Transcription

Data SheetJSA SERIES SECURE ANALYTICSProduct DescriptionJuniper Networks JSA Series Secure Analytics combine, analyze, and managean unparalleled set of surveillance data—network behavior, security events,vulnerability profiles, and threat information—to empower companies to efficientlymanage business operations on their networks from a single console.Product OverviewThe integrated approach of JSASeries Secure Analytics, used inconjunction with unparalleled datacollection, analysis, correlation,and auditing capabilities, enablesorganizations to quickly and easilyimplement a corporate-widesecurity management programthat delivers security bestpractices. These include superiorlog analytics with distributed logcollection and centralized viewing;threat analytics that provide realtime surveillance and detectioninformation; and compliancemanagement capabilities—allviewed and managed from a singleconsole. Log Analytics: JSA Series provides scalable log analytics by enabling distributedlog collection across an organization and a centralized view of the information. Threat Analytics: JSA Series provides an advanced network securitymanagement solution that bridges the gap between network and securityoperations to deliver real-time surveillance and detect complex IT-based threats. Compliance Management: JSA Series brings to enterprises, institutions, andagencies the accountability, transparency, and measurability—critical factors to thesuccess of any IT security program required to meet regulatory mandates. Vulnerability Management: Deployed as a standalone solution or working inconjunction with Threat Analytics, JSA Series can function as a full-featuredvulnerability scanner. Risk Management: JSA Series helps security professionals stay aheadof advanced threats by proactively quantifying risks from vulnerabilities,configuration errors and anomalous network activity, preventing attacks thattarget high-value assets and data. Security Director: The Junos Space Security Director application includes a “Block”button that, when clicked, automatically creates and deploys a firewall rule in theoptimal location within your rules base to remediate detected offenses.With preinstalled software, a hardened operating system, and a web-based setupprocess, the JSA Series lets you get your network security up and running quicklyand easily. The bottom line is simple deployment, fast implementation, and improvedsecurity, at a low total cost of ownership.Architecture and Key ComponentsJSA Secure Analytics AppliancesThe Juniper Networks Secure Analytics appliances provide a scalable solution forsecurity event management. The JSA7800 is an enterprise-class solution deployedas an all-in-one solution with integrated event collection, correlation and extensivereporting, or as a dedicated event and/or flow collector.JSA Virtual ApplianceJuniper Networks JSA Virtual Appliance (JSA VM) Secure Analytics is a virtualizedplatform that provides Secure Analytics functionality. JSA VM is designed to runwith VMWare ESX 5.0 and ESX 5.1, and requires a configuration with a minimumof two CPUs (1 socket x 2 cores or 2 sockets x 1 core) and 8GB of RAM. Itprocesses a maximum of 20,000 events per second or 600,000 flows per minute,with 16 cores and 24 GB of RAM.1

JSA Series Secure AnalyticsFeatures and BenefitsTable 1. JSA Series Secure Analytics Features and BenefitsFeaturesFeature DescriptionBenefitsAll-in-one appliancesEvent collection, flow collection event processing, flowprocessing, correlation, analysis, and reporting are allembedded within JSA Series Secure Analytics. All core functions are available within the system, making iteasy for users to deploy and manage in minutes.JSA Series can scale to large, distributed deployments that cansupport up to 5 million events per second. Users have the flexibility to scale to large deployments astheir business grows.Distributed support JSA Series architecture provides a streamlined solution forsecure and efficient log analytics. JSA Series can be easily deployed in large distributedenvironments.Security Director integrationJuniper Secure Analytics integrates with Junos Space SecurityDirector to block malicious IP addresses in an attack with asingle mouse click. Increases speed at which malware is blockedJSA Series utilizes SAS HDD in RAID 1, RAID 6, and RAID 10setups. SAS HDD is designed for 24x7 operations.Easy and quick installJSA Series comes with an easy, out-of-the-box setup wizard. Users can install and manage JSA Series appliances in acouple of steps.Automatic updatesSecure Analytics automatically downloads and deploysreputation feeds, parser updates, and patches. Users don’t need to worry about maintaining appliance andOS updates and patches.High availability (HA)Users can deploy all JSA Series appliances in HA mode Users can deploy JSA Series with full active/passiveredundancy to support all deployment scenarios, all-in-oneand distributed.Built-in