Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
banksek

Recap of VMworld 2014 USA - Juniper Style

by Juniper Employee ‎09-11-2014 02:40 PM - edited ‎09-12-2014 11:46 AM

This was the first year that I got to attend VMworld as a member of the Juniper family ( this was my fourth VMworld ). It was a great experience, we had our first lab in the Hands-on Lab which I personally think was a success and of course we had a booth. We received a lot of complements on the documentation for the lab and how it explained all the facets of the product. I had people fighting ( well not literally ) for the long sleeve shirts that we distributed to everyone who took the lab ( check it out below )

 

 

juniper lab shirt.JPG

 

It gave us a lot of visibility into our virtual security solutions and how they play in your VMware environment. The great thing, the fun isn't over…

 
A) VMware will make the labs available online in approximately 2 - 3 weeks so you can take them from the comfort of whatever you find comfortable, whenever you want to take it. The link is http://labs.hol.vmware.com .
In the meantime, if you are interested in reading the lab that I wrote, it is available in PDF format and html format
 
2) We will be at VMworld 2014 Europe in Barcelona. Sadly we won't have shirts but the lab will be there and I promise to give you a hug if you take the lab. Hugs are better anyway.
 
The lab hours this year are : 
 
Monday / October 13 : 8:00 - 18:00
Tuesday / October 14 : 10:30 - 18:30
Wednesday / October 15 : 8:00 - 18:00
Thursday / October 16 : 8:00 - 18:00
 
I look forward to seeing you there!
 
#JuniperLab
#PewPew

prashantk

September 2014 Microsoft Patch Tuesday Summary

by Juniper Employee ‎09-09-2014 09:58 PM - edited ‎09-09-2014 09:58 PM

Welcome to the September edition of Microsoft Patch Tuesday Summary. In this edition there are 4 updates; one is marked "Critical" and three are rated "Important". A total of 42 vulnerabilities were fixed over 4 bulletins this month. One of the Critical update MS14-052 is an all version Internet Explorer (IE 6 to 11) patch. This single update resolves 37 CVE's (Common Vulnerability and Exposure) including the publicly disclosed CVE-2013-7331

 

Here is a list of Security bulletins which were rolled out in today's Patch Tuesday release.

Read more...

In an earlier blog, I posed a few questions on security challenges that some Cloud Builders are facing today. Here, I offer some ideas for you to consider.

Read more...

apattnaik

Firefly for Software-defined data center (SDDC)

by Juniper Employee ‎09-04-2014 10:55 AM - edited ‎09-04-2014 11:05 AM

Background: In today’s world, data center virtualization has enabled the agility and elasticity which accelerates the delivery of infrastructure-networking, storage, and compute. However, the penetrable nature of the cloud also exposes the network to serious security issues. As services become more mobile and cloud focused, security services need to adopt to this dynamic environment to deliver security for communications within virtualized data center.

 

Security Issues In SDDC: SDDC (Software-defined data center) is a data center where all the infrastructure is virtualized and delivered as a service. In SDDC, the whole data center is controlled by a single layer of virtualization and all of the resources of data center are abstracted and automated. The processing capacity of each host is increased, processing loads are shared and moved among all hosts which significantly increases the amount of traffic. The traditional physical switching and routing devices create a tangled route that slows down the traffic and may not detect all the security issues within virtual infrastructure. So it is a wise idea to consider virtual appliance which will reduce latency and optimize performance.

 

Some of the key security challenges in SDDC are the lack of visibility into East-West (virtual machine to virtual machine) traffic, lack of dynamic security (Security not keeping pace with the rate of application provisioning). Other network security issues include undetected and uncontained malware outbreaks or insider attacks in the virtual environment and inability to enforce policies that isolate VMs, prevent VM sprawl.

 

Firefly for SDDC: Firefly addresses many of these security threats by providing next generation security features such as ant-virus/anti-spam, IDP, web filtering and intrusion prevention system which all are included in Unified Threat Management (UTM) solution. UTM solution allows an administrator to manage wide variety of security issues through a single management console. Junos Space Security Director supports centralized management and offers administrators a simple way to create series of security policies that will control the traffic from within and in between zones or even between VMs. These dynamic security policies understand the context of the virtual machines in the datacenter. Firefly also supports Junos Space Virtual Director, an intelligent, automated VM life cycle management application which easily scales VM to meet dynamic demand. Firefly provides rich connectivity features based on the powerful Junos foundation including routing, NAT and VPN.

 

SDDC Use Case for Firefly: A very common use case in SDDC is to segregate the guest VMs and provide advanced protection across tiers. Firefly fits into this use case as it can segment the VM and after the VMs are segmented, they are connected via VPN. Firefly also offers multiple layers of defense to protect from any kind of malware and other advanced security threats.

