Security Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
Showing results for 
Search instead for 
Do you mean 

Security for the Cloud Data Center

by skathuria ‎08-19-2014 05:05 AM - edited ‎08-19-2014 05:07 AM



Securing cloud data centers is an ongoing challenge. Your adversaries—cyber criminals, nation state attackers, hacktivists—continue to develop sophisticated, invasive techniques, resulting in a continually evolving threat landscape.


Because clouds are dynamic in nature, with new application and services being spun up or taken down and virtual workloads being moved, security for the cloud should be dynamic also. That poses the question, are traditional firewalls that are focused on layer 3 and 4 inspection sufficient in today’s threat environment? Also, next-gen firewalls are powerful, yet not designed to protect from the velocity and variety of new attacks being created every day. In today’s world, shouldn’t firewalls be able to take immediate action based on known or emerging intelligence?


With the shift to cloud architectures, traditional firewall administration has become burdensome and fraught with human error due to the sheer complexity of distributed security. What’s needed is an effective network security solution that fights cyber criminals head-on and can adapt to emerging threats without exerting excessive load on the enforcement point.

  1.      Do you know if your infrastructure is under attack at this very moment, and by whom?
  2.      Are you concerned about the performance impact to the cloud if you use advanced security services available from your firewall?
  3.      Are you expanding your network and able to ensure there are no security gaps that can make the network susceptible to exploitation?

What other fears or concerns about securing the cloud data center keep you up at night?


Stay tuned to my blog for ideas on how to address these challenges.




Network security is only as good as the ability to easily manage it. If you have a complex security network with multiple firewalls, policies, and administrators, it is essential to have a simple and scalable way to manage them all. In fact, Gartner’s most recent Magic Quadrant for Enterprise Network Firewalls report specifically calls out scalable management as a critical component of Network Firewall solutions.


Our Juniper SRX (physical firewall) and Firefly Perimeter (virtual firewall) customers want the best way to easily manage their firewalls and policies—and that way is via Junos Space Security Director. Fortunately, as an application on the Junos Space Network Management Platform, Security Director can easily scale to meet the needs of our customers–whether you’re an enterprise who will expand your reach into new markets or a service provider who needs to provide reliable and secure application and service access to your clients in a way that’s in line with your Service Level Agreements (SLAs).


We built the Junos Space platform from the ground up for scale, and Security Director directly benefits from this:

-          Junos Space can manage thousands of Junos devices (including SRX firewalls)

-          Instantly scale by simply adding or deleting nodes on the network fabric

-          Readily extend the number of concurrent administrators supported


Now, the latest Junos Space Security Director V13.3R1 software release introduces enhanced centralized management for SRX and Firefly Perimeter deployments, having added:

-          Security Event Logging via Junos Space Log Director so you can aggregate and filter events based on certain criteria such as Source/Destination IP/application/service

-          UTM Support, which allows policy configuration for Web filtering, antivirus, and anti-spam

-          Role-Based Access that lets you segment administrative responsibility such that you can place devices, policies and objects within domains and then assign read or read/write permissions 


Many customers have been waiting for these capabilities, and I’m delighted to share this good news! Stay tuned for further Juniper innovations based on what you’ve been telling us you need.


Placing Our Bets on Network Security in 2014

by skathuria ‎01-16-2014 03:01 PM - edited ‎01-25-2014 03:13 PM


As a marketer, it’s reassuring to be able to point to third-party data that reinforces industry trends and customer needs, rather than us, the vendor, “tooting our own horn.” Hence, a recent report on caught my eye. In it, the author shares that, according to a Forrester Research Survey conducted in 2013 of more than 2,000 security pros:

  • Almost 50% of companies plan to spend more on network security in 2014.
  • About 60% of companies want to buy from one vendor because they have enough best-of-breed applications and want to simplify management and integration.
  • Firewalls and threat intelligence are the most popular security as a service products.
  • Nearly 30% of companies plan to invest in security analytics.

Customers continue to seek out and will invest in security solutions that are intelligent – those that understand and accurately identify threats from “noise” and quickly provide feedback to IT personnel to help remediate threats and thwart attacks. They would like to see integration between products from the same vendor for consistent protection from the device to the data center, regardless of where they are accessing network resources from.


Investing Where It Counts

Juniper continues to invest heavily in R&D and bring to market innovative security technologies. We rely on our intelligent engineers who develop cutting-edge solutions that meet our customers’ needs.


For example, Juniper’s SRX firewall integrates with WebApp Secure (the industry’s first Web Intrusion Deception System that detects, tracks, profiles and prevents hackers in real-time) and Spotlight Secure (the new cloud-based hacker device intelligence service that will identify individual attacker devices and track them in a global database). With all three products working together, the solution provides both threat intelligence and enforcement, accurately (without false positives) identifying attackers and stopping them at the network perimeter before they can cause any harm.


Simple yet Powerful Solutions

With the number of security devices in the network on the rise and the impracticality of managing the security infrastructure manually or with individual product management interfaces, simplified management is critical. Simplified SRX firewall management is made possible through Junos Space Security Director, an application on Junos Space Network Management Platform, which provides extensive security scale, granular policy control, and policy breadth across the network.


