- About us
- Products
- Services
- Solutions
- Application Hardening
- Content Control and Acceleration
- Data Loss Prevention
- Data Security and Encryption
- Endpoint Security and Antivirus
- IP Address Management
- ITGRC - Governance Risk Compliance
- Mobile Security
- Modern Malware Protection
- Network Security
- Network Access Control
- Network Behaviour Analysis
- Next Generation Firewall
- Remote access solutions
- SCADA Network Security
- SIEM Solution
- Security and Vulnerability Assessment
- Web Application Firewall
- Customers
SSG
Security
IDP Series
Juniper Networks IDP Series Intrusion Detection and Prevention Appliances offer the latest capabilities in network intrusion detection and prevention to protect the network from a wide range of attacks. Using industry-recognized stateful intrusion detection and prevention techniques, the IDP Series provides zero-day protection against worms, trojans, spyware, keyloggers, and other malware.
| Feature | Feature Description | Benefit |
|---|---|---|
Stateful Signature Detection | Signatures are applied only to relevant portions of the network traffic determined by the appropriate protocol context. | Minimize false positives. |
Protocol Anomaly Detection | Protocol usage against published RFCs is verified to detect any violations or abuse. | Proactively protect network from undiscovered vulnerabilities. |
Traffic Anomaly Detection | Heuristic rules detect unexpected traffic patterns that may suggest reconnaissance or attacks. | Proactively prevent reconnaissance activities or block Distributed Denial of Service (DDoS) attacks. |
QoS/DiffServ Marking | Packets are marked using DiffServ code point (DSCP). | Optimize network and ensure necessary bandwidth for business-critical applications. |
VLAN-Aware Rules | Unique policies are applied to different VLANs. | Apply unique policies based on department, customer, and compliance requirements. |
Role-Based Administration | More than 100 different activities can be assigned as unique permissions for different administrators. | Streamline business operations by logically separating and enforcing roles of various administrators. |
Domains | Enable logical separation of devices, policies, reports, and other management activities. | Conform to business operations by grouping of devices based on business practices. |
IDP Reporter | Pre-configured real-time reporting capability available in each IDP appliance. | Provide detailed real-time reports from each IDP appliance installed in the network without taxing the central IT organization. |
Profiler* | Capture accurate and granular detail of the traffic pattern over a specific time period. | Provide details on what threats are encountered by the network as well as the mix of application traffic. |
*Profiler feature is not available on the IDP8200. | ||
ISG
Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers.
By consolidating switching, routing, security services and unified communications in a single device, organizations can economically deliver new applications and services, secure connectivity, and quality end-user experiences. All SRX Series Services Gateways are powered by Juniper Networks proven Junos software, which provides unmatched availability, performance, and superior infrastructure protection while reducing total cost of ownership.
SRX Series for the branch
The SRX Series for the branch delivers the proven performance and deployment capabilities needed for an enterprise to build a worldwide network of thousands of sites. A wide variety of options allow configuration of performance, functionality, and price scaled to support a range of users, from a handful to thousands.
The SRX Services Gateway for the branch offers:
Network security segmentation: Security zone, virtual LANs (VLANs), IPSec VPNs and virtual routers allow administrators to tailor security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups.
Fully integrated Unified Threat Management (UTM): Allows enterprises to utilize the appropriate level of security needed at a particular site instead of deploying a multi-device solution. Includes two antivirus options (on-premise or cloud-based), intrusion prevention system (IPS), antispam, and Web filtering.
Unified Communications: The SRX Series with Integrated Convergence Services is a SIP media gateway ideally suited for local SIP Trunking, survivable call serving and providing power over Ethernet to directly attached phones for small to medium distributed enterprise locations.
SRX Series for the infrastructure and datacenter
Based on our revolutionary Dynamic Services Architecture, the SRX Series Services Gateways provide unrivaled performance and scalability, ensuring uninterrupted expansion and growth of your network infrastructure without sacrificing security.
The SRX Series is designed to meet the network and security requirements for data center consolidation, rapid services deployment, and aggregation of security services.
Scalable performance: Dynamic Services Architecture means that the SRX Series can take advantage of new services with appropriate processing capabilities without sacrificing overall system performance.
Interface flexibility: Flexible I/O configuration and independent I/O scalability to meet the needs of virtually any network environment.
Network segmentation: Security zone, virtual LANs (VLANs), and virtual routers allow administrators to tailor security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups.
Robust routing engine: Carrier-class routing engine provides physical and logical separation of data and control planes to allow deployment of consolidated routing and security devices and ensure the security of routing infrastructures.
