Solution Brief

Extending Enterprise Security to Microsoft Azure Deployments

Security for an Ever-Evolving Market

Challenge The migration to public cloud is accelerating rapidly, due mainly to its ability to deploy Enterprises are increasingly across geographies; its flexibility, scalability, and simplicity; and its pay-per-use model migrating to public or hybrid and low upfront costs. However, enterprises with heavy investments in private data cloud deployments, creating centers and concerns about the security of public clouds tend to favor a hybrid approach, an immediate need to extend leveraging a combination of public clouds and existing physical data centers and private the level of security found in clouds. Regardless, moving to the cloud poses certain risks that need to be addressed to traditional networks to the new ensure that an organization’s network is protected. cloud landscape. Solution The Challenge With a broad portfolio of No new technology is without its pitfalls, and the cloud is no exception. When data no physical and virtual firewalls, centralized single-pane-of-glass longer resides behind an on-premise firewall, as is the case with public and hybrid clouds, it management solutions, and introduces new risks that need to be taken into account. Additionally, as customers adopt threat intelligence, Juniper helps a multicloud approach to ensure access to best-of-breed solutions, it becomes more enterprises seamlessly secure important than ever to centrally manage security policies. their physical data centers, private clouds, and public Microsoft Azure, one of the industry’s fastest growing cloud platforms, places significant clouds by extending simple yet emphasis on security. Juniper and Microsoft have joined forces to augment Azure’s defensive comprehensive protection to the capabilities with advanced L7 features such as application firewall, intrusion prevention ever-evolving market. system (IPS), and advanced threat prevention, providing customers with comprehensive Benefits security for their Azure deployments. The joint Juniper-Microsoft solution also addresses the • Significant CapEx and OpEx needs of traditional physical deployments whose security administrators want to extend savings through investment their policies to a public, hybrid, or multicloud deployment mode. protection, lower TCO, and lower learning costs Public Cloud • Simple, intuitive management The popularity of public clouds is no longer restricted to the startup world; their adoption for enforcing and monitoring has spread across the full business spectrum to include large enterprises as well. Microsoft security across public and Azure is one of the fastest growing cloud platforms, featuring a large number of data center hybrid clouds regions and seamless support for hybrid cloud deployments. Microsoft’s quarter-over- • Extension of security policies quarter revenue growth, combined with the impressive number of large enterprises who and technologies used in have joined their customer list, are clear indicators of their traction in the market. physical data centers to public and hybrid clouds Today, deploying a physical data center with dedicated administrative staff no longer • Reduction in the number of makes economic sense for most enterprises. Instead, they typically opt for one of the more proprietary, feature-limited popular cloud platforms, deploy their infrastructure, and hire DevOps personnel in place of public cloud elements to traditional network or security teams. deploy and manage While DevOps resources offer a mix of development and operational experience, they typically lack security expertise. They are expected to possess good scripting skills and are usually tasked with additional responsibilities such as software build management. Since network security is only a small part of their job description, DevOps individuals need a simple security solution they can easily configure, monitor, and upgrade. With the rise of infrastructure automation platforms such as Chef and Puppet, programmability is top of mind with every DevOps team and a serious requirement for any security platform.

1 Extending Enterprise Security to Microsoft Azure Deployments Solution Brief

Hybrid Cloud -- ­ User-based firewalls to analyze, log, and enforce access Enterprises that want to move to the cloud but have invested control based on user roles and groups heavily in physical data centers prefer the hybrid cloud model, -- ­ Application control and visibility with integrated Juniper which allows them to leverage the flexibility and economics Networks AppSecure 2.0 to provide application-level of public cloud while maintaining more control. Also, some analysis, prioritization, and blocking to safely enable enterprises are legally required to hold certain data on premise; a applications hybrid approach allows extremely sensitive data to be stored in -- ­ Antivirus, antispam, and Web and content filtering with private data centers while offloading the rest to the cloud. UTM to protect against viruses, spam, and malicious Migrating to a hybrid cloud is not without its own set of URLs and content challenges. New security policies must be set up for the -- ­ Support for Linux KVM, VMware, AWS, and Azure public cloud deployment, adding management overhead and platforms (vSRX) introducing discrepancies between the physical data center • Juniper Sky™ Advanced Threat Prevention, a cloud-based and the cloud. Additionally, hiring cloud professionals or training advanced anti-malware service with dynamic analysis existing personnel for cloud security adds to operational (sandboxing) to protect against sophisticated malware. expenses and takes time. Integrated with SRX Series and vSRX physical and virtual The Juniper Networks Public and Hybrid firewalls, Juniper Sky ATP provides built-in machine learning Cloud Security Solution to improve verdict efficacy and decrease time to remediation. • Juniper Networks Junos® Space Security Director, which Juniper Networks offers a broad portfolio of products that work provides centralized, single-pane-of-glass management to together to address the unique concerns of securing public deploy, monitor, and configure security features and policies and hybrid cloud environments. The major components of this across all SRX Series and vSRX firewalls in the network. solution are: Policy Enforcer, a component of Security Director, provides ® • Juniper Networks SRX Series Services Gateways and an additional level of centralized intelligence for deploying Juniper Networks vSRX Virtual Firewall with integrated next- and enforcing security policies on multivendor network generation and unified threat management (UTM), which elements such as switches, routers, Wi-Fi access points, deliver: and the like. Security Director includes a customizable -- ­ Core firewall functionality with IPsec VPN and feature- dashboard with detailed drill-downs, threat maps, and rich networking services such as Network Address event logs, providing unprecedented visibility into network Translation (NAT) and routing security measures. It is also available as a mobile app for Google’s Android and Apple’s iOS systems to enable remote -- ­ Intrusion prevention system (IPS) 2.0 to detect and block mobile monitoring. network intrusions

