Q2 2016 Juniper Networks Education and Certification WebcastMay 24, 2016

Thank you for joining us!Introducing today’s speakers• Lawrence Rust, Sr. Marketing Manager, Education Services• Elna Samuelsen, Director, Curriculum Development and Certification• Jasun Rutter, Sr. Manager, Curriculum Development and Certification• GUEST SPEAKER – John Lehane, Sr. Product Marketing Manager

Welcome

What’s New

Course and Certification Program Updates

Learning Bytes Update

Software-Defined Secure Networks (SDSN)

1

2

3

4

Agenda

Stay Connected5

• Increase credential validity from 2 to 3 years (removing inactive phase)

• Digital credentialing • Improved lab exam experience• New recertification options

JNCP Enhancements: Update

• Multi-device and multi-user support added• Additional exams being added this year• Stay tuned for more enhancements in the

coming quarters!

Junos Genius Update

What’s New

Course and Certification Program Updates

Learning Bytes Update

Software-Defined Secure Networks (SDSN)

1

2

3

4

Agenda

Stay Connected5

• Two exams will lead to JNCIP-ENT certification• JN0-643 based on non-ELS code• JN0-646 based on ELS code

• Design exam track• JNCDS-SEC (JN0-1330)• JNCDS-WAN (JN0-1360)

New: JNCIP-ENT, JNCDS-WAN, JNCDS-SEC

Watch http://www.juniper.net/certification for ongoing news about all JNCP credentials

• JNCIA-E, JNCIS-E, JNCIP-E• JNCIA-IDP• JNCIA-WLAN• JNCIA-WX

Certifications EOLing May 31st

Watch http://www.juniper.net/certification for ongoing news about all JNCP credentials

• JNCP exams are updated on an ongoing basis• JNCIA up to JNCIE level• Exams are updated/refreshed on a development cycle

• Sometimes visible (ex. JNCIA-Junos .. JN0-101 -> JN0-102)• Sometimes not

• Ensures freshness of item pool• Ensures security of exams

Ongoing Update for JNCP Exams

Q1 2016• New

• Junos MPLS Fundamentals (JMF)

• Updates• Network Automation Using

Contrail Cloud (NACC) 2.21• Formerly Configuring and

Monitoring Contrail (CMC)• Now 2 days

• Junos Space Essentials (JSE) 15.1

New and Updated Courseware

Q2 2016• New

• Junos Layer 2 VPNs (JL2V)• Advanced Data Center Switching

(ADCX)• Juniper Networks Design in the

WAN (JND-WAN)

• Updates• Junos Space – Security Director

(JS-SD) 15.1• Now 2 days

• New data center professional-level certification in Q3• Resources will include:

• Data Center Switching (DCX)• Troubleshooting Data Center Switching (TDCX)• Advanced Data Center Switching (ADCX)

Coming Soon: JNCIP-Data Center (DC)

Watch http://www.juniper.net/certification for ongoing news about all JNCP credentials

JNCP Website Resources page:http://www.juniper.net/us/en/training/certification/resources.html

J-Net Training, Certification Career Forum:http://forums.juniper.net > Training, Certification, and Career Topics

Courseware: www.juniper.net/courses

Labs and Learning: www.juniper.net/labsandlearning

Junos Genius mobile app: www.juniper.net/junosgenius

Other Learning Resources

What’s New

Course and Certification Program Updates

Learning Bytes Update

Software-Defined Secure Networks (SDSN)

1

2

3

4

Agenda

Stay Connected5

Learning Bytes…View the Latest

www.juniper.net/learningbytes or www.youtube.com/junipernetworks

Anycast-RPBasic Session LoggingChassis Cluster IP MonitoringHow to View the Rescue ConfigurationJuniper Technical Assistance Center (JTAC) Recommended Junos Software VersionLog FilteringMSDPRequest Support InformationWANDL DemandsWANDL Failure Simulation ScenariosWANDL Interactive ScenariosWANDL Report ManagerWelcome to WANDL IP/MPLSViewWho's Logged In

