Case 3:17-cv-05659-WHA Document 98-12 Filed 06/07/18 Page 1 of 4
`Case 3:17-cv-05659-WHA Document 98-12 Filed 06/07/18 Page 1 of 4
`
`
`
`
`
`EXHIBIT 9
`EXHIBIT 9
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`Threat Prevention
` Patented machine learning algorithms allow Sky Advanced Threat Prevention to adapt and
`
`
`Product Description
`As malware evolves and becomes more sophisticated, it grows more difficult for
`conventional anti-malware products to effectively defend against these types of attacks.
`Juniper Networks® Sky Advanced Threat Prevention provides advanced anti-malware and
`anti-ransomware protection against sophisticated “zero-day” and unknownthreats by
`monitoring ingress and egress network traffic looking for malware and other indicators of
`compromise. Using a pipeline of technologies in the cloud, Sky Advanced Threat Prevention
`delivers progressive verdicts that assess the risk level of each potential attack, providing a
`hi
`gher degree of accuracy in threat prevention. Hosted securely in the cloud, Sky Advanced
`Threat Prevention integrates with Juniper Networks SRX Series Services Gateways to
`deliver deep inspection, inline malware blocking, and actionable reporting.
`
`Sky Advanced Threat Prevention’s identification technology uses a range of techniquesto
`quickly identify a threat and prevent an impending attack. These range from rapid cache
`lookups to identify knownfiles to dynamic analysis using unique deception techniques
`applied in a sandbox environment to trick malwareinto activating and self-identifying.
`
`identify new malwarein the ever-changing threat landscape. Both web- and e-mail-based
`attacks are defended, protecting the organization from the most prominent threat vectors.
`
`Using evolving techniques that take into account multiple attributes and behaviors of large
`datasets, Sky Advanced Threat Prevention can also identify zero-day attacks and eliminate
`threats before an attacker infiltrates the network. Once identified, the malware’s signature
`is recorded in the lookup cache and widely propagated to stop similar attacks in the future.
`
`Sky ATP Secure Cloud Service
`
`Command and
`ea (Gee)
`
`111
`
`Product Overview
`
`Sky Advanced Threat Prevention
`is a cloud-based service that
`
`provides complete advanced
`malware protection. Integrated
`with SRX Series Services
`
`Gateways, Sky Advanced Threat
`Prevention delivers a dynamic
`anti-malware solution that can
`
`adapt to an ever-changing threat
`landscape.
`
`
`
`Case 3:17-cv-05659-WHA Document 98-12 Filed 06/07/18 Page 2 of 4
`Walston '17-cv-05659-WHA Document 98-12 Filed 06/07/18 Page 2 of 4sheet
`NETWORKS
`
`Juniper Sky Advancea
`
`Known C&C Servers
`» Feed Analysis and Efficacy
`1
`Content (File)
`Malware Inspection Pipeline
`SRX |
`Extraction on SRX
`Series 6|—————>
`
`Fast Verdicts
`aon
`Static
`A
`S—————
`x for In-line Blocking
`Secintel Events
`
`(C&C “Hits”)sdt'
`Os
`: C1
`Quarantine
`Be,
`CompromisedSystems
`
`Internal Compromise Detection
`
`(eres
`
`i
`Identified
`Aaisliyiltes
`Malware
`Web-Based Service Portal
`
`t i
`
`eo
`
`Figure 1: Juniper’s Sky Advanced Threat Prevention solution.
`
`FINJAN-JN 005438
`
`
`
`-+-}G-eeeeeee
`
`

`

`Case 3:17-cv-05659-WHA Document 98-12 Filed 06/07/18 Page 3 of 4
`e 3:17-cv-05659-WHA Document 98-12 Filed 06/07/18 Page 3 of 4
`Ca
`Data Sheet
`Juniper Sky Advanced Threat Prevention
`
`
`
`
`Architecture and Key Components
`Sky Advanced Threat Prevention leverages Juniper’s next-
`generation SRX Series firewall platforms and a cloud-based service
`component for all management, configuration, and reporting.
