SlideShare a Scribd company logo

Threat intelligence platform explained

Mindy Kam, profile picture
Mindy Kam

Juniper's Threat Intelligence Platform is designed to deliver threat data in seconds to enhance cybersecurity by enabling immediate action against emerging threats. It aggregates and processes various command and control feeds to provide optimized, actionable data that can be easily managed across multiple security devices. The platform supports integration with other data sources and provides customizable threat-level controls, ensuring organizations maintain robust security in dynamic threat landscapes.

Technology
1 of 12
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
©  2015  Juniper  Networks      page  1     Juniper’s     Threat  Intelligence  Pla/orm   Explained         23  February  2015   In security, time matters. A lot. Consider the time it takes to identify a new threat. Sometimes it takes days, weeks, or months. Or, the time it takes to block a threat action, or stop a breach. Same thing: typically it takes days, weeks or months. During that time, the bad actor can do a lot of damage, before you’re even aware that there’s a problem. That’s why we built the Juniper Threat Intelligence Platform, which streams threat data to where it’s needed most – at the enforcement point – in only seconds. This means that moments after you know about a threat, your firewall policies can take action, and stop it from turning into a problem. In short, we can stop threats, faster. Let’s explore how this works.
©  2015  Juniper  Networks      page  2     The threat landscape is dynamic: constantly growing, changing, evolving. There are a multitude of threat actions that bad actors use today to execute an attack – establishing back doors, embedding root kits, delivering malware, SQL injection, brute force, DDoS attacks, spear phishing—the list is long, and the attacks often use a combination of techniques that eventually result in a breach and exfiltration of data. Often, they use a command and control server used to orchestrate remote actions -- sometimes executed on a single host, and other times executed in a peer-to-peer configuration, which makes it really hard to track. The adversaries are quick to change their network identifiers (like IP address) and behaviors so that their activities continue unabated.
©  2015  Juniper  Networks      page  3     In response, scores of security research firms have been established to find these threats. They make their findings available to subscribers as a feed; sometimes free and sometimes at a price. The good news is, there are plenty of choices for threat intelligence data. Some research firms are industry specific (e.g. federal government), some are technique specific (DDoS detection), some on technologies areas, such as discovering app vulnerabilities. The data is delivered to subscribers through a feed, where the data is used to enrich SIEM or other analytic engines, and/or to inform the enforcement point policy on the firewall itself. The problem is, getting the data to an enforcement point takes too long – typically days or weeks. First the data has to be converted to a usable format, then it has to be associated with the policies so that it’s actionable. It takes time. And when the source data changes (which it does every hour, every day) you have to do it all over again.
©  2015  Juniper  Networks      page  4     So Juniper created a new approach, with the Spotlight Secure Threat Intelligence service for the SRX Series firewall. The threat intelligence service is designed to aggregate a variety of command and control feeds, process them through algorithms and machine learning techniques to remove false positives and duplicates. Threat levels are added, data is prioritized, then pushed down to the SRX enforcement point.
©  2015  Juniper  Networks      page  5     This results in clean, actionable data that’s optimized for SRX. This threat information is delivered through a connector to JunOS Space Security Director, the SRX management platform, which controls security services (e.g. Web filtering, IPS, anti-virus) as well as security policies for all SRX instances. Threat levels can be tuned by the security administrator, who maintains control over what data is syndicated out to various SRX firewalls. This means that data center, campus and branch firewalls are all controlled from a single management platform, and can each consume threat intelligence data from Spotlight Secure. Juniper’s strategy is to provide the fastest and most effective way to take action to mitigate emerging threats. That’s why we make it easy to use right out of the box, including a a GeoIP feed as well the command and control capability.
©  2015  Juniper  Networks      page  6     Juniper’s threat intelligence platform also allows customers to use data from any other source--their own incident response team, other detection software such as advanced malware detection, or threat data from shared industry intelligence sources. Because it’s designed with an open data model, the SRX consumes data easily, from virtually any source, and incorporates it into policies across the enterprise. You can even feed data from your incident response team or your SIEM directly into the system.
©  2015  Juniper  Networks      page  7     One advantage of Juniper’s Threat Intelligence platform and SRX is that all enforcement points can consume this data – thus protecting the entire organization, no matter how large or distributed the enterprise. And, data can be right-sized to each device. For example, some quantity and type of data might flow to branch devices, while other data might be more pertinent in a data center environment. Importantly, as the data changes (and it changes constantly), each firewall is updated automatically, without needing to go through change or commit process.
©  2015  Juniper  Networks      page  8     Campus and branch environments primarily need protection from the “inside out” problem – where users are connecting to various sites and services on the internet. With a rich source of intelligence feeds, Juniper SRX firewalls can block or alert on outbound connections based on threat levels. These threat levels can be used by network or security administrators to fine-tune the security policy based on the need of that particular network. In other words, policy can be defined based on threat severity, and administrators can be given the power to make adjustments that befit the need. The security administrator can establish rules about connecting to domains, URLs or IPs based on acceptable use policy, and/or threat level associated with the destination. For example, some organization may choose to block entire geographies of IP addresses. If a user is requesting connection with a server that happens to be in a country or region that your organization considers a risk, the GeoIP feed can inform the SRX to block the request —preventing a user from connecting.
©  2015  Juniper  Networks      page  9     The data center is similarly protected from inbound and outbound data exchange, based on GeoIP and C&C threat information, as well as third party or proprietary feeds. Data center firewalls, even those that aren’t internet facing, are continually updated via Security Director, thus able to maintain up- to-the-minute threat protection. In fact, it takes less than a minute to update a firewall when new threat data enters the system.    
©  2015  Juniper  Networks      page  10     How to get going? If you’re an SRX user, it’s easy. The solution is up and running right out of the box. It runs as a virtual machine on JunOS Space. So you can take advantage of better protection right now. And remember: •  The solution is open: it consumes virtually any data feed •  It’s scalable: each instance can support more than 1,000 firewalls •  It’s built for high capacity, supporting over a million threat data records
©  2015  Juniper  Networks      page  11     Finally, it’s vigilant. As threat data continues to stream in, the SRX firewalls continually are updated. It takes less than 60 seconds to get data from the source to the enforcement point. That speed is what you need to prevent threats from turning into attacks. By reducing the time between knowing about a threat and actually blocking that threat, you are a whole lot more secure. Time is on your side. Talk to Juniper about SRX and the Spotlight Secure Threat Intelligence Platform. ©  2015  Juniper  Networks      page  11    
©  2015  Juniper  Networks      page  12     ©  2015  Juniper  Networks      page  12    

