Juniper Networks updated its advanced threat prevention appliances to simplify security data integration. The on-premises devices now will ingest and analyze data from any third-party firewall or security data source. This helps enterprises detect malware and respond to threats with one touch, and it also helps them avoid vendor lock in, Juniper says.
The appliance uses technology acquired from Cyphort, a security startup Juniper bought in August 2017. Juniper integrated Cyphort’s software with its advanced threat prevention platform. And earlier this year, it renamed the product Juniper Networks Advanced Threat Prevention (JATP). The platform comes in a cloud-delivered version as well as an on-premises device. Today’s news centers on the device version.
“One of the Cyphort underpinnings was a very open ecosystem — it didn’t depend on a specific brand of firewall or SIEM [security information and event management] or secure gateway,” said Amy James, director of security product marketing at Juniper Networks. “There were essentially API hooks into an ecosystem of security devices that were enabled, and that persists today in our version of the product.”
Juniper, working with Ponemon Institute, did a study that found 64 percent of security teams surveyed said that speeding up threat analysis and prioritizing threats with automation would improve their security posture. High volumes of incident data generated by numerous, disparate sources make threat detection and mitigation increasingly difficult.
Understaffed security teams spend too much time analyzing and correlating alerts to uncover threats, and this ultimately increases time to remediation. Additionally, security teams face the manual tasks of creating one-off custom integrations to ingest relevant data from these sources.
Custom Security Data Collectors
New capabilities address these challenges and build on the platform’s open architecture. They allow security teams to create custom data collectors in the JATP appliance using threat data from any Juniper or third-party firewall. This simplifies security operations in multi-vendor environments by eliminating the need for custom code or pre-defined integrations, James said.
“Through a UI, the configurations can be made in a point and click fashion, and the new source of threat data can be brought into the product, all within the context of the UI and the product itself,” she explained.
Once the dataset is defined, it flows into the platform’s threat behavior timeline. This allows security teams to see what happened and when via the user interface. This new capability supports multiple log format types, including XML, JSON, and CSV, and is complementary to existing SIEM functionality.
The appliances provide up to 12x productivity gains over manual processes for malware investigations, Juniper claims.
The new capabilities will be available later this month.
Juniper’s advanced threat prevention platform has a couple of advantages over competing products, James said. The first is its open ecosystem. “This can work in conjunction with any firewall and SIEM, so it’s very compatible and can be used right away in an environment,” she said. “The other thing is the idea of the detection and analysis and automation behind the ability to do one-touch mitigation. That’s a pretty unique way of approaching advanced malware.”