Comprehensive threat protection: Integrated security features and services include a multigigabit firewall, intrusion detection and prevention, denial of service, network address translation, and quality of service.
Mykonos
The innovative Mykonos Web Security is the first Web Intrusion Deception System that detects, tracks, profiles and prevents hackers in real-time.
Traditional web application firewalls are seriously flawed because their reliance on a library of signatures to detect attacks and makes them susceptible to unknown (zero day) web attacks.
Intrusion Deception
Mykonos Software technology uses Intrusion Deception to address this problem. Unlike signature-based approaches Mykonos Web Security inserts random, variable detection points, or tar traps, into the code of outbound Web application traffic to proactively identify attackers before they can do damage - without false positives.
Detect using deception
Mykonos Web Security inserts detection points into web application code including urls, forms and server files to create a variable minefield. These traps detect hackers when they manipulate the detection points during the reconnaissance phase of the attack, before they can establish an attack vector. And because hackers are manipulating code that has nothing to do with the website or web application, the malicious action is certain.
Track attackers beyond the IP address
Mykonos captures an attacker’s IP address as one data point for tracking. But many legitimate users could also be accessing the site from the same IP address—for this reason, Mykonos Web Security goes beyond the IP address and tracks attackers more granularly. Attackers using a browser are tracked by injecting a persistent token into their client. Attackers using scripts and tools are tracked using a fingerprinting technique to identify the machine delivering the script.
Understand attackers and record their attack
The tracking techniques allow us to profile the attacker and record the attack. Every attacker is assigned a name and each incident is recorded along with a threat level based on their intent and skill.
Respond to attackers
Once an attack has been detected, an appropriate response—from a warning, to requiring a CAPTCHA, to blocking a user or forcing them to logout, can be deployed manually or automatically in real-time.
Easy Deployment
Mykonos Web Security is a software and hardware product that sits logically inline and functions as a reverse proxy. Deployment is easy and protects web applications located in internal datacenters, virtualized environments and hosted in the cloud.
Netscreen
The NetScreen Series Security Systems are purpose-built firewall/VPN security systems designed for large enterprise, carrier and data center networks.The 2-slot NetScreen-5200 and the 4-slot NetScreen-5400 integrate firewall, VPN, DoS and DDoS protection, and traffic-management functionality in a low-profile modular chassis. Built around our third-generation security ASIC and distributed system architecture, these systems offer excellent scalability and flexibility, while providing a higher level security system through the NetScreen ScreenOS custom operating system.
The NetScreen Series Security Systems offer:
| Feature | Benefit |
|---|---|
Modular, chassis-based systems | Flexibility and scalability for large enterprises and carriers. |
Comprehensive high-availability | Sub-second fail over between interfaces or devices provide high availability. |
Full mesh configurations | Redundant physical paths in the network provide maximum resiliency and uptime. |
Virtual systems | Allows partitioning into multiple security domains, each with a unique set of administrators, policies, VPNs and address books. |
Interface flexibility | Varying network-connectivity requirements and future growth requirements are accommodated with a flexible interface. |
Virtual routers | Maps internal, private, or overlapped IP addresses to a new IP address, providing an alternate route to the final destination and concealing it from public view. |
Customizable security zones | Increases interface density without additional hardware expenses, as well as lowering policy-creation costs, containing unauthorized users and attacks and simplifying management of firewall/VPNs. |
Transparent mode | Firewall, VPN and DoS protections are offered with minimal change to the existing network. |
Management | A graphical Web interface, CLI, or Juniper Networks Network and Security Manager provide management features. Policy-based management: provides centralized, end-to-end life-cycle management. |
NSM
Network and Security Manager (NSM) is highly scalable and flexible. Enterprise customers can leverage NSM globally to scale from
branch to data center, and service providers can use this network security management solution for carrier-class deployments. NSM can be deployed as software on a server or as dedicated appliances to scale large enterprise and service provider environments.
Network and Security Manager (NSM) is:
- Network and Security Manager (NSM) software solution — which provides complete management of network and security devices.
- NSMXpress — A Web UI-based appliance version of Network and Security Manager (NSM) that is simple to install, maintain, and support. Includes full functionality of the NSM with hardened OS optimized for security and performance.
- NSM Central Manager — A Web UI-based appliance that enables large-scale Network and Security Manager (NSM) deployments and global policy enforcement. The NSM Central Manager allows administrators to create a centralized network security posture that can propagate mandatory corporate and IT policies across the entire network, simplifying the management of worldwide network security policies.
