Traditional network security as we know it has been much about enforcing the perimeter: Choose your endpoints, look out for security threats, and keep them from coming in. But just as the network is undergoing dramatic change, so too is the nature of cybersecurity. Today, increasingly sophisticated threats can just as easily come from inside the network, aided by the rise of bring your own devices (BYOD) and the pervasiveness of cloud-based applications. Security solutions that only detect known malware and suspicious activity after being compromised are no longer enough.
Juniper Networks is introducing a new security model that protects networks from evolving attacks by going beyond the perimeter to integrate security into the network using a bottoms-up and top-down approach. In its vision for “software-defined secure networks,” security would be incorporated across the entire network – routers and switches and down to the network operating system.
With newer, more sophisticated threats emerging every day, network security needs a new model that does not rely on traditional approaches or dedicated products. Under the software-defined secure networks model, the entire network becomes an enforcement domain. This takes security to a whole new level by providing administrators with the power to:
- Aggregate and distribute threat intelligence from multiple sources
- Use the cloud for real-time threat analysis
- Create, adapt, and enforce security policy dynamically across the network
- Leverage every element in the network to enforce policy
- Take action based on application usage patterns, threat maps and automated policies
The software-defined secure networks model relies on three cornerstone capabilities: 1) centralized threat intelligence and detection; 2) adaptive policy enforcement; and 3) centralized controller or policy engine. These capabilities would be provided by the following key components:
- Spotlight Secure: a threat intelligence platform that aggregates threat feeds from multiple sources and links security intelligence to policy enforcement for rapid protection against advanced threats
- Sky Advanced Threat Prevention (SkyATP): a cloud-based anti-malware service integrated with Juniper SRX Series firewalls that keeps the network free of sophisticated zero-day attacks and other unknown threats by delivering cloud-based protection. It scans both ingress and egress traffic for malware and signs of compromise.
- Junos Space Security Director: a security management platform that leverages feeds from Spotlight Secure to help administrators define security policies based on threats that are evolving and apply those policies in real time.
Together, Spotlight Secure, Sky ATP, and Security Director provide an open policy engine that adapts as threats evolve and applies policies to block threats in real-time automatically throughout the network at multiple enforcement points embedded in both physical and virtual products. Software-defined secure networks dynamically enforce policy at all network layers, transforming the way enterprises secure and manage the network.
To learn more about how software-defined secure networks can provide a comprehensive, open, and simple approach to network security, check out these resources: