Juniper Advanced Threat Prevention Appliance | Web Protection
Juniper Advanced Threat Prevention (JATP) Appliance Threat Prevention Across an Enterprise | Web Protection
Most large organizations have employees spread across multiple locations, making it difficult to build a distributed, multi-site security architecture that can be easily managed. Dwayne MacKenzie, Data Networks Solutions Architect, examines how the Juniper Networks Advanced Threat Prevention (JATP) Appliance can protect distributed organizations against advanced threats that elude the first line of defense such as firewalls or perimeter security devices.
Malware Spreads Quickly + Laterally Once Compromised
It is difficult to stop advanced malware attacks, especially when trying to protect thousands of employees across multiple locations. Each location can have different requirements when it comes to form factor and available resources. Cyber attackers often look for the weakest link to penetrate a network; most often, malware is delivered via email or Web traffic (or a combination of both) and quickly spreads laterally once a host is compromised. Eventually, communications with a C&C server are established, enabling attackers to pursue their objectives of surveillance and theft.
Advanced Detection Solution
The Juniper ATP Appliance is an innovative, distributed, software-layer solution that safeguards these types of organizations and addresses the critical detection gaps in the existing security architecture. The appliance collects, correlates, and analyzes Web, email (including cloud-based), and lateral spread traffic throughout the network, using advanced detection technology to quickly alert security teams. The JATP Appliance includes a multistage detection engine with payload analysis (powered by machine learning and behavioral detection), heuristic-based exploit detection, and ransomware-focused threat identification, giving users the ability to customize detection via Snort and YARA rules.
In this example, malware can pass through the existing firewall, as the brand-new malware has not yet been identified and a signature is not available. The JATP uses an intelligent sandbox array to gain a deeper understanding of malware behavior by detonating suspicious Web and file content which would otherwise target Windows, OSX, or Android endpoint devices. When the threat is identified, the JATP can communicate back to the existing security devices to mitigate the issue. In this example, we will assume the threat is trying to communicate with an external C&C server.
With its open API architecture, the JATP Appliance integrates with third-party security devices for seamless, automatic threat mitigation. In our example, malicious IP addresses can be pushed to firewalls to block the communication between the command-and-control (C&C) servers and infected endpoints. The infected hosts are then also isolated through integration with network access control devices or endpoint security software.
Learn More + Try the JATP for Free!
Learn how to try the JATP Appliance for free >> View our other JATP videos >>