Transcription
Data SheetJSA Series SecureAnalyticsProduct OverviewProduct DescriptionThe integrated approach ofJuniper Networks JSA Series Secure Analytics combine, analyze, and manage anJSA Series Secure Analytics,unparalleled set of surveillance data—network behavior, security events, vulnerabilityused in conjunction withprofiles, and threat information—to empower companies to efficiently manage businessunparalleled data collection,operations on their networks from a single console.analysis, correlation, andauditing capabilities, enablesorganizations to quickly and easilyimplement a corporate-widesecurity management programthat delivers security bestpractices. These include superiorlog analytics with distributed log Log Analytics: JSA Series provides scalable log analytics by enabling distributed logcollection across an organization, and a centralized view of the information. Threat Analytics: JSA Series provides an advanced network security managementsolution that bridges the gap between network and security operations to deliver realtime surveillance and detect complex IT-based threats. Compliance Management: JSA Series brings to enterprises, institutions, and agenciescollection and centralized viewing;the accountability, transparency, and measurability that are critical factors to thethreat analytics that deliver real-success of any IT security program required to meet regulatory mandates.time surveillance and detectioninformation; and compliancemanagement capabilities—allWith preinstalled software, a hardened operating system, and a web-based setup process,the JSA Series lets you get your network security up and running quickly and easily. Theviewed and managed from abottom line of the JSA Series is simple deployment, fast implementation, and improvedsingle console.security, at a low total cost of ownership.Architecture and Key ComponentsJSA3500 Secure AnalyticsJuniper Networks JSA3500 Secure Analytics is an enterprise-class appliance that providesa scalable network security management solution for medium-sized companies up to largeglobal organizations. It is also the base platform for an enterprise-class scalable solution.The JSA3500 includes onboard event collection, correlation and extensive reportingcapabilities, and is expandable with additional JSA Series appliances acting as event andflow collectors or a combination of both on a single appliance.JSA3500 can be deployed as an all-in-one appliance or in a distributed setup as adedicated event, flow, or combination processor. It can also be deployed as a store-andforward event collector.JSA5500 Secure AnalyticsJuniper Networks JSA5500 Secure Analytics is an enterprise and carrier-class appliancethat provides a scalable network security management solution for medium-sizedcompanies up to large global organizations.JSA5500 can be deployed as an all-in-one appliance or in a distributed setup as aconsole or dedicated event or flow processor. It can also be deployed as a store-andforward event collector.Your ideas. Connected. 1
JSA Series Secure AnalyticsData SheetJSA7500 Secure AnalyticsJSA Virtual ApplianceJuniper Networks JSA7500 Secure Analytics is an enterpriseJuniper Networks JSA Virtual Appliance (JSA VM) Secureand carrier-class appliance which provides a scalable networkAnalytics is a virtualized platform that provides Secure Analyticssecurity management solution for large global organizations.functionality. JSA Virtual Appliance can be deployed as an all-in-JSA7500 can be deployed as a console or distributed event orone or in a distributed setup as a console, event or flow processor.flow processor. It can also be deployed as a store-and-forwardIt can also be deployed as a store and forward event collector.event collector.JSA VM is designed to run with VMWare ESX 5.0 and ESX 5.1, andrequires a configuration with a minimum of two CPUs (1 socketx 2 cores or 2 sockets x 1 core) and 8GB of RAM. It processes amaximum of 1,000 events per second and 50k flows per minute.Features and BenefitsTable 1. JSA Series Secure Analytics Features and BenefitsFeaturesFeature DescriptionBenefitsAll-in-one appliancesEvent collection, flow collection event processing, flowprocessing, correlation, analysis, and reporting are allembedded within JSA Series Secure Analytics. All core functions are available within the systemand it is easy for users to deploy and manage inminutes. JSA Series architecture provides a streamlinedsolution for secure and efficient log analytics.Distributed supportJSA Series has the ability to scale to large distributeddeployments that can support up to 5 million eventsper second. Users have the flexibility to scale to largedeployments as their business grows. JSA Series can be easily deployed in largedistributed environments.HDD implementationJSA Series utilizes SAS HDD in RAID 1 and RAID 10setups. SAS HDD is designed for 24x7 operations. RAID 1/10 implementation provides best possibleperformance and redundancy.Easy and quick installJSA Series comes with