Archivo de la etiqueta: security

The top three cloud security myths: BUSTED

a safe place to workThe rise in global cyber-attacks and the subsequent high-profile press coverage, understandably makes businesses question the security of cloud. After all, the dangers of hosting anything in an environment where data loss or system failure events are attributed to an outside source are magnified. As a result, many CIOs are also still struggling to identify and implement the cloud services most suitable for their business. In fact, research finds over three quarters (79%) of CIOs find it a challenge to balance the productivity needs of employees against potential security threats. Moreover, 84% of CIOs worry cloud causes them to lose control over IT.

But is cloud really more vulnerable than any other infrastructure? And how can organisations mitigate any risk they encounter? The reality is that all systems have vulnerabilities that can be exploited, whether on-premise, in the cloud or a hybrid of the two. It’s safe to say that people fear what they don’t understand – and with cloud becoming increasingly complex, it’s not surprising that there are so many myths attached to it. It’s time to clear up some of these myths.

Myth 1: Cloud technology is still in its infancy and therefore inherently insecure

Cloud has been around for much longer than we often think and can be traced as far back as the 1970’s. The rapid pace of cloud development, coupled with an awakening realisation of what cloud can do for businesses, has thrust it into the limelight in recent years.

The biggest issue CIOs have with cloud is their increasing distance from the physical technology involved. Indeed, many CIO’s feel that if they cannot walk into a data centre and see comforting lights flashing on the hardware, then it is beyond their reach. As a result, many organisations overlook instrumentation in the cloud, so don’t look at the data or systems they put there in the same way they would if it were on a physical machine. Organisations then forget to apply their own security standards, as they would in their own environment, and it is this complacency that gives rise to risk and exposure.

Lady Justice On The Old Bailey, LondonMyth 2: Physical security keeps data safe

It is a common misconception that having data stored on premise and on your own servers is the best form of protection. However, the location of data is not the only factor to consider. The greatest form of defence you can deploy with cloud is a combination of strict access rights, diligent data stewardship and strong governance.

Common security mistakes include not performing full due diligence on the cloud provider and assuming that the provider will be taking care of all security issues. In addition, it is still common for organisations to not take into account the physical location of a cloud environment and the legal ramifications of storing data in a different country. Indeed, a recent European Court of Justice ruling found the Safe Harbour accord was invalid as it failed to adequately protect EU data from US government surveillance. Cloud providers rushed to assure customers they were dealing with the situation, but the main takeaway from this is to not believe that a cloud provider will write security policy for you – organisations need to take ownership.

Myth 3: Cloud security is the provider’s responsibility

All of the major public clouds have multiple certifications (ISO27001, ISO27018, ENISA IAF, FIPS140-2, HIPAA, PCI-DSS) attained by proving they have controls to ensure data integrity.

Security CCTV camera in office buildingThe real risk comes when organisations blindly park data, thinking that security is just implicit. Unless the data is protected with encryption, firewalls, access lists etc., organisations remain vulnerable. The majority of cloud exposures can in fact be traced back to a failure in policy or controls not being applied correctly – look at the TalkTalk hack for example, and consider the alternate outcome had the database been encrypted.

Education and ownership is the future

The speed at which cloud is evolving can understandably cause a few teething problems. But it is the responsibility of providers and clients alike to take ownership of their own elements and apply security policies which are right for their business, their risk profile and the data which they hold. As with any technological change, many interested parties quickly jumped on the cloud bandwagon. But the allure of a technology can inhibit a lack of critical thinking, and the broader view of choosing the right application at the right cost, with appropriate security to mitigate risk, is lost. Remember, the cloud is not inherently secure and given the fact it stands to underpin enterprise operations for years to come, it’s worth approaching it not as a bandwagon but as an important part of enterprise infrastructure.

Written by Mark Ebden, Strategic Consultant, Trustmarque

24% of businesses expect a cyberattack within the next 90 days

Hacker performing cyber attack on laptopResearch from VMWare has highlighted 24% of office workers and IT decision makers believe their organization will be the victim of a cyberattack with the next 90 days, mainly due to the belief that the threats are advancing at a faster pace than a company’s defences.

Although the statistics imply the event of a cyberattack is becoming normalized within the industry, the findings do also suggest investments from enterprise organizations are not meeting the demanding trends of security, as 39% of the respondents believe one of the greatest vulnerabilities to their organisation to a cyberattack is threats moving faster than their defences.

“The issue around accountability is symptomatic of the underlying challenge faced as organisations seek to push boundaries, transform and differentiate, as well as secure the business against ever-changing threats”, commented Joe Baguley, CTO of VMware in EMEA. “Today’s most successful organisations can move and respond at speed as well as safeguard their brand and customer trust. With applications and user data on more devices in more locations than ever before, these companies have moved beyond the traditional IT security approach which may not protect the digital businesses of today.”

While security could be seen as something of a sound-bite for board-level execs in recent months, the importance of spreading cybersecurity awareness and responsibility throughout the organization have been made clear by the IT department. Of the IT decision makers who were surveyed as part of the research, 22% said the board should be most aware of the necessary actions to take following a significant data breach, and 40% said the CEO should be this person.

Industry insiders have commented to BCN in recent weeks that the use of security comments by execs highlighted the importance of cybersecurity has been an effort to appease customers and stakeholders, and there is little follow through in terms of investment in new technologies. Research from the Economist Intelligence Unit also backs up these comments as its own survey said only 5% of UK corporate leaders consider cyber security a priority for their business, contradicting comments made by execs in the press.

Shadow IT was another area which featured in the report, as unauthorized devices and software are seemingly still plaguing IT decision makers throughout the industry. 55% of the IT decision makers surveyed believe their own employees are the greatest security threat a company faces, which is also backed up by the statistics that 26% would use their personal device to access corporate data and almost a fifth, 16%, would risk being in breach of the organisation’s security to carry out their job effectively.

“Security is not just about technology. As the research shows, the decisions and behaviours of people will impact the integrity of a business,” said Baguley. “However, this can’t be about lock-down or creating a culture of fear. Smart organisations are enabling, not restricting, their employees – allowing them to thrive, adapt processes and transform operations to succeed.”

Verizon Enterprise launch cloud backup product with Actifio

cloud puzzleVerizon Enterprise Solutions has launched a new cloud backup service alongside Actifio, aimed at accelerating application development, and improving business resiliency.

The new offering, which will be available to customers using a virtualized environment, to create unified hybrid cloud environment with the aim of making data easier to manage, access and protect. The product will be available for customers in North America in June, and other regions towards the end of the year.

“The complexity of legacy infrastructure limits the ability of many enterprises to innovate around their data,” said Dan Jablonski, Director of Cloud and IT solutions, Verizon Enterprise Solutions. “We chose Actifio’s class-leading copy data virtualisation technology to power this new offering because it means we can now offer customers a simple, single solution to protect, move and store data in our cloud. Together with Actifio, we’re helping clients to be more agile so they can deliver better experiences to their own customers.”

The new offering is built on Actifio’s technology, which it claims will allow customers to move data back and forth between the customer premise and Verizon’s cloud-based infrastructure, allows self-serve instant access to data to improve speed of deployment and improve resiliency and availability by protecting data across the full range of conventional protection use cases.

“Data is the lifeblood of business, and it’s essential to have access to the data and applications you need when and where you need them,” said Ash Ashutosh, CEO of Actifio. “This next step in our relationship with Verizon will enable us to provide exactly that to more customers around the world, more easily and efficiently than ever before. We are thrilled to take this step forward with what is becoming one of our most important and valued cloud service provider partnerships.”

IBM’s Watson takes aim at cybersecurity

Anonymous unrecognizable man with digital tablet computerIBM has launched a new cloud-based version of the company’s cognitive technology to tackle the rising challenge of cyber security.

The company’s R&D team have recently completed a year-long research program to teach Watson to understand the nuances of security research findings, which can be used to realize patterns and uncover evidence of hidden cyber-attacks which could have been missed. IBM plan to move the security-version into beta test later this year.

Watson’s new capabilities builds on the skills gap within the security job market, but also the idea that big data in a security perspective is too vast for human capabilities. Like other areas of the cloud industry, simple tasks are being automated, allowing employees to concentrate on the more critical areas of the business. IBM claim the average organization deals with 200,000 pieces of security event data per day, with enterprises spending $1.3 million a year dealing with false positives alone.

“Even if the industry was able to fill the estimated 1.5 million open cyber security jobs by 2020, we’d still have a skills crisis in security,” said Marc van Zadelhoff, GM at IBM Security. “The volume and velocity of data in security is one of our greatest challenges in dealing with cybercrime. By leveraging Watson’s ability to bring context to staggering amounts of unstructured data, impossible for people alone to process, we will bring new insights, recommendations, and knowledge to security professionals, bringing greater speed and precision to the most advanced cybersecurity analysts, and providing novice analysts with on-the-job training.”