 

Conclusion: Juniper’s Firefly solution improves performance, lowers latency, and provides end-to-end security in virtualized data centers. Firefly is easily scalable to data centers of any size to ensure that organizations can attain full agility and efficiency of a data center.

skathuria

Security for the Cloud Data Center

by Juniper Employee ‎08-19-2014 05:05 AM - edited ‎08-19-2014 05:07 AM

Image_SecuringCloudDC.png

 

Securing cloud data centers is an ongoing challenge. Your adversaries—cyber criminals, nation state attackers, hacktivists—continue to develop sophisticated, invasive techniques, resulting in a continually evolving threat landscape.

 

Because clouds are dynamic in nature, with new application and services being spun up or taken down and virtual workloads being moved, security for the cloud should be dynamic also. That poses the question, are traditional firewalls that are focused on layer 3 and 4 inspection sufficient in today’s threat environment? Also, next-gen firewalls are powerful, yet not designed to protect from the velocity and variety of new attacks being created every day. In today’s world, shouldn’t firewalls be able to take immediate action based on known or emerging intelligence?

 

With the shift to cloud architectures, traditional firewall administration has become burdensome and fraught with human error due to the sheer complexity of distributed security. What’s needed is an effective network security solution that fights cyber criminals head-on and can adapt to emerging threats without exerting excessive load on the enforcement point.

  1.      Do you know if your infrastructure is under attack at this very moment, and by whom?
  2.      Are you concerned about the performance impact to the cloud if you use advanced security services available from your firewall?
  3.      Are you expanding your network and able to ensure there are no security gaps that can make the network susceptible to exploitation?

What other fears or concerns about securing the cloud data center keep you up at night?

 

Stay tuned to my blog for ideas on how to address these challenges.

Read more...

prashantk

August 2014 Microsoft Patch Tuesday Summary

by Juniper Employee ‎08-12-2014 12:24 PM - edited ‎08-12-2014 12:24 PM

Welcome to the August edition of Microsoft Patch Tuesday Summary. In this edition there are 9 updates; two are marked "Critical" and seven are rated "Important". A total of 37 vulnerabilities were fixed over 9 bulletins this month. One of the Critical update MS14-051 is an all version Internet Explorer (IE 6 to 11) patch. This single update resolves 25 CVE's (Common Vulnerability and Exposure).

 

Here is a list of Security bulletins which were rolled out in today's Patch Tuesday release.

Read more...

banksek

VMworld 2014 – Juniper at the Hands-on Lab

by Juniper Employee ‎07-22-2014 01:54 PM - edited ‎07-30-2014 09:05 AM

VMwarelabs.jpgThis is an exciting year for me. I joined Juniper Networks and my first week, I submitted a lab proposal representing Juniper for the VMworld 2014 Hands-on Lab.  Weeks later, it was approved and two weeks ago, I finalized the lab and document.  I am so incredibly excited that for the first time ever, Juniper Networks is represented in the VMworld Hands-on Lab.

Read more...

rajoon

A Holistic Approach to DDoS Mitigation and DNS Availability

by Juniper Employee ‎07-17-2014 05:00 AM - edited ‎07-30-2014 09:14 AM

MX-RoutingToday organizations need to be prepared for a number of different types of DDoS attacks on their networks. Juniper Networks announced several new enhancements that allows its DDoS Secure solution to help the network better defend itself by using routers as enforcement points.  

Read more...

Juniper Networks has the ingredients and lineage to remain one of the top three players in network security, according to a report by Jeff Wilson, principal analyst with Infonetics Research. See what he had to say after attending Juniper's annual Industry Analyst Event.

Read more...

                                                        healthy_heart_image.jpg

As I was reading this article describing examples of certain healthcare practitioners using data mining and analytics of patients’ lifestyles (e.g. foods they eat, activity levels, where they live, etc.) to help predict their risk factor for ailments, I started to draw a parallel to the state of the network. I was thinking about how security analytics of a network may help predict the onset of a data breach. The common goal in both cases, human and network, is to maintain a certain level of health – call it an “equilibrium” state, one that doesn’t require immediate intervention or repair.

 

Inspired by the table shared in the article describing what certain collected data about a patient could indicate about his/her health habits, I came up with a table containing types of network state related which could be indicators for a potential data exploit/breach.

 

State of Network

Analysis

Weak password for an online account

This could allow a hacker to uncover the password (by using automated tools), gain access to user data (name, address, phone #, bank account/credit card data) and perform unauthorized transaction (e.g., purchase of product/service or withdrawal of money from bank account) on the user’s behalf.

Multiple unsuccessful attempts to search for usernames and passwords via Web browser exploitation techniques

This could result in a data breach.

Improper isolation of HR records, financial, medical, credit/debit card, or other PII data within Enterprise data center/private cloud network

This could inadvertently allow an insider (e.g. employee) access to the network for obtaining and selling data on black market for profit.

Excessive communication requests to a Web server or other resource, slowing it down considerably or rendering it unavailable

This could indicate someone is trying to gain access to the server for malicious intent.

No application layer protection at Enterprise edge

This could allow a hacker to launch an application-layer attack and access data for further exploitation.

