Transcription

Data SheetJSA Series SecureAnalyticsProduct OverviewProduct DescriptionThe integrated approach ofJuniper Networks JSA Series Secure Analytics combine, analyze, and manage anJSA Series Secure Analytics,unparalleled set of surveillance data—network behavior, security events, vulnerabilityused in conjunction withprofiles, and threat information—to empower companies to efficiently manage businessunparalleled data collection,operations on their networks from a single console.analysis, correlation, andauditing capabilities, enablesorganizations to quickly and easilyimplement a corporate-widesecurity management programthat delivers security bestpractices. These include superiorlog analytics with distributed log Log Analytics: JSA Series provides scalable log analytics by enabling distributed logcollection across an organization, and a centralized view of the information. Threat Analytics: JSA Series provides an advanced network security managementsolution that bridges the gap between network and security operations to deliver realtime surveillance and detect complex IT-based threats. Compliance Management: JSA Series brings to enterprises, institutions, and agenciescollection and centralized viewing;the accountability, transparency, and measurability that are critical factors to thethreat analytics that deliver real-success of any IT security program required to meet regulatory mandates.time surveillance and detectioninformation; and compliancemanagement capabilities—allviewed and managed from asingle console. Vulnerability Management: Deployed as a standalone solution or working in conjunctionwith Threat Analytics, JSA Series can function as a full-featured vulnerability scanner. Risk Management: JSA Series helps security professionals stay ahead of advancedthreats by proactively quantifying risks from vulnerabilities, configuration errors andanomalous network activity, preventing attacks that target high value assets and data.With preinstalled software, a hardened operating system, and a web-based setup process,the JSA Series lets you get your network security up and running quickly and easily. Thebottom line of the JSA Series is simple deployment, fast implementation, and improvedsecurity, at a low total cost of ownership.Architecture and Key ComponentsJSA Secure Analytics AppliancesThe Juniper Networks Secure Analytics appliances provide a scalable solution for securityevent management. The JSA3800 and JSA5800 are enterprise-class solutions that canbe deployed as an all-in-one solution with integrated event collection, correlation andextensive reporting, or as a dedicated event and/or flow collector. The JSA7500 is a carriergrade solution and is NEBS certified.JSA Virtual ApplianceJuniper Networks JSA Virtual Appliance (JSA VM) Secure Analytics is a virtualized platformthat provides Secure Analytics functionality. JSA VM is designed to run with VMWare ESX5.0 and ESX 5.1, and requires a configuration with a minimum of two CPUs (1 socket x 2cores or 2 sockets x 1 core) and 8GB of RAM. It processes a maximum of 20,000 eventsper second or 600,000 flows per minute, with 16 cores and 24 GB of RAM.1

JSA Series Secure AnalyticsData SheetFeatures and BenefitsTable 1. JSA Series Secure Analytics Features and BenefitsFeaturesFeature DescriptionBenefitsAll-in-one appliancesEvent collection, flow collection event processing,flow processing, correlation, analysis, and reportingare all embedded within JSA Series SecureAnalytics. All core functions are available within the systemand it is easy for users to deploy and manage inminutes. JSA Series architecture provides a streamlinedsolution for secure and efficient log analytics.Distributed supportJSA Series has the ability to scale to largedistributed deployments that can support up to 5million events per second. Users have the flexibility to scale to largedeployments as their business grows. JSA Series can be easily deployed in largedistributed environments.HDD implementationJSA Series utilizes SAS HDD in RAID 1 and RAID 10setups. SAS HDD is designed for 24x7 operations. RAID 1/10 implementation provides best possibleperformance and redundancy.Easy and quick installJSA Series comes with an easy, out-of-the-boxsetup wizard. Users can install and manage JSA Seriesappliances in a couple of steps.Automatic updatesSecure Analytics automatically downloads anddeploys reputation feeds, parser updates, andpatches. Users don’t need to worry about maintainingappliance and OS updates and patches.High availability (HA)Users can deploy all JSA Series appliances in HAmode Users can deploy JSA Series with full active/passive redundancy. This supports alldeployment scenarios, all-in-one and distributed.Built-in compliance reportsOut-of-the-box compliance reports are includedwith the JSA Series. JSA Series provides 500 out-of-the-boxcompliance reports.Reporting and alerting capabilitiesfor control framework Control Objectives for Information