The new offering is built on Watson’s ability to learn and reason from unstructured data, 80% of which cannot be processed by non-cognitive tools, and IBM claim the offering will learn from a number of different sources including blogs, articles, videos, reports and alerts. The company believe only 8% of this unstructured data is being utilized currently, making the concept of secure almost impossible. Once Watson for Security is released it will provide customers insights into emerging threats, as well as recommendations on how to stop them.

To further enhance the offering, the team have also announced eight partnerships with various universities to train Watson on the language of cybersecurity. The universities include California State Polytechnic University, Pomona; Pennsylvania State University; Massachusetts Institute of Technology; New York University; the University of Maryland, Baltimore County (UMBC); the University of New Brunswick; the University of Ottawa and the University of Waterloo.

Docker bolsters security capabilities with Security Scanning launch

DockerDocker has announced the general availability of its Security Scanning product, an offering formerly known as Project Nautilus.

The service, which is available as add-on service to Docker Cloud private repositories and for Official Repositories located on Docker Hub, streamlines software compliance procedures by providing customers with a security profile of all their Docker images. The offering sits alongside Docker Cloud to automatically trigger a series of events as soon as an image is pushed to a repository, providing a complete security profile of the image itself.

“Docker Security Scanning conducts binary level scanning of your images before they are deployed, provides a detailed bill of materials (BOM) that lists out all the layers and components, continuously monitors for new vulnerabilities, and provides notifications when new vulnerabilities are found,” said Docker’s Toli Kuznets on the company’s blog.

“The primary concerns of app dev teams are to build the best software and get it to their customer as fast as possible. However, the software supply chain does not stop with developers, it is a continuous loop of iterations, sharing code with teams and moving across environments. Docker Security Scanning delivers secure content by providing deep insights into Docker images along with a security profile of its components. This information is then available at every stage of the app lifecycle.”

The offering itself splits each Docker image its respective layers and components, and evaluates the risk associated with each one. Risks are reported back to the CVE databases, linked to the specific layer and/or component, but are also monitored on an on-going basis.

New vulnerabilities found during the on-going monitoring process are reported to the CVE database, which will then assess all other software associated with that component/package to improve software compliance across the board. Docker believes software compliance and general risk management can be enhanced through the offering, but also throughout the lifecycle of the software itself.

“With this information, IT teams can proactively manage software compliance requirements by knowing what vulnerabilities impact what pieces of software, reviewing the severity of the vulnerability and making informed decisions on a course of action,” said Kuznets.

The offering is now available to all customers, with Docker currently offering a three month free trial.

Docker Security

Government report highlights only 29% of UK has cyber security policies

Overview#

Click to enlarge

The Department for Culture, Media and Sport has released findings from its annual Cyber Security Breaches Survey, where 69% of organizations believe security to be a top priority for the business, though only 29% have a formal written policy.

Within the large organizations category, those with 250 or more employees, 90% considered security as a ‘very high’ or ‘fairly high’ priority, though this percentage dropped to 69% when taking an average of the UK as a whole.

“The UK is a world-leading digital economy and this Government has made cyber security a top priority,” said Minister for the Digital Economy Ed Vaizey. “Too many firms are losing money, data and consumer confidence with the vast number of cyber-attacks. It’s absolutely crucial businesses are secure and can protect data. As a minimum, companies should take action by adopting the Cyber Essentials scheme which will help them protect themselves.”

Of the companies who participated in the survey, 24% said they had experienced a breach within the last twelve months, though this is higher for medium and large businesses, 51% and 65% respectively. Large organizations would appear to be the more attractive target for cyber criminals, with 25% of the larger organizations experiencing at least one attack per month over the last year. In terms of financials, the average breach costs organizations £3,480, though this increases to £36,500 for organizations in the large category.

Although a healthy proportion of organizations claim security is a top priority only 29% have written cyber security policies, and only 10% have formal incident management processes. The survey also highlighted only 17% have had their staff undergo some form of cyber security training in the last 12 months.

“One of the most shocking revelations in the Government’s research is the fact that just 10 per cent of UK businesses have an incident management plan in place,” said Jens Puhle, UK Managing Director of 8MAN. “Given that two thirds of large businesses were breached this year alone, organisations need to think in terms of “when”, not an “if” they are attacked, and it is vital they have a solid response plan in place.

