Case 3:17-cv-05659-WHA Document 369-9 Filed 02/14/19 Page 1 of 3
`
` 
`
` 
`
` 
`
` 
`
` 
`
` 
`
`Exhibit 7
`
`

`

`Case 3:17-cv-05659-WHA Document 369-9 Filed 02/14/19 Page 2 of 3
`
`Advanced Threat Prevention Appliance
`
`Data Shee t
`
`Firewall
`
`Headquarters
`
`~ :
`
`Lateral Detection
`
`Lateral Spread
`Collector
`
`Fabric
`Collector
`
`Fabric
`Collector
`
`\. ... __________ ... '
`
`I
`I
`
`SmartCore --
`
`Figure 1: Juniper Networks ATP Appliance architecture
`
`Architecture and Key Components
`The arch itecture of the ATP App liance cons ists of collectors
`deployed at crit ical points in the network, including remote
`locati ons. These co llectors act like sensors, ca pt uring information
`about Web, e-mail, and lateral traff ic. Data and re lated
`execut ables co llected across the fabric are delivered t o the
`SmartCore analyt;cs engine. Along w ith traff ic from the nat ive
`col lectors. the ATP App li ance also ingests logs from other identit y
`an d secur~ ty product s suc h as Act1ve Directory, endpoint ant ivirus.
`firewa lls, secure Web gateways, intrusion detection systems, and
`endpoint detect ion and response t ools. The logs can be ingested
`dire ct ly from th ird-party devices, or they can be forwarded from
`exist ing SIEM/syslog servers.
`
`Armed with data collected from va rious sou rces, the SmartCore
`analyt ics engine performs the following m ult istage threat
`analys;s processes:
`
`Static analysis: Applies cont inuously updated rules and
`signatures t o f ind known threats that may have eluded
`inline devices.
`
`Payload analysis: Leverages an intelligent sandbox array
`to gain a deeper understanding of m alwa re behavior by
`detonating suspicious Web and file content that wou ld
`otherwi se t arget W indows, OSX, or Android endpoint devices.
`
`Machine learning and behavioral analysis: Employs
`patent-pending techno log ies to recogn ize the latest threat
`behaviors (such as m ult icomponent atta cks over t ime) and
`quickly detect previously unknown threats.
`
`Malware reputation analysis: Compares analysis resu lts
`with simi lar known threats to determine w hether a newly
`detected threat is a variant of an exist ing issue or something
`complete ly new.
`
`Prioritization , risk analysis, correlation : Priorit izes threats
`based on threat severity, asset targets in the network.
`endpoint enwonment, and the th reat's progression
`along the k1 ll cha in. For example, a high sever1ty W indows
`mal ware land;ng on a Mac receives a lower risk score than a
`medium seve rit y m alwa re landing on a protected server. All
`m al ware events from the ATP Appliance and other secu rit y
`devices are co rre lated based on endpoint hostname an d
`t ime and then plotted on a host t imeline, allowing securit y
`teams to assess the risk of a threat and whether it requi res
`immed iate attent ion. For example, a th reat detected by the
`ATP Appli ance but m issed by the an t ivirus solution rece ives
`a higher ri sk score. This allows securit y team s t o go back in
`t ime and review all m ali cious events th at have occurred on
`an Infected host.
`
`Operations
`
`Researcl'l
`
`System
`
`Collectors
`
`Events Tlmellne
`
`Select Vendor{s)
`
`0 Hostname
`
`0 DAVE- LAPTOP
`
`TlmellneforHostname : DAYE·LAPTOP
`
`Bluecoat Secure Web Gateway
`
`Carbon Black Response
`
`Cyphert
`
`Symantec EP
`
`ll:SJ
`
`S!t22July
`
`11:54
`
`11:55
`
`Phishing
`
`@ Download
`
`-
`
`ll:SG
`
`11:57
`
`11:56
`
`11:59
`
`Figure 2: ATP Appliance events timeline
`
`® Elcecutlon Blocked
`
`12:00
`
`-
`
`FINJAN-JN 045070
`
`