`
`Sky Advanced Threat Prevention’s progressive pipeline analysis
`engine starts with a cache lookup against a database of known
`threats. This is accomplished in near real time and facilitates
`inline blocking of malicious content. Suspicious files are
`subjected to a series of deeper inspection steps that attempt
`to positively identify malware. Static analysis combined with
`processing through multiple antivirus engines attempts to
`identify the threat; if a file is identified as malware through
`analysis, its signature is added to the cache to ensure immediate
`identification of recurring threats in the future.
`
`
`
`
`
`Finally, dynamic analysis is applied in a sandbox environment,
`wherethe threatis “detonated” and observed. Unique deception
`techniques are employed to elicit malware response and self-
`identification. Threats that slip by during the more extensive
`analysis stage are identified, logged, reported, and can be
`easily mitigated by security operations staff. Infected hosts are
`automatically isolated and blocked from outbound network access
`by delivering an “infected host” feed to the SRX Series device.
`
`Sky Advanced Threat Prevention utilizes public cloud infrastructure
`to deliver a flexible and scalable solution. All communications
`
`between the SRX Series device and the cloud are secure,
`conducted over encrypted connections on both sides. Files
`uploaded to the cloud for processing are destroyed afterward to
`ensure privacy. A detailed description of the Sky Advanced Threat
`Prevention privacy policy, as well as the broader Juniper Networks
`privacy policy, can be found on the product web portal at https://
`skyjunipersecurity.net/
`
`Features and Benefits
`
`Integrating with next-generation SRX Series firewalls for
`detection and enforcement allows Sky Advanced Threat
`Prevention to provide dynamic, automated protection against
`known malware and advanced zero-day threats, resulting in
`nearly instantaneous threat responses.
`
`Features and capabilities include:
`
`Windows 7, Windows 10, and Android operating system
`support
`
`Deep analysis and sandboxing support for multiple file
`types including executables, PDFs, MS Office files, archives,
`and Flash
`
`Support for HTTP, HTTPs, and SMTP protocols
`
`Comprehensive logging and integration with Juniper Secure
`Analytics USA) and IBM ORadar SIEMsallows rapid threat
`analysis and incident response
`
`Integration with Junos Space Security Director Version 16.1
`simplifies security policy management and monitoring using
`an intuitive centralized interface
`
`Fast verdict capability that enables the SRX Series firewall
`to block malicious traffic in inline blocking mode
`
`Scalable secure cloud infrastructure that, when a threatis
`discovered, shares Updates globally among customers in
`near real time to block additional attacks
`
`Patented pipeline of technologies to analyze sophisticated
`malware, “detonate”files in a controlled sandboxing
`environment, and identify zero day threats
`
`Comprehensive API support to programmatically deliver
`dynamic threat intelligence feeds and uploadfiles for analysis
`
`Rich set of curated threat feeds to proactively block
`outbound command and control (C&C) communication
`
`Full-featured, web-based portal to provision, monitor,
`and manage services, as well as a rich set of reports and
`analytics to provide customers with deep visibility into
`hreats and potentially compromised hosts
`
`Ability to Upload suspicious files through the Web UI
`or processing
`
` including quarantine and Tag-and-Deliver, while admin and
`
`Deep analytics that identify compromised systems; this
`information is propagated to SRX Series firewalls via
`infected host feeds to quarantine compromised systems in
`near-real time
`
`nspection of all e-mail attachments for malware; Sky
`Advanced Threat Prevention supports the SMTP e-mail
`protocol* and offers flexible policy enforcement options
`
`end-user notifications ensure a full lifecycle workflow and
`superior user experience.