an easy, out-of-the-box setupwizard. Users can install and manage JSA Series appliancesin a couple of steps.Automatic updatesSecure Analytics automatically downloads anddeploys reputation feeds, parser updates, andpatches. Users don’t need to worry about maintainingappliance and OS updates and patches.High availability (HA)Users can deploy all JSA Series appliances in HA mode Users can deploy JSA Series with full active/passive redundancy. This supports all deploymentscenarios, all-in-one and distributed.Built-in compliance reportsOut-of-the-box compliance reports are included withthe JSA Series. JSA Series provides 500 out-of-the-boxcompliance reports.Reporting and alertingcapabilities for controlframework Control Objectives for Information and relatedTechnology (CobiT) International Organization for Standardization (ISO)ISO/IEC 27002 (17799) Common Criteria (CC) (ISO/IEC 15408) NISTspecial publication 800-53 revision 1 and FederalInformation Processing Standard (FIPS) 200 JSA Series enables repeatable compliancemonitoring, reporting, and auditing processes.Compliance-focusedregulation workflow Payment Card Industry Data Security Standard (PCIDSS) Health Insurance Portability and Accountability Act(HIPAA) Sarbanes-Oxley Act (SOX) Graham-Leach-Bliley Act (GLBA) Federal Information Security Management Act (FISMA) JSA Series supports multiple regulations andsecurity best practices. Includes compliance-driven report templates tomeet specific regulatory reporting and auditingrequirements.Management-level reports onoverall security stateThe JSA Series reports interface allows you to create,distribute, and manage reports that are generated inPDF, HTML, RTF, XML, or XLS formats. Users can use the report wizard to create executiveand operational level reports that combine anynetwork traffic and security event data in a singlereport.One stop supportJuniper Networks Technical Assistance Center (JTAC)supports all aspects of the JSA Series. Users don’t need to go to several places to getsupport, even for multivendor issues.2
JSA Series Secure AnalyticsData SheetLog AnalyticsJSA Series provides a comprehensive log analytics framework that includes scalable and secure log analytics capabilities integratedwith real-time event correlation, policy monitoring, threat detection, and compliance reporting.Table 2. Log Analytics Features and BenefitsFeaturesFeature DescriptionBenefitsComprehensive log managementJSA Series delivers scalable and secure loganalytics with storage capabilities from GB to TB ofdata storage.Provides long term collection, archival, search, andreporting of event logs, flow logs, and applicationdata that enables logging taxonomy from acentralized view.Comprehensive reportingJSA Series comes with 1,300 canned reports.Report Wizard allows users to customize andschedule daily, weekly, and monthly reports thatcan be exported in PDF, HTML, RTF, Word, Excel,and XML formats.Provides users not only the convenience of cannedreports but also the flexibility to create andcustomize their own reports according to theirbusiness needs.Log management and reportingonly optionJSA Series provides a comprehensive logmanagement and reporting solution with adistributed log analytics only solution to collect,archive, customize, and analyze network securityevent logs.Allows users to start with a log management andreporting only option and then upgrade to fullblown JSA Series functionality as their businessneed grows—without upgrading their existinghardware.Log retention and storageJSA Series database can easily archive logs andintegrate into an existing storage infrastructure forlong-term log retention and hassle-free storage.Enables organizations to archive event and flowlogs for whatever time period is specified by aspecific regulation.Tamperproof data Event and flow logs are protected by SHA-x (1256) hashing for tamper proof log archives. Support of extensive log file integrity checksincluding National Institute of Standards andTechnology (NIST) log management standards.Provides secure storage based on industryregulations.Real-time event viewingJSA Series allows users to monitor and investigateevents in real time or perform advanced searches.The event viewer indicates what events are beingcorrelated to offenses and which are not. Users have the ability to quickly and effectivelyview and filter real-time events. Provides a flexible query engine that includesadvanced aggregating capability and ITforensics.Data warehousingJSA Series includes a purpose-built datawarehouse for high speed insertion and retrievalof data archive of all security logs, event logs, andnetwork activity logs(flow logs).Enables full audit of all original events and flowcontent without modification.Threat Analytics Host and Application Logs: Includes log data from industry-JSA Series Secure Analytics’ network security managementleading host operating systems (Microsoft Windows,solution takes an innovative approach to managing computer-UNIX, and Linux) and from