TAILORED SECURITY FOR CRITICAL ASSETS SRX SERIES SERVICES GATEWAYS FOR THE HIGH END PRESENTER NAME DECEMBER 29, 2013
COMMITTED TO INNOVATION AND INVESTMENT Security is core to our business at Juniper Juniper R&D is $1.027B, or 23% of revenues – a figure no one else in the industry comes close to on a percentage basis – 2011 Annual Report New in 2012: A differentiated approach to security with our Intrusion Deception capabilities Market Leader High-End Firewalls Remote Access SSL VPN Network Security $1B global revenue #1#1 Dedicated Innovator Global Powerhouse #1#1 #3#3 Serving customers in over 47 countries, with a worldwide community of over 1000 Reseller Partners Infonetics Research 2012
Keeping up with unpredictable traffic volumes Ensuring application availability and business continuity Securing against cyber attacks CUSTOMER CHALLENGES
MARKET SITUATION 54% OF THE DATA BREACHES WERE RELATED TO COMPROMISED SERVERS 75% OF ATTACKS ARE DRIVEN BY FINANCIAL MOTIVES 60% OF BREACHES TOOK WEEKS OR MONTHS TO DISCOVER $11m AVERAGE COST DUE TO DATA BREACH
SOLVING THE PROBLEM Stop all types of attacks with BEST-IN-CLASS SECURITY Get maximum PERFORMANCE & easily SCALE to adapt to the future Ensure your network is always AVAILABLE with easy, secure ACCESS to optimize productivity Tailored Security for Critical Assets in the Data Center
CARRIER-GRADE AVAILABILITY SRX SERIES SERVICES GATEWAYS FOR THE HIGH END Tailored Security for Critical Assets BEST-IN-CLASS SECURITY MAXIMUM PERFORMANCE AND SCALE
BEST-IN-CLASS SECURITY Enables complete application visibility and control Integrates security for physical and virtual data centers Strong, dynamic content security: leveraging intelligence from multiple security companies Secure and resilient even under the most demanding conditions
MAXIMUM PERFORMANCE AND SCALE Delivers high-performance throughput, massive session volumes and flexible, large-scale connectivity Add security services without service interruptions for business continuity Enables pay as you grow approach
CARRIER-GRADE AVAILABILITY Delivers uptime continuity with in-service hardware and software upgrades Enables high availability with redundant components and links Built on a carrier-class hardware foundation
SRX SERIES SERVICES GATEWAYS 100G Up to 300 Gbps FW throughput and 100 million concurrent sessions scaling High-End SRX Single Junos Unprecedented ScaleIntegrated Routing, Switching and Security 1G 10G Branch SRX SRX3400 SRX100 SRX210 SRX220 SRX240 SRX650 BRANCHCAMPUSDATA CENTER SRX110 SRX550 SRX1400 SRX3600 SRX5400 SRX5800 SRX5600
DIFFERENTIATORS HIGH PERFORMANCE line cards for maximum throughput, scalability, ISSU, and ISHU BEST-IN- CLASS CONTENT SECURITY leveraging intelligence from multiple expert security companies SECURE AND RESILIENT under attack with separate control and data planes and multiple processing cores INTEGRATION of virtual and physical solutions (Firefly/SRX) to deliver visibility, security, and compliance APPLICATION AWARENESS with AppSecure to stop application borne security threats and manage application usage
PROFESSIONAL AND EDUCATION SERVICES Juniper Care Juniper Care Plus Juniper Professional Services Juniper Premium Care Juniper Education CUSTOMER LIFECYCLE Assessment Design PLANOPERATEBUILD Deployment/ Onboarding Migration Maintenance Optimization OFFERINGS
MAXIMUM PERFORMANCE AND SCALABILITY OPERATIONAL EFFICIENCY “Good options exist for high-throughput, purpose-built appliances, especially in the higher end SRX models.” Greg Young, Gartner MQ for Enterprise Network Firewalls 2013 “Junos “achieved a 40% reduction in operation costs…[including] planning and provision, deployment, and planned and unplanned network events…Positive financial payback within 0.8 years or 9 months.” “The Total Economic Impact of Juniper Networks JUNOS Network Operating System,” Michael Speyer, Forrester Research WHAT ANALYSTS ARE SAYING… COMPREHENSIVE THREAT PREVENTION “Juniper is also the only solution with all the advanced features in this evaluation.” Info-Tech, “Vendor Landscape: Next Generation Firewalls,” James Quin
BEST-IN-CLASS SECURITY MAXIMUM PERFORMANCE AND SCALE CARRIER-GRADE RELIABILITY SUMMARY
NEXT STEPS Arrange for an ASSESSMENT of your current security initiatives Schedule a DEEP DIVE SESSION and demo Arrange for an EVALUATION in person or via the virtual proof of concept lab
THANK YOU!
