Pakhnyushchyy - Fotolia
Juniper Networks has linked its threat intelligence platform -- Juniper Spotlight Secure -- to firewall policies within its SRX Firewall series so enterprises can better customize and manage their security feeds in one place and take action on data from multiple threat detection technologies faster.
A firewall alone isn't good enough for many enterprises anymore. As threats evolve, IT teams are putting more security tools in place for detection and enforcement. But these technologies are often disparate, and therefore, cumbersome to manage. Businesses need a more consolidated approach to identifying threats and putting protections and polices in place to prevent breaches.
"The real trick is figuring out how to link all of those moving parts together, and having another layer that can help different technologies and feeds talk to one another," said Jeff Wilson, principal analyst for Infonetics Research, based in Campbell, Calif.
Juniper ties threat intelligence information to firewall technology
The enhanced, cloud-based Juniper Spotlight Secure platform consolidates separate threat feeds from multiple sources, including Juniper's Junos WebApp Secure and third-party threat intelligence providers Lastline Inc. and Vectra Networks. Spotlight Secure gives Juniper SRX firewalls -- which have also been recently updated -- actionable data in the form of a single, centralized feed, said Alex Waterman, senior director of product management for Juniper.
"Juniper is making it possible for enterprises to integrate security intelligence from a number of different sources to be directly enforced by the SRX firewall across the network," Waterman said. "The number of sources is open. Juniper provides its own security intelligence feed [from the Spotlight Secure cloud], and we also invite enterprises to use their own third-party, best-of-breed feeds they might be already using."
And Spotlight Secure isn't simply providing a communication path between the Security Director and the firewalls, Infonetics' Wilson said. "Many times IT will have multiple intelligence feeds that are saying the same thing, like giving an IP address range that is known to be bad. This approach deduplicates that information and distills it so it's not just pumping raw data into the SRXs -- it applies some intelligence to it," he said.
In addition to integration with SRX firewalls, the threat intelligence platform is also more tightly integrated with Juniper's Junos Space Security Director now, which Juniper recently updated to help link threat feeds to the SRX firewalls. The update now allows IT to manage all feeds and firewalls in a single view within Security Director. "Spotlight Secure is helping with automation, and closing the loop between when new threat intelligence is learned and when enforcement can take place across your infrastructure," Juniper's Waterman said.
Spotlight Secure also includes new threat feeds for malicious command-and-control traffic and geo-IP information so IT teams can change firewall policies based on the severity of the threat and block traffic from specified countries, Juniper said. The platform can provide threat intelligence to the SRX firewalls based on the capacity of each firewall -- from the corporate office, to smaller branch locations, Waterman said. "Customers will be able to feed a smaller branch device the most relevant threat information for that location, versus a larger device with significantly more capacity that can ingest more intelligence," he said. Juniper's largest SRX firewalls can support up to one million threat intelligence entries, while the smaller SRXs can support up to 300,000 entries.
Juniper Spotlight Secure streamlines enterprise security view
Juniper's new combination of threat intelligence and firewall enforcement allows IT to adopt a more centralized approach to network security. And because Juniper's updated Spotlight Secure is built on an open platform with RESTful APIs, enterprises can also customize their threat feeds by including industry-specific threat intelligence that many companies -- such as municipal water and power companies -- rely on for threat information related to their infrastructure, Juniper's Waterman said.
The ability to combine third-party and external feeds related to the enterprises' industry is especially important to larger companies that often create their own feeds, Infonetics' Wilson said. "Now, they'll have a place to plug those feeds in to view them, and turn them into enforcement," he said.
"Customers can now incorporate information about specific vulnerabilities that they care about," Wilson said. "Depending on the company, they might be doing their own security intelligence gathering, but they don't have a way to feed that into their firewalls."
How threat intelligence can give enterprises the upper hand
Does your SIEM integrate threat intelligence feeds?
Cloud threat intelligence platforms: The next big thing?