It is becoming apparent that the traditional approach of using point solutions to mitigate security threats is not working.
After all, every time a security threat is mitigated, another appears elsewhere.
The result is an endless cycle of buying and upgrading security solutions.
It also creates several distinct problems for IT.
One, deploying solutions based on current needs means you will always be reacting to future security threats instead of taking a more proactive approach.
Next, as the number of solutions increase, integrating and making legacy and new solutions work together can be a major headache.
It can also become a gaping vulnerability that smart intruders can exploit.
The threat landscape continues to evolve dramatically.
Previously network security revolved around perimeter defenses and keeping intruders out.
Today the security conversation is shifting toward internal threats, with employees looking to exploit their company data for personal gain or unwittingly giving others critical corporate assets.
Speaking at the 2016 Total Security Conference hosted by Computerworld Hong Kong, Christopher Church, digital forensic officer at the INTERPOL Global Cyber Complex for Innovation said security risks lurk on both sides of the wall. He pointed out that insider threats exist within an organization. For one, the widespread use of social media, in particular, opens up a company to potential risks.
Addressing all these threats together will require a new approach.
Trying to integrate a security mantle based on the myriad of products in the market is only going to make the job of the security team harder.
Plus, an increasingly sophisticated cybercrime community is now using deception, ransom, and decoy to get companies give them the keys to the data.
Church explained that regardless of how “switched on” companies are in their cyber security posture, they can never outrun cyber criminals who are much quicker than the people policing corporate IT systems.
“To be effective, you need to be able to recognize and act on threats no matter where it happens in the network; however, you need end-to-end visibility for that,” said Thomas Chan, Sales Director, Hong Kong and Macau, Juniper.
It is the reason why many are relooking at Juniper’s Software Defined Security Network (SDSN).
Understanding the SDSN promise
Juniper SDSN is an open threat intelligence platform that enforces security policies through its vast array of physical and virtual firewalls.
“It is essentially a controller, not another point solution,” clarified Chan.
“It is not going to replace your existing firewall, IDS or IPS; rather, it will integrate them together to offer you a [comprehensive] security solution,” he added.
Once deployed, Juniper SDSN offers an end-to-end security framework for the entire organization.
All point solutions, even non-Juniper ones, can be easily integrated into a single framework, providing a central platform to detect, isolate and mitigate threats.
A framework layer for connecting with all point solutions offers several benefits for today’s organization.
Firstly, the security team can focus more on staying vigilant and worry less about integrating point solutions.
Secondly, the team can understand where the loopholes and gaps are in the security mantle.
“So if you see that you need a good solution for, say email phishing, you can now easily integrate the right solution through the framework,” explained Chan.
Designed for today and tomorrow
This end-to-end visibility and control offer another benefit: future proofing.
Tomorrow’s security requirements may differ very differently from today’s, especially as companies move to the cloud or deploy IoT-based networks.
By having a single framework to build and expand on, it offers a strong foundation to build your organization’s security mantle, and not be waylaid by new attack vectors or even new technologies.
“So, for example, you do not have to limit yourself to [mitigating] Layer 3, 4 or 7 threats; our SDSN controller can work with various solutions to address all of them,” added Chan.
This visibility allows security teams to isolate and mitigate threats faster, even if a single security device becomes compromised.
“Even if one point solution is overwhelmed or brought down, the SDSN controller will be able to gather intelligence from other tools and ensure that attacks can be isolated quickly,” said Chan, adding that the fast response times can help to minimize the impact of an attack.
Lastly, Juniper SDSN allows the security team to centrally control policies and enforce them quickly across the network when combined with an open policy engine and global orchestration.
"It is a new way of approaching security, and is the reason why we think it is a breakthrough," said Juniper person.
While Juniper SDSN is a vendor-agnostic framework, the company is bolstering its framework by rolling out new solutions that address new upcoming threats and security requirements.
For example, the company recently launched cSRX, which uses a container approach to wrapping security services around each workload.
According to Juniper, this approach is more cost-effective and scales up to support high multi-tenancy architectures.
The new vSRX builds on Juniper’s firewall strengths by offering one that is the industry’s fastest and most scalable.
It allows security teams to identify and isolate threats faster in high-density environments quickly.
Juniper also introduced the enhanced Juniper Security Director which features a new Policy Enforcer that can be used to monitor policies better across both physical and virtual infrastructures.
It offers security teams the ability to centrally manage security policies while detecting and quarantining infected points in the network in real time.
Meanwhile, the new Juniper Sky Advanced Threat Prevention (ATP), which also integrates easily with Juniper Security Director, protects networks from increasingly sophisticated malware across virtual and physical firewalls.
“These new solutions are important when you are moving to the cloud,” said Chan.
“Whether you are on a private or public cloud, you need to see how you can secure the virtual machine or container,” he added.
Securing digital transformation
The bigger role of Juniper SDSN in enabling digital transformation without compromising security policies.
As companies continue to move from a server-centric to a network-centric topology, cybercriminals are responding with network-centric malware and sophisticated network threats.
In today’s borderless enterprise where hybrid, heterogeneous networks are the norm, a silo-ed, reactive and piecemeal approach using point solutions for security will not be enough.
Juniper SDSN allows organizations to take a step beyond by securing the network with all known and future solutions while being adaptable to future threats.
By speeding up detection and mitigation, it also allows companies to know where the threat is coming from, the speed of the attack, and more importantly time to intelligently respond to the threat.
This ability is critical today as malware and hackers employ new techniques to misdirect and confuse security defenses.
It will also help to automate security as we enter the Internet of Things (IoT) era where hackers are now developing machines to hack other machines.