Security
Security is top-of-mind, especially right here where Juniper experts share their insights on the latest security trends and breakthroughs
Juniper Employee , Juniper Employee Juniper Employee
Security
Juniper Networks Achieves Recommended Rating from NSS Labs for Data Center Security Gateway
Nov 12, 2019

Juniper Networks has achieved a “Recommended” rating from NSS Labs in this year's Data Center Security Gateway (DCSG) report. NSS Labs tested a Juniper SRX5400 firewall with one SPC3 service card, running Application Security and Intrusion Detection Prevention (IDP), using firmware JNPR-11.0-20190316.df99236.

 

This independent testing focuses on security effectiveness, using simulations of real-world traffic combined with tests designed to determine the exact limits of vendor-submitted security gateways.  Results on identical hardware may vary, if a different firmware version is in use than the one used during testing.

 

“Juniper is back. The company is reasserting itself in the data center with a strong showing and should be on everyone's short list.”

     - NSS Labs DCSG 2019 Security Value Map Comparative Report

 

The NSS Labs DCSG group tests included server-side evasions. Juniper scored 100% on evasion block rate, 99.62% on exploit block rate and demonstrated an average secured throughput of 13.962 gigabits per second.

 

 

OSblog-2019 NSS Labs DCSG_HIGH RES.jpg

Performance

The NSS Labs DCSG includes an entire suite of performance tests. These tests measure throughput, latency and connection saturation under various circumstances. The raw packet performance of the tested SRX5400 was 14,930 Mbps for 64 byte packets, rising to 80,000 Mbps at 512 byte packets and remaining at 80,000 Mbps through to 1514 byte packets.

 

UDP latency was tested for packets of various sizes, ranging from 64 bytes to 1514 bytes, with average latencies for different packet sizes varying between 36.00 microseconds to 41.55 microseconds. The differences in latencies did not increase or decrease predictably with packet size, meaning that the detected variations are likely due to the latencies being so low as to have hit the statistical noise floor of our ability to measure them.

 

In this configuration, the tested SRX5400 was determined to have a theoretical maximum of 5,638,689 concurrent TCP Connections. It was assessed by NSS Labs as being able to establish 127,900 new TCP connections per second. NSS Labs also measured the tested SRX5400 as being able to handle the creation of 152,200 new HTTP connections per second and 329,400 HTTP transactions per second.

 

HTTP capacity tests were run in order to stress the HTTP detection engine. The tested SRX5400 was determined to be able to provide 41,190 Connections Per Second (CPS) and 16,467 Mbps of throughput for the 44KB response tests. The other end of that test series saw 115,300 CPS and 2,883 Mbps.

 

NSS Labs also examined how much latency is added to HTTP application response time by the firewalls protecting those applications. In the tested configuration, at 95% load, the SRX5400 added an average of 4.86 milliseconds to HTTP requests with a 44 kilobyte response and 1.33 milliseconds to HTTP requests with a 1.7 kilobyte response.

 

The tested SRX5400 was demonstrated to be able to sustain 4,242 connections per second at a connection density of 250 connections per Gb of traffic. It was able to sustain 7,077 connections at a connection density of 500 connections per Gb of traffic and 12,170 connections at a connection density of 1,000 connections per Gb of traffic.

 

Simulations of "real-world traffic" were performed using various common applications and traffic types. In the tested configuration, file share (ftp) traffic offered the highest throughput at 28,870 Mbps, followed closely by video (Netflix, YouTube and HTTP livestreaming) traffic at 23,890 Mbps. Database (DB2, MSSQL and MySQL) traffic represented a midpoint with the SRX offering 15,031 Mbps of throughput, while Financial Information eXchange (FIX) traffic proved the most demanding with the SRX delivering 3,760 Mbps of throughput.

Management

Automation and orchestration are at the heart of modern IT and management products are key to implementing either at scale. Juniper offers a multicloud-aware, feature-rich and common management stack. This management stack must be extensible so that organizations can take advantage of emerging technologies in their quest to realize the benefits of becoming AI-driven enterprises. 

 

Juniper's high-performance heritage means scale and performance are always top of mind. This is demonstrated in Security Director's unmatched ability to scale up to 25,000 devices under management. With Juniper Connected Security, organizations can manage their entire security infrastructure with a single management system, regardless of the scale at which they operate.

 

Information security relies on both deep network visibility and multiple points of enforcement. Juniper Connected Security marries Juniper Networks' longstanding expertise in networking with industry-leading information security capabilities. 

Juniper Connected Security

Juniper Connected Security enables organizations to protect their entire network: north-south, as well as east-west. Threats can appear at any point within a network and the traditional "eggshell security" model that focuses all defensive efforts on the network edge hasn't been a viable approach for decades.  Juniper Connected Security leverages our industry leading infrastructure technology, in conjunction with our scalable management applications, to stop threats as close to the endpoint as possible.

 

Independent testing is an important step in the validation process of any IT product. Juniper Networks is proud to achieve a recommended rating from NSS Labs. We believe this reinforces the effectiveness of our threat prevention capabilities under real-world conditions. Juniper Connected Security enables organizations to deploy threat prevention not only at the firewall, but throughout the entire network.

 

Juniper Connected Security provides organizations the ability to deploy SRX series firewalls based on the same technologies in multiple form factors, from physical appliances to virtual instances (vSRX) and even containerized (cSRX). Juniper's broad information security portfolio, combined with the extension of SecIntel capabilities to the MX series routers, as well as the EX and QFX switches, empowers organizations to secure their networks from the endpoint to the edge and every cloud in between.

 

We believe that NSS Labs’ testing demonstrates that Juniper Networks' firewalls are among the most effective firewalls available today with one of the key findings of NSS Labs' comparative report explicitly stating that Juniper "should be on everyone's short list". 

 

The entire network is a target so make the entire network a part of your defense. Secure beyond the edge with Juniper Connected Security.

 

Top Kudoed Members