compliance reportsOut-of-the-box compliance reports are included with the JSASeries. JSA Series provides 500 out-of-the-box compliancereports.Reporting and alerting capabilities forcontrol framework Control Objectives for Information and related Technology(CobiT) JSA Series enables repeatable compliance monitoring,reporting, and auditing processes.HDD implementation Reduces the expertise needed to harness the power of IBMQradar and Juniper Secure Analytics products RAID 1/10 implementation provides the best performanceand redundancy. International Organization for Standardization (ISO) ISO/IEC27002 (17799) Common Criteria (CC) (ISO/IEC 15408) NIST specialpublication 800-53 revision 1 and Federal InformationProcessing Standard (FIPS) 200Compliance-focused regulationworkflow Payment Card Industry Data Security Standard (PCI DSS) Health Insurance Portability and Accountability Act (HIPAA) Sarbanes-Oxley Act (SOX) Graham-Leach-Bliley Act (GLBA) JSA Series supports multiple regulations and security bestpractices. Includes compliance-driven report templates to meetspecific regulatory reporting and auditing requirements. Federal Information Security Management Act (FISMA)Management-level reports on overallsecurity stateThe JSA Series reports interface allows you to create,distribute, and manage reports generated in PDF, HTML, RTF,XML, or XLS formats. Users can use the report wizard to create executive andoperational level reports that combine network traffic andsecurity event data in a single report.One-stop supportJuniper Networks Technical Assistance Center (JTAC) supportsall aspects of the JSA Series. Users don’t need to go to several places to get support,even for multivendor issues.2

JSA Series Secure AnalyticsLog AnalyticsJSA Series provides a comprehensive log analytics framework that includes scalable and secure log analytics capabilities integratedwith real-time event correlation, policy monitoring, threat detection, and compliance reporting.Table 2. Log Analytics Features and BenefitsFeaturesFeature DescriptionBenefitsComprehensive log managementJSA Series delivers scalable and secure log analytics withstorage capabilities from GB to TB of data storage.Provides long-term collection, archival, search, and reportingof event logs, flow logs, and application data that enableslogging taxonomy from a centralized view.Comprehensive reportingJSA Series comes with 1,300 canned reports. Report Wizardallows users to customize and schedule daily, weekly, andmonthly reports that can be exported in PDF, HTML, RTF,Word, Excel, and XML formats.Provides users the convenience of canned reports and theflexibility to create and customize their reports according totheir business needs.Log management and reporting onlyoptionJSA Series provides a comprehensive log management andreporting solution with a distributed log analytics only solutionto collect, archive, customize, and analyze network securityevent logs.Allows users to start with a log management and reportingonly option and then upgrade to full-blown JSA Seriesfunctionality as their business need grows—without upgradingtheir existing hardware.Log retention and storageJSA Series database can easily archive logs and integratethem into an existing storage infrastructure for long-term logretention and hassle-free storage.Enables organizations to archive event and flow logs forwhatever time period is specified by a specific regulation.Tamper-proof data Event and flow logs are protected by SHA-x (1-256)hashing for tamper-proof log archives.Provides secure storage based on industry regulations. Support for extensive log file integrity checks including theNational Institute of Standards and Technology (NIST) logmanagement standards.Real-time event viewingData warehousingJSA Series allows users to monitor and investigate events inreal time or perform advanced searches. The event viewerindicates what events are correlated to offenses and whichare not. Users can quickly and effectively view and filter real-timeevents.JSA Series includes a purpose-built data warehouse for highspeed insertion and retrieval of data archive of all securitylogs, event logs, and network activity logs(flow logs).Enables full audit of all original events and flow contentwithout modification.Threat AnalyticsJSA Series Secure Analytics’ network security managementsolution takes an innovative approach to managing computerbased threats in the enterprise. Recognizing that discreteanalysis of security events is not enough to properly detectthreats, we developed the JSA Series to provide an integratedapproach to threat analytics that combines the use oftraditionally siloed information to more effectively detect andmanage today’s complex threats. Specific information that iscollected includes: Network Events: Events generated from networkedresources, including switches, routers, servers, anddesktops. Security Logs: Includes log data generated from securitydevices like