Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing the Enterprise - new trends on networking security SCOP / Bucharest 15th April 2009 Uwe Richter Sr. SE Manager Eastern Europe The most flexible,

Published byDianna Onion Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing the Enterprise - new trends on networking security SCOP / Bucharest 15th April 2009 Uwe Richter Sr. SE Manager Eastern Europe The most flexible,"— Presentation transcript:

1 Securing the Enterprise - new trends on networking security SCOP / Bucharest 15th April 2009 Uwe Richter Sr. SE Manager Eastern Europe The most flexible, cost-effective solution for mid to large enterprises and service providers

2 Juniper Networks - Leadership & Expertise
SRX 5800 NS1000 NS1000 w Switch 2 SRX 5600 NS-5400 ISG 2000 NS-5200 2G FW & 1G VPN 250 VSYS A/A-Full Mesh HA 4G & 12G FW 3M & 9M PPS 500 VSYS <78 interfaces & 4000 VLANs 10G & 30G FW 6M & 18M PPS 10 GigE interfaces Jumbo Frames Hardware AES 1G FW & 1G VPN 100 VSYS 60G & 100+G FW 20G & 40+G IPS 4M & 8M Sessions 2000 Now Gartner’s Magic Quadrant Juniper Networks “Upper-right” Firewall & IPSec VPN Source: Infonetics, Jun 2008

3 What customers expect... Deliver a superior user experience
Integrated Services Faster application and service deployment Scalable Performance Simultaneously Scale Integrated Services and Network Capabilities Carrier Grade Availability Operational Simplicity through a Single Network OS Operational Simplicity Total cost of ownership advantage FAST RELIABLE SECURE 3 3

4 Today’s Enterprise Requirements Enablement versus Constraint
Core / Infrastructure: 10 GigE More traffic, new/next gen apps, video and other streaming media Customers demand full-fledged security posture for network performance Deliver all security services at scale VPN IPSec IPS In the past, decisions were based on three perimeters: Have a tunnel/pipe and the security devices looked at 1) IP address, 2) port and 3) protocol FW 10+ Gbps

5 Business Challenges Performance and Flexibility Compromise
Traditional solutions based on performance/flexibility tradeoff Limited performance options Deploy more platforms Disable “expensive” features Limited flexibility options Deploy dedicated appliances Flexibility Performance

6 Pitfall of Today’s Security Adaptability
Limited flexibility in adapting to business requirements Poor service integration resulting in poor business operations Complex rack space planning Installation, management and maintenance overhead Rack Space Planning: High CAPEX: High OPEX: High 10 Security Requirements FW, IPS & VPN (Gbps) ASA 5540 5 Network Traffic Requirements TODAY Time FUTURE

7 Dynamic Services Architecture ™
Dedicated Control Plane Built-on Terabit Fabric Interchangeable I/O and processing cards Any service, any card Feature integration on JUNOS Fast time to market Tightest integration between features Carrier-class Reliability Service Integration via JUNOS ™ Dedicated Management Fabric FW IDP NAT VPN DoS QoS Interface Scalability Processing Scalability

8 SRX Services Gateway Family of JUNOS-based Dynamic Services Gateways
Consolidate Management Framework App Layer Forwarding Threat Prevention Access Control Routing Firewall IPS IPSec VPN NAT SRX Dynamic Services Gateway 8

9 SRX Dynamic Services Gateways
Sept 2008 Market Introduction SRX5000 Series Services Gateway Revolutionary Architecture Integrated Services Scalable Performance Operational Simplicity World’s Fastest Security Solution The heritage of ScreenOS on JUNOS

10 Juniper (mid to high-end) Enterprise Security Portfolio
SRX5800 150 Gbps Services Gateway Designed for integration and scalability Dynamic Services Architecture Terabit Fabric Technology Dynamic Processing Pool Dynamic I/O Pool JUNOS SW feature delivery SRX5600 50 Gbps 30 Gbps Products addressing this segment? 10 Gbps NS5400 ISG/IDP FW and Integrated Security Designed for enhanced perimeter and DC security

11 No Compromise Security: SRX3000-line: The most cost-effective network security solution
Maximum Flexibility without Sacrificing Security Unmatched Price / Performance Powered by JUNOS and Juniper’s Dynamic Services Architecture (DSA) Based on Dynamic Services Architecture™ for accelerated new service deployment

