Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/31/2012
01:43 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Juniper Networks Releases New Mykonos Security Software To Stop Web Attacks

Mykonos software uses attacker's behavior against them

SUNNYVALE, Calif., May 30, 2012 – Juniper Networks (NYSE: JNPR), the industry leader in network innovation, announced major platform enhancements to its Mykonos Web Security Software, which uses ground-breaking Intrusion Deception™ Technology to defend against web-based threats in real-time. The new release of Mykonos Web Security provides 30 new features and enhancements that strengthen protection against a wider range of attackers and hacking techniques, simplify configuration for security administrators, and boost scalability to help ensure holistic protection as traffic volumes increase.

View a demo of how Mykonos Web Security works here.

Web applications and websites are under constant attack and are the most popular targets for hackers because they remain the largest unprotected threat in corporate networks. A Ponemon Institute survey found 73 percent of organizations have been hacked at least once in the past two years through insecure web applications.

The Mykonos Web Security solution uses deception to create detection points – or tar traps – to identify malicious actors in real-time as they attempt to hack their desired target. Once attackers are identified, Mykonos Web Security prevents them from compromising critical information, wastes their time by presenting false vulnerabilities and provides valuable intelligence to thwart future attacks. This active, intelligence-based approach uses Mykonos’ Intrusion Deception™ System – the only system that truly neutralizes threats as they occur – giving companies the upper hand by using attackers’ actions against them without relying on signatures or passively restricting traffic. With Mykonos Web Security, Juniper Networks is transforming the security industry and changing the ROI of hacking by making it costly, time consuming and tedious for attackers to chase after false data.

Release Highlights

· Enhanced security protections: Mykonos Web Security now detects a wider range of attackers and hacking techniques, protecting against more threats, as well as provides new countermeasures, including:

o Preventing brute-force authentication attacks that rapidly guess combinations of usernames and passwords to gain access to systems. Mykonos Web Security prevents the attacker from using any compromised credentials even if an attacker happens to ‘guess’ the correct password.

· Defending against directory traversal attempts that are used to map websites to gain additional information on how to attack them.

· Integrating third-party software vulnerability protection into Mykonos Web Security, which helps prevent against known software vulnerabilities typically targeted by automated attack scripts. Mykonos Web Security now integrates a large library of known third-party attack data into its tracking, profiling, and response systems.

· User-friendly and intuitive interface: A simplified interface unifies the security console and configuration, making it easier for customers to manage systems, as well as provides a new setup wizard tool to quickly deploy without assistance from Juniper Networks.

· Greater performance clustering: Mykonos Web Security now supports throughput greater than 1Gb/second by enabling customers to add multiple slaves to a clustering model. In effect, this allows for Mykonos Web Security to protect higher-volume web properties.

· Comprehensive approach to security: The new version of Mykonos Web Security provides a significant new layer of defense against web attacks and builds on the successful SRX and vGW platforms as a key component of Juniper’s strategy to deliver a comprehensive and automated approach for data center security.

Supporting Quotes

“Web-based threats have become a major concern and companies require a proactive solution with real-time prevention to augment traditional-network security defenses. Mykonos is the first company to detect hackers during the reconnaissance phase of an attack. We can track, profile and, most importantly, respond to an attacker before the damage is done.”

-David Koretz, vice president and general manager, Mykonos Software, a Juniper Networks Company

“Juniper’s Mykonos Web Security solution addresses the critical security issues that enterprises face today. At a time when buyers are questioning whether their investment in legacy solutions is providing adequate protection from today's threats, Juniper is providing an innovative solution.”

-Jeff Wilson, principal analyst, Infonetics Research

Additional Resources:

Mykonos Web Security Demo Videos: http://youtu.be/zyxvyGgHULg Mykonos Web Security New Features Demo Video: http://youtu.be/TUlm4ljXDCg Technical Specs of Mykonos Web Security: http://www.mykonossoftware.com/technical-specs-ambler.php

· Mykonos Web Security Data Sheet http://www.mykonossoftware.com/pdf/datasheet.pdf

· Web Application Security Statistics: http://www.mykonossoftware.com/statistics.php

Juniper Security Intelligence Center: http://www.juniper.net/us/en/security/ Juniper.Net Community: www.juniper.net/community Juniper on Twitter: https://twitter.com/Junipernetworks

· Juniper on Facebook: http://www.facebook.com/JuniperNetworks

About Juniper Networks

Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. Additional information can be found at Juniper Networks (www.juniper.net) or connect with Juniper on Twitter and Facebook.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21354
PUBLISHED: 2021-03-08
Pollbot is open source software which "frees its human masters from the toilsome task of polling for the state of things during the Firefox release process." In Pollbot before version 1.4.4 there is an open redirection vulnerability in the path of "https://pollbot.services.mozilla.com...
CVE-2021-21362
PUBLISHED: 2021-03-08
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone is impacted who uses ...
CVE-2020-4695
PUBLISHED: 2021-03-08
IBM API Connect V10 is impacted by insecure communications during database replication. As the data replication happens over insecure communication channels, an attacker can view unencrypted data leading to a loss of confidentiality.
CVE-2020-4903
PUBLISHED: 2021-03-08
IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.
CVE-2020-5014
PUBLISHED: 2021-03-08
IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.