and relatedTechnology (CobiT) International Organization for Standardization(ISO) ISO/IEC 27002 (17799) Common Criteria (CC) (ISO/IEC 15408) NISTspecial publication 800-53 revision 1 and FederalInformation Processing Standard (FIPS) 200 JSA Series enables repeatable compliancemonitoring, reporting, and auditing processes.Compliance-focused regulationworkflow Payment Card Industry Data Security Standard(PCI DSS) Health Insurance Portability and AccountabilityAct (HIPAA) Sarbanes-Oxley Act (SOX) Graham-Leach-Bliley Act (GLBA) Federal Information Security Management Act (FISMA) JSA Series supports multiple regulations andsecurity best practices. Includes compliance-driven report templates tomeet specific regulatory reporting and auditingrequirements.Management-level reports onoverall security stateThe JSA Series reports interface allows you tocreate, distribute, and manage reports that aregenerated in PDF, HTML, RTF, XML, or XLS formats. Users can use the report wizard to createexecutive and operational level reports thatcombine any network traffic and security eventdata in a single report.One stop supportJuniper Networks Technical Assistance Center(JTAC) supports all aspects of the JSA Series. Users don’t need to go to several places to getsupport, even for multivendor issues.2

JSA Series Secure AnalyticsData SheetLog AnalyticsJSA Series provides a comprehensive log analytics framework that includes scalable and secure log analytics capabilities integratedwith real-time event correlation, policy monitoring, threat detection, and compliance reporting.Table 2. Log Analytics Features and BenefitsFeaturesFeature DescriptionBenefitsComprehensive log managementJSA Series delivers scalable and secure loganalytics with storage capabilities from GB to TB ofdata storage.Provides long term collection, archival, search, andreporting of event logs, flow logs, and applicationdata that enables logging taxonomy from acentralized view.Comprehensive reportingJSA Series comes with 1,300 canned reports.Report Wizard allows users to customize andschedule daily, weekly, and monthly reports thatcan be exported in PDF, HTML, RTF, Word, Excel,and XML formats.Provides users not only the convenience of cannedreports but also the flexibility to create andcustomize their own reports according to theirbusiness needs.Log management and reportingonly optionJSA Series provides a comprehensive logmanagement and reporting solution with adistributed log analytics only solution to collect,archive, customize, and analyze network securityevent logs.Allows users to start with a log management andreporting only option and then upgrade to fullblown JSA Series functionality as their businessneed grows—without upgrading their existinghardware.Log retention and storageJSA Series database can easily archive logs andintegrate into an existing storage infrastructure forlong-term log retention and hassle-free storage.Enables organizations to archive event and flowlogs for whatever time period is specified by aspecific regulation.Tamperproof data Event and flow logs are protected by SHA-x (1256) hashing for tamper proof log archives. Support of extensive log file integrity checksincluding National Institute of Standards andTechnology (NIST) log management standards.Provides secure storage based on industryregulations.Real-time event viewingJSA Series allows users to monitor and investigateevents in real time or perform advanced searches.The event viewer indicates what events are beingcorrelated to offenses and which are not. Users have the ability to quickly and effectivelyview and filter real-time events. Provides a flexible query engine that includesadvanced aggregating capability and ITforensics.Data warehousingJSA Series includes a purpose-built datawarehouse for high speed insertion and retrievalof data archive of all security logs, event logs, andnetwork activity logs(flow logs).Enables full audit of all original events and flowcontent without modification.Threat Analytics Host and Application Logs: Includes log data fromJSA Series Secure Analytics’ network security managementindustry-leading host operating systems (Microsoftsolution takes an innovative approach to managing computer-Windows, UNIX, and Linux) and from critical businessbased threats in the enterprise. Recognizing that discrete analysisapplications (authentication, database, mail, and Web).of security events is not enough to properly detect threats, the Network and Application Flow Logs: Includes flow dataJSA Series was developed to provide an integrated approachgenerated by network devices and provides an ability toto threat analytics that combines the use of traditionally siloedbuild a context of network and protocol activity.information to more effectively detect and manage today’scomplex threats. Specific information that is collected includes: Network Events: Events generated from networkedresources, including switches, routers, servers, and desktops. Security Logs: Includes log data generated from securitydevices like firewalls, VPNs, intrusion detection/prevention,antivirus, identity management, and vulnerability scanners. User and Asset Identity Information: Includesinformation from commonly used directories, includingActive Directory and Lightweight Directory Access Protocol(LDAP). By incorporating patent pending “offense”management technology, this integrated information isnormalized and correlated by the JSA Series, resulting inautomated intelligence that quickly detects, notifies, andresponds to threats missed by other security solutionswith isolated visibility.3

