Organizations are looking for ways to protect their assets amidst an ever-increasing threat landscape. You only need to look at the latest headlines to see why security is more important than ever.

The latest generations of web-based applications, combined with the proliferation of mobile devices, have made it difficult to effectively manage traffic and provide access to data while delivering the right mix of security and network services. There might be hundreds or even thousands of applications running across a typical enterprise network—most sanctioned by central IT, others part of shadow IT efforts, and some even installed for personal use.

To support this environment, security teams must overcome a number of complex operational problems. How do you control which applications are allowed on your network? How do you restrict those that are not? How do you ensure that business-critical network traffic is prioritized? How do you bolster security without compromising operational efficiency?

Most importantly, how do you prevent security from negatively impacting your business, especially as the growing popularity of distributed working drives increasing demand for secure SD-WAN technologies? This is where a next generation firewall can help.

The Challenge

As DDoS attacks grow in terms of frequency, magnitude, and sophistication, traditional defenses such as out-of-band scrubbing centers and manual interventions have become woefully inadequate and cost-prohibitive. In the case of large volumetric attacks, redirecting suspicious traffic to a scrubbing center adds latency and imposes a significant financial burden, since mitigation costs are directly tied to the volume of the data traffic. Such a traditional approach also requires manual analysis and human intervention, which adds even more latency and cost to the remediation process. Using these methods, up to 30 minutes can elapse between detection and mitigation— unacceptable in an era where DDoS attacks can take websites down in a matter of minutes.

In an always-on world, where downtime is a huge problem for any business, service providers and enterprises must seriously re-examine their existing DDoS protection strategy and consider new techniques that deliver faster, more effective protection at a far lower cost. The IP network should be an integral part of the solution as the first line of defense against volumetric attack, while telemetry, machine analysis, and network programmability make the detection and mitigation process more intelligent, automated, and adaptable.

The Juniper Networks Next-Generation Firewall Solution

Juniper Networks® SRX Series Services Gateways deliver integrated next-generation firewall (NGFW) protection with application awareness, intrusion prevention system (IPS), user role-based controls, best-in-class advanced security services, and SDN capabilities. SRX Series firewalls also perform full packet inspection, as well as applying application- and user specific security policies.

With these powerful capabilities, you can create security policies based on the applications whose data is transiting the network and/or the user receiving or sending network traffic— all while simultaneously examining the content, regardless of source or destination. This protects your environment from threats, manages how network bandwidth is allocated, and maintains appropriate access controls.

The Juniper Networks AppSecure suite of application-aware security services for the SRX Series firewalls classifies traffic flows while providing greater visibility, enforcement, control, and protection. Using a sophisticated classification engine, AppSecure accurately identifies applications regardless of port or protocol—including those known for using evasive techniques to avoid detection.

AppSecure provides the context needed to regain control of network traffic, set and enforce policies based on accurate information, and deliver the performance and scale required to address your business needs. Services enabled by AppSecure include AppTrack for detailed visibility into application traffic; AppFW for granular enforcement of application traffic policies; and AppQoS for prioritizing and metering application traffic.

The SRX Series firewalls allow you to include additional content security through integrated advanced services and IPS, providing greater protection against malware, spam, phishing, and application exploits.

By combining security functionality with SDN capabilities, SRX Series firewalls let organizations of all sizes take advantage of software-defined wired and wireless LAN (SD-LAN), as well as software-defined WAN (SD-WAN) easily and securely. With Juniper, you can deploy agile, adaptable LAN and WAN fabrics across your entire organization, no matter your network’s scale.

Juniper is known throughout the industry for meeting the needs of customers who require the largest and most resilient networks possible by delivering open, flexible solutions. In addition to the IPS and application signatures developed by Juniper’s research teams, IT teams can add custom signatures to SRX Series security services, letting you tailor your solution to solve your specific business needs.

The SRX Series also provides user identity-based controls, allowing organizations to apply security policies to the users or groups operating on their networks through direct integration with a directory service. This, combined with AppSecure and the advanced policy-based routing (APBR) capabilities of the SRX Series Services Gateways, allows organizations to route individual data flows to specific networks, subnets, VLANs, or WAN interconnects based on various criteria.

SRX Series Services Gateways come in a broad range of models. These range from distributed access-optimized all-in-one security and networking appliances to data center-optimized, scalable, high-performance chassis solutions. All SRX Series firewalls support next-generation capabilities, with most functionality supported on the Juniper Networks vSRX Virtual Firewall as well.

NGFW capabilities in the SRX Series platforms, as well as the Juniper Networks vSRX Virtual Firewall, can be centrally managed from a single management platform. Organizations have the option of choosing from an on-premises management solution, or one based in a public cloud.

IT teams can manage security services, perform logging and reporting, and segment management responsibilities through role-based access controls using either Junos Space® Security Director (on premises) or Contrail® Service Orchestration. Centralized management is based on the Junos® operating system, so it shares the same resiliency and massive scalability as Juniper’s highly regarded network solutions preferred by the world’s largest and most demanding networks. The combination of scalable and centralized management with SRX Series gateways delivers a powerful solution that brings context and clarity to the setting and enforcement of security policies.

Features and Benefits

• Identify data flows by application with AppSecure, and by user via network directory integration.
• Manage, secure, and route individual data flows using advanced policy-based routing and SDN across wired, wireless, and WAN networks.
• Secure your organization against network-based exploits targeting application vulnerabilities with an IPS that accommodates custom signatures.
• Defend your business against malware, viruses, phishing attacks, intrusions, spam, and other threats through advanced security services with antivirus, antispam, and Web and content filtering.
• Streamline operations by centrally managing all of your NGFWs from a single, highly scalable management platform, whether on-premises or in a public cloud.