Case 3:17-cv-05659-WHA Document 88-27 Filed 05/18/18 Page 1 of 6
`
` 
`
` 
`
` 
`
` 
`
` 
`
` 
`
`Exhibit 29
`
`

`

`Case 3:17-cv-05659-WHA Document 88-27 Filed 05/18/18 Page 2 of 6
`
`Advanced Threat
`Prevention Appliance
`
`Product Overview
`
`Juniper Networks Advanced
`Threat Prevention Appliance is
`a distributed software platform
`that combines advanced threat
`detection, consolidated security
`analytics, and one-touch
`threat mitigation to protect
`organizations from cyber attacks
`and improve the productivity
`of security teams. The ATP
`Appliance detects threats across
`web, e-mail, and lateral traffic.
`Additionally, it can ingest logs
`from security devices to present a
`consolidated view of all threats in
`the environment.
`
`
`
`Product Description
`Organizations worldwide face security and productivity challenges every day. Zero-day
`malware often goes undetected because traditional security devices, which rely on signature-
`based detection, can’t see it. Adding to the problem, security teams—overwhelmed by large
`volumes of alerts—often fail to recognize and act on critical incidents.
`
`The Juniper Networks® Advanced Threat Prevention Appliance (formerly the Cyphort All-
`in-One system) provides continuous, multistage detection and analysis of Web, e-mail,
`and lateral spread traffic moving through the network. It collects information from multiple
`attack vectors, using advanced machine learning and behavioral analysis technologies to
`identify advanced threats in as little as 15 seconds. Those threats are then combined with
`data collected from other security tools in the network, analyzed, and correlated, creating a
`consolidated timeline view of all malware events related to an infected host. Once threats
`are identified, “one-touch” policy updates are pushed to inline tools to protect against a
`recurrence of advanced attacks.
`
`The detection component of the ATP Appliance monitors network traffic to identify threats
`as they progress through the kill chain, detecting phishing, exploits, malware downloads,
`command and control communications, and internal threats. A multistage threat analysis
`process, which includes static, payload, machine learning, and behavior, as well as malware
`reputation analysis, continuously adapts to the changing threat landscape leveraging
`Juniper‘s Global Security Service, a cloud-based service that offers the latest threat
`detection and mitigation information produced by a team of security researchers, data
`scientists, and ethical hackers.
`
`The threat analytics component of the ATP Appliance offers a holistic view of identity and
`threat activity gathered from a diverse set of sources such as Active Directory, endpoint
`antivirus, firewalls, secure Web gateways, intrusion detection systems, and endpoint
`detection and response tools. The analytics component looks at data from these sources,
`identifies advanced malicious traits, and correlates the events to provide complete
`visibility into a threat’s kill chain. Security analysts receive a comprehensive host and user
`timeline that depicts how the events that occurred on a host or user unfolded. The timeline
`enhances the productivity of Tier 1 and Tier 2 security analysts who work on triaging and
`investigating malware incidents.
`
`The ATP Appliance can integrate with other security devices to mitigate threats, giving
`users the ability to automatically quarantine e-mails on Google and Office 365 using REST
`APIs. Communications between the infected endpoint and the command and control
`servers are blocked by pushing malicious IP addresses to firewall devices. Integration with
`network access control devices can isolate infected hosts. The ATP Appliance’s open API
`architecture also allows it to integrate with a number of third-party security vendors such
`as Cisco, Palo Alto Networks, Fortinet, Bluecoat, Check Point, Carbon Black, and Bradford,
`among others.
`
`1
`
`Data Sheet
`
`

