its digital assets ?
4. Do you have a policy regarding Peer-to-Peer applications, Instant Messaging, Chat and/or Open file sharing ?
5. What are the applications, systems & digital assets that are most critical to the business ?
6. Do you have a significant population of VPN Users ?
7. Do you currently have Intrusion DETECTION Systems deployed ?
8. Does your company have a 24x7x365 Security Operations Center ?
9. Do you have any trepidation related to deployment of proactive in-line protection ?
10. Do you support highly customized, internally developed or older legacy systems ?
11. Is the security posture of your company a key requirement or differentiator of your company to clients &/or business partners ?
Copyright © 2004 Juniper Networks, Inc. 50www.juniper.net
Positioning IDP Network awareness
•ESP, Dashboard, Log investigator
•Closed loop investigation Comprehensive attack protection
•Multi method detection, signature customization, Open signature format
Management
•Rule based, firewall like, reporting, detailed feedback/drill dow
Flexibility
•Multiple deployment modes, Customization capabilities, ESP
Copyright © 2004 Juniper Networks, Inc. 51www.juniper.net
How to FAIL Selling IDP
Sell on “Speeds & Feeds” Position As Commodity Product Let Product “Sell Itself” Limited Direct Customer Interaction Compete against Competitor’s Strength Drop off Evaluation Unit
Copyright © 2004 Juniper Networks, Inc. 54www.juniper.net
Roadmap
Copyright © 2004 Juniper Networks, Inc. 57www.juniper.net
Juniper NetScreen IDP RoadmapQ1 Q2 Q3 Q4
IDP SP Edge IDP-ERX-SDX integration PrototypeEnabling SPs to offer customers IDP scans, etc via router and IDP service linked via SDX
Malta1 Gig and less standalone IDP hardware refresh with networking platformsInternal Gigabit Copper FOShellCode Detection (industry unique false positive reduction)
VoIP Attack ProtectionVia extra decodes (SIP, etc)
NSM 2005-2: NSM Management of existing IDP and Malta (late Q3 to early Q4)Also IDP mgmt enhancements for existing IDP, Malta and ISG IDPIDP 4.0 (late Q3 to early Q4) Dynamic image loading New protocols: XML/SOAP, SQL, OracleCapability to detect encrypted attacks
ScreenOS – IDP
(for ISG platforms)
Multi-Gigabit IDP (Corsica) BetaUp to 2 Gig IDP (3 IDP blades on ISG 2000)1st in world integrated FW/VPN/IDP for enterprise perimeter (or internal)Very High-Performance Internal LAN “standalone” IDP with unmatched networking & virtualization support NSM managed
Multi-Gig IDP (Corsica) FCS
ISG 1000 No IDP blades yet but has IDP slots ready
NSM 2005-1Management and reporting enhancements for ISG 2000 IDP
Gig IDP on ISG 10001 Gig IDP (2 IDP blades on ISG1000)Integrated FW/VPN/IDP for perimeter of MB, smaller enterprises, LE with large BOs High-Performance Internal LAN “standalone” IDPNSM managed
Maxwell (DI Sig Packs)Improved DI for SMB via Sig Packs
Corsica Enhancements Corsica IDP session increase to 1 mil-Significant Corsica internal LAN IDP performance increase
Profiler Solution for ISGSeparate box potentially
Both Daily IDP Signature Updates1st in industry – sign of industry leading Juniper responsiveness
Productized SP Edge IDP-ERX-SDX integration
IDP Spyware “Phone-Home” Protection
Juniper Security Portal for IDP, DI and AV
Black – Program in development and schedule committedGreen – Phase0 (concept) approved; committed schedule being definedBlue -- Pre-Phase0 program; no schedule yet
Copyright © 2004 Juniper Networks, Inc. 58www.juniper.net
IDP Spyware Protection Blocks spyware on clients and servers from causing
damage by preventing it from phoning home As a result, no sensitive information is transferred to
malicious parties from within the enterprise Administrators also have a record (IDP alert/log/etc)
of which machines have spyware on them The effect of spyware is stopped with this solution
and the enterprise is protected Constantly updated (via normal signature updates)
after release to protect against latest spyware threats
RELEASED
Copyright © 2004 Juniper Networks, Inc. 60www.juniper.net
Daily IDP Signature Updates 1st in the industry Another sign of our focus and progress on attack responsiveness
and coverage Our belief that attack object updates need to be available to our
customers the very day they are made Hence, after much automation work, we are switching to an
aggressive release schedule of daily attack object updates, with additional emergency updates as needed
As in the past:• Send urgent notifications to its customers if an emergency update
becomes Available • Weekly email notification of the attack object updates and
administrators who still wish to update their devices once a week will still be able to do so without missing any important signatures
At Juniper we don't believe that Hackers will wait a week to attempt exploiting newly discovered vulnerabilities, and so we
