az rendezvényen bemutatott prezentáció """

Copyright © 2004 Juniper Networks, Inc. 1www.juniper.net

IDP Resale Workshop May 2005

Roland HamannRegional Manager Emerging

Technologies GroupCentral & Eastern Europe


Agenda IDP Resale Workshop

Welcome The Evolution of FW, IDS & IPS

/ Business Drivers Overview of the IPS offering from Juniper How to sell Juniper´s IDP Roadmap Lunch


Welcome !


Emerging Technology´s Strategic Role

Provide a focus on “non-core” product lines Achieve Emerging Product revenue targets Accelerate revenue growth and market

dominance of acquired technologies globally and in the specific region of Central & Eastern Europe

Aggressively penetrate competitor-held accounts with emerging technology for later adoption of Juniper mainstream technology.

Provide strategic commercial input to Juniper acquisition & joint venture committee on potential targets & partners.

Juniper

could have revenue graph, or...?


Where we help you – Where you benefit from ?

Use Emerging Technology Products to open the doors Emerging Technology Products will help you to

penetrate existing customer and to identify additional business.

Emerging Technology Group will be your contact to provide product feature recommendations to Juniper engineering group.

Emerging Technology Team should be engage in any strategic IDP and SSL opportunities

Emerging Technology Team will educate and update partners on emerging technology & associated selling strategies

Juniper

could have revenue graph, or...?


The Evolution of FW, IDS & IPS/ Business Drivers


Worms indiscriminately targeting networks

Patch Management

Gateway is not always the point of attack – • Threats propagating via ‘internal’ network• Network boundary blurring

Spyware

Denial of Service

Some Legislation driving customers to a proactive response –

• e.g. Sarbanes Oxley, Basel II

Why IPS ? – Evolving Security Threaths


Development of Hacker Attacks


PC Survival Time (from SANS)

Source: Internet Storm Center http://isc.sans.org Octobre 2004

Survivaltime ist defined as the average time between two attacks


Firewalls Are Only 1st Layer Of Defense

00000000000000000000000000000 000000000000000000000000000 000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

00000000000000000000000000000000000000000000000000000000000000000000

00000000000000000000000000000000000000000000000 000000000000000000000

Deny Traffic

Allow Traffic

Deny Some Attacks

Corporate Network

Firewalls Provide Access Control Authentication VPN Network Segmentation DoS protection and

some network layer attack detection

Firewall providesaccess control

Remote

Office

User

User

User

Servers

Modem

MailServe

r

MailServe

rWebServe

r

WebServe

r DMZ

Remote

Office

Firewall


2nd Layer of Defense = IDS to Monitor for Attack?

00000000000000000000000000000 000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

00000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

Deny Traffic

Allow TrafficDeny Some Attacks

Corporate Network

Firewall providesaccess control IDS provides

attack monitoring

FalseAlarms

Attacks Reachthe Victim !!!

UndetectedAttacks

DetectedAttacks

Remote

Office

User

User

User

Servers

Modem

MailServer

MailServer Web

ServerWeb

ServerDMZ

Remote

Office

Firewall


Problems of Today´s Solutions Firewalls can´t detect Attacks

•Firewalls protect against traffic that is not expected in the network

•not able to detect attacks on the application layer level

IDSes don´t provide Protection

•incomplete detection methods; therefore they miss attacks

IDSes create Management Overhead

•requiring an administrator to constantly investigate each and every alarm


Result of Today´s Problems

Loss of time spent investigating

Loss of productivity, resulting from disruption in network services

Loss of time and resources spent recovering

Damage from the exploit


2nd Layer of Defense = IPS to Prevent an Attack

00000000000000000000000000000 000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

00000000000000000000000000000000000000000000000 00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