Juniper Networks Network and Security Manager (NSM) offers enterprises:
- Network configuration management solution
- Network policy and security management solution
- Log and report management solution
- Real-time monitoring solution
- Topology management solution
- Application-level policy enforcement deployment solution
For service providers, Network and Security Manager (NSM) offers:
- Scalability via consolidated managed server view and automatic administrator log-in
- Network-wide global policy enforcement solution
- Appliance form factor for rapid deployment
SRX
Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers.
By consolidating switching, routing, security services and unified communications in a single device, organizations can economically deliver new applications and services, secure connectivity, and quality end-user experiences. All SRX Series Services Gateways are powered by Juniper Networks proven Junos software, which provides unmatched availability, performance, and superior infrastructure protection while reducing total cost of ownership.
SRX Series for the branch
The SRX Series for the branch delivers the proven performance and deployment capabilities needed for an enterprise to build a worldwide network of thousands of sites. A wide variety of options allow configuration of performance, functionality, and price scaled to support a range of users, from a handful to thousands.
The SRX Services Gateway for the branch offers:
- Network security segmentation: Security zone, virtual LANs (VLANs), IPSec VPNs and virtual routers allow administrators to tailor security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups.
- Fully integrated Unified Threat Management (UTM): Allows enterprises to utilize the appropriate level of security needed at a particular site instead of deploying a multi-device solution. Includes two antivirus options (on-premise or cloud-based), intrusion prevention system (IPS), antispam, and Web filtering.
- Unified Communications: The SRX Series with Integrated Convergence Services is a SIP media gateway ideally suited for local SIP Trunking, survivable call serving and providing power over Ethernet to directly attached phones for small to medium distributed enterprise locations.
SRX Series for the infrastructure and datacenter
Based on our revolutionary Dynamic Services Architecture, the SRX Series Services Gateways provide unrivaled performance and scalability, ensuring uninterrupted expansion and growth of your network infrastructure without sacrificing security.
The SRX Series is designed to meet the network and security requirements for data center consolidation, rapid services deployment, and aggregation of security services.
- Scalable performance: Dynamic Services Architecture means that the SRX Series can take advantage of new services with appropriate processing capabilities without sacrificing overall system performance.
- System and network resiliency: Carrier-class reliability based on features ranging from redundant hardware and components to Junos software.
- Interface flexibility: Flexible I/O configuration and independent I/O scalability to meet the needs of virtually any network environment.
- Network segmentation: Security zone, virtual LANs (VLANs), and virtual routers allow administrators to tailor security and networking policies for various internal, external, and demilitarized zone (DMZ) subgroups.
- Robust routing engine: Carrier-class routing engine provides physical and logical separation of data and control planes to allow deployment of consolidated routing and security devices and ensure the security of routing infrastructures.
- Comprehensive threat protection: Integrated security features and services include a multigigabit firewall, intrusion detection and prevention, denial of service, network address translation, and quality of service.
SSG
- The SSG Series is a purpose-built, high performance platforms deliver WAN connectivity and security, plus the muscle to protect the high-speed LAN against internal network and application-level attacks while simultaneously stopping content-based attacks.
- The SSG Series provides a comprehensive set of Unified Threat Management (UTM) security features including stateful firewall, IPSec VPN, IPS, antivirus (anti-spyware, anti-phishing, anti-adware), anti-spam, and Web filtering.
- Proven security with integrated routing and a variety of LAN/WAN interface options provide the ability to consolidate devices and reduce IT expenditures.
- The SSG Series provides rapid deployment to quickly streamline widely distributed deployments while controlling OPEX.
- Management through graphical Web UI, CLI, or NSM central management system.
- Policy-based management to allow centralized, end-to-end life-cycle management.
Juniper Networks ISG Series Integrated Security Gateways are purpose-built, security solutions that are ideally suited for securing enterprise, carrier, and data center environments where consistent, scalable performance is required.
The ISG Series offers:
- Predictable performance: ASIC-based architecture provides linear performance for all packet sizes at multi-gigabit speeds.
- System and network resiliency: Hardware component redundancy, multiple high availability options and route based VPNs offer reliability and resiliency.
- Network security:: The ISG Series provides embedded Web filtering, anti-spam, IPS, ICAP antivirus redirect, and optionally integrated IDP.
- Network segmentation: Security zones, virtual systems, virtual LANS and virtual routers allow administrators to deploy security policies to isolate guests and regional servers or databases.