`
`Ability to track infected endpoints by MAC address and
`account for changing IP addresses using the Juniper
`Networks Policy Enforcer component (for more information,
`please read the Policy Enforcer data sheet)
`
`Product Options
`Sky Advanced Threat Prevention is available in two forms:
`Premium, which offers full advanced malware protection; and
`Basic, which provides threat feeds only. Customers who do
`not require full file-based advanced malware protection can
`purchase the Basic version to protect their organizations from
`botnets, command and control, phishing, and other attacks that
`can be addressed using threat intelligence feeds. Customers who
`want full protection from sophisticated malware, which requires
`content inspection, should purchase the Premium offering. The
`two versions are described in Table 1.
`
`
`
`* Note: E-mail (SMTP) scanningis only supported on the SRX1500, SRX5000 line,
`and SRX4000 line of Services Gateways at this time and requires Junos 15.1X49-D80 or
`higher releases.
`
`FINJAN-JN 005439
`
`

`

`Case 3:17-cv-05659-WHA Document 98-12 Filed 06/07/18 Page 4 of 4
`Case 3:17-cv-05659-WHA Document 98-12 Filed 06/07/18 Page 4 of 4
`
`
` Juniper Sky Advanced Threat Prevention Data Sheet
`
`Table 1: Sky Advanced Threat Prevention versions
`
`Core functionality
`
`APIs
`Infected host feed/endpoint
`quarantine
`
`Monitoring and management
`
`Supported platforms
`
`Supported versions
`
`Basic (threat feeds only)
`Command and Control, GeolP, and custom feeds;
`no file processing or advanced malware protection
`
`Premium
`Full functionality including advancedfile processing
`for HTTP, HTTPs, and SMTP (e-mail) protocols;
`includes Command and Control, GeolP, and
`custom feeds
`
`Threat Intelligence APIs only
`Not available
`
`All APIs including File/Hash
`Included
`
`Sky Advanced Threat Prevention web portal and
`Junos Space Security Director
`SRX340, SRX345, SRX550M, SRX1500, SRX4000
`line, SRX5000 line, VSRX
`
`Sky Advanced Threat Prevention web portal and
`Junos Space Security Director
`SRX340, SRX345, SRX550M, SRX1500, SRX4000
`line, SRX5000 line, vVSRX
`
`SRX340, SRX345, SRX550M, and vSRX:
`15.1X49-D60 or later
`SRX1500: 15.1X49-D40 or later
`SRX5000 line: 15.1X49-D50 or later
`SRX4000 line: 15.1X49-D65 or later
`
`SRX340, SRX345, SRX550M, and vSRX:
`15.1X49-D60 or later
`SRX1500: 15.1X49-D40 or later
`SRX5000 line: 15.1X49-D50 or later
`SRX4000 line: 15.1X49-D65 or later
`
`Licensing
`Sample SKU naming convention
`
`Subscription: 1, 3, or 5 year
`SRX1500-THRTFEED-1
`
`Subscription: 1, 3, or 5 year
`SRX1500-ATP-1
`
`
`
`SRX550-THRTFEED-5
`
`
`
`
`
`Table 2: Sky Advanced Threat Prevention supported platforms
`
`Supported Junos Release
`Platform
`151X49-D60 or later
`SRX340, SRX345
`15.1X%49-D60 or later
`SRX550M
`iscebeebewsivubSne'vbewnseuesSassacensvasSeen #e'esinesBenedrcesrsie¥esiessvusSeeguevaenndennsnsnalerese¥ientensfeews draewuseeveneaeran#¥asfeesasessiieetevedeevsaer®
`eesees:ee,
`SRX4000 line
`15.1X49-D65 or later
`————ssugessbeassceeeeonasneeeysieesscauisnetectvearenamnamssasnsnmceenae
`caseroStaencvevestscheventvnbretairsentsterreciteennieerEnieiySseeutcnt svidenndeatsevanciesseevissctvbetuveeesstvtaivoasveevasduivertrsdeeverettaees
`VSRX
`151X49-D60 or later
`
`A free version of Sky Advanced Threat Prevention is also available Eee Description
`for existing customers of supported SRX Series devices with a
`SRX345-THRTFEED-1
`@re Wear SubseristionterSkyAdvanced
`valid software support contract. The free download supports
`Threat Prevention Threat Intelligence
`executable processing and infected host feeds. To obtain the free
`— (nofile processing) on
`Sky Advanced Threat Prevention. download, visit
`"ERGsTHRTEEDG "Thrcotvia:Gubcabhonteraisee
`httos:/Avww.iuniper.net/us/en/dm/free-sky-atp/
`Advanced Threat Prevention Threat
`Intelligence Feeds only (no file
`u
`i
`SRX345
`SRX Series Platform Support
`entinstunsiintunrninernrineennOCESSINB)ONSRAGS
`SRX345-THRTFEED-5
`Five Year Subscription for Sky Advanced
`Sky Advanced Threat Prevention supports a variety of platforms.