User Firewall

Juniper Threat Defense Internet Intrusion Prevention Internet Juniper Sky ATP

Unified Threat Management Internet Gateway Internet Gateway App Secure

Advanced Threat vSRX Prevention VM VM VM VM VPN Termination Cloud Infrastructure VM VM VM VM

Carrier-Class Routing Cloud Infrastructure

Figure 1: vSRX Virtual Firewall in a simple Microsoft Azure public cloud deployment

2 Extending Enterprise Security to Microsoft Azure Deployments Solution Brief

Juniper’s Solution for Securing and • Junos Space Security Director centrally manages all security Simplifying Deployment in the Public Cloud policies across the infrastructure. The vSRX virtual firewalls with Microsoft Azure deployed in remote data centers register with Security Director, whether installed at headquarters or in the cloud. Let’s take a look at a simple Azure deployment featuring one • Once security policies are pushed to the remote vSRX virtual network (VNET) with an Internet gateway and several virtual firewalls, application data is synchronized across all virtual machine (VM) instances and see how Juniper delivers data centers. comprehensive security for the cloud. In a simple cloud • New security policies are centrally added or updated from deployment, a vSRX can be added to the virtual network to Security Director and deployed across all data centers. facilitate VPN termination and advanced security services. Key Benefits Delivered by Juniper Security Expanding the Juniper Solution to Secure Solutions the Hybrid Cloud: Real-World Use Cases Juniper security solutions deliver the following benefits in both The following Juniper security solutions can be deployed to public and hybrid cloud environments. provide security for both enterprise expansion and workload distribution use cases. • Unified intelligent security: The vSRX Virtual Firewall serves as a single point of enforcement. Leveraging security • A vSRX Virtual Firewall is installed in each Azure feeds from advanced threat intelligence platforms in the deployment to secure the instances and applications in cloud such as Juniper Sky ATP, the vSRX can detect known the cloud. An SRX Series Services Gateway or vSRX Virtual and unknown threats while enforcing application security, Firewall connects to the advanced threat defense system, intrusion prevention, and unified threat management. Juniper Sky ATP, in the cloud and receives the latest threat information to help detect sophisticated malware. • Centralized, simple, and intuitive management: Junos Space Security Director provides intuitive and centralized • The vSRX can also be used for IPsec VPN termination, management for monitoring security across the entire multisite VPN, and NAT gateway functionality to facilitate network. A simple and intuitive user interface means even and complement the Azure deployment. new users can quickly become proficient. The mobile • The vSRX virtual firewalls in remote data center branches Security Director app, available for iOS and Android connect to the SRX Series firewalls at headquarters via platforms, is accessible to security admins or CIOs who IPsec VPNs for secure data transportation. want to remotely monitor security updates in their network.

Security Director Policy Enforcer

Central Policy, App Visibilty, Threat Map Management

vSRX

Data Center VM VM Enterprise Data Center SRX Series

Cloud Infrastructure

Juniper Threat Defense vSRX Juniper Sky ATP

VM VM

Cloud Infrastructure

Figure 2: Juniper security solutions in a hybrid cloud Microsoft Azure deployment

3 Extending Enterprise Security to Microsoft Azure Deployments Solution Brief

• Programmability: With a wide range of programmatic APIs Next Steps supported in Juniper Networks Junos operating system, For more information on Juniper Networks security solutions, DevOps resources can easily automate deployment and please visit us at www.juniper.net/us/en/products-services/ management activities through simple scripts, streamlining security and contact your Juniper Networks representative. the entire workflow.

• Lower costs and shorter learning curves: The ability to About Juniper Networks extend the familiar and well-known security policies used Juniper Networks challenges the status quo with products, in the physical data center to private and public clouds is solutions and services that transform the economics of a critical benefit, allowing enterprises to leverage existing networking. Our team co-innovates with customers and partners admins to manage cloud infrastructure. There is no need to to deliver automated, scalable and secure networks with agility, hire new cloud experts. performance and value. Additional information can be found at Juniper Networks or connect with Juniper on Twitter and Facebook. Summary Juniper Networks security solutions seamlessly extend across Microsoft Azure-based public and hybrid clouds without compromising flexibility and manageability. With highly evolved security intelligence and simple, centralized management and automation tools, Juniper makes it easy to monitor and enforce security across existing and new data centers.

Corporate and Sales Headquarters APAC and EMEA Headquarters Juniper Networks, Inc. Juniper Networks International B.V. EXPLORE JUNIPER 1133 Innovation Way Boeing Avenue 240 Get the App. Sunnyvale, CA 94089 USA 1119 PZ Schiphol-Rijk Phone: 888.JUNIPER (888.586.4737) Amsterdam, The Netherlands or +1.408.745.2000 Phone: +31.0.207.125.700 Fax: +1.408.745.2100 Fax: +31.0.207.125.701 www.juniper.net

Copyright 2018 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

3510635-001-EN Jan 2018