firewalls, VPNs, intrusion detection/prevention, antivirus, identity management, andvulnerability scanners. Provides a flexible query engine that includes advancedaggregating capability and IT forensics. Host and Application Logs: Includes log data fromindustry-leading host operating systems (MicrosoftWindows, UNIX, and Linux) and from critical businessapplications (authentication, database, mail, and Web). Network and Application Flow Logs: Includes flow datagenerated by network devices and provides an ability tobuild network and protocol activity context. User and Asset Identity Information: Includesinformation from commonly used directories, includingActive Directory and Lightweight Directory AccessProtocol (LDAP). By incorporating patent pending“offense” management technology, this integratedinformation is normalized and correlated by the JSASeries, resulting in automated intelligence that quicklydetects, notifies, and responds to threats missed byother security solutions with isolated visibility.3

JSA Series Secure AnalyticsTable 3. Threat Analytics Features and BenefitsFeaturesFeature DescriptionBenefitsOut-of-the-box correlation rulesJSA Series correlation rules allow users to detect specific orsequential event flows or offenses. A rule consists of tests andfunctions that perform a response when events match. Provides hundreds of out-of-the-box correlation rules thatprovide immediate value.The offense manager allows you to investigate offenses,behaviors, anomalies, targets, and attackers on your network.The JSA Series can correlate events and network activity withtargets located across multiple networks in the same offenseand the same network incident. Allows users to effectively investigate each offense in theirnetwork.JSA Series associates or maps a normalized or raw event to ahigh-level and low-level category. Allows users to see real-time events mapped toappropriate categoriesOffense managementQID mappings Users can create their own rules by using the JSA Seriesrule wizard to generate automated alerts and enable realtime policy enforcement. Users can navigate the common interface to investigatethe event details to determine the unique events thatcaused the offense. Enables mapping of unknown device events to known JSASeries events in order to be categorized and correlatedappropriately.Historical profilingJSA Series collects and stores entire event data for later use,enabling extensive historical profiling for improved accuracy. Allows users to view historical data at any given point andprovides views into incident management and the trackingof events.JSA Series magistrateJSA Series magistrate component prioritizes the offenses andassigns a magnitude value based on several factors, includingthe number of events, severity, relevance, and credibility. Allows users to see prioritized security events rather thanlooking through thousands of log events.Offense manager APIJSA Series provides a set of open APIs to modify andconfigure incident management parameters like “create, close,and open.” Allows users to integrate third-party customer careapplications like Remedy and other ticketing solutions.Flow supportFlow support includes NetFlow, J-Flow, sFlow,and IPFIX Enables collection, visibility, and reporting of networktraffic. Enables users to see what events have the most impact ontheir business and respond quickly to threats. Includes Network Behavior Anomaly Detection (NBAD) todetect rough servers, and APTs based on network activity.Vulnerability ManagementAs a member of the JSA Series Secure Analytics network security management solution, Juniper Secure Analytics VulnerabilityManager helps organizations minimize the chances of a network security breach by proactively finding security weaknesses andmitigating potential risks. Organizations can discover and highlight high-risk vulnerabilities from an integrated dashboard andautomate regulatory compliance through powerful collection, correlation and reporting tools.Risk ManagementJuniper Secure Analytics Risk Manager is an integral component of a complete security intelligence solution, helping securityprofessionals detect and mitigate advanced threats. The ability to proactively quantify risk from vulnerabilities, configuration errors,anomalous network activity, and other outside threats can help organizations prevent exploits that target high-value assets and data.Table 4. Risk Management Features and BenefitsFeaturesFeature DescriptionBenefitsRisk Manager Topology ViewerEnables users to see network devices and their respectiverelationships, including subnets and links.Helps visualize current and potential network traffic patternswith a network topology model, based on security deviceconfigurations.Device configuration managementAutomates the collection, monitoring, and auditing of deviceconfigurations across an organization’s switches, routers,firewalls, and intrusion detection system/intrusion preventionsystem (IDS/IPS) devices.Provides centralized network security device management,reducing configuration errors and simplifying firewallperformance monitoring.Advanced investigative networktopology, traffic and forensics toolsTwo network visualization security tools provide unique,risk-focused, graphical representations of the network,providing network and security teams with critical vulnerabilityinformation before, during, and after an exploit.Quantifies and prioritizes risks with a policy engine thatcorrelates network topology, asset vulnerabilities, andactual network traffic, enabling risk-based remediation andfacilitating compliance.4