`

`Case 3:17-cv-05659-WHA Document 88-27 Filed 05/18/18 Page 3 of 6
`
`Firewall
`
`Headquarters
`
`Internet
`
`Fabric
`Collector
`
`Fabric
`Collector
`
`SmartCore
`
`Web
`
`E-mail
`
`File Upload
`
`Lateral Detection
`
`Lateral Spread
`Collector
`
`Figure 1: Juniper Networks ATP Appliance architecture
`
`Architecture and Key Components
`The architecture of the ATP Appliance consists of collectors
`deployed at critical points in the network, including remote
`locations. These collectors act like sensors, capturing information
`about Web, e-mail, and lateral traffic. Data and related
`executables collected across the fabric are delivered to the
`SmartCore analytics engine. Along with traffic from the native
`collectors, the ATP Appliance also ingests logs from other identity
`and security products such as Active Directory, endpoint antivirus,
`firewalls, secure Web gateways, intrusion detection systems, and
`endpoint detection and response tools. The logs can be ingested
`directly from third-party devices, or they can be forwarded from
`existing SIEM/syslog servers.
`
`Armed with data collected from various sources, the SmartCore
`analytics engine performs the following multistage threat
`analysis processes:
`
`• Static analysis: Applies continuously updated rules and
`signatures to find known threats that may have eluded
`inline devices.
`
`• Payload analysis: Leverages an intelligent sandbox array
`to gain a deeper understanding of malware behavior by
`detonating suspicious Web and file content that would
`otherwise target Windows, OSX, or Android endpoint devices.
`
`
`
`• Machine learning and behavioral analysis: Employs
`patent-pending technologies to recognize the latest threat
`behaviors (such as multicomponent attacks over time) and
`quickly detect previously unknown threats.
`
`• Malware reputation analysis: Compares analysis results
`with similar known threats to determine whether a newly
`detected threat is a variant of an existing issue or something
`completely new.
`
`• Prioritization, risk analysis, correlation: Prioritizes threats
`based on threat severity, asset targets in the network,
`endpoint environment, and the threat’s progression
`along the kill chain. For example, a high severity Windows
`malware landing on a Mac receives a lower risk score than a
`medium severity malware landing on a protected server. All
`malware events from the ATP Appliance and other security
`devices are correlated based on endpoint hostname and
`time and then plotted on a host timeline, allowing security
`teams to assess the risk of a threat and whether it requires
`immediate attention. For example, a threat detected by the
`ATP Appliance but missed by the antivirus solution receives
`a higher risk score. This allows security teams to go back in
`time and review all malicious events that have occurred on
`an infected host.
`
`Figure 2: ATP Appliance events timeline
`
`2
`
`Advanced Threat Prevention Appliance
`
`Data Sheet
`
`

