ENTERPRISE TECHNOLOGY
Challenge 2: Vulnerability Detection
Gaining a consolidated view of network
assets is challenging enough using
conventional approaches. Just as difficult
is finding and quickly remediating
vulnerabilities that may reside in those
assets. Enterprises are shifting from
prevention-only approaches to focus more
on detection and response.
Vulnerability scanners play a critical
role. But they do not go far enough to
proactively thwart today’s emerging
threats. For example, most cannot
monitor all devices, VMs, and end points
continuously across highly complex,
geographically dispersed infrastructure.
Nor can they readily identify risks
stemming from non-compliant devices,
configuration errors, and outdated
infrastructure components.
Without complete information on
vulnerabilities, networks are still susceptible
to sophisticated attacks that can adversely
affect network and service availability.
Network automation tools that harness
data flowing through DDI services provide
a more accurate, comprehensive picture
of the network and hidden vulnerabilities
than is possible using traditional scanners
alone. The best solutions combine insights
from core network services, automation,
and network intelligence, enabling
enterprises to automatically:
Detect in real-time non-compliant
devices that may contain
vulnerabilities
Find and fix configuration errors or
isolate compromised end points before
they can do harm
Enforce best practices, compliance
mandates, and security policies
Challenge 3: DNS-Based
Attack Protection
As a means for disrupting and disabling
networks, exploiting DNS is spectacularly
successful. DNS has become the number-
one service targeted by application-layer
attacks and the number- one protocol
used in amplification reflection attacks.
Cyber criminals rely on DNS pathways to
wreak havoc on networks in a multitude
of ways. They use DDoS and other DNS-
18
based attacks to flood DNS servers with
junk requests, create diversions to hide
other forms of attack, and swap legitimate
URLs for phony ones that can make
websites appear to be down when they
are not. DNS has become the go-to attack
method of choice for the simple reason
that traditional infrastructure security
measures do not understand DNS and are
not capable of protecting it.
DNS is a core component of every
network; it should also be a core
component of infrastructure protection.
The most effective solutions are those
specifically architected to automatically
and comprehensively protect DNS from
evolving threats. Organisations should
explore advanced DNS security options
that enable them to:
Detect and prevent the broadest range
of DNS-based attacks
Keep networks up and running even
during attacks with the ability to
detect legitimate from malicious DNS
requests in real time
Maintain DNS integrity with the ability
to proactively detect DNS hijacking as
it occurs
Challenge 4: Lack of Security
Ecosystem Integration
Many organisations use a wide assortment
of separate security systems from
multiple vendors. For example, complete
NAC solutions often consist of many
different areas of specialisation, from user
verification, to password authentication,
to device hygiene. SIEM solutions have
their own areas of focus. These tools create
silos and are unable talk to each other or
automatically share critical information.
This poses a serious challenge to
security teams who must take decisive
action against a backdrop of dynamic
network changes and escalating attacks.
These teams also are typically awash in
seas of threat data with no clear guidance
on what to act on first or why, further
hindering their efforts.
DNS, DHCP and IPAM data provide
real-time insights that can continually
inform NAC and SIEM systems.
Network teams should choose solutions
that use core network data combined
with meaningful context to enhance
the performance of the entire security
ecosystem, enabling them to:
Speed remediation with the ability to
easily share data-rich, network layer
actionable intelligence throughout
their multivendor ecosystem
Gain visibility into IP address changes
and DNS security events, including
reconnaissance ctivity, that SIEM can
easily consume for fast analysis
See threat data in context with network
and device activities in real time to
prioritise response
World of digital cohesion
Juniper Networks is developing and
building secure IP networks that can deliver
speed, capacity and innovation to meet the
demands of today’s most advanced service
provider, cloud and enterprise customers.
The networks that Juniper is delivering
are programmable and software defined to
ensure they keep pace with innovation that
customers are experiencing.
Globally, we are living in disruptive
times and are witnessing mega-trends
unfold. Juniper Networks believes in an
exciting future era called Digital Cohesion,
where compelling mega-services self-
assemble to anticipate user needs and
interoperate seamlessly. Automation and
self-driving networks allow customers
to protect, scale and future proof their
networks whilst meeting the toughest
demands and SLAs.
“In the Middle East, we are already
witnessing this vision become more of
a reality, with a heavy push towards
digital transformation across various
organisations. Governments in UAE
and Saudi Arabia are placing an
emphasis on technologies like cloud,
artificial intelligence and blockchain to
aggressively pursue ambitious visions.
As the demand for these technologies
increases, there is a demand for a robust,
agile and secure network infrastructure
that supports these technologies,” says
Kristian Kerr, Head of Channel, Alliances
and Commercial for Europe, Middle East
and Africa at Juniper Networks.
Issue 14
INTELLIGENT TECH CHANNELS