Deny Traffic

Allow TrafficDeny Some Attacks

Corporate Network

Firewall providesaccess control

NetScreen-IDP providesintrusion prevention

Choose howto respond

Detects attacks

Drops attacks

Remote

Office

User

User

User

Servers

Modem

MailServer

MailServer Web

ServerWeb

ServerDMZ

Remote

Office

Firewall


Juniper´s IPS offering


Juniper Networks Today Top three in market share

in all of our key markets Over 3,000 employees

worldwide Offices in all major

countries Serves the world’s top 25

service providers Supports 8 of the top 15

Fortune 500 companies Focuses on customers

who derive strategic value from their networks


Layered Security

BusinessPartners

Department Servers DMZ-1

Finance

HR

Sales

Mobile Workers

Branch Offices

Teleworkers

Multiple virtual firewall on single

platform

FW/VPN with DoS and access control

Detect / prevent networkand application attacks

Data Center

Site to Site IPSEC VPN forreliable WAN communications

Integrated FW/VPN/AVwith Home/work zone

and HA options

DMZ-2

Secure Meeting for cross-enterprise, online meetings

SSL VPN

Remote access SSL VPN forsecure communication from

mobile access or untrusted networks

Centralized Management


Security Product Line

Secure Access SSL VPN Solutions 3 product lines for secure LAN, extranet and

intranet access to mobile employees, customers and partners with no client software deployment or changes to LAN infrastructureIntrusion Detection and Prevention Solutions

5 products that help Intrusion prevention appliance protects network, critical resources from attacks through detection and prevention

Integrated Firewall/IPSEC VPN Solutions

Appliances with various security options, interface, power supply and performance configurations for large/med enterprise and Service Providers

Central Policy-based Management Solution

3-tier system provide role-based administration and central control and logging of all NS FW/VPN solutions

Secure Meeting Enables secure cross-enterprise online

meetings and application sharing


Security Product Line — IDP

Secure Access SSL VPN Solutions 3 product lines for secure LAN, extranet and

intranet access to mobile employees, customers and partners with no client software deployment or changes to LAN infrastructureIntrusion Detection and Prevention Solutions

5 products that help Intrusion prevention appliance protects network, critical resources from attacks through detection and prevention

Integrated Firewall/IPSEC VPN Solutions

Appliances with various security options, interface, power supply and performance configurations for large/med enterprise and Service Providers

Central Policy-based Management Solution

3-tier system provide role-based administration and central control and logging of all NS FW/VPN solutions

Secure Meeting Enables secure cross-enterprise online

meetings and application sharing


Juniper is #1 in Unit Market Share for Inline-IPS In Q404 Juniper’s Security Team released coverage

for new MS vulnerabilities the same day - no competitor was faster than us

Mid-January 2005 Juniper was awarded the “Editor’s Choice” Award by Network Computing beating out all major competitors for best Intrusion Detection and Prevention system

Mid-January 2005 Juniper was the only IPS vendor to be chosen in Searchnetworking’s annual “Best Security Product” awards

April 05 Juniper released daily signature update service to serve the need of latest protection against vulnerabilities

Some notable Juniper IDP News


Advanced Attack Protection

Using Multi-Method attack detection

to maximize attack detection

Conserves Resources

• 8 in 1 detection

• Integrated investigation tools

• Granular control over how to respond to attacks

Anomaly

Anomaly


All contain full IDP features and are managed using the same management interface

= Increased Security throughout the Network & Lower TCO

The Old Standalone IDP Product Range

IDP 10Optimal for small network segments or low speed links

20 MB nominal throughput

10,000 maximum sessions

512 MB memory Fail open with

bypass unit

IDP 1000Optimal for enterprise or GB environments

1000 MB max throughput 500,000 maximum

sessions 4 GB memory HA clustering – scale to

Gig speeds Fiber Gigabit Ethernet

Standard

IDP 100Optimal for medium central site and large branch offices

200 MB max throughput

70,000 maximum sessions

1 GB memory HA clustering

(recommended) and fail open with bypass unit options

IDP 500Optimal for large central site or high traffic areas

500 MB max throughput 220,000 maximum

sessions 4 GB memory HA clustering –

scale to gig speeds Fiber Gigabit

Ethernet Standard


IDP

IDP 50Small network segments or low speed links• 50Mb Throughput• 10,000 Maximum Sessions• 1 GB Memory• Integrated Bypass Ports

IDP 200Medium central site and large branch offices• 250Mb Throughput• 50,000 Maximum Sessions• 1 GB Memory• HA Clustering and Integrated Bypass Ports

