The next evolution in next-generation firewalls
Westcon Imagine 2014 - With companies struggling to keep pace with the increasing volume and sophistication of cyberattacks, it’s time for firewalls to step up - and time for an evolutionary advancement in next-generation firewalls (NGFW).
“Today’s IT environments are becoming ever more complex, with a moving target of corporate and bring your own applications, devices and cloud services,” says Tim Nagy, Systems Engineer Director ANZ for Juniper Networks. “Technology to detect and mitigate malware attacks is important, but there are often compromises of effectiveness and manageability,” he adds.
The security industry continues to respond to the changing threat landscape with a variety of disparate new detection technologies. Unfortunately, it’s an approach that results in companies struggling to manage a patchwork of uncoordinated security tools, leaving a gap between detection and enforcement at the firewall.
“Many NGFW include integrated capabilities, such as Intrusion Prevention Systems, antivirus signatures and proprietary reputation feeds, but they are closed systems that are not capable of taking full advantage of the highly diverse third-party and custom feeds utilised by customers,” Nagy says.
“For many years, firewalls focused on rules that did traffic enforcement at Layer 3 and 4. As more complex applications and threats became more common, it was necessary to have application inspection all the way to Layer 7, often with integration of intrusion prevention (IDP).”
Nagy says this was still very static change management for policy updates and downloads for IDP signature definitions.
Adding user awareness to the firewall added a certain amount of dynamic control, allowing different policy enforcement for users or groups – what most think of as NGFW. However, Nagy says there are two issues with this. “The static nature of the firewall is not enough for enforcement against today’s threats and the NGFW features are great for enterprise edge, or perimeter, firewall, but not that useful for securing applications in the data centre.
Enter the dynamic intelligent firewall and Juniper Spotlight, which brings additional intelligence into the firewall and streamlines the security enforcement process using dynamic policies which leverage the intelligence feeds.
Juniper Spotlight links security intelligence to policy enforcement for rapid protection against advanced threats.
Customers can quickly take action on intelligence from varied threat detection technologies, aggregating threat feeds from multiple sources – including Juniper and third party threat feeds and threat detection technologies you deploy – to deliver open, consolidated, actionable intelligence to firewalls across the organisation.
A more dynamic approach comes into play if attacks do get inside the network with application security in Juniper’s AppSecure features enabling the firewall to detect what applications-based rules on traffic ingress or egress.
Using a feed of known command-and-control networks to dynamically build policy on the perimeter firewall to stop infected hosts getting back to their C+C and further spreading is also a factor, Nagy adds.
For Nagy, and Juniper, the perfect intelligent network provides a way to detect and mitigate against threats at every level of the kill chain, from reconnaissance to data exfiltration.
New advancements in security
In September, Juniper Networks announced new advancements in its security capabilities, extending the Juniper Networks Spotlight Secure threat intelligence platform and linking it with firewall policies in Juniper Networks SRX Series Services Gateways.
These new advance security capabilities empower users to quickly take action on intelligence from varied threat detection technologies by immediately pushing enforcement rules to SRX firewalls to cut off command-and-control traffic, isolate infected systems and effectively combat a diversity of threats targeting networks.
Administrators are able to define enforcement policies from all feeds via a single centralised management point. This novel approach frees users to choose the most appropriate threat detection technologies available, including feeds customised to their business, rather than being locked into only the intelligence data offered by their firewall vendor.
Juniper’s advanced security solutions make centralised management of Juniper’s SRX and virtual Firefly Perimeter firewalls easier with the addition of Junos Space Security Director’s integrated logging and reporting functionality, with additional role-based access controls that manage next-gen security services such as firewalls, application security and unified threat management.
For more information visit www.juniper.net