Security Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
Showing results for 
Search instead for 
Do you mean 

Security for the Cloud Data Center

by skathuria ‎08-19-2014 05:05 AM - edited ‎08-19-2014 05:07 AM



Securing cloud data centers is an ongoing challenge. Your adversaries—cyber criminals, nation state attackers, hacktivists—continue to develop sophisticated, invasive techniques, resulting in a continually evolving threat landscape.


Because clouds are dynamic in nature, with new application and services being spun up or taken down and virtual workloads being moved, security for the cloud should be dynamic also. That poses the question, are traditional firewalls that are focused on layer 3 and 4 inspection sufficient in today’s threat environment? Also, next-gen firewalls are powerful, yet not designed to protect from the velocity and variety of new attacks being created every day. In today’s world, shouldn’t firewalls be able to take immediate action based on known or emerging intelligence?


With the shift to cloud architectures, traditional firewall administration has become burdensome and fraught with human error due to the sheer complexity of distributed security. What’s needed is an effective network security solution that fights cyber criminals head-on and can adapt to emerging threats without exerting excessive load on the enforcement point.

  1.      Do you know if your infrastructure is under attack at this very moment, and by whom?
  2.      Are you concerned about the performance impact to the cloud if you use advanced security services available from your firewall?
  3.      Are you expanding your network and able to ensure there are no security gaps that can make the network susceptible to exploitation?

What other fears or concerns about securing the cloud data center keep you up at night?


Stay tuned to my blog for ideas on how to address these challenges.


Last week the Cyber Security Challenge Masterclass got a step closer when organisers completed a dry run with volunteer contestants – all sworn to secrecy.


Compass icon small.jpgToday we announced the long-awaited “virtualized SRX” - Firefly Perimeter, as part of Juniper’s Firefly Suite. Firefly Host provides protection for the cloud while Firefly Perimeter provides protection from the cloud.


AWS re: Invent (Day 1)

by Trusted Contributor on ‎11-27-2012 12:08 PM

Today is the first day of AWS re: Invent. The first day is focused on technical training and networking (the human kind). Each of the training classes offers a full nine to five curriculums around a bevy of events. 


AWS Re: Invent (The first Amazon Web Services conference)

by Trusted Contributor ‎11-26-2012 09:47 AM - edited ‎11-26-2012 11:16 AM

Hello readers! This week is the first of hopefully an annual conference for Amazon’s web services.


Blog series - Part 3: Multi-tenant Segmentation in the Cloud

by skathuria ‎10-01-2012 12:22 PM - edited ‎10-01-2012 03:02 PM



In Blog 1 of this 3-part series, I covered some key drivers for why service providers (SPs) offer Security Software as a Service (SaaS) including to be able to extend security for tenants of the cloud and to monetize these services.  In Blog2,  I described where and how SPs place security controls.


In the final blog, I’ll focus on the importance of isolating customer data in the public cloud, as well as potential solutions for doing so.


In a public cloud, multiple tenants share a common set of resources (e.g., data-driven applications and services) that they access over a network. From a security perspective, the first requirement is that the entry point into the cloud must be protected using a Policy Enforcement Point (PEP), such as a perimeter/edge firewall for infrastructure protection. This may be a dedicated/purpose-built hardware device. A second requirement is that policies for different tenants should not overlap. For instance, a change in a security policy for one tenant shouldn’t affect another tenant. It is critical that these tenants’ policies are isolated from one another. To achieve the latter multi-tenant segmentation requirement, SPs have a choice of methods:


1)      Virtual LANs (VLANs) - While many cloud deployments are using L2 networks, since they offer VLANs for multi-tenant isolation, the shortcoming of L2 networks is that VLANs have an upper limit of ~4096 (according to IEEE Std 802.1Q 2011), which many large deployments exceed. Also, beyond the scaling limitation, VLANs can be unruly to manage in a hosted/cloud environment.


2)      Dedicated hardware firewall platform that supports multiple “logical” systems (independent firewalls with completely separate security policies and logs) - As with VLANs, there is a scaling limitation with this approach.


3)      Software-based security virtual machine (VM) running on an x86-based VM host – A key advantage of this method over the other two is that the SP can scale security VMs on demand. Furthermore, the SP can also easily offer customizable firewall controls to customers as an additional managed service, providing new potential revenue sources built on existing infrastructure. 


Software-based security VMs could offer SPs a scalable and flexible method for implementing multi-tenant segmentation, a key requirement for securing customers’ resources hosted in the public cloud.


NoSQL Injection: AWS Hosting

by Trusted Contributor ‎07-05-2012 09:00 AM - edited ‎07-05-2012 11:04 AM

As a follow up to my other NoSQL injection blog I wanted to take a quick survey of an AWS public IPv4 subnet and how many hosts were listening. I choose a block of IP addresses and then did a scan across all of them to see if they were listening for MongoDB or Redis. I did each scan on separate days and I only scanned for one service at a time. 


About Security Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kevin Walker
Vice President
Security CTSO, Engineering

Profile | Subscribe

Ritesh Agrawal
Software Engineering

Profile | Subscribe

Scott Emo
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Juniper Networks Technical Books