How much of a priority is cloud security

Security priority – click to enlarge

“Businesses that are equipped with the ability to identify how the breach occurred and which systems were affected will be able to mitigate the damage the impact and resume normal operations much sooner. They will also be able to take control of the aftermath, disclosing the incident on their terms and working with the authorities to catch the perpetrator. Being unable to perform these basic tasks will make it much more likely that a business is seen as inviting disaster on itself and its customers through negligence, rather than as a blameless victim of crime.”

From an employee perspective, only 34% of organizations currently employ staff whose job role specifically includes information security or governance, which could be perceived as relatively low considering 67% believe security is a top priority. These jobs were most common within finance (60%) and education, health or social care (52%), sectors which could be viewed as having more stringent regulation surrounding data protection.

While hiring people with the right skills is an important step in becoming more secure Lee Meyrick, Director of Information Management at Nuix, believes these individuals also need to have a firm grasp how and where a company’s data resides, a task which might not be as simple as first imagined.

“The first step towards responding efficiently to breaches and closing information security gaps quickly, is understanding where important data is stored. This is easier said than done, as about 80% of organisational data is unstructured, meaning it’s in complex formats – such as emails, databases, photos, and presentations– that are difficult to search and understand.

Spend on security

Security spend – click to enlarge

“The key principle is making sure the only people who can access high-risk data are those who need to for day-to-day work. In order to achieve this, information security, information governance and records management specialists need to become “good shepherds” of their data.

“They should know where all their sheep are, segregate them into separate fields, make sure the fences between fields are sound and regularly check to ensure the sheep are healthy. In this way, even if a wolf manages to get into one of the fields, most of the flock will be safe.”

While the survey does demonstrate good intentions from organizations throughout the UK in respect to attitudes towards security, it would appear the practical implications from these intentions have largely remained unfulfilled to date. Large organizations would appear to have a more solid grip on security within their own environments, though this does not seem to extent to their own supply chain where only 13% of UK businesses set minimum cyber security standards for their suppliers.

The report states the attitudes within medium and large organizations towards security is positive, though more could be done to implement data encryption rules, offer staff training and having formal incident management processes. It also states more could be done to raise standards within their own supply chains, which could have a ripple effect on smaller organizations throughout the UK.

Powwownow claim 77% of employees look for flexible working in next job

flexible young businessman stretcht outdoor in a sunny dayIn light of Flexible Working awareness day, Powwownow has released research findings which demonstrate employee desires for mobility and flexible working solutions.

The research highlighted while only 25% of brits have the opportunity to work flexibly, 70% believe the opportunity to do so would improve their relationship with co-workers and 62% state they would be more productive if given the option to work outside of the office. 77% of respondents said a job which offered flexible working options was instantly more attractive.

“Flexible working has become a key area now when people are looking for a job and companies in the UK face losing the top talent if they don’t adapt to this way of working,” said Jason Downes, MD at Powwownow. “With the technology now on offer there is no need for people to have to work in an office from 9-5. This is old fashioned and seemingly unproductive and more needs to be done for this to change.”

The benefits of mobility within the workplace has been well-documented by various research and academic institutions, but claims have been seemingly backed up by the research findings themselves. 58% of respondents believe the choice of when and where to work would enable them to think more creatively, and generally be more motivated.

“It’s coming up to two years since the Flexible Working Law was passed in the UK and while there has been progress made, we still see a reluctance from business leaders in terms of adopting flexible working, despite the benefits now being extremely well publicised,” said Downes. “It’s the culture that needs to change and we hope that days such as this will help decision makers sit up and take notice.”

While the desire for enterprise mobility strategies have been on the rise for both employees and leaders within the IT organization, there are still a number of hurdles, both technological and culturally, before it could be perceived as mainstream. A recent survey from Citrix highlighted employee negligence and indifference to IT policy is one of the most significant inhibitors to cloud security.

Although 45% of workers are likely to use passwords to secure documents at home, this number drops to 35% at work, demonstrating the concerns the IT department will have when looking at any mobility opportunities. Until the security of a company’s data can be guaranteed, enterprise mobility is likely to be continued to be viewed through a wary eye.

Securing Visibility into Open Source Code

Yellow road sign with a blue sky and white clouds: open sourceThe Internet runs on open source code. Linux, Apache Tomcat, OpenSSL, MySQL, Drupal and WordPress are built on open source. Everyone, every day, uses applications that are either open source or include open source code; commercial applications typically have only 65 per cent custom code. Development teams can easily use 100 or more open source libraries, frameworks tools and code snippets, when building an application.

