Juniper Networks Next-Generation Firewall Services
Home — SecurityDistributed Denial Of Service Security — Juniper Networks Next-Generation Firewall Services

Organizations are in an arms race with cyber criminals, who constantly develop new exploits that evade detection and compromise defenses. These exploits are highly effective and have enabled a multi-billion-dollar industry in which criminals sell a company’s intellectual property to the highest bidder. Security solutions that stay ahead of this continual escalation are crucial to protecting your business’s people, data, and infrastructure. Juniper Networks Next-Generation Firewall Services provide an array of cyber defenses to reduce your attack surface in this challenging environment. With the Juniper Networks Next-Generation Firewall SRX Firewall at their foundation, Juniper Networks Next-Generation Firewall Services safely allow the operation of critical applications and block advanced malware from entering your network. Available on all SRX platforms, our security services reduce the attack surface in real-time and stop cyber criminals before they can breach your organization’s defenses.

Advanced application visibility and control. You can identify applications running on your network regardless of port, protocol, and encryption. This visibility lets you immediately block evasive applications inline at the SRX firewall. Nested application support. You can accurately identify applications embedded in common network protocols such as HTTP or HTTPS traffic. This capability also provides visibility into and granular control over applications hidden inside encrypted SSL traffic. User and role-based policies. Tight integration with Microsoft AD and LDAP allow you to set and enforce user and role-based security policies. Policy setting becomes simpler and more secure, because you reduce the number of policies needed to account for user location, IP address, and so on. Inline decryption and inspection of inbound and outbound Secure Sockets Layer (SSL) connections at the SRX firewall provide visibility and protection against threats embedded in SSL encrypted traffic.

Juniper Networks Next-Generation Firewall — Cybersecurity

Protect your data and people with a more innovative security platform. Your data is in multiple places. Your people work everywhere — from headquarters to airports. Cyber crime today is more devious than ever and can strike at any time, any place. It’s time for end-to-end, automated, intelligent cybersecurity that is everywhere, too. The Software-Defined Secure Network (SDSN) transforms your network into a unified cybersecurity platform. Detect, defend, and defeat with agility. Transform your network into a dynamic platform that automatically responds to threats — anytime, anywhere. The global WannaCry outbreak was preventable. Learn what can be done to help stop future ransomware attacks. The Internet of Things opens businesses up to a whole new universe of vulnerabilities. Learn how to prevent IoT cyber attacks in this Nemertes report. Cyber threats have changed the world forever. The numbers don’t lie — Juniper Networks works with some of the best companies all over the world.

Juniper Networks Next-Generation Firewall — Cyber Attacks

Today 80% of cyber crime is committed by sophisticated, organized criminals. It is more devious than ever and can strike at anytime, anyplace. Transform your network into a unified, dynamic platform that automatically responds to threats. Cyber crime is a big business led by highly-organized gangs with well-funded infrastructure. They reap billions without being caught through an arsenal of sophisticated schemes including Fraud-As-A-Service and Extortion-As-A-Service. The Internet of Things (IoT) also opens up gaps in the network. IoT devices are the perfect host for self-propagating worms to target laptops and servers. Learn security measures every organization should take today in this white paper: Next-generation security. Even with myriad tools, there are still gaps. Phishing and web apps are the top-two ways that cybercriminals get into an organization, according to Verizon Enterprise’s 2016 Data Breach Investigations Report. And 89 percent of breaches in 2016 had a financial or espionage motive.

Juniper Networks Next-Generation Firewall Capabilities

Juniper Networks Next-Generation Firewall Services is introducing new enhancements to its SRX Services Gateways that provide next-generation security to help customers protect against threats and control what’s on their network without adding a heavy administrative burden. Centralized management of SRX and virtual Firefly Perimeter firewalls is made easier with Junos Space Security Director’s integrated logging and reporting, and role-based access controls that manage next-generation security services including user firewall, application security (AppSecure) and UTM. A single, central management platform delivers a simple method for managing all Juniper Networks firewalls, eliminating the complexity and time needed to support multiple management platforms. SRX now integrates directly with Active Directory to apply user role-based firewall policies without requiring any additional devices or agents. This integrated solution will simplify deployment of user role-based firewall capabilities in cases where a customer doesn’t need a full end-to-end user security solution such as Unified Access Control service.
Juniper Networks Next-Generation Firewall Services

Distributed Denial of Service (DDoS) attacks attempt to deny legitimate users access to your systems or networks by overwhelming them with bogus requests. They target important resources, like network bandwidth, server sockets, web server threads, and CPU utilization. DDoS Mitigation helps maintain availability for your Managed Hosting services through a unique hardware-based protection system. It combines two powerful alerting technologies to identify an attack (network-level packet scanning and server-level anomaly detection) and then precision elimination of DDoS traffic to mitigate its effects. Identify and filter hostile traffic 24/7 with layered protection built using multiple technologies for the most comprehensive protection.

