Juniper Networks announced today it is extending the reach off the threat protection appliances it provides to include data from third-party sources using a set of custom data collectors.
Amy James, director of security product marketing at Juniper Networks, said previously Juniper Networks Advanced Threat Prevention (JATP) Appliances only collected data from Juniper firewalls and networking equipment. Now the threat protection appliance can be deployed alongside, for example, a third-party firewall.
Recent Articles By AuthorOrkus Applies AI to Enforce Cloud Security Governance Tufin Adds Public Clouds Support to Policy Management Service NYC Invests to Become Hub for Cybersecurity Professionals
In addition, Juniper Networks has added a higher-end JATP400 Advanced Threat Prevention Appliance for Distributed Enterprises to offload the processing of threat data and associated analytics.
James said once a dataset is defined using the custom data collector, the data gets incorporated into the JATP Appliances threat behavior timeline. This new capability supports multiple log format types, including XML, JSON and CSV.
The goal is to provide an open architecture that makes it possible for cybersecurity teams to more easily prioritize threats by enabling them to triage alerts being generated by any data source on the network, said James. In addition to reducing the amount of time and effort required to identify threats that might be most lethal to the organization, JATP appliances also reduces IT security fatigue, James said. As it turns out, most cybersecurity teams are alerted to a potential security breach. The trouble is that notifications get lost in a sea of alerts that often are more noise than signal.
To improve the overall cybersecurity posture of organization, Juniper Networks is trying to drive more automation into security management, she said. A recent survey of 1,859 IT and IT security practitioners conducted by The Ponemon Institute on behalf of Juniper Networks finds 63 percent find it difficult to integrate security automation platforms with existing legacy tools. The top four areas targeted for automation include incident response, security analytics, malware investigation and threat intelligence. The primary benefits of security automation are the ability to prioritize threats and vulnerabilities, increase in the speed at which threats are analyzed and reduce the false positive and/or false negative rate for alerts being generated.
Given the fact that there are a multitude of cybersecurity jobs that currently are vacant, it should be more than apparent there’s a need for much higher levels of automation. On top of that is the fact that size of the defensible attack surface continues to increase. It’s clear organizations need to enable the few cybersecurity resources they do have on hand to operate at much higher levels of scale. It may take a little longer to achieve that goal end to end, but with each passing day security automation is advancing.
In the meantime, organizations of all sizes need to re-engineer their security management processes. The problem is developers won’t know what to fix first unless cybersecurity teams can accurately rank potential threats as they become known. Analysis of critical threats needs to be fed back into a DevSecOps process in near real-time to make it possible to remediate vulnerabilities quickly before they are exploited. Otherwise, Murphy’s Law dictates developers will spend all their time fixing the wrong vulnerability at the expense of a threat that just might prove to be truly detrimental to the business.