IDP 600C/FMedium to large central site or high traffic areas• 500Mb Throughput• 200,000 Maximum Sessions• 4 GB Memory• HA Clustering• Fiber or Copper Gigabit Port Versions•Dual SCSI drives and redundant power

All contain full IDP features and are

managed using the same interface

= Increased Security

throughout the Network & Lower TCO

IDP 1100C/FLarge central site or high traffic areas• 1 GB Max Throughput*• 500,000 Maximum Sessions• 4 GB Memory• HA Clustering• Fiber or Copper Gigabit Port Versions•Dual SCSI drives and redundant power

*As tested with IDP 3.0 software

The New Standalone IDP Product Range


IDP 50IDP 50Optimal for small network segments or low speed Optimal for small network segments or low speed linkslinks

Throughput: Up to 50 MbpsMax sessions: 10, 000Memory : 1 GB memoryInterfaces/Ports: 2 CG for traffic + 1 CG for mgmtIntegrated bypass*No HA*No physical power Redundancy

IDP 50


IDP 200IDP 200Optimal for medium central site and large branch officesOptimal for medium central site and large branch offices

Up to 250 Mbps throughput70,000 max sessions1 GB memory8 CG traffic, 1 CG mgmt & 1 CG HA portsHA clustering Integrated bypassOptional Redundant power

IDP 200


IDP 600F

IDP 600C

IDP 600 C / FIDP 600 C / FOptimal for large Optimal for large central site or high central site or high traffic areastraffic areas

Up to 500 Mbps throughput

220,000 max sessions

4 GB memory10 CG or 8 Fiber SX + 2 CG traffic, 1 CG mgmt & 1 CG HA ports

HA clustering optionIntegrated bypass for CG traffic ports

IDP 600


1100C

1100F

IDP 1100 C / FIDP 1100 C / FOptimal for Optimal for enterprise or enterprise or GB environmentsGB environments

Up to 1 Gbps throughput

500,000 max sessions

4 GB memory10 CG or 8 Fiber SX + 2 CG traffic, 1 CG mgmt & 1 CG HA ports

HA clustering option

Integrated bypass for CG traffic ports

IDP 1100


CG = Copper Gig, 10/100/1000Copper interfaces with integrated bypass

CG = Copper Gig, 10/100/1000Copper interfaces with integrated bypass

Old & New IDP Platform Comparison


IDP Platforms - Throughput Comparison


NetScreen-ISG 2000

High performance•2 Gbps Stateful Firewall

•Any packet size•1 Gbps VPN

•3DES/SHA1 & AES/SHA1

•Any packet size•1 Gbps+ IDP (future)

Increased capacity•10,000 IPSec tunnels

•512,000 concurrent sessions

•30,000+ new sessions/second Versatile form factor

•3U, 19” Rack-mountable

•3 interface modules•4 and 8 port, 10/100•Dual port, mini-GBIC Gig•Dual port, 10/100/1000

Robust security•Deep Inspection FW/VPN

•FW/VPN/IDP


Redefines System Performance & Scalability

Base System – Designed for flexibility • 4 slots for I/O modules allow various port

configurations ASIC module – High Speed Flow Processing

• NetScreen’s next Generation ASIC Management module – Dedicated to Ensure

Availability• Handle high system load

Security modules – Processing for Additional Applications

• 0-3 modules enable multiple price/performance points

Single ScreenOS image & configuration (not a patched together solution)I/ O

Port Module

I/ O Port Module

I/ O Port Module

I/ O Port Module

All FlowsIDP FlowIDP Flow

First Packet, IKE, IDP, etc

Management Module

ASIC Module

I/ O Port Module

I/ O Port Module

I/ O Port Module

Security Module

Security Module

Security Module

NetScreen-ISG 2000


Current NetScreen-IDP Management:3-Tier Architecture based on IDP Manager

Distributed GraphicalUser Interface

Centralized Management Server

• Collect all logs• Store all policy,

configuration, user information

• Distributed access to centralized policy and logs

• Detect and prevent intrusions• Operate in sniffer or inline mode• Kernel operation