JSA Series Secure AnalyticsData SheetTable 3. Threat Analytics Features and BenefitsFeaturesFeature DescriptionBenefitsOut-of-the-box correlation rulesJSA Series correlation rules allow users to detectspecific or sequential event flows or offenses. Arule consists of tests and functions that perform aresponse when events match. Provides hundreds of out-of-the-box correlationrules that provide immediate value. Users can create their own rules by using the JSASeries rule wizard to generate automated alertsand enable real-time policy enforcement.Offense managementThe offense manager allows you to investigateoffenses, behaviors, anomalies, targets, andattackers on your network. The JSA Series cancorrelate events and network activity with targetslocated across multiple networks in the sameoffense and ultimately the same network incident. This allows users to effectively investigate eachoffense in their network. Users can navigate the common interface toinvestigate the event details to determine theunique events that caused the offense.QID mappingsJSA Series associates or maps a normalized or rawevent to a high-level and low-level category. Allows users to see real-time events mapped toappropriate categories This enables the mapping of unknown deviceevents to known JSA Series events in order to becategorized and correlated appropriately.Historical profilingJSA Series collects and stores entire event datafor later use, enabling extensive use of historicalprofiling for improved accuracy. Allows users to view historical data at any givenpoint as well as views into incident managementand the tracking of events.JSA Series magistrateJSA Series magistrate component prioritizes theoffenses and assigns a magnitude value based onseveral factors that include the number of events,severity, relevance, and credibility. Allows users to see prioritized security eventsrather than looking through thousands of logevents. Enables users to see what events have the mostimpact on their business and respond quickly tothreats.Offense manager APIJSA Series provides a set of open APIs to modifyand configure incident management parameterslike “create, close, and open.” Allows users to integrate third-party customercare applications like Remedy and otherticketing solutions.Flow supportFlow support includes NetFlow, J-Flow, sFlow,and IPFIX Enables collection, visibility, and reporting ofnetwork traffic. Includes Network Behavior Anomaly Detection(NBAD) to detect rough servers, and APTs basedon network activity.Vulnerability ManagementAs a member of the JSA Series Secure Analytics network security management solution, Juniper Secure Analytics VulnerabilityManager helps organizations minimize the chances of a network security breach by proactively finding security weaknesses andmitigating potential risks. Using Juniper Secure Analytics Vulnerability Manager, organizations can perform rapid network scans,discover and highlight high-risk vulnerabilities from an integrated dashboard, and automate regulatory compliance through powerfulcollection, correlation and reporting tools.Table 4: Vulnerability Management Features and BenefitsFeaturesFeature DescriptionBenefitsVulnerability overviewJuniper Secure Analytics Vulnerability Managermaintains a current view of all discoveredvulnerabilities, including details such as when theywere found, when they were last seen, what scanjobs reported them, and to whom the vulnerabilitywas assigned for remediation or mitigation.Provides the insight needed to make informeddecisions.Vulnerability dashboardThe vulnerability dashboard provides a single,integrated view into multiple vulnerabilityassessment feeds and threat intelligence sources,allowing security teams to quickly identifyexposures that pose the greatest risks.Makes it easy to identify and prioritizevulnerabilities.Rapid network scansScans can be scheduled or performed dynamicallyto identify and locate security weaknesses tominimize risks.Allows network vulnerabilities to be quickly found,analyzed and remediated.Automated regulatorycomplianceConducts regular network scans and maintainsdetailed audit trails to facilitate compliance withfederal or industry regulations.Makes compliance easy and automatic.4

