Juniper Networks & SMS
Understand Continuous Security Monitoring
Interact with the grid below to learn more about SMS and
Juniper's solutions to the NIST Continuous Monitoring requirements
close

NETWORK MANAGEMENT

In today's environment - the ability to manage and to assure confidentiality, integrity, and availability of information is now also mission-critical-Ongoing monitoring is a critical part of that risk management process. In addition, an organization's overall security architecture and accompanying security program are monitored to ensure that organization-wide operations remain within an acceptable level of risk. Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations, NIST Special Publication 800-137 (September 2011) To meet Federal risk management objectives, SMS Continuous Monitoring solutions include comprehensive Network Management capabilities from Juniper Networks to simplify and automate the management of switching, routing, and security devices. One critical component of this network management approach is Juniper's Junos Space, which provides a centralized management plane for a single point-of-contact into the network and a common platform for managing and creating applications to meet specific user needs. Third-party technologies are integrated into this complete toolkit to ensure end-to-end continuous monitoring and real-time controls for network end-points.

Discovery and Inventory (including detection of rogue wireless access points)

 

Performance Monitoring

 

Compliance Management

 

close

LICENSE MANAGEMENT

Most organizations make significant annual investments in software licenses, and a lack of license management may result in assessment of heavy fines. There even are cases where senior leadership, including Chief Information Officers, has been taken into custody for violating license agreements. Consequently,License Management, or Software Asset Management (SAM), is a recognized business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of an organization's software applications. Information Technology Infrastructure Library (ITIL) Federal agencies need a practical and reliable methodology for managing software license information. In response, SMS has designed License Management capabilities in an integrated platform that addresses an organization's entire IT infrastructure, including networks, end-points, applications, as well as virtual and cloud computing environments. By applying this kind of monitoring tool, IT professionals are able to track endpoint devices, even those that are not "user-enabled."

 

 

 

close

INFORMATION MANAGEMENT

FISMA "requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source." The Federal Information Security Management Act ( FISMA), Title III of the E-Government Act (Public Law 107-347) With a focus on FISMA compliance and more, SMS and its partner Juniper Networks offer network Continuous Monitoring technologies that provide advanced, adaptive security capabilities. These components work in concert to significantly reduce the risk of data loss at the data center--without compromising network performance or availability. SMS and Juniper deliver not only traditional defense capabilities (firewall, IPS, application control, and visibility), but also provide the only solution that delivers adaptive technologies to prevent the most damaging methods where data is lost-Web application attacks. To support this mission, Juniper was the first to introduce "intrusion deception" technology that can accurately identify and thwart hackers during the reconnaissance phase of an attack.

Information Management Partners

 

close

CONFIGURATION MANAGEMENT

"Federal agencies are responsible for including policies and procedures that ensure compliance with minimally acceptable system configuration requirements, as determined by the agency within their information security program." Guide for Security-Focused Configuration Management of Information Systems, NIST Special Publication 800-128.

Managing system configurations also is identified as in the Minimum Security Requirements for Federal Information and Information Systems (FIPS Pub 200) and the corresponding security controls that support this requirement are called for in the Guide for Applying the Risk Management Framework to Federal Information Systems, NIST Special Publication 800-37.

SMS offers automated Configuration Management strategies to help Federal agencies lower the cost of configuration compliance, while enhancing efficiency and improving reliability. These solutions include technologies from Juniper and other partners that offer agent-based and agentless approaches for identifying endpoint configuration compliance, maintaining virtual machine compliance, and supporting "comply-to-connect" policies for network access requestors.

Application Configuration Compliance

 

close

SOFTWARE ASSURANCE

Software Assurance is defined as "the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner. (Wikipedia, February 2014) One of the most challenging tasks for technologists is software assurance. To support this ongoing requirement, SMS offers capabilities to support Continuous Monitoring Software Assurance that incorporates two fundamental capabilities: 1) Secure Supply Chain and 2) Application Code Continuous Reviews. In addition, the Secure Development Lifecycle works to protect products from those intent on disrupting information flow across the Internet, launching malicious attacks, or engaging in espionage. As a coordinated team, SMS, Juniper Networks, and other partners have used these tools to validate secure supply chains and application code reviews.

