Every day we hear about new ransomware, phishing and cyberattacks. The attacks are so widespread that it is only a matter of time before you become a victim. In fact, cybercrime is so lucrative, it is a leading driver of technology innovation. Organizations are increasingly attempting to not only stop threats but to simplify their approach in doing so. Attackers continue to target enterprise assets both from within and outside the corporate perimeter.
Figure 1: Cybercrime Statistics
To help, more organizations are turning to software-defined secure networks, which is an easy and automated way to go. Juniper Software Defined Secure network (SDSN) platform built intrusion detection and enforcement into the very fabric of your network, letting you quickly remediate threats by leveraging the entire network.
Juniper Software Defined Secure network platform offers a flexible, scalable and open architecture that protects physical infrastructure as well as private, public and hybrid cloud environments. It is backed by a comprehensive portfolio of high performance, physical and virtual firewalls, analytics and advance security services that deliver unified management and security.
Figure 2: Juniper Software Defined Secure Network Platform
The system is continuously learning about new threats, enabling automated and adaptive policy orchestration that keep cost down and visibility up. SDSN leverages the entire network for comprehensive defence. By a vendor agnostic for threat remediation, and consistent enforcement on third party devices, such as switches and wireless access points, SDSN protects the enterprise from random threat movement. It minimizes threat exposure time and risk by extending security deep into the network.
How an infected endpoint gets isolated from Network?
First, the end-user connects to a non-juniper switch and joins the network via 802.1x authentication by a radius server. Since the endpoint is deployed in line with juniper SRX series next generation firewalls, configured with SkyATP malware detection, it is quickly determined that the endpoint is infected. SkyATP sends the infected host’s information to the policy enforcer which downloads the threat feeds and learns the ip address of the comprised endpoint.
Figure 3: SDSN Policy Enforcer
Policy enforcer retrieves the endpoint information for the infected IP address from the radius server. Once the session is found, endpoint details including the mac address are returned to policy enforcer.
Policy enforcer then activates APIs on the radius server to initiate the change of authorization that would terminate the session. The endpoint is then either blocked or quarantine to a VLAN depending on the selected change of authorization action. This workflow is the same for endpoint that connects to the network via wireless access point.
Figure 4: Host -Block or Quarantine
Policy enforcer sends the infected endpoint information back to skyATP to ensure that its aware of the comprised device. The infected host is now isolated and all threat movement is blocked.
Once the threat has been investigated and cleared, the admin can simply change the endpoint threat status and allow the endpoint back to the network. By employing the entire network as an enforcement domain, SDSN platform provides comprehensive protection to even the most widespread customers.
For more information, kindly visit www.juniper.net/security.
- On February 5, 2019
- 0 Comments