JSA Series Secure AnalyticsData SheetRisk ManagementJuniper Secure Analytics Risk Manager is an integral component of a complete security intelligence solution, helping securityprofessionals detect and mitigate advanced threats. The ability to proactively quantify risk from vulnerabilities, configuration errors,anomalous network activity, and other outside threats can help organizations prevent exploits that target high-value assets and data.Table 5. Risk Management Features and BenefitsFeaturesFeature DescriptionBenefitsRisk Manager Topology ViewerEnables users to see network devices and theirrespective relationships, including subnets andlinks.Helps visualize current and potential network trafficpatterns with a network topology model, based onsecurity device configurations.Device configurationmanagementAutomates the collection, monitoring, and auditingof device configurations across an organization’sswitches, routers, firewalls, and intrusion detectionsystem/intrusion prevention system (IDS/IPS)devices.Provides centralized network security devicemanagement, reducing configuration errors andsimplifying firewall performance monitoring.Advanced investigative networktopology, traffic and forensicstoolsTwo network visualization security tools provideunique, risk-focused, graphical representations ofthe network, providing network and security teamswith critical vulnerability information before, during,and after an exploit.Quantifies and prioritizes risks with a policyengine that correlates network topology, assetvulnerabilities, and actual network traffic, enablingrisk-based remediation and facilitating compliance.Compliance ManagementLicensingOrganizations of all sizes across almost every vertical marketSecure Analytics is available in two different licensing options:face a growing set of requirements from IT security regulatory Log Analytics: Enables event searching, custom dashboards,mandates. Recognizing that compliance with a policy orand scheduled reportingregulation will evolve over time, many industry experts Threat Analytics: All log analytics features flow support,recommend a compliance program that can demonstrate andadvanced correlation, and vulnerability assessmentbuild upon the following key factors:Integration Accountability: Providing surveillance that reports on who didwhat and when Transparency: Providing visibility into the security controls,business applications, and assets that are being protected Measurability: Metrics and reporting around IT risksJSA3800JSA5800JSA75005

JSA Series Secure AnalyticsData SheetJSA3800JSA5800JSA7500Dimensions (W x H x D)17.2 x 1.7 x 23.5 in(43.7 x 4.3 x 56.7 cm)17.2 x 3.5 x 24.8 in(43.7 x 8.9 x 63 cm)17.2 x 3.5 x 23.5 in(43.7 x 8.9 x 56.7 cm)Weight28 lb (12.7 kg)42 lb (19 kg)63 lb (28.6 kg)Rack mountable1U (rails and screws included)2U (rails and screws included)2U (rails and screws included)AC power supplyStandard: 650W high-efficiencyAC-DC Redundant power: Supporthot-swapAC Input: - 100-127 V, 7.8 Amp;- 200-240 V, 3.8 Amp, 60/50 HzStandard: 920W high-efficiency(94% )AC-DC redundant power; supporthot-swapAC Input: - 100-240 V, 50-60 Hz,11-4.4 AmpOptional: 750W high-efficiency ACDC hot swap dual redundant powermoduleAC input: 100-240 V, 50-60 Hz,10-6 AmpDC output: 3 Amp @ 5V standby;62.5 Amp @ 12VDC power supplyOptional: 650W high-efficiencyredundant DC to DC power supplySupport hot-swap.DC Input: -44Vdc to -72Vdc, 20A(max)Optional: 850W/1010W highefficiency redundant DC to DCpower supplySupport hot-swap.DC Input: 850W: -35Vdc to-42Vdc, 30-25AStandard: 750 W DC power moduleDC input: 45 to -60 Vdc, 40A (max)DC output: 3 Amp @ 5V standby;62.5 Amp @ 12VFans4 x 5.6 cm counter-rotating PWMfans3 x 8 cm 9.5K RPM, 4-pin PWM fansAir intake from front and exhauststo rear of unit; 6 x 80 mm redundanthot swap fansTraffic ports2x SFP 10GbE4x RJ-45 GbE2x SFP 10GbE4x RJ-45 GbE4 x RJ-45 10/100/10002 x IOC slots 2/3 heightConsole port1 x RJ-45 DB9 serial console1 x RJ-45 DB9 serial console1 x RJ-45 serial consoleOperating temperature50 to 104 F (10 to 40 C)50 to 104 F (10 to 40 C)Normal: 41 to 104 F(5 to 40 C),Short-term: 23 to 131 F(-5 to 55 C )Storage temperature-40 to 158 F (-40 to 70 C)-40 to 158 F (-40 to 70 C)-40 to 158 F (-40 to 70 C)Relative humidity(operating)8 to 90 percent noncondensing8 to 90 percent noncondensing8 to 90 percent noncondensingRelative humidity (storage)5 to 95 percent noncondensing5 to 95 percent noncondensing5 to 95 percent noncondensingAltitude (operating)6,500 ft maximum6,500 ft maximum10,000 ft maximumAltitude (storage)35,000 ft maximum35,000 ft maximum40,000 ft maximumDimensions and PowerEnvironmentCompliance and SafetySafety certificationsCSA 60950-1 Safety of InformationTechnology Equipment UL 60950-1 EN 60950-1 IEC 60950-1CSA 60950-1 Safety of InformationTechnology Equipment UL 60950-1 EN 60950-1 IEC 60950-1CAN/CSA-C22.2 No. 60950-1-03 UL60950-1:2003 EN60950-1:2001 A11 IEC 60950-1:2001Emissions certifications WarrantyHardware one year and software90 daysHardware one year and software90 daysHardware one