 

 

 

 

close

DIGITAL POLICY MANAGEMENT & ACCESS CONTROL

Access control is concerned with determining the allowed activities of legitimate users, mediating every attempt by a user to access a resource in the system. In addition to the authentication mechanism (such as a password), access control is concerned with how authorizations are structured. In some cases, authorization may mirror the structure of the organization, while in others it may be based on the sensitivity level of various documents and the clearance level of the user accessing those documents, to include digital policy management. Assessment of Access Control Systems, NIST Interagency Report 7316 and Wikipedia

For trusted and flexible access control capabilities, the SMS Continuous Monitoring Access Controls integrate Juniper Networks cohesive policy environment for network access and privilege management, network operations management, and configuration management. SMS combines integrated identity access and management controls and digital policy management into a comprehensive framework in support of multi-factor authentication, Public Key Infrastructure (PKI), and data control and loss prevention

Web Security Policy

Policy Orchestration and Federation

close

Vulnerability & Patch Management

"Proactively managing vulnerabilities of systems will reduce or eliminate the potential for exploitation and involve considerably less time and effort than responding after exploitation has occurred." Guide to Enterprise Patch Management Technologies, NIST Special Publication 800-40

Vulnerability and patch management present challenges for most organizations. In response, SMS offers a range of capabilities to address these requirements, including essential components from Juniper Networks and associated SCAP software partners. These integrated solutions are based on open standards, such as the Trusted Computing Group's (TCG) Trusted Network Connect (TNC) standards, which facilitate integration with third-party CM tools, such as SCAP-based vulnerability scanners. SMS offers integrated solutions providing dynamic, real-time view of every network-attached device's location, media access control (MAC) address, IP address, user identity, configuration status, vulnerability profile, and behavior, as well as an historical view of these attributes.

close

Detection Malware Protection and APT Zero Day

Juniper Networks® Continuous Monitoring Solutions consist of high-performance security platforms that leverage a dynamic cooperative system and provide network-wide visibility and control. The key characteristics of these adaptive threat management solutions are the following: 1) Includes a system of tightly integrated security products that proactively respond in real time to address emerging threats; 2) Supports growth in network requirements, traffic, and applications while maintaining fast, reliable, and secure access to applications and network resources, thereby eliminating trade-offs between security and performance; 3) Provides a single network-wide view for identification, mitigation, and reporting on complex attacks, which eliminates false positives by using a highly advanced correlation system that enables IT and security staff to concentrate on actual security incidents.

close

EVENT MANAGEMENT

Juniper Networks provides capabilities to discover, combine, analyze, and manage an unparalleled set of event data - network behavior, security events, vulnerability profiles, and threat information and to efficiently manage event response operations on their networks from a single console comprising of a complete suite of offerings including Log Analytics, Threat Analytics: and Compliance Management.

close

INCIDENT MANAGEMENT

With Juniper Networks' Continuous Monitoring Solutions, the network and security enforcement points collaboratively enable the critical functions needed for rapid incident response: 1) Collecting data about network usage and application transactions, and presenting this data to the central NOC/SOC where the information will be correlated and reports showing the network state are generated; 2) Enforcing policies that are managed and defined in the NOC/SOC in a unified way so that all enterprise locations enforce the same policy or in other cases, the policies may be dynamic and based on a response to a specific incident. This type of collaborative response between NOC and SOC helps to ensure that incidents are handled expeditiously, efficiently, and that nothing drops through the cracks.

close

Detection Management

Juniper Networks® Continuous Monitoring Solutions consist of high-performance security platforms that leverage a dynamic cooperative system and provide network-wide visibility and control. The key characteristics of these adaptive threat management solutions are the following: 1) Includes a system of tightly integrated security products that proactively respond in real time to address emerging threats; 2) Supports growth in network requirements, traffic, and applications while maintaining fast, reliable, and secure access to applications and network resources, thereby eliminating trade-offs between security and performance; 3) Provides a single network-wide view for identification, mitigation, and reporting on complex attacks, which eliminates false positives by using a highly advanced correlation system that enables IT and security staff to concentrate on actual security incidents.

close

ASSET MANAGEMENT

One of the primary requirements for performing asset management is the ability to identify assets based on some set of data known about them. This approach allows for correlation of "data across multiple sources, reporting of asset information across different organizations and databases, targeted actions against specific assets, and usage of asset data in other business processes." Specification for Asset Identification Interagency Report 7693 (June 2011)

SMS CM Asset Management software enable comprehensive asset management from the endpoint to the application, including and across Juniper network devices in the data center and Cloud to the endpoints integrated with ITAMs, Triumfant, IBM, Microsoft, or Symantec technologies. This integrated asset management toolkit allows for application classification, inventory, and real-time awareness to enable deep inspection and filtering of application sessions beyond "ports and protocols" and "desktops or mobile."

Application Real-Time Awareness

 

Data Center Asset Inventory and Awareness

 

 

 

Network
Management
Network
Management
License
Management
License
Management
Information
Management
Information
Management
Configuration
Management
Configuration
Management
Software
Assurance
Software
Assurance
Digital Policy
Management
& Access Control
Digital Policy
Management
& Access Control
Vulnerability &
Patch Management
Vulnerability &
Patch Management
Detection Malware Protection and APT Zero Day
Detection Malware Protection and APT Zero Day
Event
Management
Event
Management
Incident
Management
Incident
Management
Detection
Management
Detection
Management
Asset
Management
Asset
Management

Get Started Today

back-to-top