More Related Content

PPTX
Honeypots for Cloud Providers - SDN World Congress
Vallie Joseph
 
PPTX
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Rahul Neel Mani
 
PDF
ds-threat-intelligence-exchange
Robert D. Diaz
 
PDF
Intelligence Driven Threat Detection and Response
EMC
 
PPTX
Vapt life cycle
penetration Tester
 
PPTX
SAM05_Barber PW (7-9-15)
Norm Barber
 
PDF
The Cost of Doing Nothing: A Ransomware Backup Story
Quest
 
PPT
Layered Approach - Information Security Recommendations
Michael Kaishar, MSIA | CISSP
 
Honeypots for Cloud Providers - SDN World Congress
Vallie Joseph
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Rahul Neel Mani
 
ds-threat-intelligence-exchange
Robert D. Diaz
 
Intelligence Driven Threat Detection and Response
EMC
 
Vapt life cycle
penetration Tester
 
SAM05_Barber PW (7-9-15)
Norm Barber
 
The Cost of Doing Nothing: A Ransomware Backup Story
Quest
 
Layered Approach - Information Security Recommendations
Michael Kaishar, MSIA | CISSP
 

What's hot (20)

DOCX
Nice network intrusion detection and countermeasure
IEEEFINALYEARPROJECTS
 
PPTX
Webinar: Ransomware: Strategies for Protecting Your Weakest Link - Endpoints
Storage Switzerland
 
PDF
Cyber Security - IDS/IPS is not enough
Savvius, Inc
 
PPTX
Cyber Security protection by MultiPoint Ltd.
Ricardo Resnik
 
PDF
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3
Edward Johnson
 
PPTX
Network Intrusion Detection and Countermeasure Selection
Pramod M Mithyantha
 
PDF
Cyber Incident Response Team - NIMS - Public Comment
David Sweigert
 
PDF
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
PDF
Alien vault sans cyber threat intelligence
AlienVault
 
PPTX
APT Monitoring and Compliance
Marcus Clarke
 
PDF
ePlus Next-Generation Firewalls
ePlus
 
PDF
RSA Anatomy of an Attack
integritysolutions
 
PDF
Cyber Kill Chain vs. Cyber Criminals
David Sweigert
 
PPT
SoleraNetworks
Joe Levy
 
PPTX
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
PDF
FBI Memo on How to Protect Yourself from Ransomware
David Sweigert
 
PPT
Select idps
Info-Tech Research Group
 
PPTX
Network Security Risk
Dedi Dwianto
 
PDF
The Threat Landscape & Network Security Measures
Carl B. Forkner, Ph.D.
 
PDF
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
FireEye, Inc.
 
Nice network intrusion detection and countermeasure
IEEEFINALYEARPROJECTS
 
Webinar: Ransomware: Strategies for Protecting Your Weakest Link - Endpoints
Storage Switzerland
 
Cyber Security - IDS/IPS is not enough
Savvius, Inc
 
Cyber Security protection by MultiPoint Ltd.
Ricardo Resnik
 
ThreatAlytics Compliance Monitoring CADSI 23 Nov_rev3
Edward Johnson
 
Network Intrusion Detection and Countermeasure Selection
Pramod M Mithyantha
 
Cyber Incident Response Team - NIMS - Public Comment
David Sweigert
 
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Alien vault sans cyber threat intelligence
AlienVault
 
APT Monitoring and Compliance
Marcus Clarke
 
ePlus Next-Generation Firewalls
ePlus
 
RSA Anatomy of an Attack
integritysolutions
 
Cyber Kill Chain vs. Cyber Criminals
David Sweigert
 
SoleraNetworks
Joe Levy
 
VAPT - Vulnerability Assessment & Penetration Testing
Netpluz Asia Pte Ltd
 
FBI Memo on How to Protect Yourself from Ransomware
David Sweigert
 
Select idps
Info-Tech Research Group
 
Network Security Risk
Dedi Dwianto
 
The Threat Landscape & Network Security Measures
Carl B. Forkner, Ph.D.
 
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
FireEye, Inc.
 
Ad

Similar to Threat intelligence platform explained (20)

PDF
Why Your Business Needs Advanced Firewall Solutions?
VRS Technologies
 
PDF
Firewall buyers-guide
Andy Kwong
 
PDF
Marlabs cyber threat management
Rajendra Menon
 
PDF
Cisco NGFW AMP
Cisco Canada
 
PDF
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
Ulf Mattsson
 
PDF
eBook-enterprise-firewall-Technology.pdf
AligatorBlood
 
DOCX
Project Quality-SIPOCSelect a process of your choice and creat.docx
wkyra78
 
PDF
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
itnewsafrica
 
PDF
Top reasons why Endpoint Security should move to Cloud | Sysfore
Sysfore Technologies
 
