These new advanced security capabilities empower customers to quickly take action on intelligence from varied threat detection technologies by immediately pushing enforcement rules to SRX firewalls to cut off command-and-control (C&C) traffic, isolate infected systems and effectively combat a diversity of threats targeting networks. This novel approach frees customers to choose the most appropriate threat detection technologies available – including feeds customized to their business – rather than being locked into only the intelligence data offered by their firewall vendor.
As the threat landscape continues to accelerate and evolve, the security industry continues to respond with a variety of disparate new detection technologies. Unfortunately, this approach results in customers struggling to manage a patchwork of uncoordinated security tools, leaving a gap between detection and enforcement at the firewall. Many Next-Generation Firewalls (NGFW) include integrated capabilities, such as Intrusion Prevention System (IPS), anti-virus signatures and proprietary reputation feeds, but they are closed systems that are not capable of taking full advantage of the highly diverse third-party and custom feeds utilized by customers.
Juniper’s expanded Spotlight Secure platform addresses these challenges and constraints by aggregating threat feeds from multiple sources to deliver open, consolidated and actionable intelligence to SRX firewalls across the organization. These sources include Juniper threat feeds, third-party threat feeds and threat detection technologies that the customer can deploy. Administrators are now able to define enforcement policies from all feeds via a single, centralized management point.
Juniper is announcing major enhancements to the Spotlight Secure platform including:
· Threat Protection: New threat feeds for Spotlight Secure provide C&C and GeoIP feeds that not only adapt protection and firewall policies based on the severity of threats in the network, but also recognize and block traffic from specified countries and send selected traffic through additional security services. These new feeds augment Juniper’s industry-only attacker-device fingerprinting service, which is already available via Spotlight Secure.
· Tight Integration with the Network: Enhanced integration between Juniper Networks Junos® Space Security Director and Spotlight Secure links cloud-based threat feeds to the customer firewalls and provides a single aggregation point for multiple feeds into the firewall.
· Intelligent Firewall: Enhancements to the SRX firewall allow it to now consume and enforce policy based on the aggregated threat intelligence from detection technologies and feeds that reside both on premises and in the cloud.
This combination of new capabilities helps customers more effectively combat advanced threats in their networks. Key advantages to Spotlight Secure integrated with the SRX firewall include:
· Open and Scalable Security Intelligence Platform: The open approach to the Spotlight Secure platform allows customers to bring diverse threat intelligence and detection capable of providing timely, actionable enforcement on the firewall. The platform also provides increased scalability, which allows over one million entries in custom feeds, as well as the ability to manage the large number of feeds conveniently with a single point of management. This approach provides comprehensive enforcement to stop a broad spectrum of threats.
· Higher Security Effectiveness: Customers are now free to use and enforce the most effective technologies available provided by Juniper and other industry leaders – including feeds customized to their industry or even their specific organization. By providing real-time integration between threat feeds and the firewall, only the latest and most relevant intelligence is sent to firewalls. This approach reduces the need for manual transfer of new threat information to firewall enforcement ensuring fast time-to-enforcement and low false positive rates with the latest intelligence.
· Improved Operational Efficiency: With Spotlight Secure’s simplified enforcement model, companies can dramatically reduce administrative overhead.
o Centralized Management: Firewall policies, threat intelligence feeds, and reporting on enforcement and actions are all available in a single pane view with Security Director.
o Automated: The latest aggregated threat intelligence can now automatically syndicate across the entire firewall estate, with no need to update or commit firewall policy changes.