IDS and IPS Buyers Guide: Juniper Networks uses static and dynamic inspection to manipulate files to detect malware
In addition to the foundational features of an intrusion detection and prevention solution, there is a need to do forensics in real-time, not just after an intrusion is detected.
As part of its strategy, Juniper looks at a document whether it's from the outside or inside and uses static and dynamic inspection to manipulate the file to see if it identifies itself as malware. Even without a known malware signature by putting the file in a place where it can be manipulated it makes the file expose itself before it does its damage.
The integration of IDS and IPS systems within the complete security solution is also the path that Juniper takes. In this case, IDS and IPS come packaged with Juniper’s SRX Series Firewalls, according to Scott Miles, Senior Director of Cloud, Enterprise and Security Portfolio at Juniper.
Singling out just the IDS and IPS portion of the solution Juniper offers the ability to create a signature-based attack object. This attack object is used to block any user trying to download files using an executable passing through an FTP (File transfer Protocol.)
“IDS has changed dramatically in the last few years, particularly for healthcare,” says Miles.
No longer are threats limited to the perimeter of the network, Miles points out.
With the advent of EMRs kept in multiple locations and in the cloud as well, data processing power is key. It needs to decrypt SSL traffic at wire speeds, recognize valid and invalid application traffic and use advanced AI-type heuristics and signature mapping, aka dynamic inspection, which goes beyond merely identifying a known signature.
Juniper’s strategy is to maximize computing power in the cloud as files traverse the various security devices by forking the file and sending a copy to its cloud-based service.
Pricing: IDS is embedded into the firewall. Pricing is set for hardware plus software with licenses for different features. A basic and premium service are offered. Basic service includes free static inspection. Premium uses dynamic inspection.
Read our reviews of leading security specialists latest tools:
⇒Cisco offers integration to prevent intrusion attacks from reaching medical devices, old and new
⇒Fortinet provides multi-threat protection through a single device integrated network
⇒IBM Security offers a threat protection solution using both hardware and software integration
⇒Damballa Failsafe looks for patterns of suspicious activity with machine learning
⇒Symantec Endpoint Protection shields devices using reputation technology to identify threats
Helpful advice on planning your purchase of IDS and IPS tools:
- How to know if your intrusion detection and prevention solution meets HIPAA compliance rules
- 3 key factors to plan your budget for an intrusion protection system
- What to watch: IDS and IPS features to consider when comparing different vendors products