- Certifications: The ISG Series fulfills the requirement for FIPS, common criteria, ICSA, and others.
- Robust IPv6
Optional Integrated IDP
The ISG Series firewall/VPN with IDP uses the same award-winning software found on Juniper Networks IDP Series appliances. The IDP security module combines eight detection mechanisms, including stateful signatures and protocol anomaly detection. The ISG with IDP defends against security threats such as worms, trojans, malware, spyware, and hackers and can provide information on rogue servers and data on applications and operating systems that were inadvertently added to the network. Application signatures enable administrators to maintain compliance and enforce corporate business policies with accurate detection of application traffic.
SSL-VPN (SA)
SA Series Secure Access Appliances offer:
- Market-leading, single SSL VPN security platform to serve all remote access needs
- Secure clientless access to enterprise applications and resources
- Best-in-class endpoint security, granular access control, and threat prevention
- Scalable SSL VPN appliances for secure remote and extranet access for companies of all sizes
- Highly available and scalable appliances for service providers
| Feature | Benefit |
|---|---|
| Uses SSL | Secure remote access with no client software deployment, no maintenance, and no changes to existing servers. |
| Cross-platform support | Provides flexibility in allowing users to access corporate resources from any type of device using any type of operating system. |
| Host checker | Scans endpoints to ensure compliance with corporate security policies both before and during the session. |
| Single Sign-On (SSO) Capabilities | Alleviates the need for end users to enter and maintain multiple sets of credentials for secure access. |
| Resource Authorization | Allows administrators to tailor security policies to specific groups, providing access only to essential data. |
| UAC-SA Federation | Provides users – whether remote or local – seamless secure access with a single login to corporate resources that are protected by access control policies from UAC or the SA Series. Simplifies end user experience. |
STRM
STRM Series Security Threat Response Managers offer:
| Feature | Benefit |
|---|---|
| Centralized command and control console | Integrated log management, security information and event management (SIEM), and network behavior analysis in a single console reduce the cost of network security management and improve IT efficiency. |
| Network, security, application, and identity awareness | The central management of network and security events, network and application flow data, vulnerability data, and identity information greatly improve the ability to meet IT security objectives. |
| Advanced threat and security incident detection | STRM Series unique "offense" management significantly reduces false positives and detects threats that other network security management solutions miss. |
| Compliance-driven reporting capabilities | STRM Series provides compliance-centric reporting that enables the delivery of IT best practices supporting compliance initiatives. |
| Scalable distributed log collection and archive | STRM Series distributed architecture scales to provide event and flow log management in any enterprise network. This network security management solution can be easily deployed in large distributed environments and scale to large deployments as a business grows. |
Unified Access Control (IC)
Unified Access Control (UAC) is a standards-based, scalable network access control solution that reduces network threat exposure 
and mitigates risks. UAC protects your network by guarding mission-critical applications and sensitive data, identity-enabling your network security, and providing comprehensive control, visibility, and monitoring.
Unified Access Control reduces the cost and complexity of delivering and deploying granular, identity-enabled network access control from the branch to the corporate data center. UAC addresses most network access challenges, including insider threats, guest access control, outsourcing, and off-shoring, and regulatory compliance.
Unified Access Control is composed of:
- IC Series Unified Access Control Appliances, hardened, centralized network access policy management servers.
- The dynamically downloadable UAC Agent, Juniper's dynamic, multi-service network client Junos Pulse, or UAC's agent-less mode, each of which collect user credentials and assess device security state
- UAC enforcement points, including any vendor-agnostic 802.1X-enabled wireless access point or switch, including Juniper Networks EX Series Ethernet Switches; any Juniper Networks firewall platform, including the SRX Series Services Gateways, SSG Series Secure Services Gateways and ISG Series Integrated Services Gateways; and standalone Juniper Networks IDP Series Intrusion Detection and Prevention Appliances or SRX Series Services Gateways for the Data Center, providing unparalleled visibility into application traffic at Layer 7.
Unified Access Control is based on industry standards (802.1X, RADIUS, and IPSec) and open standards (Trusted Network Connect standards), including the TNC's open standard IF-MAP, which empowers UAC to integrate with third-party network and security devices.
Juniper
support
EVENTS
\ Juniper
Blue Coat
Packetshaping and WAN Acceleration
CISCO IronPort
F5
Fire Eye
Juniper
McAfee
Mi-Token
nCircle
Palo Alto
Sourcefire
© 2011 helpag.com All rights reserved worldwide.
Terms & Conditions | Privacy Policy | Contact Us