All communication authenticated and encryptedRSA and Blowfish encryption

Distributed Sensors


How to sell Juniper´s IDP


Customer Problems

Unaware of new applications and servers being added to the network

Locations of vulnerable applications/servers is unknown due to dynamic nature of the network

With Worm attacks increasing, IT staff may not have ability to determine Worm origin

Attack investigative process is slow, requiring significant manual log investigation and correlation

IT staff unable to dedicate time to analyze logs in order to make incremental policy modifications

Attacks are becoming more complex and making them therefore more difficult to identify


To have a security policy, which includes

•a clear definition of what is allowed

•a clear definition of what is forbidden or restricted

•mindset to use and improve this policy continously

To have network awareness, which means

•know how the network currently is setup and used(which hosts, applications, users, services ...)

And finally to have the power to enforce the security policy

•incident reactions supported by company management

•right tools, technologies and processes in place to enforce the security policy and maintain network awareness

What is required to improve security ?


Management is often the biggest cost of an IDS/IPS solution

As much as 80% of the TCO of IDS was in management !

Management systems need to be :

•Easy to use !

•Be granular and rules based (like firewalls !)

•Be open, allowing user to fully understand why an alert fired

•Allow for further investigation (i.e. forensics, correlation etc.)

•Work across multiple teams within an organisation (i.e. workflow)

•Be scalable and work with other security based systems

Management


Superior Attack Coverage•Methods for whole “Vulnerability

Lifecycle”•Coverage for All Phases of an

Attack Granular & Flexible

Management•“Rules Based” logic•Custom Signature Editor

Enterprise Security Profiler•Multiple Applications & Benefits

The “Juniper Factor”•Company Strength & Capabilities•Product line Direction•Superior Support & Relationship

Why Juniper´s IDP wins !


Advanced Policy Management

IDP uses granular rules based (firewall like) polices

Allows you to create granular polices in line with your security policy

Granular control on which attacks to stop, and which to just monitor for – drop by packet, session or block address for x period of time

Easily controls Peer to Peer and Instant Messenger usage Change default severity warnings based on server Controls bandwidth through Session Rate limiting


The 5 Key Differentiators of Juniper´s IDP

ESP (Enterprise Security Profiler) – Provides an advanced level of network Awareness.

Determine abnormal network traffic or abnormal user behavior in an enterprise network and block if required.

ESP can stop worm propagation by identifying contaminated user’s machines and allow you to quarantine them from the network.

It can also help to identify users who are downloading and running applications against security policy.

ESP can correlate resources on their network that have potential threats and allow an administrator to quickly understand the severity of a threat.


How to Qualify1. Has your company been affected by a worm or other security breach

that you are aware of ?

2. Do you have an incident response policy &/or team ?

3. How does your company measure and track risk profile of its digital assets ?

4. Do you have a policy regarding Peer-to-Peer applications, Instant Messaging, Chat and/or Open file sharing ?

5. What are the applications, systems & digital assets that are most critical to the business ?

6. Do you have a significant population of VPN Users ?

7. Do you currently have Intrusion DETECTION Systems deployed ?

8. Does your company have a 24x7x365 Security Operations Center ?

9. Do you have any trepidation related to deployment of proactive in-line protection ?

10. Do you support highly customized, internally developed or older legacy systems ?

11. Is the security posture of your company a key requirement or differentiator of your company to clients &/or business partners ?


Positioning IDP Network awareness

•ESP, Dashboard, Log investigator

•Closed loop investigation Comprehensive attack protection

•Multi method detection, signature customization, Open signature format

Management

•Rule based, firewall like, reporting, detailed feedback/drill dow

Flexibility

•Multiple deployment modes, Customization capabilities, ESP


How to FAIL Selling IDP

Sell on “Speeds & Feeds” Position As Commodity Product Let Product “Sell Itself” Limited Direct Customer Interaction Compete against Competitor’s Strength Drop off Evaluation Unit


Roadmap


Juniper NetScreen IDP RoadmapQ1 Q2 Q3 Q4

IDP SP Edge IDP-ERX-SDX integration PrototypeEnabling SPs to offer customers IDP scans, etc via router and IDP service linked via SDX

