Solutions & Technologies

Service Provider Security

Protect users, applications, and infrastructure by extending security to all points of connection across your network

With the acceleration of 5G, Internet of Things (IoT), and multicloud adoption, the security landscape is only growing more complex. Service providers need a strategy and toolset that aligns with impending or in-progress architectural transformation to stay ahead of the continual stream of new threats, without sacrificing network performance or diminishing the customer experience.

security service provider

99.9% Security Effectiveness

Juniper received an “AAA” rating in CyberRatings’ 2023 Enterprise Network Firewall Report, demonstrating a 99.9% exploit block rate with zero false positives.

Read report

How Juniper can help

Juniper Connected Security safeguards users, data, and infrastructure by extending threat intelligence to all connection points across your network. Leverage the network itself—including switches, routers, and access points; public and private cloud platforms; and third-party devices—to take an active role in protecting data across every point of connection—turning them into enforcement points and creating a threat-aware network.

Network professionals working on a mobile laptop standing workstation in a server / data center

Scale out like never before

Scale horizontally and elastically, regardless of form factor, and manage all firewalls as one logical unit for near-infinite scale without complexity. With Juniper's Connected Security Distributed Services Architecture, you can remove single points of failure and limitations associated with chassis size and form factor.

Network professional working in a dark office monitoring multiple monitor screens

Secure 5G cloud transformation

Juniper Networks® SRX Series Firewalls have a proven track record of delivering carrier-grade performance for next-gen firewalls and CGNAT for top global operators. With unified policy management across our physical, virtual, and container firewalls, wherever you are in your 5G cloud transformation journey, we guarantee that it’s always secure.

IT professional holding a mobile table in a server room

Inline DDoS protection

The Juniper and Corero joint distributed denial-of-service (DDoS) defense solution combines Juniper Networks MX Series and PTX Series Routers and software intelligence. It inspects traffic at the packet level while supporting infrastructure-based enforcement for real-time, automated DDoS mitigation with tens of terabits of throughput.

Two IT professionals working a dark office monitoring multiple monitor screens

AI-predictive threat prevention and integrated intelligence

Accurately predict threats, stop known and zero-day threats at line rate before they stop your business, and enable real-time threat intelligence for automatic, responsive traffic filtering anywhere in the network. Juniper SecIntel security intelligence extends to MX Series Routers to detect, block, and stop command-and-control (C&C) traffic discovered by the Juniper Advanced Threat Prevention (ATP) solution, Juniper Threat Labs, and custom blocklists, all at wire speed.

Random blue numbers and letters on a screen and padlock

Encrypted traffic insights

This feature of Juniper ATP Cloud uses SRX Series Firewalls to detect malicious botnet traffic that’s “going dark” via encryption, without decrypting it. You gain greater visibility and policy control over encrypted traffic without resource-intensive SSL decryption. No additional hardware or network changes to Juniper SRX Firewalls are required to use the feature.

User logging into VPN on a mobile tablet

Juniper Secure Connect

This client-based SSL VPN application allows you to securely access protected resources on the network. When combined with SRX Series Firewalls, Secure Connect helps organizations quickly establish dynamic, adaptable connectivity from devices anywhere across the globe. The application extends visibility and enforcement from client to cloud over VPN connections.

View Datasheet

The Products

Screenshot of Juniper Cloud Workload Protection interface for data center security.
Product

Juniper Cloud Workload Protection

Shield your workloads from zero-day threats, such as OWASP Top 10 and memory-based attacks, with zero trust microsegmentation and run-time application protection.

SRX Series Family product image
PRODUCT FAMILY

SRX Series Firewalls

Protect your network edge, data center, and cloud applications with Juniper next-generation physical, virtual, and containerized firewalls, all managed via Juniper Security Director Cloud.

Teal shield, cloud, and lightning bolt graphic representing Juniper’s Advanced Threat Prevention (ATP) that’s also cloud ready.
Product

Advanced Threat Prevention

The threat intelligence hub for the network, with a litany of built-in advanced threat services that use the power of AI and machine learning to detect attacks and optimize enforcement. Juniper ATP protects against known and unknown threats, assesses and verifies device and IoT risk, and analyzes encrypted traffic.

