Juniper Networks Advanced Threat Prevention Appliance is a distributed software platform that combines advanced threat detection, consolidated security analytics, and one-touch threat mitigation to protect organizations from cyber attacks and improve the productivity of security teams. The ATP Appliance detects threats across web, e-mail, and lateral traffic. Additionally, it can ingest logs from security devices and apply contextual analysis to present a consolidated view of all threats in the environment.
Organizations worldwide face security and productivity challenges every day. Zero-day malware often goes undetected because traditional security devices, which rely on signaturebased detection, can't see it. Adding to the problem, security teams-overwhelmed by large volumes of alerts-often fail to recognize and act on critical incidents.
The Juniper Networks® Advanced Threat Prevention Appliance provides continuous, multistage detection and analysis of Web, e-mail, and lateral spread traffic moving through the network. It collects information from multiple attack vectors, using advanced machine learning and behavioral analysis technologies to identify advanced threats in as little as 15 seconds. Those threats are then combined with data collected from other security tools in the network, analyzed, and correlated, creating a consolidated timeline view of all malware events related to an infected host. Once threats are identified, "one-touch" policy updates are pushed to inline tools to protect against a recurrence of advanced attacks.
The detection component of the ATP Appliance monitors network traffic to identify threats as they progress through the kill chain, detecting phishing, exploits, malware downloads, command and control communications, and internal threats. A multistage threat analysis process, which includes static, payload, machine learning, and behavior, as well as malware reputation analysis, continuously adapts to the changing threat landscape leveraging Juniper's Global Security Service, a cloud-based service that offers the latest threat detection and mitigation information produced by a team of security researchers, data scientists, and ethical hackers.
The threat analytics component of the ATP Appliance offers a holistic view of identity and threat activity gathered from a diverse set of sources such as Active Directory, endpoint antivirus, firewalls, secure Web gateways, intrusion detection systems, and endpoint detection and response tools. The analytics component looks at data from these sources, identifies advanced malicious traits, and correlates the events to provide complete visibility into a threat's kill chain. Security analysts receive a comprehensive host and user timeline that depicts how the events that occurred on a host or user unfolded. The timeline enhances the productivity of Tier 1 and Tier 2 security analysts who work on triaging and investigating malware incidents.
The ATP Appliance can integrate with other security devices to mitigate threats, giving users the ability to automatically quarantine e-mails on Google and Office 365 using REST APIs. Communications between the infected endpoint and the command and control servers are blocked by pushing malicious IP addresses to firewall devices. Integration with network access control devices can isolate infected hosts. The ATP Appliance's open API architecture also allows it to integrate with a number of third-party security vendors such as Cisco, Palo Alto Networks, Fortinet, Bluecoat, Check Point, Carbon Black, and Bradford, among others.