Malta1 Gig and less standalone IDP hardware refresh with networking platformsInternal Gigabit Copper FOShellCode Detection (industry unique false positive reduction)

VoIP Attack ProtectionVia extra decodes (SIP, etc)

NSM 2005-2: NSM Management of existing IDP and Malta (late Q3 to early Q4)Also IDP mgmt enhancements for existing IDP, Malta and ISG IDPIDP 4.0 (late Q3 to early Q4) Dynamic image loading New protocols: XML/SOAP, SQL, OracleCapability to detect encrypted attacks

ScreenOS – IDP

(for ISG platforms)

Multi-Gigabit IDP (Corsica) BetaUp to 2 Gig IDP (3 IDP blades on ISG 2000)1st in world integrated FW/VPN/IDP for enterprise perimeter (or internal)Very High-Performance Internal LAN “standalone” IDP with unmatched networking & virtualization support NSM managed

Multi-Gig IDP (Corsica) FCS

ISG 1000 No IDP blades yet but has IDP slots ready

NSM 2005-1Management and reporting enhancements for ISG 2000 IDP

Gig IDP on ISG 10001 Gig IDP (2 IDP blades on ISG1000)Integrated FW/VPN/IDP for perimeter of MB, smaller enterprises, LE with large BOs High-Performance Internal LAN “standalone” IDPNSM managed

Maxwell (DI Sig Packs)Improved DI for SMB via Sig Packs

Corsica Enhancements Corsica IDP session increase to 1 mil-Significant Corsica internal LAN IDP performance increase

Profiler Solution for ISGSeparate box potentially

Both Daily IDP Signature Updates1st in industry – sign of industry leading Juniper responsiveness

Productized SP Edge IDP-ERX-SDX integration

IDP Spyware “Phone-Home” Protection

Juniper Security Portal for IDP, DI and AV

Black – Program in development and schedule committedGreen – Phase0 (concept) approved; committed schedule being definedBlue -- Pre-Phase0 program; no schedule yet


IDP Spyware Protection Blocks spyware on clients and servers from causing

damage by preventing it from phoning home As a result, no sensitive information is transferred to

malicious parties from within the enterprise Administrators also have a record (IDP alert/log/etc)

of which machines have spyware on them The effect of spyware is stopped with this solution

and the enterprise is protected Constantly updated (via normal signature updates)

after release to protect against latest spyware threats

RELEASED


Daily IDP Signature Updates 1st in the industry Another sign of our focus and progress on attack responsiveness

and coverage Our belief that attack object updates need to be available to our

customers the very day they are made Hence, after much automation work, we are switching to an

aggressive release schedule of daily attack object updates, with additional emergency updates as needed

As in the past:• Send urgent notifications to its customers if an emergency update

becomes Available • Weekly email notification of the attack object updates and

administrators who still wish to update their devices once a week will still be able to do so without missing any important signatures

At Juniper we don't believe that Hackers will wait a week to attempt exploiting newly discovered vulnerabilities, and so we

don't believe we should wait a week before we offer our customers protection from these attempts

RELEASED


IDP Security Modules for ISG

Product Summary: IDP Security Blade for ISG-2000 and ISG-1000

Solution to 2 Enterprise Attack Prevention Customer Needs:•Integrated IDP at Gateway (IDP and FW/VPN)•High-Performance “standalone” Multi-Gig IDP for:

• Server Front End • Internal LAN• Standalone IDP Large Enterprise (multi-Gig) gateway deployments

Competitive Landscape:•Other major IDP players (McAfee, Tipping Point) do not have

integrated story (no fw/vpn/routing) so this is a big differentiator•For the high-performance standalone enterprise IDP market we

can now take on McAfee and Tipping Point (one of major reasons we did not get into large deals with multi-gig requirements previously) and have a superior solution

Integrated Best-of Breed Security + Networking in a Single PlatformIntegrated Best-of Breed Security + Networking in a Single Platform