 

Enterprise and service providers would benefit greatly from self-monitoring and constantly improving the health of networks, to minimize the possibility of a data breach.

 

One of the ways to do this is via technology, including application-aware, next generation firewalls, and strong SIEM solutions and network security management solutions (for firewall management), which provide visibility, analyze network security posture, and alert administrators about unusual network activity.

 

In addition, humans themselves should be held accountable for security. For one, it is imperative that the IT security team is proactively monitoring the network security posture, carefully balancing access to certain network resources, applications and data with control over the same. In addition, trust plays a big role in maintaining security and privacy, so it is ultimately the responsibility of individuals (business owners and employees) to not exploit data for personal gain.

Read more...

prashantk

July 2014 Microsoft Patch Tuesday Summary

by Juniper Employee ‎07-08-2014 06:57 PM - edited ‎07-08-2014 06:57 PM

It’s Microsoft Patch Tuesday! In the July edition there 6 updates; two are marked "Critical", three are rated "Important" and one is rated "Moderate”. A total of 29 vulnerabilities were fixed over 6 bulletins this month. One of the Critical update MS14-037 is an all version Internet Explorer (IE 6 to 11) patch. This single update resolves 23 CVE's (Common Vulnerability and Exposure) including one publicly disclosed vulnerability.

 

Read more...

bshelton

Why Protection Profiles Matter in Common Criteria Certification

by Juniper Employee ‎07-01-2014 08:50 AM - edited ‎07-01-2014 08:50 AM

EAL 4 Level Common Criteria Certifications without the appropriate protection profile are like Nigel Tufnel carrying on about his amplifiers in This is Spinal Tap- Much Ado About Nothing.

Read more...

skathuria

Security is CORE

by Juniper Employee ‎07-01-2014 06:00 AM - edited ‎07-07-2014 10:00 AM

                                                                                           Secured_by_Juniper.png

 

As a three year “veteran” at Juniper, I have seen the evolution and uptake of Juniper security solutions by customers to solve their key business challenges. Security is CORE for Juniper and our customers.

 

Customer Centric

Juniper’s security solutions solve customers’ most important challenges, as they demand hybrid cloud environments and build high IQ networks. Juniper’s security solutions don’t hinder cloud adoption. Rather, they enable secure, reliable clouds. Our newest security offerings (DDoS Secure, WebApp Secure, and Spotlight Secure) employ advanced techniques to detect and mitigate advanced threats with greater efficacy than traditional security solutions, helping customers achieve faster ROI, increase operational efficiency, maintain brand reputation and drive customer loyalty.

 

Open Platform

The Junos platform, on which many of our security offerings, including SRX firewalls, are based, offers a revolutionary software platform that allows customers to directly program their networks and run applications developed by an ecosystem of partners for rich user experiences, smart economics, and fast time to market. We don’t restrict customers in terms of how they want to build, optimize and scale their networks and associated security. In fact, recently, we even extended the ability for customers to leverage the proven Junos-based SRX firewall in virtualized environments by launching Firefly Perimeter in January 2014. Firefly Perimeter addresses the new security challenges required to protect virtualized and cloud environments for enterprises and service providers by leveraging the same advanced security and networking features of the Branch SRX Services Series Gateway in a virtual machine format.

 

Revenue Generating

In terms of market share, Juniper continues to lead in the high-end firewall and SSL VPN markets* and strengthen its offerings in these categories. For example, in anticipation of growth in the adoption of next generation firewalls, Juniper just released new enhancements to its SRX Series Services Gateways.  These next-generation security products help customers protect against threats and control what’s on their network without adding a heavy administrative burden.

 

Also, Juniper’s high-end SRX5400 Services Gateway was recently awarded at the Interop Tokyo 2014 event. It received the Best of Show Award Grand Prix in the ShowNet Product category and the Best of Show Award Special Prize in the Security category. The SRX5400 is the latest offering in our SRX Series portfolio, based on a revolutionary new architecture, and uses new line cards to provide market-leading connectivity, performance and service integration.

 

Evolution through Innovation

Every day, Juniper Networks is helping our customers build the best networks on the planet. Every innovation we envision and every technology we create is informed by our desire to help solve our customers’ toughest challenges so they can compete and thrive today and into the future. Our solutions really make a difference by helping to “connect everything” and “empower everyone”.

 

And, just to underscore Juniper’s resolve to deliver what customers need, we’ve embarked on a journey where we ask our customers to partner with us -- to co-create and deliver secure hybrid cloud ecosystems and highly intelligent networks of the future. Gone are the days when customers would be at the receiving end of “marketing” speak, sold a product, and then just left to their own devices. Now, you can be part of the action early on. So, are you ready to join Juniper and together embark on the “Bridge to the Future”, as our CEO, Shaygan Kheradpir, so eloquently puts it?

 

*Source: Report: Infonetics Network Security Appliances and Software, Jeff Wilson, May 30, 2014

Read more...

About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.