The widespread use of open source code to reduce development times and costs makes application security more challenging. That’s because the bulk of the code contained in any given application is often not written by the team that developed or maintain it. For example, the 10 million lines of code incorporated in the GM Volt’s control systems include open source components. Car manufacturers like GM are increasingly taking an open source approach because it gives them broader control of their software platforms and the ability to tailor features to suit their customers.

Whether for the Internet, the automotive industry, or for any software package, the need for secure open source code has never been greater, but CISOs and the teams they manage are losing visibility into the use of open source during the software development process.

Using open source code is not a problem in itself, but not knowing what open source is being used is dangerous, particularly when many components and libraries contain security flaws. The majority of companies exercise little control over the external code used within their software projects. Even those that do have some form of secure software development lifecycle tend to only apply it to the code they write themselves – 67 per cent of companies do not monitor their open source code for security vulnerabilities.

The Path to Better Code

Development frameworks and newer programming languages make it much easier for developers to avoid introducing common security vulnerabilities such as cross-site scripting and SLQ injection. But developers still need to understand the different types of data an application handles and how to properly protect that data. For example, session IDs are just as sensitive as passwords, but are often not given the same level of attention. Access control is notoriously tricky to implement well, and most developers would benefit from additional training to avoid common mistakes.

Mike

Mike Pittenger, VP of Product Strategy at Black Duck Software

Developers need to fully understand how the latest libraries and components work before using them, so that these elements are integrated and used correctly within their projects. One reason people feel safe using the OpenSSL library and take the quality of its code for granted is its FIPS 140-2 certificate. But in the case of the Heartbleed vulnerability, the Heartbleed protocol is outside the scope of FIPS. Development teams may have read the documentation covering secure use of OpenSSL call functions and routines, but how many realised that the entire codebase was not certified?

Automated testing tools will certainly improve the overall quality of in-house developed code. But CISOs must also ensure the quality of an application’s code sourced from elsewhere, including proper control over the use of open source code.

Maintaining an inventory of third-party code through a spreadsheet simply doesn’t work, particularly with a large, distributed team. For example, the spreadsheet method can’t detect whether a developer has pulled in an old version of an approved component, or added new, unapproved ones. It doesn’t ensure that the relevant security mailing lists are monitored or that someone is checking for new releases, updates, and fixes. Worst of all, it makes it impossible for anyone to get a full sense of an application’s true level of exposure.

Know Your Code

Developing secure software means knowing where the code within an application comes from, that it has been approved, and that the latest updates and fixes have been applied, not just before the application is released, but throughout its supported life.

While using open source code makes business sense for efficiency and cost reasons, open source can undermine security efforts if it isn’t well managed. Given the complexity of today’s applications, the management of the software development lifecycle needs to be automated wherever possible to allow developers to remain agile enough to keep pace, while reducing the introduction and occurrence of security vulnerabilities.

For agile development teams to mitigate security risks from open source software, they must have visibility into the open source components they use, select components without known vulnerabilities, and continually monitor those components throughout the application lifecycle.

Written by Mike Pittenger, VP of Product Strategy at Black Duck Software.

BSA releases rankings of global cloud policies – UK drops and US rises on leader board

A racehorse and jockey in a horse raceThe BSA | The Software Alliance has released its global ranking of cloud computing policies, assessing the cloud readiness and policies of the world’s 24 leading ICT economies, with the UK dropping down the leader board.

The UK dropped two places in the rankings to ninth, whereas Japan maintained its position at the top of the leader board, and the US improving its position coming in second place. The 24 countries ranked in the research account for roughly 80% of global ICT revenues. Each country is ranked depending on its strengths and weaknesses in seven policy areas; data privacy, security, cybercrime, intellectual property right, support for standards, promotion of free-trade and IT readiness & broadband deployment.

“It’s worrying to see the UK starting to fall behind other faster-moving nations in creating policies which enable cloud innovation,” said Victoria Espinel, CEO of the BSA. “It’s critical for global leading nations like the UK to be on the front-foot in creating robust policy frameworks fit for the digital age to prevent protectionism, so governments, businesses and consumers can benefit from the various benefits cloud computing offers. The report is a wakeup call for all governments to work together to ensure the benefits of the cloud around the globe.”

