As an industry, we’re blazing into the future at an incredible pace. Our MetaFabric announcement puts Juniper at the leading edge of the activity. But while we take a major leap forward, we’re also mindful that there are a lot of bad actors out there, and they move pretty darned quickly as well. In fact, too quickly.
That means that enterprises and service providers need to be smarter about security. There is simply too much at stake to have application, data and other data center resources at risk.
That’s why MetaFabric includes smart data center security, going above and beyond what you might otherwise expect – and certainly beyond what a miscreant might expect.
We know that perimeter firewalling is a staple in any security war chest. Juniper’s perimeter security solutions are known for their high-performance and scalability. While they provides fundamental protection at the network layer, hackers are quite fond of going in at the app layer—specifically, looking for exploit opportunities, using your public-facing web apps as their front door.
According to this year’s Verizon Data Breach Investigations Report (DBIR), Web apps are still one of the top attack vectors. Once hackers breach an organization’s defenses, they often go undetected. The report also showed that more than 60 percent of breaches took a month or more to discover, and worse, four percent having taken as long as years to uncover. The problem is, hackers aren’t getting caught early enough in the cycle to break the monetary incentive that keeps them otherwise on track to execute a successful breach.
That’s why MetaFabric is part of our next-generation security for the data center, with a novel approach that uses intrusion deception to learn more about attackers while they're in reconnaissance, and to stop them in their tracks before they have a chance to find a vulnerability. This technique, which lures attackers into exposing themselves by injecting fake vulnerabilities into websites for them to exploit, provides a new away to identify the attacks versus just blocking a threat. Once an attacker takes the bait and tries to touch the vulnerability, that traffic can be definitively seen as bad and action can be taken at the perimeter to disable any further entry from that device.
This approach also solves the issue of identify attackers with more specificity and certainty…going beyond IP addresses to make certain that miscreants are blocked, while good traffic flows unobstructed. Rather than relying solely on IP addresses, which has become quite limiting, our approach uses smart technology to find ways to identify the devices that are being used by attackers. Each device has hundreds of unique characteristics like browser version, geography and screen resolution just to name a few, that when taken together can be turned into an incredibly reliable “fingerprint” of the device. These fingerprints can then be used to identify and subsequently block attackers at the device level, which can’t be as easily changed.
When combined with Juniper’s SRX Series Services Gateways, our virtual firewall technology, and our DDoS prevention services, it is arguably one of the smartest ways to protect the assets in your data center.