Juniper Networks has developed a means of encrypted traffic analysis (ETA) that leverages AI and machine learning to identify encrypted threats without the need to break the encryption. ETA takes relevant data extracted by the SRX series firewall combined with behavior analysis provided by the Juniper Advanced Threat Protection (ATP) Cloud to provide insight and visibility into the underlying traffic. Based on metadata analysis via machine learning in the ATP Cloud, connections are classified as malicious or benign, identifying the hallmarks of botnet and malware command and control traffic. This is accomplished without the need to decrypt traffic and requires no new hardware, sensors or collectors.
The solution is scalable with network size and enables greater network visibility, confidence and the ability to respond more quickly via automated remediation. This is accomplished via the SRX firewall that extracts information from the initial transport layer security handshake. Questionable certificates are sent to the ATP Cloud, which then queries the certificate against certificates used for known malicious activity and sends them back to the SRX for blocking. File transfer protocol events are then correlated with user and device information and added to the infected host feed. This information is managed via a tailorable screen that provides analysis and can be configured to meet the user’s relevant security needs.
In summary, what sets the Juniper Networks Encrypted Traffic Analysis solution apart from other solutions is that it is relatively inexpensive. An SRX firewall and Juniper ATP Cloud license is open standard/nonproprietary, operates in a multivendor environment and doesn’t require additional sensors or collectors.
Juniper’s Encrypted Traffic Analysis solution is a subset of a larger, comprehensive connected security portfolio that is used extensively in international commercial banking, health care and the U.S. federal government.