HIGH PERFORMANCE SERVICES PROCESSING CARDS Ensures zero downtime and flexibility via in- service software and hardware upgrades to eliminate the need for a maintenance window Always-On Security Minimizes upgrade costs with backward compatibility with existing cards and chassis; no “rip and replace” or forklift upgrades Investment Protection Delivers 300 Gbps firewall throughput, 150 million concurrent sessions, and up to 100G connectivity to accommodate more users and devices Superior Performance
SRX Series PHYSICAL Hypervisor Firefly Series VM Firefly Virtual Gateway MANAGEMENT AND SECURITY SERVICES Security Director Security Threat Response Manager STRM SERVICESVIRTUAL Firewall IPS DoS Prevention AppSecure DoS INTEGRATED DATA CENTER SECURITY SPANS PHYSICAL AND VIRTUAL NETWORKS
APPSECURE – APPLICATION INTELLIGENCE FOR THE DATA CENTER Understand security risks Address new user behaviors Easy add-on security services for SRX gateways Delivers application visibility, enforcement and protection Integrates nested application detection/protection, control, and remediation Subscription service includes all modules and updates Juniper Security Lab provides 800+ application signatures Block access to risky apps Allows user tailored policies Prioritize important apps Rate limit less important apps Protect apps from bot attacks Allow legitimate user traffic Remediate security threats Stay current with daily signatures AppTrackAppDoSIPSAppFWAppQoS
Firewall management IPsec VPN management Network Address Translation (NAT) management Intrusion prevention (IPS) signature management Application-level policy management Publish WorkFlow: Manage policy work by role for better accuracy + SCALABLE SECURITY MANAGEMENT Security Director –Delivers scalable, responsive, and accurate policy management –Enables intuitive web-based policy lifecycle management STRM –Collects, archives, reports and correlates events, flow data, and application data –Analyzes network behavior for anomalies AUTOMATES
ARCHITECTURE: SEPARATE DATA AND CONTROL PLANE Control Plane Data Plane Physical Interfaces PACKET FORWARDING DOS & DDOS ATTACKS Attacks overwhelm the box Administrator loses management access – your network is down Attacks can be thwarted Under attack, administrator maintains management access to modify policy, disallow bad traffic, and process good traffic – your network stays up SHARED PLANE MODULE N INTERFACES MANAGEMENT ROUTING … KERNEL DATA MANAGEMENT ROUTING DOS & DDOS ATTACKS
SRX SERIES SPECIFICATION SUMMARY SRX1400SRX3400SRX3600SRX5400SRX5600SRX5800 On-board Ethernet6 10/100/ SFP or 6 10/100/ SFP and 3 10GbE (on board) 16 SFP GbE, 16 10/100/1000, or 2 XFP 10GbE 8 10/100/ SFP (on-board) 16 SFP GbE, 16 10/100/1000, or 2 XFP 10 GB (SR or LR) 100GE-CFP -2X40GE-QSFPP 10XGE-SFPP 40 SFP GbE, 4 XFP 10 GB (SR or LR), 16 GbE (TX or XFP) FlexIOC, or 4 XFP 10 GB (SR or LR) FlexIOC JUNOS Software Version SupportJUNOS 12.1X46 Firewall Performance (Large Packets) 10 Gbps30 Gbps 55 Gbps65 Gbps100 Gbps200 Gbps Firewall Performance (IMIX)5 Gbps10 Gbps20 Gbps30 Gbps65 Gbps130 Gbps Firewall Performance (Firewall + Routing PPS 64byte) 1.5 Mpps3.5 Mpps6.5 Mpps9.9 Mpps20 Mpps50 Mpps VPN Performance – AES256+SHA-1 or 3DES+SHA 1 4 Gbps8 Gbps15 Gbps40 Gbps75 Gbps130 Gbps AppSecure6.5 Gbps16 Gbps24 Gbps50 Gbps80 Gbps160 Gbps Intrusion Prevention System3 Gbps8 Gbps15 Gbps22 Gbps50 Gbps100 Gbps Connections Per Second (CPS)70 K150 K270 K450 K400 K Maximum Concurrent Sessions1.5 M3 M6 M28 M100 M High AvailabilityA/A or A/P