don't believe we should wait a week before we offer our customers protection from these attempts
RELEASED
Copyright © 2004 Juniper Networks, Inc. 61www.juniper.net
IDP Security Modules for ISG
Product Summary: IDP Security Blade for ISG-2000 and ISG-1000
Solution to 2 Enterprise Attack Prevention Customer Needs:•Integrated IDP at Gateway (IDP and FW/VPN)•High-Performance “standalone” Multi-Gig IDP for:
• Server Front End • Internal LAN• Standalone IDP Large Enterprise (multi-Gig) gateway deployments
Competitive Landscape:•Other major IDP players (McAfee, Tipping Point) do not have
integrated story (no fw/vpn/routing) so this is a big differentiator•For the high-performance standalone enterprise IDP market we
can now take on McAfee and Tipping Point (one of major reasons we did not get into large deals with multi-gig requirements previously) and have a superior solution
Integrated Best-of Breed Security + Networking in a Single PlatformIntegrated Best-of Breed Security + Networking in a Single Platform
RELEASED
Copyright © 2004 Juniper Networks, Inc. 62www.juniper.net
Enterprise Integrated Security Appliance Landscape
FW ACL Full SI FW FW/VPN
BasicSignatures
PacketBased
Full Application Layer
Cisco PIX 7.0
Tipping PointCheck Point
on Nokia
Fortinet
McAfee
ISS
FW/VPN/IDP
Attack Protection
Enterprise Security Services Offered
Juniper Networks ISG 2000 with IDP
Juniper Networks DI
FW/VPN
Juniper Networks
IDP
Copyright © 2004 Juniper Networks, Inc. 71www.juniper.net
Samoa: Juniper Networks ISG 1000Integrated Security Gateway with IDP
• NewNew ISG platform ISG platform •Expands the ISG family•Combines high performance and advanced networking
•Provides application/network level protection• Ideal Perimeter Security Solution
•Purpose-built, highly-integrated gigabit platform•Application rich software – complete with Security Zones, Virtual Systems, Dynamic Routing, High Availability and more
• High Performing•1 Gbps – Firewall, IPSec VPN and IDP (Intrusion Detection and Prevention)
•Next-gen security ASIC (GigaScreen³)•Best in class small packet performance
• New Levels of Modularity•Easily add more I/O ports to scale to network architecture•Add-on security modules extend security functionality
Copyright © 2004 Juniper Networks, Inc. 75www.juniper.net
Summary IDP is one of the fastest growing markets in
the security industry Juniper is #1 in unit share and does
extremely well in the Medium Business and Enterprise
With the new products coming out this quarter Juniper will be making a major push to conquer the Large Enterprise & Service Provider as well
From spyware protection to unified management to integrated firewall/IDP to many more… we are rapidly becoming the application security leader with IDP
Copyright © 2004 Juniper Networks, Inc. 76www.juniper.net
Questions ?
Copyright © 2004 Juniper Networks, Inc. 77www.juniper.net
thankyou!
Copyright © 2004 Juniper Networks, Inc. 78www.juniper.net
IPS Competitive
Copyright © 2004 Juniper Networks, Inc. 79www.juniper.net
IPS Definitions Client-to-Server (c-s)
• Request side portion• Eg. “GET” request coming from a client
Server-to-Client (s-c)• Response side portion • Eg. in HTTP the web page and content returned from the server as a
result of a “GET” request.• Usually much larger than the client-to-server traffic in terms of byte
count• Usually turned on when protecting the WAN pipe (i.e. content requested
from an external source such as a public web server) Attack Severity
• Each vendor has its own rating system but in general all vendors rate them starting from “critical” and going down to “low” and “informational”
• Juniper uses 5 categories – critical, high, medium, low and informational.
• Juniper recommends all customers to enable critical and high attack prevention signatures at the very least – and also strongly recommends they enable medium signatures.
Copyright © 2004 Juniper Networks, Inc. 80www.juniper.net
IPS Definitions Layer 7 IPS:
• Application and protocol aware and fully decodes Layer 7 protocols
• Pinpoints where to look for attacks by narrowing relevant search to specific parts of a Layer 7 communication
• 2 types:–One-Way Layer 7 IPS: Misses all attacks in one direction–Two-Way Layer 7 IPS: Detects and blocks attacks in both directions
Layer 4 IPS:• Just coarsely matches bits in a data stream to find attacks
regardless of application context• Not application or protocol (HTTP, IM, etc) aware and does not
“decode” protocols• No concept of Layer 7 connection state or direction
Copyright © 2004 Juniper Networks, Inc. 82www.juniper.net
Competitive: Tipping Point (cont’d) Will Shutoff Attack Protection Without User Knowing or Wanting To
• When their CPU is stressed too much they automatically will turn off the signatures (letting those attacks through!)