`

`Case 3:17-cv-05659-WHA Document 88-27 Filed 05/18/18 Page 4 of 6
`
`Features and Benefits
`The ATP Appliance includes the following features and benefits:
`
`•
`
`Inspects traffic across multiple vectors such as Web, e-mail,
`and lateral spread
`
`• Uploads suspicious files through the Web UI for processing
`
`• Supports Windows 7 and OSX 10.10 operating systems
`
`• Analyzes multiple file types, including executables, DLL,
`Mach-o, Dmg, PDF, Office, Flash, ISO, ELF, RTF, APK,
`Silverlight, Archive, and JAR
`
`•
`
`Includes detection techniques such as exploit detection,
`payload analysis, command and control (C&C) detection,
`YARA, and SNORT rules
`
`• Provides comprehensive and well-documented APIs that
`allow easy integration with third-party security devices
`
`•
`
`Integrates with Juniper Networks, Palo Alto Networks,
`Checkpoint, Cisco, Fortinet, and Bluecoat solutions to
`automatically block malicious IP addresses and URLs
`
`• Automatically quarantines Office 365 and Gmail e-mails
`
`•
`
`•
`
`Integrates with Carbon Black Protect and Response
`(endpoint solution) to allow upload of binaries executed on
`endpoints
`
`Integrates with Cloud Access Security Broker vendor
`SkyHigh to protect assets in the cloud
`
`• Manages multiple SmartCore analytics engines via Manager
`of Central Managers functionality
`
`• Supports access and authentication using SAML and
`RADIUS
`
`• Correlates events across kill chain stages to monitor threat
`progress and risk
`
`• Visualizes malware activity and groups malware traits to
`help incident response teams better understand malware
`behavior
`
`• Prioritizes threats based on risk calculated from threat
`severity, threat progress, asset value, and other contextual
`data
`
`• Provides timeline host view to obtain complete context
`about malware events that have occurred on the host
`
`Product Options
`The ATP Appliance is available as both a physical and virtual
`appliance. Physical appliances can be deployed in all-in-one
`mode (SmartCore and Fabric Collector are installed on the same
`physical appliance) or in distributed mode (SmartCore and
`Fabric Collector are installed on separate appliances). Virtual
`appliances can be deployed in distributed mode only.
`
`Physical
`All in One
`
`Model
`
`Performance
`(Objects Detonated)
`
`Performance
`
`AIO-R430
`
`Up to 30,000 objects/day
`
`AIO-R730
`
`Up to 80,000 objects/day
`
`1 Gbps
`
`2 Gbps
`
`SmartCore
`
`Model
`
`Performance (Objects Detonated)
`
`SC-R730
`
`Up to 175,000 objects/day
`
`AIO-R730
`
`Up to 80,000 objects/day
`
`Fabric Collector
`
`Model
`
`FC-R330
`
`FC-R730
`
`Performance
`
`1 Gbps
`
`4 Gbps
`
`Virtual
`Virtual SmartCore Engine
`
`Model
`
`vSC-8
`
`vSC-24
`
`Performance
`(Objects
`Detonated)
`
`Up to 40,000
`objects/day
`
`Up to 140,000
`objects/day
`
`Virtual Fabric Collector
`
`Model
`
`Performance
`
`FC-v50M
`
`50 Mbps
`
`FC-v100M
`
`100 Mbps
`
`FC-v500M
`
`500 Mbps
`
`FC-v1G
`
`1 Gbps
`
`FC-v2.5G
`
`2.5 Gbps
`
`Virtual
`CPU
`
`Virtual
`Memory
`
`Virtual
`Disk
`
`8
`
`24
`
`32 GB
`
`1.5 TB
`
`96 GB
`
`1.5 TB
`
`Virtual
`CPU
`
`Virtual
`Memory
`
`Virtual
`Disk
`
`1
`
`2
`
`4
`
`8
`
`24
`
`1.5 GB
`
`4 GB
`
`16 GB
`
`32 GB
`
`64 GB
`
`16 GB
`
`16 GB
`
`512 GB
`
`512 GB
`
`512 GB
`
`Advanced Threat Prevention Appliance
`
`3
`
`Advanced Threat Prevention Appliance
`
`Data Sheet
`
`

