JUNIPER JATP400 User manual

Product Overview

Juniper Advanced Threat Prevention (ATP) is a cloudbased service or on-premises appliance that provides complete advanced malware detection and prevention. When integrated with SRX Series Services Gateways, the Juniper ATP delivers threat intelligence and malware analysis capabilities leveraging static, dynamic, and machine learning identification to safeguard your users, applications, and infrastructure.

Data Sheet

JUNIPER ADVANCED THREAT

PREVENTION

Product Description

Customers looking to identify and block known and unknown threats can add Juniper Networks® Advanced Threat Prevention (ATP) to their Juniper Networks SRX Series Services Gateways. Juniper ATP uses machine learning to find and block both known and unknown cyberthreats, analyzing files and network traffic looking for signs of malicious behavior. ATP can uncover zero-day malware threats and malicious connections, including botnets and C&C servers hiding in encrypted traffic. Using SecIntel, Juniper’s curated security intelligence feeds, ATP stops these threats in their tracks by enforcing protection mechanisms at all network connection points.

Advanced Threat Prevention Cloud

Deployed as an add-on license to an SRX Series Services Gateway, ATP Cloud uses a combination of static and dynamic analysis and machine learning to quickly identify unknown threats, either downloaded from the web or sent via e-mail, and delivers a file verdict and risk score back to the SRX Series firewall to enable blocking at the network level. In addition, ATP Cloud delivers SecIntel security intelligence consisting of malicious domains, URLs, and IP addresses gathered from file analysis, Juniper Threat Labs research, and highly reputable third-party threat feeds. These feeds are collected and distributed to SRX Series firewalls and Juniper Networks MX Series Universal Routing Platforms to automatically block command-and-control communications, making it more difficult to wage a successful attack on the organization. ATP Cloud includes its own management portal configuration management, licensing, and reporting.

Advanced Threat Prevention Appliance

The ATP offerings address both on-premises and virtual deployments and is available on two hardware-based platforms: the Juniper Networks JATP400 and JATP700 Advanced Threat Prevention Appliances.

•JATP400: The JATP400 is a 1 U appliance that delivers up to 50,000 object detonations per day. It’s purpose-built for organizations that need distributed detection of Web, e-mail, and lateral threats across the enterprise.

•JATP700: The JATP700 is a 2 U appliance for larger, centralized environments with high-performance security demands requiring up to 130,000 object detonations per day.

1

Juniper Advanced Threat Prevention

Virtual versions of Juniper ATP, running on either VMware vSphere or ESXi, can be deployed with 8 or 24 virtual CPU cores, enabling it to process up to 116,000 object detonations per day.

Juniper ATP Appliances collect web, e-mail, and lateral traffic using either SRX Series firewalls or their own built-in collectors, making it an ideal fit for organizations employing multiple firewall solutions.

Collected data is sent to an on-premises Juniper ATP Appliance for further processing by the ATP Appliance core, which identifies known and unknown threats and provides comprehensive analytics detailing the progression of the threat within the environment by mapping detections to the attack kill chain.

Once a threat is detected, the Juniper ATP Appliance sends firewall policy updates to the SRX Series firewall. The Juniper ATP Appliance can also be configured to update policies on third-party firewalls from vendors such as Palo Alto Networks, Fortinet, and Cisco.

The Juniper ATP solution also works with Juniper or third-party switches to quarantine threats, leveraging one-touch mitigation to isolate compromised hosts and limit the lateral spread of the infection. Juniper ATP builds a list of infected hosts based on its detections and works with Juniper Networks Policy Enforcer to integrate with Juniper Networks EX Series and QFX Series switches, or NAC vendors such as ForeScout, to block or quarantine compromised hosts on the network.

Architecture and Key Components

Advanced Threat Prevention Cloud

Juniper ATP leverages Juniper’s next-generation SRX Series firewalls for traffic routing and visibility while offering cloud management of threat, configuration, and reporting.

The Juniper ATP Cloud identifies web-based or e-mail-borne threats. Using the SSL decryption capabilities of the SRX Series firewalls, any malware transmitted in encrypted sessions can also be easily identified. Support for SMTP and IMAP e-mail protocols allows Juniper ATP Cloud to examine e-mails for malicious attachments and quarantine e-mails that might pose a threat to the end user.

Juniper ATP Cloud utilizes public cloud infrastructure to deliver flexible and scalable file analysis and threat identification. All communications between the SRX Series firewall and the cloud are secure and conducted over encrypted connections on both sides. Files uploaded to the cloud for processing are destroyed afterward to ensure privacy. A detailed description of the Juniper ATP Cloud privacy policy and the broader Juniper Networks privacy policy can be found on the product Web portal at www.juniper.net/us/en/ privacy-policy/.

Juniper ATP Cloud is available globally, with the service delivered from data centers in North America (U.S. and Canada), EMEA, and APAC. This widespread availability allows customers in these regions to benefit from the cloud-based threat prevention and intelligence services while addressing customers’ data localization and data privacy concerns. Data submitted in a particular region will be processed in that region and will not leave its geographic boundaries. Customers have greater control over the location of the data, helping them comply with regulatory and privacy requirements.

Figure 1: Juniper Advanced Threat Prevention Cloud architecture

2