Juniper JATP400
A cloudbased service or on-premises appliance that provides complete advanced malware detection and prevention.
Overview:
The JATP400 is a 1 U appliance that delivers up to 50,000 object detonations per day. It's purpose-built for organizations that need distributed detection of Web, e-mail, and lateral threats across the enterprise.
Customers looking to identify and block known and unknown threats can add Juniper Networks® Advanced Threat Prevention (ATP) to their Juniper Networks SRX Series Services Gateways. Juniper ATP uses machine learning to find and block both known and unknown cyberthreats, analyzing files and network traffic looking for signs of malicious behavior. ATP can uncover zero-day malware threats and malicious connections, including botnets and C&C servers hiding in encrypted traffic. Using SecIntel, Juniper's curated security intelligence feeds, ATP stops these threats in their tracks by enforcing protection mechanisms at all network connection points.
Advanced Threat Prevention Cloud
Deployed as an add-on license to an SRX Series Services Gateway, ATP Cloud uses a combination of static and dynamic analysis and machine learning to quickly identify unknown threats, either downloaded from the web or sent via e-mail, and delivers a file verdict and risk score back to the SRX Series firewall to enable blocking at the network level. In addition, ATP Cloud delivers SecIntel security intelligence consisting of malicious domains, URLs, and IP addresses gathered from file analysis, Juniper Threat Labs research, and highly reputable third-party threat feeds. These feeds are collected and distributed to SRX Series firewalls and Juniper Networks MX Series Universal Routing Platforms to automatically block command-and-control communications, making it more difficult to wage a successful attack on the organization. ATP Cloud includes its own management portal configuration management, licensing, and reporting.
Architecture and Key Components:
Juniper ATP leverages Juniper's next-generation SRX Series firewalls for traffic routing and visibility while offering cloud management of threat, configuration, and reporting.
The Juniper ATP Cloud identifies web-based or e-mail-borne threats. Using the SSL decryption capabilities of the SRX Series firewalls, any malware transmitted in encrypted sessions can also be easily identified. Support for SMTP and IMAP e-mail protocols allows Juniper ATP Cloud to examine e-mails for malicious attachments and quarantine e-mails that might pose a threat to the end user.
Juniper ATP Cloud utilizes public cloud infrastructure to deliver flexible and scalable file analysis and threat identification. All communications between the SRX Series firewall and the cloud are secure, conducted over encrypted connections on both sides. Files uploaded to the cloud for processing are destroyed afterward to ensure privacy
Juniper ATP Cloud is available globally, with the service delivered from data centers in North America (U.S. and Canada), EMEA, and APAC. This allows customers in these regions to benefit from the cloud-based threat prevention and intelligence services while addressing customers' data localization and data privacy concerns. Data submitted in a particular region will be processed in that region and will not leave its geographic boundaries. Customers have greater control over the location of the data, helping them comply with regulatory and privacy requirements.