12 SRX3400 Front Rear Hardware Modular chassis Fixed Interfaces
7 slots (4 front, 3 rear) MGT module – dual, hot swap 3U chassis height Fixed Interfaces 12 built-in (8-10/100/ SFP) 2 Ethernet Management Ports Modular Interfaces 16-10/100/1000 16-SFP 2-XFP Performance & Capacities FW – 10/20 Gbps VPN – 6 Gbps IDP – 6 Gbps Concurrent sessions – 1M New and sustained CPS – 175k Concurrent IPSec VPN tunnels – 10k Front Rear

13 SRX3600 Front Rear Hardware Modular chassis Fixed Interfaces
12 slots (6 front, 6 rear) MGT module – dual, hot swap 5U chassis height Fixed Interfaces 12 built-in (8-10/100/ SFP) 2 Ethernet Management Ports Modular Interfaces 16-10/100/1000 16-SFP 2-XFP Performance & Capacities FW – 10/20/30 Gbps VPN – 10 Gbps IDP – 10 Gbps Concurrent sessions – 2M New and sustained CPS – 175k Concurrent IPSec VPN tunnels – 20k Front Rear

14 Sample SRX3000 Base Configurations
Minimal Configuration SRX 3400 Chassis 1 SPC 1 NPC SRX3600 Minimal Configuration SRX 3600 Chassis 1 SPC 1 NPC

15 System configuration flexibility
Flexible configuration of IOCs, NPCs and SPCs: SRX3400: 7 slots for Common Form-factor Modules (CFMs): 4 in the front for IOCs and SPCs 3 in the rear for NPCs and SPCs 4 SPCs max (1 min) 2 NPCs max (1 min) 4 IOCs max SRX3600: 12 slots for Common Form-factor Modules (CFMs): 6 in the front for IOCs and SPCs 6 in the rear for NPCs and SPCs 7 SPCs max (1 min) 3 NPCs max (1 min) 6 IOCs max SRX 3400-DC is limited by power supply capacity. No HA limitations.

16 SRX 3K Packet Flow – Fully Integrated
Flow Lookup Classification DoS/DDoS Policing Network Processing Cards Routing / Device MGT RE Services FW/VPN/IDP NAT/Routing Integrated in SRX 5000 IOC Oversubscrptn. Control 1.5 Fabric Fabric  Ingress Packet  Egress Packet Services Processing Cards Input/Output Cards QoS/Shaping

17 Integrated Services Dynamic Services Architecture Differentiator
Juniper SRX Traditional Appliances Dedicated Control Plane Buildable Processing Pool Buildable I/O Pool Scalable Service Engine Single policy/configuration Single device to manage

18 Adapting to Changing Security Requirements
High integration supporting wide range of services Scales as your business grows Minimal/No policy changes required Rack Space Planning: NONE CAPEX: LOW OPEX: LOW 10 Security Requirements FW, IPS & VPN (Gbps) 5 Network Traffic Requirements TODAY Time FUTURE

19 10 Gbps FW, IPS & IPSec VPN Solution Price per Gbps FW/IPS/IPSec VPN
Industry’s Most cost-effective security solution Power Savings 10 Gbps FW, IPS & IPSec VPN Solution Price per Gbps FW/IPS/IPSec VPN 83% SAVINGS 84% SAVINGS 84% SPACE SAVINGS Price per FW Gbps 31 Appliances Cisco ASA 5580 44% SAVINGS Juniper SRX 3600 Juniper SRX 3600 Cisco ASA 5540

20 Juniper (mid to high-end) Enterprise Security Portfolio
SRX5800 150 Gbps Services Gateway Designed for integration and scalability Dynamic Services Architecture Terabit Fabric Technology Dynamic Processing Pool Dynamic I/O Pool JUNOS SW feature delivery SRX5600 50 Gbps SRX3600 30 Gbps SRX3400 10 Gbps NS5400 FW and Integrated Security Designed for enhanced perimeter and DC security ISG/IDP

21 Juniper Networks Security Manager
A comprehensive approach to security management Device-lifecycle management Manages through every phase of device lifecycle: design, deploy, configure, monitor, maintain, upgrade, adjust Manage all aspects of configuration Manage configuration tasks at device, networking and security levels Delegation of administrative access Provides needed power and tools to the right groups (access and control) Control to provide/restrict information to different people within the organization, allowing them to make appropriate decisions Monitor / Maintain Upgrade / Adjust Configure Design / Deploy Juniper NSM is for those environments that have large deployments of Juniper FW/VPN and IDP devices. Right now it manages only the Firewall/VPN and IDP platforms, but going forward that will be extended to other Juniper security platforms as well. The Device Lifecycle

