Juniper Networks has announced Juniper Cloud Workload Protection, a software designed to automatically defend application workloads in any cloud or on-premises data center environment against application exploits as they happen.
According to the company, the Juniper CloudWorkload Protection reinforces its commitment to security by supporting every type of workload and providing a safety net for applications, even when organisations may not be aware that certain application vulnerabilities exist until its too late.
"Nearly everything we do on the network involves applications, from web browsing and chat to mobile games and services that allow us to get work done," Juniper Networks says.
"Applications store, process and exchange data, which enables us to connect to each other and makes our digital lives easier. And when we use them, we need them to be accessible right away, and we trust that they will do only what they were intended to do that is, we trust that our application experience is secure.
"As such, application security is a core tenet of the Juniper Experience-First Networking philosophy."
Juniper Networks says that when application code is written, it sometimes contains errors that present opportunities that attackers can use to exploit the underlying resources and process or workloads that power the application, such as databases and data collectors.
"Just look at the latest public breaches most, if not all, of them involve the successful exploitation of one or more application vulnerabilities," it says.
Organisations may not even be aware that certain application vulnerabilities exist until it's too late. As much as every organisation tries to adhere to a secure software development lifecycle (SDLC) to build secure applications from the start, there is always the potential for risk. This means there will always be vulnerabilities that attackers can exploit.
"But what if organisations had a safety net to protect application workloads against exploits, including zero-days," Juniper Networks says.
The Juniper Cloud Workload Protection automatically defends application workloads in any cloud or on-premises data center environment against application exploits as they happen, including the Open Web Application Security Project (OWASP) Top 10 and memory-based attacks.
Juniper Cloud Workload Protection is a lightweight software agent that controls application execution and monitors the applications behaviour and context what its supposed to do against whats happening in real-time. Vulnerability remediation is done automatically without admin intervention.
Juniper Cloud Workload Protection ensures that production applications always have a safety net against vulnerability exploits, keeping business-critical services connected and protected.
This new Juniper product provides the following critical capabilities:
- Signatureless Run-Time Application Self-Protection (RASP) provides real-time protection against attacks. It protects the application from malicious actions, such as exploitation and data theft, without any manual intervention, catching sophisticated attacks that endpoint detection (EDR) and web application firewall (WAF) solutions cannot.
- Memory-Based Attack Prevention provides real-time protection against advanced memory-based attacks, including fileless, return-oriented programming (ROP) and buffer overflow attacks.
- Vulnerability Detection continuously assesses vulnerabilities in applications and containers to detect serious and critical exploit attempts as they happen. Juniper Cloud Workload Protection delivers information on the exploit attempt to DevSecOps teams to better understand where the vulnerability exists, so they can remediate.
- Comprehensive Telemetry provides rich application-level security event generation and reporting, including application connectivity, topology and detailed information about the attempted attack.
- Optimised Control Flow Integrity (OCFI) technology minimises false alerts by validating the execution of applications and detecting attacks without using behaviour or signatures.
- Zero Trust Microsegmentation shields application resources from lateral threat propagation and integrates with Juniper vSRX Virtualised Firewalls to restrict access based on risk, even as workloads and virtual environments change. Automated threat response with built-in, real-time telemetry helps security teams detect threats once and block them across the entire network.
"Juniper Cloud Workload Protection continues the drumbeat of Juniper Connected Security by supporting every type of workload and providing a safety net for applications," the company says.
"Customers no longer need to trade-off between limiting their risk of a data breach or missing release deadlines, especially those in production.
"Organisations can keep applications connected and protected, providing application teams the means to deliver, operate and ensure that their data center environments are following compliance rules while continuously looking out for anomalies."