DOC
Take back your security infrastructure
Anton Chuvakin
 
PDF
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
IJNSA Journal
 
PPTX
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
sarah david
 
PDF
Changing the Security Monitoring Status Quo
EMC
 
PDF
Strategies for Data Leakage Prevention
IRJET Journal
 
PDF
Websense security prediction 2014
Bee_Ware
 
PPTX
8 Top Cybersecurity Tools.pptx
Metaorange
 
PDF
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
sarah david
 
PDF
8 Top Cybersecurity Tools.pdf
Metaorange
 
PDF
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
ColorTokens Inc
 
DOC
Network Security Essentials for IT Professionals.doc
TCCI Computer Coaching
 
Why Your Business Needs Advanced Firewall Solutions?
VRS Technologies
 
Firewall buyers-guide
Andy Kwong
 
Marlabs cyber threat management
Rajendra Menon
 
Cisco NGFW AMP
Cisco Canada
 
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...
Ulf Mattsson
 
eBook-enterprise-firewall-Technology.pdf
AligatorBlood
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
wkyra78
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
itnewsafrica
 
Top reasons why Endpoint Security should move to Cloud | Sysfore
Sysfore Technologies
 
Take back your security infrastructure
Anton Chuvakin
 
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
IJNSA Journal
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
sarah david
 
Changing the Security Monitoring Status Quo
EMC
 
Strategies for Data Leakage Prevention
IRJET Journal
 
Websense security prediction 2014
Bee_Ware
 
8 Top Cybersecurity Tools.pptx
Metaorange
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
sarah david
 
8 Top Cybersecurity Tools.pdf
Metaorange
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
ColorTokens Inc
 
Network Security Essentials for IT Professionals.doc
TCCI Computer Coaching
 
Ad

Recently uploaded (20)

PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Cloud computing and distributed systems.
kkkkkhan
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Teaching material agriculture food technology
LiaRayya
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 