What’s New

Course and Certification Program Updates

Learning Bytes Update

Software-Defined Secure Networks (SDSN)

1

2

3

4

Agenda

Stay Connected5

Software-Defined Secure Networks(SDSN)John LehaneMay 24, 2016

Agenda

• SDSN Overview• Enhanced Security Director• Sky ATP• cSRX• vSRX• Summary

• Hybrid cloud deployments growing

• Device proliferation and BYOD

• IoT and big everywhere

• Zero day attacks

• Advanced, persistent, targeted attacks

• Adaptive malware

• Virtualization and SDN

• Applications, data, management in the cloud

• Application proliferation

Trends Impacting Enterprise Security

INFRASTRUCTURETHREAT SOPHISTICATION CLOUD

Perimeter Oriented Security

Complex Security Policies

Lateral Threat Propagation

Limited Visibility

Hyper-connected Network Security at Perimeter

Perimeter

Outside(Untrusted)

Internal(Trusted)

Software Defined Secure Network

Perimeter

Outside(Untrusted)

Internal(Also Untrusted)

Simplified Security Policy

Block Lateral Threat Propagation

Comprehensive Visibility

Secure Network

Delivers Zero Trust Security Model

Software Defined Secure Network

Unify and rate threat intelligence, from multiple sources

Create and centrally manage security policy through user-intent based system

Enforce policy in near real time across the network; ability to adapt to network changes

Detection

Enforcement

PolicyUsers & Roles

Departments & Sites

Devices

ApplicationsBusiness

Needs

IT View

Switch PortsVLANsACLs

IPs/SubnetsVRFsACLs

Firewall ZonesRules

Users & Apps

Threats

Location

Your Enterprise Network

Software-Defined Secure Network Juniper Building Blocks

Security from the Cloud

Third Party Cloud Security Feeds

Security DirectorMgmt/UI: Policy, App Visibility, Threat Map, Events

Virtual FirewallsvSRX

SRX SeriesPhysical Firewall

Juniper Cloud Security

Sky Advanced Threat Prevention

Spotlight SecureThreat Intelligence

MX Series Routers

EX & QFX Series Switches

Comprehensive suite of products: Centralize and automate security

Instant threat intelligence and detection

Dynamically adapting policy, deployed in real-time

Consistent firewall capabilities –physical and virtual

Detection

Detection

Detection

Enforcement

Enforcement

PolicySecurity Policy

Controller

Policy

Third Party Network Elements

Juniper Confidential – NDA Only

Enhanced Security Director

Firewall Policy

Threat Map

Events and Logs

Application Visibility

Dashboard

01101010 01110101 01101110 01101001 01110000

Sky Advanced Threat PreventionSolution Overview

CustomerSRX

Juniper Cloud

Customer

Sandboxw/Deception

StaticAnalysis

ATP

1. SRX extracts potentially malicious objects and files

2. SRX sends potentially malicious content to Advanced Threat Prevention cloud

3. Advanced Threat Prevention cloud performs static and dynamic analysis

4. Advanced Threat Prevention cloud provides malware results and C&C server data to the SRX

5. SRX blocks known malicious file downloads and outbound C&C traffic

Sky Advanced Threat Prevention Cloud

100G vSRX VALUE PROPOSITION

5x Increase throughput to the endpoint for mobility and high-bandwidth applications

Multi vCPU allows SPs to scale up and scale out virtual FW

The industry’s highest performance virtual firewall!