Features and Benefits:
| Feature | Feature Description |
|---|---|
| SecIntel | SecIntel provides curated security intelligence in the form of threat feeds that include malicious domains, URLs, and IP addresses used in known attack campaigns. SecIntel also enables customers to feed and distribute their own threat intelligence for in-line blocking. This information is provided to an SRX Series firewall and, in some cases, Juniper Networks MX Series Universal Routing Platforms and Juniper Networks EX Series and QFX Series switches to identify and block known threats. |
| Malware Analysis | Malware analysis consists of both static and dynamic analysis of files downloaded from the Web or distributed over e-mail in order to identify malicious content, and to detect whether the file tries to contact a Command and Control (C&C) server to install a malicious payload. If no threat is detected, the file will be downloaded or delivered to the recipient. If malware or grayware is detected, the SRX Series firewall can block the download or prevent the e-mail from being delivered. Juniper ATP can analyze files and executables for Windows Versions 7 and 10, Mac, Linux, and Android. Customers who create their own custom corporate Windows images can upload those images to the JATP Appliance. |
| Encrypted Traffic Insights | Encrypted Traffic Insights restores visibility that was lost due to encrypted traffic, without the heavy burden of full TLS/SSL decryption. SRX Series firewalls collect the relevant SSL/TLS connection data, including certificates used, cipher suites negotiated, and connection behavior. This information is processed by Juniper ATP Cloud, which uses network behavioral analysis and machine learning to determine whether the connection is benign or malicious. For encrypted traffic identified as malicious, policies configured on the SRX Series firewall can be used to block those threats. |
| Attack Analytics | The analytics view provides a window into what is happening, letting security operations employees see correlated threat activity occurring inside their network in order to quickly identify high-priority threats, understand how to respond, and/or potentially quarantine to remediate the outbreak. |
| Prevention and Mitigation | Malicious outbreaks can be blocked inline with a physical or virtual SRX Series firewall or detected and logged via a network tap with third-party firewalls. To prevent the lateral spread of threats, Juniper ATP integrates with existing network access control (NAC) solutions to quarantine an infected host or drop it from the network until the infection can be remediated. Additionally, Juniper ATP's SecIntel threat feeds can also integrate with MX Series routers and EX Series and QFX Series switches |
| Automation | To help security operations personnel reduce the manual load of host or endpoint identification, Juniper ATP can triangulate IP addresses with media access control (MAC) addresses to identify the infected machine or host. To automate prevention capabilities, Juniper ATP can integrate with third-party firewalls, switches, and wireless technology to block users or quarantine hosts until the threat can be neutralized. This applies to SRX Series firewalls, MX Series routers, and EX Series and QFX Series switches. Automation simplifies deployment by allowing organizations to set and define policies across a group of disparate systems rather than setting individual policies on each device. |
| Adaptive Threat Profiling | To better combat the continuous onslaught of new threats, organizations can use ATP Cloud's Adaptive Threat Profiling to automatically create security intelligence threat feeds based on who and what is currently attacking the network. Adaptive Threat Profiling leverages Juniper Security Services to classify endpoint behavior and build custom threat intelligence feeds that can then be used for further inspection or blocking at multiple enforcement points, giving organizations the power to respond to attacks in real time. |
Specification
| JATP400 | JATP700 | |
|---|---|---|
| Dimensions (WxHxD) | 17.2x1.7x25.6 in (43.7x4.3x65 cm) | 17.2x3.5x24.8 in (43.7x8.9x63 cm) |
| Maximum Weight | 36 lbs (16.33 kg) | 42 lbs (19 kg) |
| Power Options | Standard AC 500W, DC 650W redundant power, support hot swap
AC Input: 100-240 V, 50-60 Hz, 9-4 A DC Input: 650W: -42 to -72 V DC, 18-11 A |
Standard: 920W high-efficiency (94%+) AC-DC redundant power; support hot swap
AC Input: 100-240 V, 50-60 Hz, 11-4.5 A DC Input: 850 W: -35 to -42 V DC, 30-25 A |
| Operating Temperature | 32° to 104° F (0° to 40° C) | 50° to 104° F (10° to 40° C) |
| Humidity | 8 to 90 percent noncondensing | |
| Altitude | 6500 ft maximum | |
| Hard Drives | 4 x 2 TB 3.5 in HDD RAID 6 | 8 x 900 GB 2.5 in 10K SAS RAID 10 |
| Memory | 32 GB | 128 GB |
| Rack Mountable | 1 U | 2 U |
| Cooling | 4 x 4 cm 13K RPM fans | 3 x 8 cm 9.5K RPM, 4-pin PWM fans |
| Traffic Ports | 2x SFP+ 10GbE, 4x RJ-45 GbE | |
| Console Port | 1x DB9 serial console | 1x RJ-45 DB9 serial console |
Documentation:
Download the Juniper Advanced Threat Prevention Data Sheet (PDF).