Security Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
Showing results for 
Search instead for 
Do you mean 

Automating Cyber Threat Intelligence with SkyATP: Part One

by Juniper Employee ‎10-17-2016 09:55 AM - edited ‎11-23-2016 08:39 AM

Each year, the economics of "fighting back" against Hacktivism, CyberCrime, and the occasional State-Sponsored attack become more and more untenable for the typical Enterprise. It's nearly impossible for the average Security Team to stay up to date with the latest emerging threats while also being tasked with their regular duties. Given the current economic climate, the luxury of having a dedicated team to perform Cyber Threat Intelligence (CTI) is generally out of reach for all but the largest of Enterprises. While automated identification, curation, and enforcement of CTI cannot truly replace human Security Analysts (yet), it has been shown to go a long way towards increasing the effectiveness and agility of your Security infrastructure. 

Read more...

Target’s Data Breach Saga Continues . . .

by skathuria ‎03-14-2014 01:25 PM - edited ‎03-14-2014 01:34 PM

As a regular shopper at Target, I’ve been closely following the data breach ordeal. This week, I learned that the company did, in fact, have security intelligence in place, but the company’s Security Operations Center (SOC) didn’t react in time to prevent the damage. Astonishing!

 

It’s my hope that the following questions will eventually be answered, too . . .

 

Read more...

RSA Conference 2014: Top 10 reasons to visit the Pulse demo pod

by Juniper Employee ‎01-29-2014 11:47 PM - edited ‎01-30-2014 09:00 AM

With RSA Conference 2014 right around the corner, here are some more reasons to stop by the Pulse demo pod.

Read more...

 

In a recent blog, Anton Chuvakin, a research director at Gartner's IT1 Security and Risk Management group, summarized a SIEM use case example. The example is tracking user authentication information across systems in order to detect unauthorized access. To serve this user authentication use case described by Chuvakin (as well as others), Juniper recently launched the next version of its SIEM offering called Juniper Networks Secure Analytics (formerly the STRM Series).

 

Briefly, this is how it works. IT prepares the relevant list of systems (e.g., servers, network devices, and others) for data collection. Next, a system operator modifies the logging configurations for collection by Secure Analytics. As Secure Analytics collects the event and flow data from the systems, it also aggregates and analyzes the data, alerting the administrator, based on default or custom rules, on findings. An example of such findings could be authentication failures on the same source IP address more than three times, across more than three destination IP addresses within 10 minutes. This may indicate unauthorized access.

 

What next? With the discoverer of a bunch of failed authentication attempts from that IP address, you may ask, “What else has the device using that IP been doing on the network?” You can understand that by analyzing the flow data—which will show connections to malicious sites, conversations using protocols that violate security policies and/or best practices, as well as conversations of long durations. By collecting flow data from switches and routers together with security events from, say, firewall, antivirus, IPS and even Web Application Security systems, you can get a complete picture about the current threat landscape.

 

Generally, Secure Analytics can help IT network security administrators make sense of large volumes of data—often from disparate sources—so that they can easily learn about threats and take measures to protect the network. Although we’ve only discussed the user authentication use case here, Secure Analytics can be utilized for additional use cases such as VPN monitoring for campus and branch deployments, automatic remediation of mobile devices that violate Enterprise BYOD policies, as well as use cases for Service Provider and MSSP deployments.

 

Makes good sense, no?

Read more...

About Security Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon


Our Bloggers

Kevin Walker
Vice President
Security CTSO, Engineering

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Announcements
Juniper Networks Technical Books
Labels