Finding the right security analytics tools for your enterprise
A collection of articles that takes you from defining technology needs to purchasing options
All organizations face cyberthreats, but large enterprises face a particularly challenging set of problems. By their nature, larger organizations have many more devices and network points of access to secure. This creates an often unwieldy attack surface to protect.
In addition, larger organizations are often subject to regulatory compliance that requires data and systems controls across their infrastructure. They must also deal with the issue of scale. IT products and services that work well for small and midsize companies may not scale to meet the volumes of data and equipment that must be protected in a large enterprise.
Enter Juniper Networks' JSA Series Secure Analytics, a security analytics and analysis platform designed to meet the needs of larger enterprises.
Analysis for multiple security domains
The JSA Series includes modules to support multiple types of security analytics and analysis. These include models to handle log analysis, threat analysis and compliance reporting.
Log analytics provides tools to collect logs from across an organization and centrally store and analyze their content. This enables both real-time alerting and forensic analysis of events that have occurred in the past.
The threat analytics module spans areas typically covered by network operations and security analytics. By collecting and analyzing information from multiple sources, the module can identify suspicious activities across a range of event types. This kind of broad analytics capability is essential for detecting advanced threats that can occur as a series of steps over extended periods of time. Threat analytics builds on the Secure Analytics platform's capabilities with regard to collecting security logs, host and application logs as well as network application flow logs.
The compliance module helps infosec professionals demonstrate enforcement of policies and procedures required by various regulations. The platform supports reporting for Payment Card Industry Data Security Standard, HIPAA and other broadly applicable regulations.
Analyzing enterprise scale security data
Large enterprises must address the needs of multiple sites of various sizes and with varying types of security requirements. The JSA Series spans a range of deployment options to meet those needs. The product family is available in four different versions.
The JSA3800 and JSA5800 are appliances designed for larger enterprises, while the JSA7500 is designed for carriers and other enterprises with exceptionally large volumes of data. For lightweight deployments, the virtual appliance version may be sufficient, for example.
Because the JSA Series platform employs a distributed architecture, it is possible to start with one appliance and add others as demand grows. In addition to meeting scalability demands, appliances can be configured in hot standby mode to enable rapid failover from a primary appliance to the hot standby.
The JSA Series can be purchased directly from Juniper Networks or through a channel partner. Juniper Networks offers professional services to help with planning, building and deploying the JSA Series.
Security analysis and analytics is challenging, and it becomes even more difficult at enterprise scales. Attackers, meanwhile, may be willing to work slowly in order to avoid detection. And since larger organizations tend to be geographically diverse, multiple data centers and offices require security controls -- such as security analytics and analysis -- to be available to local and remote networks. Enterprises also need continuous security protection from high availability controls that will scale to meet the demands of an enterprise.
Juniper's Secure Analytics platform is designed to meet all of these needs, with components to ingest and analyze a range of data as well as supporting additional compliance requirements. While it may be more than some organizations require -- particularly small and midsize enterprises -- the JSA Series is the kind of product that large enterprises could easily turn to for security analytics and analysis.
Part one of this series explains the basics of security analytics products
Part two examines the use cases for security analytics
Part three looks at how to procure security analytics products
Part four compares the best security analytics products on the market