The UK scored particularly well when it came to intellectual property rights, security and IT readiness, where it ranked fourth, second and first respectively, but badly in the cybercrime valuation, coming in at number 21 out of 24. Within the other areas it hit the middle of the road, and while overall performance was not negative, the UK fell behind due to the speed and efficiency in which other nations are developing their policies.

In the cybercrime section, where the UK was particularly poor, the report highlighted while the UK was in general compatible with the Budapest Convention on Cybercrime, it has not yet implemented laws relating to misuse of devices, as required by Article 6 of the Convention. The report also stated outdated data registration laws are acting as a barrier to some cloud services, as businesses are required to register their data sets with the regulator, which seems to be an unnecessary burden.

Leaderboard

2016 BSA Global Cloud Computing Scorecard – click to enlarge

The US performed favourably across the majority of the ranking categories, particularly on support for industry standards (first), promotion of free trade (first) and IT readiness (third). The US has been recognized by the report as a particular advocate of free trade and harmonization, as well as standardization, as it “continued to remove barriers to international information technology (IT) interoperability”.

Data privacy was the area in which it performed the worst, where it stated there are no single privacy law in the US, as well as numerous policies which have the potential to create a complicated and confusing landscape. Current key sectoral privacy laws include the Federal Trade Commission Act, the Electronic Communications Privacy Act, the Health Insurance Portability and Accountability Act, the Fair Credit Reporting Act and the Telephone Consumer Protection Act.

The report also drew attention to the compatibility between the US with the privacy principles in the EU Data Protection Directive, of which there is little. According to the report “US organizations also have a range of voluntary options to ensure their data protection practices are compatible with the principles in the EU Directive”, though these are not backed up by government policy or legislation. This has been a point of discussion throughout the industry, following Safe Harbour being shot down, and its successor receiving criticism from certain corners of the EU.

Russsia privacy law

Russian Privacy Law – click to enlarge

While the report does outline progress in the development of IT and cloud policies throughout the world, it does also bring attention to several nations who have been demonstrating negative trends. Countries such as China and Russia have implemented policy which could be seen to inhibit the growth of cloud computing within their countries, by limiting the ability of cloud computing service providers to adequately move data across borders.

“The Scorecard shows that countries are eager to welcome cloud computing and its myriad economic benefits, and many of them are creating a favourable regulatory and legal environment,” said Espinel. “Unfortunately, the Scorecard also shows some countries are heading down a path of treating cloud computing as the next frontier of protectionism. The report is a wakeup call for all governments to work together to ensure the benefits of the cloud around the globe.”

Russia for example has implemented a legal requirement that data operators store the personal data of Russian citizens on servers based in Russia, as well as personal data information system (irrelevant of the simplicity of the database) must be certified by the Federal Service for Technical and Export Control (FSTEC). In turn this data can only be used on software and hardware which has also been approved by the FSTEC.

The BSA believes will have a negative impact on the company’s digital economy, stating “The local requirements are not compliant with generally accepted international standards, and Russia does not participate in the Common Criteria Recognition Agreement (CCRA).”

Juniper boosts security capabilities with two new product offerings

Secure cloudJuniper Networks has launched a number of new cloud and virtualised service offerings as part of its software-defined secure networks framework.

The new offerings include a new containerised virtual firewall called cSRX and a multi-core version of the Juniper Networks vSRX. The company claims the new vSRX version is ten times faster than the nearest competitor and creates new possibilities for using agile and flexible virtual firewalls, while cSRX is the first containerized offering for the industry.

“As the security landscape continues to evolve, it is more important than ever to work together to combat cyber threats,” Kevin Walker, Security CTO at Juniper Networks. “These key additions to our security portfolio will further our Software-Defined Secure Networks vision and greatly benefit our customers. Our products provide the best opportunity to create secure networks through policy, detection and enforcement. We are excited to be releasing the most flexible firewall solutions in the market and continue to showcase our commitment to bringing SDSN to organisations across the globe.”

Juniper believes the faster vSRX offering and the scalability of the containerized cSRX, combined with the higher density of services on the Intel Xeon processor family, will increase an organizations capability to detect threats.

“Juniper Networks is delivering significant scale and total cost of ownership advantages to its customers with the new cSRX, which fundamentally changes how security is deployed and illustrates the power of Software-Defined Secure Networks to provide a holistic network protection paradigm,” Mihir Maniar, VP of Security Product Management at Juniper Networks. “Moreover, with the addition of our 100 Gbps vSRX, our security portfolio is further advancing the industry’s highest performing virtual firewall.”