Security is top-of-mind, especially right here where Juniper experts share their insights on the latest security trends and breakthroughs
Juniper Employee , Juniper Employee Juniper Employee
When NGFWs Aren’t Enough
Nov 11, 2013

binary.jpgAs an industry, we have evolved from talking about security requirements for enterprise as a whole to a more segmented view that recognizes that security at the campus edge is not the same as security at the data center edge—and neither is like the security in the data center core. 


Why this distinction now? We are at a stage where the nature of increasingly malicious and targeted cyber threats are forcing us to recognize that what constitutes a strong defense in one part of the enterprise does not provide an equally strong defense in another part.  With cyber attacks becoming more sophisticated and more difficult to detect, the financial stakes are high for corporations.  In particular, the data center is becoming the target for cyber criminals, and security defenses that worked in the past are no longer effective. 


Why do NGFWs fall down when it comes to securing the data center?


It is well recognized that NGFWs deliver an effective security defense at the campus edge.  They play an important role by enforcing the perimeter for outbound and inbound traffic and protecting users (i.e., what we generally call an egress problem).  In the data center, the problem is reversed.  It is one of ingress. 


To be effective, the defense must shift from protecting users to protecting an organization’s crown jewels i.e. high value assets that contain sensitive information.  NGFWs do not prevent inbound attacks over authorized traffic channels, in particular attacks on Web and application servers.  In the data center, security defenses that protect against multiple attack vectors occurring over authorized and unauthorized traffic channels are the right solution.  


There is another aspect to this.  In the data center, the problem is also that of unknown attacks.  Here, signatures are not an adequate defense.  Signature-based solutions prevent based upon known attacks, but detecting unknown attacks requires a different approach.


How should we detect unknown and zero-day attacks against the data center?


Read the new IDC report for a more detailed perspective on the different use cases for target attacks in the enterprise, and Juniper’s approach to securing the data center.  And if you want to hear more—or have questions—join IDC’s Chris Christiansen and Juniper Networks’ David Koretz  on November 20, 9 AM PST // 12 PM EST // 6 PM CET, for their webcast: “Next-Generation Application Security for Today’s Modern Data Center.” Register now.