`Threat Prevention Threat Intelligence
`
` Table 2 summarizes the platforms supported and the minimum
`p
`y
`required Junos release.
`Threat Prevention Threat Intelligence Feeds
`only (no file processing) on SRX550M
`(sessausivapceansebseevssecbicsa tasestceseGtoePivPssDiomiieoPerCcretcelneaoa scateeTaReaRomecces etch
`Three Year Subscription for Sky
`SRX550-THRTFEED-3
`Advanced Threat Prevention Threat
`Intelligence Feeds only (no file
`processing) on SRX550M
`Five Year Subscription for Sky Advanced
`Threat Prevention Threat Inte ligence
`Feeds only (nofile processing) on
`soniOMusu
`SayieeeTeac One Year Subscription for Sky Advanced
`Threat Prevention Threat Intelligence
`Feeds only (no file processing) on
`SRX1500
`Three: Weak SUNSCHationer Sky
`Advanced Threat Prevention Threat
`Intelligence Feeds only (no file
`nnnOCESSINB)ONSRTOO
`SRX1500-THRTFEED-5
`Five Year Subscription for Sky Advanced
`Threat Prevention ThreatIntelligence
`Feeds only (nofile processing) on
`SRX1500
`
`Three Year Subscription for Sky
`
`
`
`
`
`
`Please contact your Juniper sales representative for additional
`information.
`
`SRXISOO-THRTREED-3
`
`
`
`Ordering Information
`,
`;
`
`Basic Sky Advanced Threat Prevention
`Threat Feeds Only)
`
`Product Number
`SRX340-THRTFEED-1
`
`Description
`One Year Subscription for Sky Advanced
`Threat Prevention ThreatIntelligence
`Feeds only (no file processing) on
`
`SRX4100-THRTFEED-1
`
`y
`Advanced Threat Prevention Threat
`Intelligence Feeds only (no file
`processing) on SRX340
`esoseapesessussesaseeassceessecusssssasstaszensseccasceasseeysetsaonsuonsauaronnnsttagtClaceseereaseeassessoapesasessasasesselestesgseasteeseesasaeessasees
`SRX340-THRTFEED-5
`Five Year Subscription for Sky Advanced
`Threat Prevention ThreatIntelligence
`Feeds only (no file processing) on
`SRX340
`
`One Year Subscription for Sky Advanced
`Threat Prevention ThreatIntelligence
`Feeds only (no file processing) on
`SRX4100
`
`Advanced Threat Prevention Threat
`Intelligence Feeds only (no file
`processing) on SRX4100
`srrnnnnnnnnennnnnnnnnninnnnnnnnrinnnnneinnnnnnnnii
`Five Year Subscription for Sky Advanced
`SRX4100-THRTFEED-5
`Threat Prevention ThreatIntelligence
`Feeds only (no file processing) on
`SRX4100
`
`
`
`FINJAN-JN 005440
`
`