Several different MX series universal routing platforms from front view.
PRODUCT FAMILY

MX Series Universal Routing Platforms

With a robust portfolio of SDN-enabled routers, the MX Series provides industry-leading system capacity, density, security, and performance with unparalleled longevity.

SecIntel UI Map
Product

SecIntel

Provides continuously updated, actionable security intelligence curated and validated by Juniper Threat Labs. It supports industry-specific threat mitigation and prevention through custom third-party sources.

Juniper and Corero Joint DDoS Protection Solution
Product

Juniper and Corero Joint DDoS Protection Solution

Juniper and Corero DDoS protection combines packet-level traffic inspection with the power of infrastructure-based enforcement. It automates real-time attack mitigation at the network edge at speeds up to 40 Tbps.

Related Solutions

5G Networks

Juniper’s open ecosystem approach to 5G unlocks the full power and potential of your network. We can help you reimagine your architecture, operations, and service experience to create new business value and compete in the coming decade.

Public Cloud Security

Accelerate public cloud adoption securely with simple deployment, consistent security, and unified management experience at every level: within workloads, between applications and instances, and across environments.

Resource Center

Practical Resources

Integrations

SmartWall Threat Defense Director
Juniper Secure Connect

Support

Guides

MX Series Security Buyers Guide (PDF)
SASE Buyers Guide

Learn More

Videos

Exploring 5G Security Strategy Considerations (11:52)
Securing 4G to 5G Evolution with Juniper Connected Security (1:51)
Juniper MX Security Overview (2:47)
Juniper SecIntel on MX – Delivering Real Time Threat Intelligence
Juniper MX + Corero TDD Delivers Automated DDoS Protection at the Edge (2:52)
Juniper + Corero Joint DDoS Solution Demo - TDD 10.3 (4:41)
SecIntel on MX Demo (4:09)

Articles

Forbes: Juniper's Cybersecurity Shift is Bearing Fruit, August 12, 2021 (PDF)

Blogs

Juniper Networks Evolves Modern Data Center Security with the Industry’s First Distributed Security Services Architecture
Enhancing 5G DDoS Protection with Juniper Networks and Corero Network Security Joint Solution
What SASE Means for Service Providers
Five 5G Security Challenges that Service Providers Need to Tackle
5G NSA Requires Performance Upgrades of Existing Security Infrastructure
5G Edge Cloud and Multi-access Edge Computing (MEC) Security

White Papers

The Power of Integrating Security and Networking in Service Provider Networks (PDF)
5G Security Strategy Considerations (PDF)
5G Network Slicing: How to Secure the Opportunity (PDF)
2023 DDos Threat Intelligence Report (PDF)

Solution Briefs

Juniper Networks and Corero: A Modern Approach to DDoS Protection at Scale (PDF)

Flyers

Safeguard Your Users, Applications, and Infrastructure with Juniper + Corero Joint DDoS Protection Solution (PDF)
Make Your Network Threat-Aware: SecIntel on MX (PDF)
Future-Proof Your Network: Be 5G-Ready and Beyond with MX-SPC3 Security Services Card (PDF)
Top 5 Reasons Why Juniper MX Security is Right for you (PDF)
MX Routing + Security = Powerful Together (PDF)

Press Releases

Telefónica Spain Selects Juniper Networks to Secure 5G Network
Plusnet Chooses Juniper Networks and Corero Joint Security Solution to Stop DDoS Attacks in Seconds
Sure Chooses Juniper Networks for Network Upgrade
video-securing-4g-5g-1000x500

Securing 4G to 5G Evolution with Juniper Connected Security

Service Provider Security FAQs

What is Juniper Connected Security?

Juniper Connected Security safeguards users, applications, and infrastructure by extending security to every point of connection, from client to cloud, across the entire network. It helps organizations build threat-aware networks to keep attackers at bay and keep the network clear for business-critical traffic.

What use cases does Juniper Service Provider Security support?