SRX1400 Ideal for small to mid-size data centers, enterprise, and Service Provider networks Software Security Services –AppSecure and IPS –AV and web filtering Combination IOC/SPC card SRX1400 On-board Ethernet6 10/100/ SFP or 6 10/100/ SFP and 3 10GbE (on board) 16 SFP GbE, 16 10/100/1000, or 2 XFP 10GbE JUNOS Software Version SupportJUNOS 12.1X46 Firewall Performance (Large Packets)10 Gbps Firewall Performance (IMIX)5 Gbps Firewall Performance (Firewall + Routing PPS 64byte) 1.5 Mpps VPN Performance – AES256+SHA-1 or 3DES+SHA 1 4 Gbps AppSecure6.5 Gbps Intrusion Prevention System3 Gbps Connections Per Second (CPS)70 K Maximum Concurrent Sessions1.5 M High AvailabilityA/A or A/P fan vent slot cover line cards
SRX3400 Ideal for medium to large enterprises and Service Provider networks Software Security Services –AppSecure and IPS –AV and web filtering Combination IOC/SPC card SRX3400 On-board Ethernet8 10/100/ SFP (on-board) 16 SFP GbE, 16 10/100/1000, or 2 XFP 10 GB (SR or L) JUNOS Software Version SupportJUNOS 12.1X46 Firewall Performance (Large Packets)30 Gbps Firewall Performance (IMIX)10 Gbps Firewall Performance (Firewall + Routing PPS 64byte) 3.5 Mpps VPN Performance – AES256+SHA-1 or 3DES+SHA 1 8 Gbps AppSecure16 Gbps Intrusion Prevention System8 Gbps Connections Per Second (CPS)150 K Maximum Concurrent Sessions3 M High AvailabilityA/A or A/P line cards slot cover power supply
SRX3600 Ideal for medium to large enterprises and Service Provider networks Software Security Services –AppSecure and IPS –AV and web filtering Combination IOC/SPC card SRX3600 On-board Ethernet8 10/100/ SFP (on-board) 16 SFP GbE, 16 10/100/1000, or 2 XFP 10 GB (SR or LR) JUNOS Software Version SupportJUNOS 12.1X46 Firewall Performance (Large Packets) 55 Gbps Firewall Performance (IMIX)20 Gbps Firewall Performance (Firewall + Routing PPS 64byte) 6.5 Mpps VPN Performance – AES256+SHA-1 or 3DES+SHA 1 15 Gbps AppSecure24 Gbps Intrusion Prevention System15 Gbps Connections Per Second (CPS)270 K Maximum Concurrent Sessions6 M High AvailabilityA/A or A/P line cards slot cover power supply
SRX5400 Ideal for medium to large enterprises and Service Provider networks Software Security Services –AppSecure and IPS –AV and web filtering Next-generation, high-performance line cards SRX5400 On-board Ethernet 100GE-CFP -2X40GE-QSFPP 10XGE-SFPP JUNOS Software Version SupportJUNOS 12.1X46 Firewall Performance (Large Packets)65 Gbps Firewall Performance (IMIX)30 Gbps Firewall Performance (Firewall + Routing PPS 64byte) 9.9 Mpps VPN Performance – AES256+SHA-1 or 3DES+SHA 1 40 Gbps AppSecure50 Gbps Intrusion Prevention System22 Gbps Connections Per Second (CPS)450 K Maximum Concurrent Sessions28 M High AvailabilityA/A or A/P line cards slot cover power supply
SRX5600 Ideal for large enterprise, Service Provider, and public sector networks Software Security Services –AppSecure and IPS –AV and web filtering Next-generation, high-performance line cards SRX5600 On-board Ethernet40 SFP GbE, 4 XFP 10 GB (SR or LR), 16 GbE (TX or XFP) FlexIOC, or 4 XFP 10 GB (SR or LR) FlexIOC JUNOS Software Version SupportJUNOS 12.1X46 Firewall Performance (Large Packets)100 Gbps Firewall Performance (IMIX)65 Gbps Firewall Performance (Firewall + Routing PPS 64byte) 20 Mpps VPN Performance – AES256+SHA-1 or 3DES+SHA 1 75 Gbps AppSecure80 Gbps Intrusion Prevention System50 Gbps Connections Per Second (CPS)400 K Maximum Concurrent Sessions100 M High AvailabilityA/A or A/P IOC card SPC card slot cover
SRX5800 Ideal for large enterprise, Service Provider, and public sector networks Software Security Services –AppSecure and IPS –AV and web filtering (X46) Next-generation, high-performance line cards SRX5800 On-board Ethernet40 SFP GbE, 4 XFP 10 GB (SR or LR), 16 GbE (TX or XFP) FlexIOC, or 4 XFP 10 GB (SR or LR) FlexIOC JUNOS Software Version SupportJUNOS 12.1X46 Firewall Performance (Large Packets)200 Gbps Firewall Performance (IMIX)130 Gbps Firewall Performance (Firewall + Routing PPS 64byte) 50 Mpps VPN Performance – AES256+SHA-1 or 3DES+SHA Gbps AppSecure160 Gbps Intrusion Prevention System100 Gbps Connections Per Second (CPS)400 K Maximum Concurrent Sessions100 M High AvailabilityA/A or A/P IOC card SPC card