`

`Case 3:17-cv-05659-WHA Document 88-27 Filed 05/18/18 Page 5 of 6
`
`Specifications
`
`Memory
`
`Weight
`
`Dimensions (WxHxD)
`
`Enclosure
`
`Management Interface (eth0)
`
`Monitoring Interface (eth1)
`(Not relevant for core devices)
`
`Alternate Analysis Engine Exhaust Interface
`(eth2)
`
`CPU
`
`AC Input Voltage
`
`AC Input Current
`
`AC Power
`
`Power Supply Units
`
`Frequency
`
`Ambient Temperature
`
`HDD (behind front panel FRUs)
`
`AIO-R430
`
`32 GB
`
`43.87 lb (19.9 kg)
`
`AIO-R730
`
`96 GB
`
`68 lb (30.8 kg)
`
`18.99 x 1.68 x 23.9 in (48.24 x 4.28 x 60.7
`cm), 1U
`
`17.49 x 3.44 x 26.92 in (44.42 x 8.73 x 68.37
`cm), 2U
`
`19” rack
`
`19” rack
`
`(1) 10/100/1000BASE-T copper Gigabit
`Ethernet port
`
`(1) 10/100/1000BASE-T copper Gigabit
`Ethernet port
`
`• (1 reserved) 1000BASE-T copper Gigabit
`Ethernet port
`Intel Ethernet X520 DP 10Gb DA/SFP+
`Server Adapter (optional)
`
`•
`
`• 10/100/1000BASE-T copper Gigabit
`Ethernet ports
`Intel Ethernet X520 DP 10Gb DA/SFP+
`Server Adapter (optional)
`
`•
`
`• 1000BASE-T copper Gigabit Ethernet port
`(optional)
`Intel Ethernet X520 DP 10Gb DA/SFP+
`Server Adapter (optional; not relevant for
`Collector or AWS devices)
`
`•
`
`• 1000BASE-T copper Gigabit Ethernet port
`(optional)
`Intel Ethernet X520 DP 10Gb DA/SFP+
`Server Adapter (optional; not relevant for
`Collector or AWS devices)
`
`•
`
`Intel Xeon E5-2650 v3
`2.3GHz, 25M Cache,
`9.60GT/s QPI, Turbo, HT,
`10C/20T (105W) Max Mem
`2133MHz
`
`Auto-switching 100-240V
`
`7.4-3.7 Amps
`
`550 Watts (maximum)
`
`Dual Hot Swap 550W
`
`50-60 Hz
`
`Dual Xeon E5-2695V3 14-
`Core 2.3GHZ 35MB L3
`Cache 9.6GT/S QPI Socket-
`LGA2011-3 120W
`
`Auto-switching 100-240V
`
`10-5 Amps
`
`750 Watts (maximum)
`
`Dual Hot Swap 750W
`
`50-60 Hz
`
`-40°F to 149° F (-40°C to 65° C) with a
`maximum temperature gradation of 20° C
`per hour
`
`-40°F to 149° F (-40°C to 65° C) with a
`maximum temperature gradation of 20° C
`per hour
`
`PERC H730 Raid Controller
`- 1 x 500GB 7.2K RPM
`SATA 3Gbps 3.5in Hot-plug Hard Drive, 13G +
`2 x 2TB 7.2K RPM SATA 6Gbps
`3.5in Hot-plug Hard Drive, 13G
`
`PERC H730 - 12 ea. 600 GB SAS Hot-Swap
`2.5” HDD FRUs
`RAID 5
`
`Additional NIC
`
`1 Dual Port 1 GB
`
`1 Dual Port 1 GB or 1 Dual Port 10 GB
`
`Ordering Information
`The ATP Appliance offers subscription-based pricing. A summary of features and license options can be found in Table 1.
`
`Table 1: ATP Appliance Feature and License Options
`
`Standard Level (1 or 3 Years)
`
`Enterprise Level (1 or 3 Years)
`
`• License by bandwidth and users, unlimited locations
`• Combined Web, e-mail, file uploads, and advanced threat analytics
`•
`Includes Windows, Mac
`
`• License by bandwidth and users, unlimited locations
`• All Standard Level features and Advanced e-mail
`• Lateral spread detection across all locations
`• Unlimited scale for e-mail and advanced threat analytics
`
`For additional ordering information, please contact your Juniper sales representative.
`
`4
`
`Advanced Threat Prevention Appliance
`
`Data Sheet
`
`

`

`Case 3:17-cv-05659-WHA Document 88-27 Filed 05/18/18 Page 6 of 6
`
`About Juniper Networks
`Juniper Networks challenges the status quo with products,
`solutions and services that transform the economics of
`networking. Our team co-innovates with customers and partners
`to deliver automated, scalable and secure networks with agility,
`performance and value. Additional information can be found at
`Juniper Networks or connect with Juniper on Twitter and Facebook.
`
`Advanced Threat Prevention Appliance
`
`Data Sheet
`
`EXPLORE JUNIPER
`Get the App.
`
`Corporate and Sales Headquarters
`
`APAC and EMEA Headquarters
`
`Juniper Networks, Inc.
`
`1133 Innovation Way
`
`Sunnyvale, CA 94089 USA
`
`Juniper Networks International B.V.
`
`Boeing Avenue 240
`
`1119 PZ Schiphol-Rijk
`
`Phone: 888.JUNIPER (888.586.4737)
`
`Amsterdam, The Netherlands
`
`or +1.408.745.2000
`
`Fax: +1.408.745.2100
`
`www.juniper.net
`
`Phone: +31.0.207.125.700
`
`Fax: +31.0.207.125.701
`
`Copyright 2017 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper,
`and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All
`other trademarks, service marks, registered marks, or registered service marks are the property of their
`respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper
`Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
`
`1000627-001-EN Nov 2017
`
`