The Juniper Networks network security system includes: SA Series SSL VPN Appliances, IDP Series Intrusion Detection and Prevention Appliances and the SRX Series Services Gateways.
Most Comprehensive Attack Coverage AvailableJuniper Networks® IDP Series Intrusion Detection and Prevention Appliances with Multi-Method Detection (MMD), offers comprehensive coverage by leveraging multiple detection mechanisms. For example, by utilizing signatures, as well as other detection methods including protocol anomaly traffic anomaly detection, the Juniper Networks IDP Series appliances can thwart known attacks as well as possible future variations of the attack. Backed by Juniper Networks Security Lab, signatures for detection of new attacks are generated on a daily basis. Working very closely with many software vendors to assess new vulnerabilities, it’s not uncommon for IDP Series to be equipped to thwart attacks which have not yet occurred. Such day-zero coverage ensures that you’re not merely reacting to new attacks, but proactively securing your network from future attacks.
Minimizing False Positives, Increasing Peace of MindOne of the top concerns in deployment of any IDP solution is false positives. Incorrectly identifying valid access and traffic as an attack could at times be just as damaging as a true attack. Critical business activities can be delayed and additional IT resources needed to investigate and determine the nature of the false positives. Juniper Networks IDP Series with Stateful Signature Detection dramatically reduces false positives by examining the traffic in the context of the application. With full understanding of the application and its relevant traffic, the IDP Series can pinpoint the signature pattern-matching to the exact location where an attack can occur. This application layer intelligence dramatically reduces the number of false positives compared to IDP platforms utilizing traditional non-stateful signature detection. In addition to the improved accuracy of the detection, the throughput of the solution is also optimized as the pattern detection is applied only to relevant network traffic.
Real-World Performance Without Sacrificing Security Network throughput capacity of IDP platforms by itself often lends very little to the true performance of the appliance in a real-world environment. Many IDP platforms can exhibit very high throughput when only few attacks are being monitored. When more and more attack detections are enabled, the overall throughput can degrade. Also, while some appliances ship with default coverage settings optimized for performance, these settings often do not include the necessary attack coverage necessary in real-world deployments. The throughput of Juniper Networks IDP Series appliances span wide range enterprise and service provider needs from 150 Mbps to 10 Gbps. All performance measurements are conducted in real-world deployment scenarios and are indicative of performance customers can expect when installing the IDP Series in their network.