RELEASED


Enterprise Integrated Security Appliance Landscape

FW ACL Full SI FW FW/VPN

BasicSignatures

PacketBased

Full Application Layer

Cisco PIX 7.0

Tipping PointCheck Point

on Nokia

Fortinet

McAfee

ISS

FW/VPN/IDP

Attack Protection

Enterprise Security Services Offered

Juniper Networks ISG 2000 with IDP

Juniper Networks DI

FW/VPN

Juniper Networks

IDP


Samoa: Juniper Networks ISG 1000Integrated Security Gateway with IDP

• NewNew ISG platform ISG platform •Expands the ISG family•Combines high performance and advanced networking

•Provides application/network level protection• Ideal Perimeter Security Solution

•Purpose-built, highly-integrated gigabit platform•Application rich software – complete with Security Zones, Virtual Systems, Dynamic Routing, High Availability and more

• High Performing•1 Gbps – Firewall, IPSec VPN and IDP (Intrusion Detection and Prevention)

•Next-gen security ASIC (GigaScreen³)•Best in class small packet performance

• New Levels of Modularity•Easily add more I/O ports to scale to network architecture•Add-on security modules extend security functionality


Summary IDP is one of the fastest growing markets in

the security industry Juniper is #1 in unit share and does

extremely well in the Medium Business and Enterprise

With the new products coming out this quarter Juniper will be making a major push to conquer the Large Enterprise & Service Provider as well

From spyware protection to unified management to integrated firewall/IDP to many more… we are rapidly becoming the application security leader with IDP


Questions ?


thankyou!


IPS Competitive


IPS Definitions Client-to-Server (c-s)

• Request side portion• Eg. “GET” request coming from a client

Server-to-Client (s-c)• Response side portion • Eg. in HTTP the web page and content returned from the server as a

result of a “GET” request.• Usually much larger than the client-to-server traffic in terms of byte

count• Usually turned on when protecting the WAN pipe (i.e. content requested

from an external source such as a public web server) Attack Severity

• Each vendor has its own rating system but in general all vendors rate them starting from “critical” and going down to “low” and “informational”

• Juniper uses 5 categories – critical, high, medium, low and informational.

• Juniper recommends all customers to enable critical and high attack prevention signatures at the very least – and also strongly recommends they enable medium signatures.


IPS Definitions Layer 7 IPS:

• Application and protocol aware and fully decodes Layer 7 protocols

• Pinpoints where to look for attacks by narrowing relevant search to specific parts of a Layer 7 communication

• 2 types:–One-Way Layer 7 IPS: Misses all attacks in one direction–Two-Way Layer 7 IPS: Detects and blocks attacks in both directions

Layer 4 IPS:• Just coarsely matches bits in a data stream to find attacks

regardless of application context• Not application or protocol (HTTP, IM, etc) aware and does not

“decode” protocols• No concept of Layer 7 connection state or direction


Competitive: Tipping Point (cont’d) Will Shutoff Attack Protection Without User Knowing or Wanting To

• When their CPU is stressed too much they automatically will turn off the signatures (letting those attacks through!)

• Many other cases where they will automatically let attacks through• For example, if a software filter fires too often and does not detect an attack –

they will turn it off automatically! Security by Obscurity

• Closed signatures so no one can see what they are doing • If they revealed them, customers would see the lack of sophistication and

accuracy of their signatures Not a Serious, To Be Trusted Security Company

• Issue press releases lying about capabilities and falsely defacing competitors, and then even when general public security community (N+I 2005 is on example) find out they are slow to issue retractment and apology statements

• Not a player in the other security areas – such as firewall, VPN, etc


Competitive: Tipping Point (cont’d) No integrated security story (fw/idp/vpn, etc)

• Rules them out from a large set of deals where integration of best-of-breed functionality from a Tier 1 security vendor is required

No Ability to deliver Application Awareness and Visibility• Since they do not decode many protocols and act like a L4 IPS default

they do not have the capability in the future or now to deliver on Application Awareness for the customer (like Juniper’s Profiler, Security Explorer, etc)

Known to Release Buggy Software and Hardware• Recent Hardware Example: Recalling every UnityOne 50 in the field to

replace the thumb drive. They have a very high failure rate.• Recent Software Example: Latest code 2.1 is unstable and if a beta

does not want to test DOS and new reporting then they will go with the older 1.4 code

