Juniper Next-Generation Firewall (NGFW)

Available on all SRX platforms, our security services reduce the attack surface in real-time and stop cyber criminals before they can breach your organization’s defenses. Identifying Application Risks Juniper AppSecure, an NFGW Services component, is a suite of services that provides deep application visibility and control in your network:

• AppTrack identifies applications on the network to assess their security risk and address user behavior. Contextual information helps you gain insight into which applications are permitted and the risk they may pose.
• AppFW provides policy-based enforcement and control, blocking access to high-risk applications and enforcing user-defined policies. Reports on application bandwidth usage deliver further insight, and you can throttle any application traffic not sanctioned by the enterprise.

Protection from Network Borne Attacks Juniper Intrusion Prevention System (IPS) and Sky Advanced Threat Prevention (ATP) work together to provide comprehensive threat detection and protection against known and unknown threats that use the network as an attack vector. The capabilities provide immediate protection from malicious malware. Continual monitoring for new exploits and vulnerabilities keeps protection up to date. The system immediately blocks threats on client and server systems inline before damage can take place. Safeguards Against Malware Although modern cyber criminals favor today’s sophisticated, turnkey techniques, they have not abandoned the tried and true approach of tucking malware into signature-based viruses and volume-based email. Integrated with our SRX platforms, Sophos Live Protection combines cloud-based reputation intelligence with on-box horsepower to deliver lightweight and fast security. Web Browsing Defense The Web is full of deception designed to get unsuspecting users to click on malicious links that might install advanced malware. Attackers regularly compromise websites by tricking users into providing their user credentials. Juniper has partnered with Forcepoint to provide URL filtering that fights such attacks. The service is constantly and globally updated in real time to provide an always-current worldwide database of malicious URLs that protect against user compromise. Avoiding Unauthorized Access and Use Every user in an enterprise must be able to access certain applications to perform specific tasks. But allowing users unlimited access to corporate resources outside their sphere of responsibility can enable the proliferation of insider threats. Our User Firewall service restricts application usage on a per-user basis by tightly integrating with Microsoft Active Directory (AD) and the Lightweight Directory Access Protocol (LDAP). As a result, you gain visibility and control of application and network use segmented by user-defined roles, enabling secure access to authorized applications. Features Advanced Application Visibility and Control You can identify applications running on your network regardless of port, protocol, and encryption. This visibility lets you immediately block evasive applications inline at the SRX firewall. Nested Application Support You can accurately identify applications embedded in common network protocols such as HTTP or HTTPS traffic. This capability also provides visibility into and granular control over applications hidden inside encrypted SSL traffic. User and Role-Based Policies Tight integration with Microsoft AD and LDAP allow you to set and enforce user- and role-based security policies. Policy setting becomes simpler and more secure, because you reduce the number of policies needed to account for user location, IP address, and so on. SSL Inspection Inline decryption and inspection of inbound and outbound Secure Sockets Layer (SSL) connections at the SRX firewall provide visibility and protection against threats embedded in SSL encrypted traffic. Junos OS Integration Integration with Juniper’s operating system consolidates and optimizes services on SRX devices for maximum scale.