• Many other cases where they will automatically let attacks through• For example, if a software filter fires too often and does not detect an attack –
they will turn it off automatically! Security by Obscurity
• Closed signatures so no one can see what they are doing • If they revealed them, customers would see the lack of sophistication and
accuracy of their signatures Not a Serious, To Be Trusted Security Company
• Issue press releases lying about capabilities and falsely defacing competitors, and then even when general public security community (N+I 2005 is on example) find out they are slow to issue retractment and apology statements
• Not a player in the other security areas – such as firewall, VPN, etc
Copyright © 2004 Juniper Networks, Inc. 83www.juniper.net
Competitive: Tipping Point (cont’d) No integrated security story (fw/idp/vpn, etc)
• Rules them out from a large set of deals where integration of best-of-breed functionality from a Tier 1 security vendor is required
No Ability to deliver Application Awareness and Visibility• Since they do not decode many protocols and act like a L4 IPS default
they do not have the capability in the future or now to deliver on Application Awareness for the customer (like Juniper’s Profiler, Security Explorer, etc)
Known to Release Buggy Software and Hardware• Recent Hardware Example: Recalling every UnityOne 50 in the field to
replace the thumb drive. They have a very high failure rate.• Recent Software Example: Latest code 2.1 is unstable and if a beta
does not want to test DOS and new reporting then they will go with the older 1.4 code
No Sniffer Mode – inline only No real Service Provider Story
• We have the Top 25 SP’s as our customers – and we have an integrated solution with the SDX and E and M-Series and IDP solution
Copyright © 2004 Juniper Networks, Inc. 85www.juniper.net
Competitive: McAfee (cont’d) Very complex, unscalable and unwieldy
management•Consistently rated as the worst in IPS management by customers and even they will admit this
•Analysts like Gartner say the same thing No integrated security story (fw/idp/vpn, etc)
•No real firewall, VPN, etc•Rules them out from a large set of deals where integration of best-of-breed functionality from a Tier 1 security vendor is required
Not a “Network” Security Player•A desktop player who is trying to understand how to build networking equipment and does not have the tribal knowledge or experience to do so
Copyright © 2004 Juniper Networks, Inc. 86www.juniper.net
Competitive: McAfee (cont’d) We beat them on performance in the high-end
•Our UDP performance is 2x better than theirs (3-4 Gigs)•Our latencies for emerging applications like VoIP will beat
theirs as they do not have the experience here No real Service Provider Story
•We have the Top 25 SP’s as our customers – and we have an integrated solution with the SDX and E and M-Series and IDP solution
Known to destroy companies once they acquire them•Intruvert is no different – many of their engineers and others
are leaving McAfee•Kills their ability to innovate and they end up falling behind
with old technology
Copyright © 2004 Juniper Networks, Inc. 87www.juniper.net
Competitive: ISS Unproven IPS Vendor
• Legacy IDS technology • Trying to morph this into an IPS – not a ground-up design• No knowledge of what it takes to operate inline as a true networking
device (not their core competence)• Software, PC-like IDS architecture lacks reliability and scalability for
mission critical networks• Did not even have most basic of networking functionality like HA – may
just now be starting to introduce first generation• Ideal candidate for “replacement program” as customers move to IPS
Security by Obscurity• Closed signatures – unwilling to show customers what they are doing to
detect attacks• Hence, impossible to understand how they detect attacks and prove
that they do it accurately
Copyright © 2004 Juniper Networks, Inc. 88www.juniper.net
Competitive: ISS (cont’d) No integrated security story (fw/ips/vpn, etc)
•Rules them out from a large set of deals where integration of best-of-breed functionality from a Tier 1 security vendor is required
Very Poor Management•SiteProtector is unreliable and very difficult to install•Very hard to use and requires a long time to learn•Relies heavily on external Microsoft DB
• Potential additional cost for medium to large environments No real Service Provider Story
•We have the Top 25 SP’s as our customers – and we have an integrated solution with the SDX and E and M-Series and IDP solution
Copyright © 2004 Juniper Networks, Inc. 89www.juniper.net
Competitive: Cisco Unproven IPS
• Juniper was 1st to market with an IPS and has more customers and IPS units out there than anyone
• Cisco just released their 1st IPS a few months ago• Very few customers who have tested and used their IPS• Not a Tier 1 IPS competitor• Morphed their IDS into an IPS – not a ground up IPS design
Low Attack Coverage and Unsophisticated Detection Mechanisms• Typically Cisco is heavy on searching for regular expressions via simple
signatures • No concept of compound signatures like us for complex attacks• No advanced detection mechanisms like honeypot• Limited protocol decodes and stateful signatures• Cisco IDS used to look for exploits (i.e. signatures after attack is known)
only - not actual vulnerabilities (i.e. even if no exploit was there) which is needed for new attack prevention
Copyright © 2004 Juniper Networks, Inc. 90www.juniper.net
Competitive: Cisco (cont’d) Very poor performance
•PC architecture than cannot reach multi-gigabits
•Not optimized for emerging applications like VoIP like ISG with IDP is
•Known to overstate performance (IDSM-2 IDS on their Catalyst actually underdelivers by a lot
Security by Obscurity•Closed signatures – unwilling to show customers what they are
doing to detect attacks•Hence, impossible to understand how they detect attacks and
prove that they do it accurately
Copyright © 2004 Juniper Networks, Inc. 91www.juniper.net
Competitive: Cisco (cont’d) Very Poor Management
• CiscoWorks VMS has very limited management and reporting capabilities
• No correlation, forensics, quick reports, etc…. No Ability to deliver Application Awareness and Visibility
• Just trying to perform basic IPS management – no capability of delivering innovative Layer 7 awareness like Profiler and Security Explorer