critical business applicationsbased threats in the enterprise. Recognizing that discrete analysis(authentication, database, mail, and Web).of security events is not enough to properly detect threats, the Network and Application Flow Logs: Includes flow dataJSA Series was developed to provide an integrated approachgenerated by network devices and provides an ability to buildto threat analytics that combines the use of traditionally siloeda context of network and protocol activity.information to more effectively detect and manage today’scomplex threats. Specific information that is collected includes: Network Events: Events generated from networkedresources, including switches, routers, servers, and desktops. Security Logs: Includes log data generated from securitydevices like firewalls, VPNs, intrusion detection/prevention,antivirus, identity management, and vulnerability scanners. User and Asset Identity Information: Includesinformation from commonly used directories, includingActive Directory and Lightweight Directory Access Protocol(LDAP). By incorporating patent pending “offense”management technology, this integrated information isnormalized and correlated by the JSA Series, resulting inautomated intelligence that quickly detects, notifies, andresponds to threats missed by other security solutionswith isolated visibility.3
JSA Series Secure AnalyticsData SheetTable 3. Threat Analytics Features and BenefitsFeaturesFeature DescriptionBenefitsOut-of-the-box correlationrulesJSA Series correlation rules allow users to detectspecific or sequential event flows or offenses. Arule consists of tests and functions that perform aresponse when events match. Provides hundreds of out-of-the-box correlationrules that provide immediate value. Users can create their own rules by using the JSASeries rule wizard to generate automated alertsand enable real-time policy enforcement.Offense managementThe offense manager allows you to investigateoffenses, behaviors, anomalies, targets, and attackerson your network. The JSA Series can correlate eventsand network activity with targets located acrossmultiple networks in the same offense and ultimatelythe same network incident. This allows users to effectively investigate eachoffense in their network. Users can navigate the common interface toinvestigate the event details to determine theunique events that caused the offense.QID mappingsJSA Series associates or maps a normalized or rawevent to a high-level and low-level category. Allows users to see real-time events mapped toappropriate categories This enables the mapping of unknown deviceevents to known JSA Series events in order to becategorized and correlated appropriately.Historical profilingJSA Series collects and stores entire event data forlater use, enabling extensive use of historical profilingfor improved accuracy. Allows users to view historical data at any givenpoint as well as views into incident managementand the tracking of events.JSA Series magistrateJSA Series magistrate component prioritizes theoffenses and assigns a magnitude value based onseveral factors that include the number of events,severity, relevance, and credibility. Allows users to see prioritized security events ratherthan looking through thousands of log events. Enables users to see what events have the mostimpact on their business and respond quickly tothreats.Offense manager APIJSA Series provides a set of open APIs to modifyand configure incident management parameters like“create, close, and open.” Allows users to integrate third-party customercare applications like Remedy and other ticketingsolutions.Flow supportFlow support includes NetFlow, J-Flow, sFlow,and IPFIX Enables collection, visibility, and reporting ofnetwork traffic. Includes Network Behavior Anomaly Detection(NBAD) to detect rough servers, and APTs basedon network activity.All-in-OneJSA35003JSA55003JSA7500JSA VM3ConsoleEventProcessorFlow ProcessorCombo (EP/FP)Event CollectorStore andForward3333333333333333Compliance ManagementLicensingOrganizations of all sizes across almost every vertical marketSecure Analytics is available in two different licensing options:face a growing set of requirements from IT security regulatorymandates. Recognizing that compliance with a policy orregulation will evolve over time, many industry expertsrecommend a compliance program that can demonstrate andbuild upon the following key factors: Log Analytics: Enables event searching, custom dashboards,and scheduled reporting Threat Analytics: All log analytics features flow support,advanced correlation, and vulnerability assessmentIntegration Accountability: Providing surveillance that reports on who didwhat and when Transparency: Providing visibility into the security controls,business applications, and assets that are being protected Measurability: Metrics and reporting around IT risks4