Keep your infrastructure resources focused on business workloads by offloading DDoS processing to our mitigation hardware. When our network security team is alerted to an ongoing or imminent DDoS attack, they immediately initiate mitigation measures and contact you. Backed by security specialists. During initial setup, a security engineer works with you to set up your DDoS solution. After that, our system continually tunes your server profiles for peak performance. If you ever have questions or need help, security specialists are available to provide support — 24/7.

The Cisco solution provides complete protection against all types of DDoS attacks, even those that have never been seen before. Featuring active mitigation capabilities that rapidly detect attacks and separate malicious traffic from legitimate traffic, the Cisco solution delivers a rapid DDoS response that is measured in seconds, not hours. Easily deployed adjacent to critical routers and switches, the Cisco solution offers a scalable option that eliminates any single points of failure and does not impact the performance or reliability of the existing network components. The Cisco solution set includes two distinct components — the Cisco Traffic Anomaly Detector (TAD) XT and the Cisco Guard XT — that, working together, deliver complete DDoS protection for virtually any environment.

  • Cisco Traffic Anomaly Detector XT — Acting as an early warning system, the Cisco TAD XT provides in-depth analysis of the most complex DDoS attacks. The Cisco TAD XT passively monitors network traffic, looking for any deviation from "normal" or baseline behavior that indicates a DDoS attack. When an attack is identified, the Cisco TAD XT alerts the Cisco Guard XT, providing detailed reports as well as specific alerts to quickly react to the threat. For example, the Cisco TAD XT can observe that the rate of UDP packets from a single source IP is out of range, even if overall thresholds are not exceeded.
  • Cisco Guard XT — The Cisco Guard XT is the cornerstone of the Cisco DDoS solution set — a high-performance DDoS attack-mitigation device that is deployed upstream at either the ISP data center or at the perimeter of a large enterprise to protect both the network and data center resources.

When the Cisco Guard XT is notified that a target is under attack (whether from a Cisco TAD XT or some other security-monitoring device such as an intrusion detector or firewall), traffic destined for the target is diverted to the Guard (or Guards) associated with the targeted device. The traffic is then subjected to a rigorous five-stage analysis and filtering process designed to remove all malicious traffic while allowing good packets to continue flowing uninterrupted. The Cisco Guard XT resides adjacent to a router or switch on a separate network interface, helping enable on-demand protection without impacting data traffic flow of other systems. Depending on its location, the Cisco Guard XT can concurrently protect multiple potential targets, including routers, Web servers, DNS servers, and LAN and WAN bandwidth.

Managed DDoS protection services is a fully managed security service to help organizations respond to the threat of DoS and DDoS attacks. The service staff augments adaptive rate controls to perform real-time analysis of ongoing attacks, tune existing rules and create custom rules as required, and adapt to changing attack vectors and multi dimensional threats. Managed DDoS protection services provides organizations with dynamic protection against a broad range of potential DoS and DDoS attack types, regardless of size and complexity, and even as they change over the course of an attack.

Managed DDoS protection security services provides organizations with a simple and effective solution to mitigate the growing threat of DoS and DDoS attacks. IAM will have real-time visibility into security events and the ability to drill down into attack alerts to learn what’s being attacked, by whom what defense capabilities triggered the attack, and what specifically in the requests triggered site defenses. Combining a scalable infrastructure with in-depth, 24/7 security operations centers, Managed DDoS protection services are able to defend against the most sophisticated attacks.

The Juniper Networks SRX Series architecture is designed for optimal performance and has been battle tested in some of the largest service provider and enterprise customer environments around the world. Since their inception, the SRX Series firewalls were built from the ground up with true control and data plane separation; the control plane is responsible for the management and system services that operate the device while the forwarding plane is responsible for moving data traffic as efficiently as possible.

This clear separation of control and data planes protects SRX Series firewalls from direct attack and shields critical firewall management services from being affected when an attack is underway. The SRX Series security architecture scales by processing traffic early in the pipeline, preemptively mitigating a cyberattack before affecting legitimate traffic and management services. In the case of a DoS attack, the SRX Series firewalls employ two primary security methods to protect critical services: firewall filters and screens.

Get the robust, multi-layered protection needed to mitigate today's advanced DDoS attacks — without upgrades or changes to your architecture. The system works independently from your production infrastructure. Continuous monitoring compares current traffic to a custom profile of your server's "normal" network and port behavior. Anomalous behaviors immediately trigger an alert to our network security team.

Sophisticated detection technology, capable of handling tens-of-millions of packets per second, examines all incoming packets for patterns of malicious activity. When suspicious traffic is detected, your traffic is routed through a sanitation engine that filters out and diverts malicious traffic. All legitimate traffic continues to its intended destination.