Juniper Shines Spotlight on Network Security with Big Data
IP addresses aren't enough to block network security threats anymore
Juniper is expanding its network security intelligence and defensive capabilities with a new set of product formally announced today at the RSA 2013 security conference.
At the top of the list is a new threat intelligence capability called Juniper Secure Spotlight that aims to go beyond just IP and reputation to determine if a resource is potentially malicious.
The new efforts are being led by David Koretz, who came to Juniper after his company Mykonos was acquired by Juniper in a year ago for $80 million. Koretz runs what Juniper now refers to as the counter-security business unit and includes the former Mykonos technology, now known as *WebApp Secure, as well as a new product called DDoS secure.
According to a new Ponemon Institute study commissioned by Juniper, 60 percent of respondents had at least one breach of their data center in the last 12 months. 34 percent had experienced two or more breaches in the last 12 months. In terms of concerns, 62 percent of respondents were concerned about web-based attacks and 60 percent were concerned about Denial of Service (Ddos) attacks.
Koretz argued that even though data centers have made investments in Next Generation Firewall (NGFW) technology and IP reputation feeds, the study found that 60 percent of respondents indicated that those technologies still don't solve the problem.
"In a campus or branch location, blocking an IP address is often an acceptable approach," Korentz said. "In a data center that's not a real option."
There can and often are, many individual machines and servers that may be hidden behind a single IP address that hits a data center network. That's where the new Juniper Spotlight Secure service comes into play.
What Spotlight Secure does is it tracks individual devices in a massive database, in an effort to block bad users and help to make sure that the good user can still get through. The service leverages over 200 different attributes a device. All that data is stored in a Big Data backend cloud service that provides telemetry and analytics on all the data.
Big Data to date has been used in the wrong way, according to Koretz. It's not just about storing mountains of today, the real challenge is about making sense of the data.
"The real opportunity for Big Data is the type of use case we're doing, where we're not just recording a lot of log data," Koretz said. "We really just care about the small percentage of logs that we can correlate to attacker and we really want all the information we can get about them."
From a technology perspective, Juniper is using Hadoop with MapReduce as the core foundation for storing the data. Going beyond that, Juniper built its' own algorithms to make sense of the data and correlate it for network security.
The threat intelligence on attacks will be consumable by Juniper's SRX security appliances. The SRX is also gaining an integration with WebApp Secure service as well to help provide pro-active counter-security to data centers. The WebApp Secure technology (formerly known as Mykonos) sets 'traps' for attacks and uses a strategic process of deception in order to thwart network attacks.
Together with the Spotlight service the end goal is to enable a data center to go beyond just blocking IP addresses to being able to block individual bad devices.
In addition to the Spotlight Secure service, Juniper is also launching a new appliances for Distribute Denial of Service (DDoS) attack mitigation. The new appliance run on a secure Linux kernel as the bare metal operating system. The DDoS secure appliance is not the first Juniper device to run Linux, Juniper has a long history of using Linux for its IPS security appliances as well. Juniper's core switching and routing hardware typically all run the Junos operating system, which as its roots in the open source FreeBSD operating system.
"Our intent is not to put every security device on Junos," Koretz said. "When you get into content security and the Layer 7 stuff, having more flexibility makes more sense."
Whether a device runs on Linux or Junos, Koretz noted that the key thing that Juniper is aiming to deliver is full visibility and a single pane of glass to manage the platform.