Automating Threat Detection and Remediation with Juniper Connected Security
Oct 15, 2019
How information technology products do what they do matters, and nowhere is this truer than in the case of security. IT infrastructure used to be dedicated to a specific task. But with the rise of virtualization, software defined everything and cloud computing, that changed. Shared infrastructure became the norm, but the centralization of IT, and especially clouds, made consuming IT easier. Both the scope and scale of IT increased and, along the way, things were automated to cut down on the management burden.
IT at scale requires automation, and while many enterprises are doing it today, automation itself can be burdensome. Managing and maintaining the many and varied forms of automation is orchestration. Automation, and especially orchestration, are investments that take time and effort. Getting it right can take years and the lifespan of IT orchestration projects is proving to be several times that of the individual infrastructure components that make up our IT infrastructures. Storage, networking and compute products come and go, but the automation and orchestration layers remain.
This reality means that the scope of impact for our IT purchasing decisions lasts beyond the lifetime of the individual IT products themselves. How a product does what it does influences how it is automated, how it interacts with other products within the larger infrastructure and whether the automation and orchestration build for that product is reusable or extendable, once it’s replaced.
Scalability, Security and Survival
Consider any security product that aims to detect malware. It's been clear for some time that signature-based detection just doesn't scale. Evolving products past signature-based detection is how anti-virus applications became "next-generation anti-virus." These new techniques, ranging from sandboxing and detonating malware to automated kill chain analysis to machine learning, eventually found their way into a number of different threat protection products.
Each new approach to detecting and neutralizing malware is more complicated and automated, raising more questions about scalability. A security product that scans data flows transiting a network link for malware might seem like a point solution at first blush, but it isn't. It's not enough to have the security widget that meets your needs today; you need one that's built on a platform that scales.
To be viable in the long term, security products must operate at multiple points throughout the network. Organizations need both deep network visibility, as well as multiple points of enforcement throughout the network. Accomplishing this – especially at scale – inevitably involves automation and orchestration.
With the explosion of devices and transition to the cloud, expanding threat protection to block threats at the entire network layer – not just at the endpoint – is critical. A recent ESG Technical Validation evaluates the effectiveness of using Juniper Networks Advanced Threat Prevention and SRX Series Firewalls for automated threat detection and remediation to block threats at the network layer. ESG provides several validations of this solution throughout the report, including the ability for organizations to:
Move beyond complex, manual workflows and use automation and orchestration to detect and prevent threats.
Spend less time configuring and managing tools and more time responding to alerts and investigating threats.
Stop the progression of the cyber kill chain by detecting attacks as quickly as possible and reducing malware dwell time.
To learn more about ESG’s findings, you can download the full report here.
Discover how this solution and Juniper Connected Security can provide automated threat detection and remediation and extend security to all points across the network.