No Sniffer Mode – inline only No real Service Provider Story

• We have the Top 25 SP’s as our customers – and we have an integrated solution with the SDX and E and M-Series and IDP solution


Competitive: McAfee (cont’d) Very complex, unscalable and unwieldy

management•Consistently rated as the worst in IPS management by customers and even they will admit this

•Analysts like Gartner say the same thing No integrated security story (fw/idp/vpn, etc)

•No real firewall, VPN, etc•Rules them out from a large set of deals where integration of best-of-breed functionality from a Tier 1 security vendor is required

Not a “Network” Security Player•A desktop player who is trying to understand how to build networking equipment and does not have the tribal knowledge or experience to do so


Competitive: McAfee (cont’d) We beat them on performance in the high-end

•Our UDP performance is 2x better than theirs (3-4 Gigs)•Our latencies for emerging applications like VoIP will beat

theirs as they do not have the experience here No real Service Provider Story

•We have the Top 25 SP’s as our customers – and we have an integrated solution with the SDX and E and M-Series and IDP solution

Known to destroy companies once they acquire them•Intruvert is no different – many of their engineers and others

are leaving McAfee•Kills their ability to innovate and they end up falling behind

with old technology


Competitive: ISS Unproven IPS Vendor

• Legacy IDS technology • Trying to morph this into an IPS – not a ground-up design• No knowledge of what it takes to operate inline as a true networking

device (not their core competence)• Software, PC-like IDS architecture lacks reliability and scalability for

mission critical networks• Did not even have most basic of networking functionality like HA – may

just now be starting to introduce first generation• Ideal candidate for “replacement program” as customers move to IPS

Security by Obscurity• Closed signatures – unwilling to show customers what they are doing to

detect attacks• Hence, impossible to understand how they detect attacks and prove

that they do it accurately


Competitive: ISS (cont’d) No integrated security story (fw/ips/vpn, etc)

•Rules them out from a large set of deals where integration of best-of-breed functionality from a Tier 1 security vendor is required

Very Poor Management•SiteProtector is unreliable and very difficult to install•Very hard to use and requires a long time to learn•Relies heavily on external Microsoft DB

• Potential additional cost for medium to large environments No real Service Provider Story

•We have the Top 25 SP’s as our customers – and we have an integrated solution with the SDX and E and M-Series and IDP solution


Competitive: Cisco Unproven IPS

• Juniper was 1st to market with an IPS and has more customers and IPS units out there than anyone

• Cisco just released their 1st IPS a few months ago• Very few customers who have tested and used their IPS• Not a Tier 1 IPS competitor• Morphed their IDS into an IPS – not a ground up IPS design

Low Attack Coverage and Unsophisticated Detection Mechanisms• Typically Cisco is heavy on searching for regular expressions via simple

signatures • No concept of compound signatures like us for complex attacks• No advanced detection mechanisms like honeypot• Limited protocol decodes and stateful signatures• Cisco IDS used to look for exploits (i.e. signatures after attack is known)

only - not actual vulnerabilities (i.e. even if no exploit was there) which is needed for new attack prevention


Competitive: Cisco (cont’d) Very poor performance

•PC architecture than cannot reach multi-gigabits

•Not optimized for emerging applications like VoIP like ISG with IDP is

•Known to overstate performance (IDSM-2 IDS on their Catalyst actually underdelivers by a lot

Security by Obscurity•Closed signatures – unwilling to show customers what they are

doing to detect attacks•Hence, impossible to understand how they detect attacks and

prove that they do it accurately


Competitive: Cisco (cont’d) Very Poor Management

• CiscoWorks VMS has very limited management and reporting capabilities

• No correlation, forensics, quick reports, etc…. No Ability to deliver Application Awareness and Visibility

• Just trying to perform basic IPS management – no capability of delivering innovative Layer 7 awareness like Profiler and Security Explorer

az rendezvényen bemutatott prezentáció """

Documents

juniper networks

juniper engineering

emerging technology

emerging technology

emerging technology

attacks firewalls

alarm copyright

attacks idses