`

`Case 3:17-cv-05659-WHA Document 369-9 Filed 02/14/19 Page 3 of 3
`
`Advanced Threat Prevention Applianc e
`
`Data Shee t
`
`Feat ures a nd Benefits
`The ATP App liance includes the following feat ures and benefits:
`
`Inspects traff ic across m ult ip le vectors suc h as Web. e-m ail.
`and lateral sprea d
`
`Uploads suspicious f iles th rough t he Web Ul for processing
`
`Support s W indows 7 and OSX 10.10 operat ing system s
`
`Ana lyzes m ult ip le file types. including execut ab les. DLL.
`Mach-o. Dm g, PDF. Off ice . Flash. ISO. ELF. RTF. APK.
`Si lverllght. Arch1ve. and JAR
`
`Inclu des det ect ion techniques such as exp loit detect ion.
`payload analys is. co mm an d and control (C&C) d et ect ion.
`YARA. and SNORT rules
`
`Provides co mprehensive an d we ll-docu m ented A Pis t hat
`allow easy integrat ion w it h th ird-party secu rit y d evices
`
`Integrates w it h Juni per Netw orks. Palo Alt o Netwo rks.
`Checkpoi nt. Cisco. Fort ine!, and Bluecoat solut ions to
`autom at ically bloc k mali cious IP add resses and URLs
`
`Aut om at ica lly quarantines Office 365 and Gm ai l e-mails
`
`Integrates w it h Carbon Black Protect and Response
`(endpoint solut ion) t o allow up load of binaries executed on
`endpoint s
`
`Integrates w it h Clou d Access Security Broker ve ndor
`SkyHigh to prot ect assets in th e clo ud
`
`Manages m ult iple Sm artCore analyt ics engines via Manager
`of Central Managers funct ionalit y
`
`Supports access and aut hent icat ion using SAM L and
`RADIUS
`
`Correlates events ac ross kill chai n st ages t o m onitor th reat
`progress and risk
`
`V1sual1zes m al ware act ivity and groups m alwa re tra1 t s to
`he lp incident response team s better understan d m alwa re
`behav1or
`
`Priorit izes threats based on risk calcu lat ed from t hreat
`severity, threat progress. asset va lue. an d ot her context ual
`dat a
`
`Provides t im eline host view to obt ain co mplete co ntext
`about m alware event s that have occurred on t he host
`
`Pro duct Opti ons
`The ATP Appli ance is ava ilable as both a physica l and virt ua l
`appli ance. Phys1cal appliances can be d eployed 1n ail- in-one
`m od e (S m artCore and Fabn c Collector are installed on the sa me
`physica l appli ance) or in distrib ut ed m od e (Sm artCore an d
`Fabric Co llector are installed on separate app liances) . Virtua l
`appli ances can be dep loyed in distributed m ode only.
`
`Physical
`All in One
`
`Model
`
`AIO-R430
`AIO-R730
`
`Smart Core
`
`Performance
`(Objects Detonated)
`Up to 30,000 objects/day
`Up to 80,0 00 objects/day
`
`Performance
`
`1 Gbps
`2 Gbps
`
`Model
`SC-R730
`AIO-R730
`
`Performance (Objects Detonated)
`Up to 175,000 obj ects/day
`Up to 80.000 objects/day
`
`Fabric Collector
`
`Performance
`Model
`1 Gbps
`FC- R330
`................................................
`FC- R730
`4 Gbps
`
`Virtual
`Virtual SmartCore Engine
`
`Model
`
`vSC -8
`
`vSC -24
`
`Performance
`(Objects
`Detonated)
`Up to 40,000
`objects/day
`
`Up to 140.000
`objects/day
`
`Virtual Fabric Collector
`
`Model
`
`Performance
`
`FC-v50M
`FC-vlOOM
`FC-v500M
`FC-v1G
`FC-v2.5G
`
`50 Mbps
`100 Mbps
`500 Mbps
`1 Gbps
`2.5 Gbps
`
`Virtual
`CPU
`
`Virtual
`Memory
`
`Virtual
`Disk
`
`8
`
`24
`
`32GB
`
`15 TB
`
`96GB
`
`1.5 TB
`
`Virtual
`CPU
`
`Virtual
`Memory
`
`1.5 GB
`4GB
`16GB
`32GB
`64GB
`
`2
`4
`8
`24
`
`Virtual
`Disk
`16GB
`16GB
`512GB
`51 2GB
`512GB
`
`Adva nced Threat Prevent ion Appliance
`
`FINJAN-JN 045071
`
`