JSA Series Secure AnalyticsCompliance ManagementJSA7800Organizations of all sizes across every vertical market facea growing set of requirements from IT security regulatorymandates. Recognizing that compliance with a policy orregulation will evolve, many industry experts recommend acompliance program that can demonstrate and build upon thefollowing key factors:Dimensions and PowerDimensions (W x H x D)17.2 x 3.5 x 24.8 in(43.7 x 8.9 x 63 cm)Weight57 lb (25.85 kg)Rack mountable2U (rails and screws included)AC power supplyStandard: 920W high efficiency (94% )AC-DC redundant power; support hot-swapAC Input: - 100-240 V, 50-60 Hz, 11-4.4ADC power supplyOptional: 850W/1010W high efficiencyredundant DC to DC power supplySupport hot-swap850W: -36Vdc to -42Vdc, 30-25A1010W: -43 Vdc to -76 Vdc , 30 17LicensingFans3 x 8 cm 7K RPM, 4-pin PWM fansSecure Analytics is available in two different licensing options:Traffic ports2 x SFP 10GbE4 x RJ-45 GbEConsole port1 x RJ-45 DB9 serial console Accountability: Providing surveillance that reports on whodid what and when Transparency: Providing visibility into the security controls,business applications, and protected assets Measurability: Metrics and reporting around IT risks Log Analytics: Enables event searching, custom dashboards,and scheduled reporting Threat Analytics: All log analytics features flow support,advanced correlation, and vulnerability assessmentIntegrationEnvironmentOperating temperature32 to 104 F (0 to 40 C)Storage temperature-40 to 158 F (-40 to 70 C)Relative humidity (operating)5 to 90 percent noncondensingRelative humidity (storage)5 to 95 percent noncondensingAltitude (operating)6,500 ft maximumAltitude (storage)35,000 ft maximumCompliance and SafetySafety certificationsCSA 60950-1 Safety of InformationTechnology Equipment UL 60950-1 EN 60950-1JSA7800 IEC 60950-1Emissions certifications 47CFR Part 15, (FCC) Class A ICES-003 Class A EN 55022 Class A CISPR 22 Class A EN 55024 CISPR 24 EN 300 386 VCCI Class A AS/NZA CISPR22 Class A KN22 Class A CNS13438 Class A EN 61000-3-2 EN 61000-3-3WarrantyHardware one year and software 90 daysNEBSNoRoHSYes5

JSA Series Secure AnalyticsJSA7800Ordering InformationMaximum events per second(distributed collector)40,000Please contact your Juniper sales representative for the latestJSA Series ordering information.Flows per minute1.2 millionAbout Juniper NetworksCPU2 x Ten-CoreMemory128 GB RAMStorage16 x 2TB, 2.5’’, SAS RAID 6IOC slotsNonePSU920W AC (dual included),(DC optional)Note: Mixing AC and DC supplies NOTrecommended nor supportedHardware SpecificationsJSA VM SpecificationsJSA VM Allin-OneJSA VM DistributedMaximum EPS5,00020,000Flows per minute200,000600,000Juniper Networks brings simplicity to networking withproducts, solutions and services that connect the world.Through engineering innovation, we remove the constraintsand complexities of networking in the cloud era to solve thetoughest challenges our customers and partners face daily. AtJuniper Networks, we believe that the network is a resource forsharing knowledge and human advancement that changes theworld. We are committed to imagining groundbreaking ways todeliver automated, scalable and secure networks to move at thespeed of businessJuniper Networks Services and SupportJuniper Networks is the leader in performance-enablingservices designed to accelerate, extend, and optimize yourhigh-performance network. Our services allow you to maximizeoperational efficiency while reducing costs and minimizingrisk, achieving a faster time to value for your network. JuniperNetworks ensures operational excellence by optimizing thenetwork to maintain required levels of performance, reliability,and availability. For more details, please visit www.juniper.net/us/en/products-services.Corporate and Sales HeadquartersAPAC and EMEA HeadquartersJuniper Networks, Inc.Juniper Networks International B.V.1133 Innovation WayBoeing Avenue 240Sunnyvale, CA 94089 USA1119 PZ Schiphol-RijkPhone: 888.JUNIPER (888.586.4737)Amsterdam, The Netherlandsor 1.408.745.2000Phone: 31.207.125.700EXPLORE JUNIPERGet the App.www.juniper.netCopyright 2021 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, Junos, and other trademarks are registered trademarks ofJuniper Networks, Inc. and/or its affiliates in the United States and other countries. Other names