22 NSM Management Features
Description Scheduled Security Updates Automatically update devices with new attack objects Domains Service providers and distributed enterprises may use this mechanism to logically separate devices, policies, reports, objects, etc… Role-based Administration Granular approach in which all 100+ activities in the system may be assigned as a separate permissions Object Locking Multiple administrators can safely and concurrently modify different objects in the system at the same time Audit Logs Sort-able and filterable record of who made which changes to which objects in the system Device Templates Manage shared configuration such as sensor settings in one place Job Manager View pending and completed directives (such as device update) and their status High Availability Active/passive high availability of the management server Scheduled Database Backups Copies of the NSM database may be saved on a daily basis NSM is Juniper’s central management tool for FW/VPN and IDP appliances. Domains and Role-based Admin feature deserves to be pointed out in this slide. While often requested by service providers, this feature is also very valuable to enterprise. It is not uncommon for enterprise to logically divide the roles of administrators based on the type of security gear so that s specific administrator manages firewall policies while others manage IDP policies, etc… It is also common for enterprises to logically separate admin responsibilities based on their business requirements (e.g., a particular admin manages all security gear at a specific branch office while another manages the headquarter).

23 3-Tier Management Network-Security Manager (NSM)
NS-5000 Series ISG / ISG with IDP NSM SSG Series NSM utilizes a 3-tier management architecture which optimizes performance as well as security. From the perspective of the administrator, managing multiple security appliances is greatly simplified. Centralized NSM Server Common User Interface IDP Appliances

24 JUNOS Future Direction Integrated security and networking on JUNOS
Continued leadership in security JUNOS Integrated security and networking on JUNOS Best-in-Class Security Continued leadership in networking Best-in-Class Routing

25 Ministry of Foreign Affairs
The High-Value Branch When remote sites are essential to the organization’s strategic mission, you can WIN! Ministry of Foreign Affairs

26 What Are High-Value Remote Locations? Gateways to Better Businesses
Role Mission Changes The Humble Storefront Revenue Gateway Create new sources of revenue and operational efficiencies Support partners, guests, and devices Reputation and compliance The Mission Critical Clinic Service Gateway Attract and retain valuable clients Centralization of applications and databases; SaaS Privacy and compliance The High-Powered Center of Excellence Innovation Gateway Retain and activate a high quality workforce Advanced collaboration Unrestricted Internet access for employees

27 THANK YOU

Download ppt "Securing the Enterprise - new trends on networking security SCOP / Bucharest 15th April 2009 Uwe Richter Sr. SE Manager Eastern Europe The most flexible,"

Similar presentations

| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 WX Client Rajoo Nagar PLM, WABU.

| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 Distributed Enterprise – Channel Proposition Jonathan Hallatt 22 nd July 2009.

| Copyright © 2009 Juniper Networks, Inc. | 1 Distributed Enterprise – Channel Proposition Jonathan Hallatt 22 nd July 2009.
Chapter 1: Introduction to Scaling Networks

Chapter 1: Introduction to Scaling Networks
Introducing Campus Networks

Introducing Campus Networks
Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)

Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Agenda Product Overview Hardware Interfaces Software Features

Agenda Product Overview Hardware Interfaces Software Features
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 Mike Banic VP, Product Marketing, EPBG Enterprise Infrastructure Solutions.

| Copyright © 2009 Juniper Networks, Inc. | 1 Mike Banic VP, Product Marketing, EPBG Enterprise Infrastructure Solutions.
Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2010 Qwest. All Rights Reserved. Government Services TIC from an Industry.

Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2010 Qwest. All Rights Reserved. Government Services TIC from an Industry.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Virtual chassis enhancements in Junos 12.2

Virtual chassis enhancements in Junos 12.2
[Unrestricted]—For everyone ©2009 Check Point Software Technologies Ltd. All rights reserved. Power-1 Appliances Scalable Security Performance.

[Unrestricted]—For everyone ©2009 Check Point Software Technologies Ltd. All rights reserved. Power-1 Appliances Scalable Security Performance.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Provider Opportunities for Enterprise MPLS APRICOT 2006, Perth Matt.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Provider Opportunities for Enterprise MPLS APRICOT 2006, Perth Matt.
Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.

Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
© 2011 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Cisco Connected Energy Vision Utility Operations Connected Buildings.

© 2011 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1 Cisco Connected Energy Vision Utility Operations Connected Buildings.
Citrix Partner Update The Citrix Delivery Centre.

Citrix Partner Update The Citrix Delivery Centre.
SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.

SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.

Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.

Similar presentations

Ads by Google