Furthermore, the newly announced Firefly Perimeter, a virtual firewall based on Juniper’s SRX Services Gateway code delivered in a virtual machine (VM) form factor, enables Service Providers to offer managed firewall security as a service.


Finally, Juniper provides Secure Analytics, a market-leading SIEM that consolidates log source event data from thousands of devices, including SRX, WebApp Secure, and DDoS Secure, and helps quickly discover and remediate network attacks. Providing intelligent security, Secure Analytics can help IT personnel discover threats that often are missed by other security solutions.


So if you are planning to spend more on security and looking to build a relationship with a market leader who will comprehensively address your security and simplified
management needs, check out Juniper’s security solutions.


Network Security Management -- it’s all about Operational Efficiency

by skathuria ‎06-13-2013 09:00 AM - edited ‎06-13-2013 10:21 AM

                                                              Junos Space

Juniper recently launched the next version of its security management offering, Junos Space Security Director. When we talk to our customers about what they expect from such a product, we hear time and time again that what matters most to them is:

1) Security management is easy, not burdensome

2) Security management shouldn’t hinder business operations


As a case in point, one of Juniper’s Ambassadors shared his view of the latest Junos Space Security Director software release. Scott Ware, a Security Engineer who manages hundreds of SRX firewalls, shares the following:


“I must say, with the 13.1 release I am extremely pleased and impressed! The added features/functionality in this release had even further been able to save us so much time when deploying all of our SRX Series Services Gateways, along with day-to-day functions. The ability to now import variable definitions is HUGE. I cannot tell you how happy I am that now all I have to do is import a spreadsheet instead of spend time manually defining everything.”


What Scott describes was made possible with the support in Junos Space Security Director 13.1 of read/write APIs, enabling automatic configuration of firewall policies. By using Junos Space Security Director to efficiently deploy security policies for multiple firewall devices (SRX Series Services Gateways), Scott and his co-workers are able to realize cost savings in the forms of time and labor. As they grow their network and add more firewall devices, they can rest assured that pertinent security policies will easily be applied to the new devices.


Simplifying Network Security Management

by skathuria ‎05-03-2013 01:51 PM - edited ‎05-03-2013 01:53 PM

So you are responsible for IT Security at an organization that just purchased multiple Juniper firewalls (SRX Series Services Gateways), and had them installed (powered up and on the network) at each of your branch office locations. Now what? You will need to have a security administrator configure and deploy security policies to each of the devices, all while making sure you can maintain a sound security posture and maintain regulatory compliance even amidst changes in your network (e.g., new applications introduced on the network, users attempting to access a brand new Web site, software updates, etc.). What could help minimize the burden is a strong network security management solution, one that you can depend on to quickly administer security policies, instantly view the security posture across the distributed enterprise, and easily update policies with.


Junos® Space Security Director, formerly known as Security Design, is an application running on the open Junos Space Network Management Platform. Junos Space Security Director  is essentially a security management building block that provides extensive security scale, policy control, and reach across the network. Security administrators can use it to speed and simplify security administration and reduce management costs and errors with efficient security policy and workflow tools. Additional benefits of  Junos Space Security Director are that you can:

  • Scale security policy across multiple Juniper Networks® SRX Series Services Gateways, or manage multiple LSYS instances on a single SRX Series device.
  • Centrally configure and manage application security (e.g., AppSecure), firewall, VPN, IPS, and NAT security policy through one scalable management interface.
  • Define and enforce policies for controlling usage of specific applications such as Facebook, instant messaging, and embedded social networking widgets through included AppFW management.
  • Reuse security policies within Junos Space Security Director for improved security enforcement accuracy, consistency, and compliance.
  • Build the infrastructure for further management innovation across the network through the open and secure Junos Space Network Management Platform integration.


While the product has been renamed, it will continue to have all of the benefits it has had to date and we will continue to innovate further based on customer needs.  Whether you have a few Juniper firewalls today and will have many more tomorrow, Junos Space Security Director can help ease the task of managing policies for all. Smiley Happy


Security: A year that was! A year that will be ?

by Juniper Employee ‎01-04-2012 04:50 PM - edited ‎01-05-2012 08:18 PM

2011 will go down in history as the year where cyber-criminals and ‘hacktivists’ shook governments and brought many businesses to their knees.

What can we anticipate in 2012?


With the multitude of data breaches in the news lately, it seemed like it was just a matter of time until one of them affected me personally. The proliferation of web services, e-commerce and records automation means that our data is on file at so many locations that the odds of being impacted are growing every day. Sure enough, I received a letter from Stanford University hospital last week letting me know that my medical records had inadvertently been posted on a public internet site for over a year.


About Security Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kevin Walker
Vice President
Security CTSO, Engineering

Profile | Subscribe

Ritesh Agrawal
Software Engineering

Profile | Subscribe

Scott Emo
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Juniper Networks Technical Books