Threat intelligence platform explained

  • 1. ©  2015  Juniper  Networks      page  1     Juniper’s     Threat  Intelligence  Pla/orm   Explained         23  February  2015   In security, time matters. A lot. Consider the time it takes to identify a new threat. Sometimes it takes days, weeks, or months. Or, the time it takes to block a threat action, or stop a breach. Same thing: typically it takes days, weeks or months. During that time, the bad actor can do a lot of damage, before you’re even aware that there’s a problem. That’s why we built the Juniper Threat Intelligence Platform, which streams threat data to where it’s needed most – at the enforcement point – in only seconds. This means that moments after you know about a threat, your firewall policies can take action, and stop it from turning into a problem. In short, we can stop threats, faster. Let’s explore how this works.
  • 2. ©  2015  Juniper  Networks      page  2     The threat landscape is dynamic: constantly growing, changing, evolving. There are a multitude of threat actions that bad actors use today to execute an attack – establishing back doors, embedding root kits, delivering malware, SQL injection, brute force, DDoS attacks, spear phishing—the list is long, and the attacks often use a combination of techniques that eventually result in a breach and exfiltration of data. Often, they use a command and control server used to orchestrate remote actions -- sometimes executed on a single host, and other times executed in a peer-to-peer configuration, which makes it really hard to track. The adversaries are quick to change their network identifiers (like IP address) and behaviors so that their activities continue unabated.
  • 3. ©  2015  Juniper  Networks      page  3     In response, scores of security research firms have been established to find these threats. They make their findings available to subscribers as a feed; sometimes free and sometimes at a price. The good news is, there are plenty of choices for threat intelligence data. Some research firms are industry specific (e.g. federal government), some are technique specific (DDoS detection), some on technologies areas, such as discovering app vulnerabilities. The data is delivered to subscribers through a feed, where the data is used to enrich SIEM or other analytic engines, and/or to inform the enforcement point policy on the firewall itself. The problem is, getting the data to an enforcement point takes too long – typically days or weeks. First the data has to be converted to a usable format, then it has to be associated with the policies so that it’s actionable. It takes time. And when the source data changes (which it does every hour, every day) you have to do it all over again.
  • 4. ©  2015  Juniper  Networks      page  4     So Juniper created a new approach, with the Spotlight Secure Threat Intelligence service for the SRX Series firewall. The threat intelligence service is designed to aggregate a variety of command and control feeds, process them through algorithms and machine learning techniques to remove false positives and duplicates. Threat levels are added, data is prioritized, then pushed down to the SRX enforcement point.
  • 5. ©  2015  Juniper  Networks      page  5     This results in clean, actionable data that’s optimized for SRX. This threat information is delivered through a connector to JunOS Space Security Director, the SRX management platform, which controls security services (e.g. Web filtering, IPS, anti-virus) as well as security policies for all SRX instances. Threat levels can be tuned by the security administrator, who maintains control over what data is syndicated out to various SRX firewalls. This means that data center, campus and branch firewalls are all controlled from a single management platform, and can each consume threat intelligence data from Spotlight Secure. Juniper’s strategy is to provide the fastest and most effective way to take action to mitigate emerging threats. That’s why we make it easy to use right out of the box, including a a GeoIP feed as well the command and control capability.
  • 6. ©  2015  Juniper  Networks      page  6     Juniper’s threat intelligence platform also allows customers to use data from any other source--their own incident response team, other detection software such as advanced malware detection, or threat data from shared industry intelligence sources. Because it’s designed with an open data model, the SRX consumes data easily, from virtually any source, and incorporates it into policies across the enterprise. You can even feed data from your incident response team or your SIEM directly into the system.
  • 7. ©  2015  Juniper  Networks      page  7     One advantage of Juniper’s Threat Intelligence platform and SRX is that all enforcement points can consume this data – thus protecting the entire organization, no matter how large or distributed the enterprise. And, data can be right-sized to each device. For example, some quantity and type of data might flow to branch devices, while other data might be more pertinent in a data center environment. Importantly, as the data changes (and it changes constantly), each firewall is updated automatically, without needing to go through change or commit process.
  • 8. ©  2015  Juniper  Networks      page  8     Campus and branch environments primarily need protection from the “inside out” problem – where users are connecting to various sites and services on the internet. With a rich source of intelligence feeds, Juniper SRX firewalls can block or alert on outbound connections based on threat levels. These threat levels can be used by network or security administrators to fine-tune the security policy based on the need of that particular network. In other words, policy can be defined based on threat severity, and administrators can be given the power to make adjustments that befit the need. The security administrator can establish rules about connecting to domains, URLs or IPs based on acceptable use policy, and/or threat level associated with the destination. For example, some organization may choose to block entire geographies of IP addresses. If a user is requesting connection with a server that happens to be in a country or region that your organization considers a risk, the GeoIP feed can inform the SRX to block the request —preventing a user from connecting.
  • 9. ©  2015  Juniper  Networks      page  9     The data center is similarly protected from inbound and outbound data exchange, based on GeoIP and C&C threat information, as well as third party or proprietary feeds. Data center firewalls, even those that aren’t internet facing, are continually updated via Security Director, thus able to maintain up- to-the-minute threat protection. In fact, it takes less than a minute to update a firewall when new threat data enters the system.    
  • 10. ©  2015  Juniper  Networks      page  10     How to get going? If you’re an SRX user, it’s easy. The solution is up and running right out of the box. It runs as a virtual machine on JunOS Space. So you can take advantage of better protection right now. And remember: •  The solution is open: it consumes virtually any data feed •  It’s scalable: each instance can support more than 1,000 firewalls •  It’s built for high capacity, supporting over a million threat data records
  • 11. ©  2015  Juniper  Networks      page  11     Finally, it’s vigilant. As threat data continues to stream in, the SRX firewalls continually are updated. It takes less than 60 seconds to get data from the source to the enforcement point. That speed is what you need to prevent threats from turning into attacks. By reducing the time between knowing about a threat and actually blocking that threat, you are a whole lot more secure. Time is on your side. Talk to Juniper about SRX and the Spotlight Secure Threat Intelligence Platform. ©  2015  Juniper  Networks      page  11    
  • 12. ©  2015  Juniper  Networks      page  12     ©  2015  Juniper  Networks      page  12