Juniper Service Provider Security supports seven use cases:

  1. Mobile security gateway (SEG)
  2. SGi/N6 firewall
  3. Carrier-grade NAT (CGNAT)
  4. Roaming firewall
  5. Distributed denial-of-service (DDoS) detection and mitigation
  6. Data center firewall
  7. Intra-data center/East-West traffic protection

What is a mobile security gateway?

A security gateway (SEG) is a high-performance IPsec tunneling gateway that connects the service provider’s Evolved Packet Core (EPC) to base stations (eNodeBs and gNodeBs) on the S1/NG interface and handles connections between base stations on the X2/Xn interface.

Security gateway IPsec functionality can protect traffic as it traverses mobile backhaul by establishing an encrypted, protected connection between the service provider’s base station and EPC network. The security gateway simplifies the provisioning burden for S1-MME and S1-U (NG-C and NG-U for 5G) traffic by being a central point of IPsec concentration. (See 5G Security Strategy Considerations to learn why a security gateway is important in 5G network deployments.)

What is an SGi/N6 firewall?

An SGi/N6 firewall is a firewall connected to the Evolved Packet Core (EPC)/5G Core (5GC) on a Gi LAN/N6 interface. It protects the packet core and user equipment (UE) endpoints against a variety of outside-in attacks, such as snooping and theft of information.

What is CGNAT?

Carrier-Grade Network Address Translation (CGNAT) performs address translation for many purposes, including:

  • Hiding topology so attackers cannot directly attack resources within the service provider’s network
  • Preventing IPv4 address exhaustion by mapping a large number of private IP addresses within a service provider’s network to a small number of public IP addresses
  • Connecting IPv6 endpoints within a service provider’s network to legacy IPv4 addresses on the public Internet

How does CGNAT protect your networks?

CGNAT provides address obfuscation and prevents bad actors from communicating with internal resources, such as customer devices and provider host servers, by hiding the source IP addresses of these devices from the outside world.

What is a roaming firewall?

A roaming firewall is a roaming gateway connecting the Evolved Packet Core (EPC) of the home network to the EPC of the visited network to handle roaming handover.

With a roaming firewall, networks are protected through a combination of security capabilities, including:

  • Encryption of GTP-C and GTP-U traffic with IPsec
  • Rate limiting of GTP-C traffic
  • Prevention of GTP-C-specific attacks
  • Signaling normalization and modification of GTP-C traffic, including 3GPP release interoperability

What is DDoS detection and mitigation?

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

Juniper’s DDoS detection and mitigation is an industry-leading volumetric DDoS firewall that provides real-time DDoS filtering capability at the industry’s fastest rate to prevent DDoS attacks within 5–10 seconds. (See Juniper and Corero Joint DDoS Protection Solution to learn more.)

What is Juniper Zero Trust Data Center Security?

Juniper Zero Trust Data Center Security protects hybrid data centers by operationalizing security and extending zero trust across networks to prevent threats with proven efficacy. It checks all incoming and outgoing traffic, so customers can validate and grant data center access to the right users and devices.

What are the features and benefits of Juniper Zero Trust Data Center Security?

Juniper Zero Trust Data Center Security solution helps with the following:

  • Centralized visibility and analytics for all applications and data, including encrypted data and infrastructure 
  • Consistent policies across firewalls (all form factors, from managing via a single UI to reducing operational complexity to allowing scalability)
  • Shared automation and intelligence at every point of connection across the entire infrastructure, making automated threat response a click away
  • Macro- and micro-segmentation to control who and what can access the network resources and reduce the attack surface while preventing lateral threat propagation
  • Advanced threat services that use the power of AI/ML to detect sophisticated threats and block them

 

(See the Juniper Zero Trust Data Center product portfolio to learn more.)

What is Juniper Intra-DC/East-West Traffic Protection?

Juniper Intra-DC/East-West Traffic Protection is security enforcement that prevents attackers from moving laterally inside on-premises or cloud data centers by creating microsegments that limit the impact of a successful attack.

Where can I get more technical information?

For security technical content and resources for service providers, visit the TechLibrary Connected Security page.

Demand more from your network
See what industry-leading AI and ML can do for you.