JSA Series Secure AnalyticsData 5500JSA7500Dimensions (W x H x D)450 x 438.4 x 88 mm(17.72 x 17.26 x 3.5 in597.5 x 438.4 x 88 mm(23.52 x 17.26 x 3.5 in)597.5 x 438.4 x 88 mm(23.52 x 17.26 x 3.5 in)Weight28 lb41 lb 5 oz63 lbRack mountable2U2U2UA/C power supply90 to 264 V, 47-63 Hz, 2-6 A,250 watt AC power module. Dualredundant option. Efficiency 80Plus certified Peak inrush current is:-- 40 A maximum at 115 VACand 25 C-- 80 A maximum at 240 VACand 2590 to 264 V, 47-63 Hz, 6-10 A hotswap dualredundant 560 watt ACpower module, 560 wattDC power module, -45 to -60 VDC power supply (optional) Peak inrush: 60 A Power module maximumefficiency:-- 80Plus 560 W AC-- 80Plus 560 W DC90 to 264 V, 4763 Hz, 6-10 A hotswap dual redundant750 watt AC power module, 750watt DC power module, -45 to-60 V DC power supply (optional) Peak inrush: 60 A Power module maximumefficiency:-- 80Plus 560 W AC -- 80Plus 560 W DCD/C power supply 560 W DC power module -45 to -60 V DC power supply 560 W DC power module -45 to -60 V DC power supply 750 W DC power module -45 to -60 V DC power supplyChassis material18 gauge cold rolled steel18 gauge cold rolled steel18 gauge cold rolled steelFansAir intake from front and side ofunit; exhausts to rear of unit 2 x 80mm hot swap redundant fans(2nd optional)Air intake from front and side ofunit; exhausts to rear of unit 3 x 80mm hot swap redundant fans(2nd optional)Air intake from front and exhauststo rear of unit 6 x 80 mmredundanthot swap fansTraffic ports4 x RJ45 10/100/10002 x IOC slots full height4 x RJ45 10/100/10002 x IOC slots full height4 x RJ45 10/100/10002 x IOC slots 2/3 heightConsole port1 x RJ45 serial console1 x RJ45 serial console1 x RJ45 serial consoleOperating temperature41 to 104 F (5 to 40 C)41 to 104 F (5 to 40 C)Normal: 41 to 104 F(5 to 40 C),Short-term: 23 to 131 F(-5 to 55 C )Storage temperature-40 to 158 F (-40 to 70 C)-40 to 158 F (-40 to 70 C)-40 to 158 F (-40 to 70 C)Relative humidity (operating)8 to 90 percent noncondensing8 to 90 percent noncondensing8 to 90 percent noncondensingRelative humidity (storage)5 to 95 percent noncondensing5 to 95 percent noncondensing5 to 95 percent noncondensingAltitude (operating)10,000 ft maximum10,000 ft maximum10,000 ft maximumAltitude (storage)40,000 ft maximum40,000 ft maximum40,000 ft maximumDimensions and PowerEnvironment5
JSA Series Secure AnalyticsData SheetJSA3500JSA5500JSA7500Safety certificationsCSA 60950-1 (2003)Safety of InformationTechnology Equipment UL 60950-1 (2003) EN 60950-1 (2001) IEC 60950-1 (2001) EN 60825-1 A1 A2 (1994)Safety of Laser Products - Part1: Equipment Classification EN 60825-2 (2000) Safety ofLaser Safety of Optical FiberComm. SystemsCSA 60950-1 (2003) Safetyof Information TechnologyEquipment UL 60950-1 (2003) EN 60950-1 (2001) IEC 60950-1 (2001) EN 60825-1 A1 A2 (1994)Safety of Laser Products - Part1: Equipment Classification EN 60825-2 (2000) Safety ofLaser Safety of Optical FiberComm. SystemsCAN/CSA-C22.2 No. 60950-1-03 UL60950-1:2003 EN60950-1:2001 A11 IEC 60950-1:2001Emissions certifications WarrantyHardware one year and software90 daysHardware one year and software90 daysHardware one year and software90 daysNEBSNoNoNEBS Level 3/Verizon NEBScertified by METLABSHDD6 x 1 TB SAS 7,200 rpm RAID 108 x 1 TB SAS 7,200 rpm RAID 1028 x 900 GB 10,000 rpm SASRAID 10Memory32 GB96 GB128 GBMaximum events per second(AIO)5,00010,000N/AMaximum events per second(distributed collector)5,00020,00030,000Flows per minute100,000600,0001.2 millionCPU1 x Quad-Core2 x Octo-Core2 x Octo-CoreMemory32 GB RAM96 GB RAMMemory: 128 GB RAMStorage6 x 1 TB HDD, RAID 108 x 1 TB HDD, RAID 1028 x 900 GB HDD, RAID 10IOC slots2 x full height2 x full height2 x 2/3 heightPSU560W AC (Dual optional),(DC optional)Note: Mixing AC and DC supplies isNOT recommended nor supported560W AC (Dual included),(DC optional)Note: Mixing AC and DC supplies isNOT recommended nor supported750W DC (Dual included),(AC optional)Note: Mixing AC and DC supplies isNOT recommended nor supportedCompliance and SafetyFCC Class AEN 55022 Class AEN 55024 ImmunityEN 61000-3-2VCCI Class AFCC Class AEN 55022 Class AEN 55024 ImmunityEN 61000-3-2VCCI Class AFCC Class AEN 55022 Class AEN 55024 ImmunityEN 61000-3-2VCCI Class AHardware SpecificationsJSA VM SpecificationsJuniper Networks Services and SupportJSA VM All-in-OneJSA VMDistributedJuniper Networks is the leader in performance-enabling servicesMaximum EPS1,0001,000high-performance network. Our services allow you to maximizeFlows per minute50,00050,000operational efficiency while reducing cost and minimizingthat are designed to accelerate, extend, and optimize yourrisk, achieving a faster time to value for your network. JuniperNetworks ensures operational excellence by optimizing thenetwork to maintain required levels of performance, reliability,and availability. For more details, please visit www.juniper.net/us/en/products-services.6 page
JSA3500 Secure Analytics Juniper Networks JSA3500 Secure Analytics is an enterprise-class appliance that provides a scalable network security management solution for medium-sized companies up to large global organizations. It is also the