Elastic

Comprehensive & Consistent

vSRX Virtual ApplianceAgile

Junos Routing Protocols and SDK

Junos Rich and Extensible Security Stack

Junos Space – Security Director & Virtual Director, CLI, JWEB, SNMP, HA

Firewall

VPN

NAT

Routing

Anti-Virus

IPS

Web Filtering

Anti-Spam

AppID

AppFW

AppQoS

AppTrack

Perimeter Security

Content Security

Application Security

Complete firewall feature set for common features across all firewalls and L4-L7 services

Juniper Confidential – NDA Only

cSRX – SRX in a Containerized Environment

Junos Rich and Extensible Security Stack

Junos Space – Security Director & Virtual Director, CLI, JWEB, SNMP, HA

Firewall

VPN*

NAT*

Anti-Virus

IPS

Web Filtering

Anti-Spam

AppID

AppFW

AppQoS

AppTrack

Perimeter Security

Content Security

Application Security

The industry’s first firewall purpose built for container applications!

Elastic

Comprehensive & Consistent

Container applications are inherently isolated but not securecSRX Container Virtual Appliance

AgilePurpose built virtual appliance delivering L2 - L7 Firewall services for container applications and delivering micro-services

Small memory and compute footprint delivering higher number of instances with sub-second boot-up times

Comprehensive security services with the agility required by container environments for distributed applications

Juniper Confidential – NDA Only

*roadmap items

Example Use Case: Enterprises with Applications Running Containerized Workloads

1. Simplify management with a single pane of glass with Security Director, providing visibility of security policies

2. Dynamic & automated micro-segmentation with Contrail integration

3. Enable elasticity to spin up new services quickly with minimal system resource; quickly repurpose resources when not needed

4. Deploy with agility for security ofmicro-services, distributed applications requiring scale-out security.

Juniper Confidential – NDA Only

Internal Firewall

Finance HR Engineering

APP

DMZ

DB

North

South

EastWest

L4-L7 security

cSRX

cSRX

cSRX

L4-L7 security

L4-L7 security

L4-L7 Traffic

L4-L7 Traffic

Security Director

SDSN – Core principles User-intent based policy definition Expressed through either WebUI, Declarative language (e.g., Datalog) Different presentation layers built on top of same REST APIs

Policy definition based on requirements rather than traffic pattern E.g., north-to-south, east-to-west

Pervasive security A solution approach to security

Provision policies instead of individual feature and functionality on a device Every device in network (switches, routers, firewall) a enforcement point

Unified framework for policy and threat management A single pane of glass for all policy configuration & management A single pane of glass for managing threat information

Sky ATP, Spotlight Secure, Attivo, etc.

• SDSN Video• https://www.youtube.com/watch?v=dTMGw5Byi8E

• Sky ATP Video• https://www.youtube.com/watch?v=K-Tqm3xmOcQ

• Security Director• https://youtu.be/IN0g7SUfFQ0• SD App is available on iTunes and Google Store

Summary

User-intent – Policy definition (1/2) Detect and track infected hosts in a department on Campus Define Campus A user created object that represent a site (campus)

Define department/group User (HR-users), device (Windows machines), application (Web servers)

o LDAP, DNS, RADIUS, CMDB, systems for identity mappingDefine Infected host (provision threat management service) Configure external threat sources

o Sky ATP, Spotlight Cloud Configure malware detection profile

o Files to be examined by Sky ATP Configure infected host detection profile

o Infected host detection by Sky ATP

User-intent – Policy definition (2/2)Use rules and other construct to create policy Rules

o Block C&C servers based on threat management profileo Detect and block malware based on threat management profileo Identify and block/quarantine infected hosto Track the infected host

• DHCP server/ARP for IP-MAC binding• Detect MAC moves

Wheno One-time, Always, Periodically

Whereo Policy Enforcement zone (A group within a site or a site/site-group)

User-Intent – Presentation layerPolicy definition workflow

What’s New

Course and Certification Program Updates

Learning Bytes Update

Software-Defined Secure Networks (SDSN)

1

2

3

4

Agenda

Stay Connected5

Program Director – Elna Samuelsen – elnasam@juniper.net

@JuniperCertify

Training, Certification, and Career Forum

Certification Program website: www.juniper.net/certification

Customer Service alias: certification@juniper.net

Stay Connected

Thank youThank you