Juniper Networks JSA5800
Scalable Security Management for Midsize to Large Companies
Sorry, this product is no longer available, please contact us for a replacement.
JSA5800 is an enterprise and carrier-class appliance that provides a scalable network security management solution for medium-sized companies and scales to support large, globally deployed organizations. Ideal for troubleshooting problems, JSA5800 provides visibility, reporting, and advanced threat detection across the entire infrastructure by collecting and correlating events and flows.
JSA5800 can be deployed as an all-in-one appliance or in a distributed setup as a console or dedicated event or flow processor. It can also be deployed as a store and forward event collector.
The integrated approach of JSA Series Secure Analytics, used in conjunction with unparalleled data collection, analysis, correlation, and auditing capabilities, enables organizations to quickly and easily implement a corporate-wide security management program that delivers security best practices.
The integrated approach of JSA Series Secure Analytics, used in conjunction with unparalleled data collection, analysis, correlation, and auditing capabilities, enables organizations to quickly and easily implement a corporate-wide security management program that delivers security best practices. These include superior log analytics with distributed log collection and centralized viewing; threat analytics that deliver realtime surveillance and detection information; and compliance management capabilities—all viewed and managed from a single console.
Juniper Networks JSA Series Secure Analytics combine, analyze, and manage an unparalleled set of surveillance data—network behavior, security events, vulnerability profiles, and threat information—to empower companies to efficiently manage business operations on their networks from a single console.
- Log Analytics: JSA Series provides scalable log analytics by enabling distributed log collection across an organization, and a centralized view of the information.
- Threat Analytics: JSA Series provides an advanced network security management solution that bridges the gap between network and security operations to deliver realtime surveillance and detect complex IT-based threats.
- Compliance Management: JSA Series brings to enterprises, institutions, and agencies the accountability, transparency, and measurability that are critical factors to the success of any IT security program required to meet regulatory mandates.
- Vulnerability Management: Deployed as a standalone solution or working in conjunction with Threat Analytics, JSA Series can function as a full-featured vulnerability scanner.
- Risk Management: JSA Series helps security professionals stay ahead of advanced threats by proactively quantifying risks from vulnerabilities, configuration errors and anomalous network activity, preventing attacks that target high value assets and data.
- Security Director: The Junos Space Security Director application includes a “Block” button that, when clicked, automatically creates and deploys a firewall rule in the optimal location within your rules base to remediate detected offenses.
With preinstalled software, a hardened operating system, and a web-based setup process, the JSA Series lets you get your network security up and running quickly and easily. The bottom line of the JSA Series is simple deployment, fast implementation, and improved security, at a low total cost of ownership.
Architecture and Key Components:
JSA Secure Analytics Appliances
The Juniper Networks Secure Analytics appliances provide a scalable solution for security event management. The JSA5800 and JSA7800 are enterprise-class solutions that can be deployed as an all-in-one solution with integrated event collection, correlation and extensive reporting, or as a dedicated event and/or flow collector.
JSA Virtual Appliance
Juniper Networks JSA Virtual Appliance (JSA VM) Secure Analytics is a virtualized platform that provides Secure Analytics functionality. JSA VM is designed to run with VMWare ESX 5.0 and ESX 5.1, and requires a configuration with a minimum of two CPUs (1 socket x 2 cores or 2 sockets x 1 core) and 8GB of RAM. It processes a maximum of 20,000 events per second or 600,000 flows per minute, with 16 cores and 24 GB of RAM.
Features and Benefits:
|All-in-one appliances||Event collection, flow collection event processing, flow processing, correlation, analysis, and reporting are all embedded within JSA Series Secure Analytics.||
|Distributed support||JSA Series has the ability to scale to large distributed deployments that can support up to 5 million events per second.||
|Security Director integration||Juniper Secure Analytics integrates with Junos Space Security Director to block malicious IP addresses involved in an attack with a single mouse click.||
|HDD implementation||JSA Series utilizes SAS HDD in RAID 1 and RAID 10 setups.||
|Easy and quick install||JSA Series comes with an easy, out-of-the-box setup wizard.||Users can install and manage JSA Series appliances in a couple of steps.|
|Automatic updates||Secure Analytics automatically downloads and deploys reputation feeds, parser updates, and patches.||Users don’t need to worry about maintaining appliance and OS updates and patches.|
|High availability (HA)||Users can deploy all JSA Series appliances in HA mode||Users can deploy JSA Series with full active/ passive redundancy. This supports all deployment scenarios, all-in-one and distributed.|
|Built-in compliance reports||Out-of-the-box compliance reports are included with the JSA Series.||JSA Series provides 500+ out-of-the-box compliance reports.|
|Reporting and alerting capabilities for control framework||
||JSA Series enables repeatable compliance monitoring, reporting, and auditing processes.|
|Compliance-focused regulation workflow||
|Management-level reports on overall security state||The JSA Series reports interface allows you to create, distribute, and manage reports that are generated in PDF, HTML, RTF, XML, or XLS formats.||Users can use the report wizard to create executive and operational level reports that combine any network traffic and security event data in a single report.|
|One stop support||Juniper Networks Technical Assistance Center (JTAC) supports all aspects of the JSA Series.||Users don’t need to go to several places to get support, even for multivendor issues.|
JSA Series provides a comprehensive log analytics framework that includes scalable and secure log analytics capabilities integrated with real-time event correlation, policy monitoring, threat detection, and compliance reporting.
|Comprehensive log management||JSA Series delivers scalable and secure log analytics with storage capabilities from GB to TB of data storage.||Provides long term collection, archival, search, and reporting of event logs, flow logs, and application data that enables logging taxonomy from a centralized view.|
|Comprehensive reporting||JSA Series comes with 1,300+ canned reports. Report Wizard allows users to customize and schedule daily, weekly, and monthly reports that can be exported in PDF, HTML, RTF, Word, Excel, and XML formats.||Provides users not only the convenience of canned reports but also the flexibility to create and customize their own reports according to their business needs.|
|Log management and reporting only option||JSA Series provides a comprehensive log management and reporting solution with a distributed log analytics only solution to collect, archive, customize, and analyze network security event logs.||Allows users to start with a log management and reporting only option and then upgrade to full blown JSA Series functionality as their business need grows—without upgrading their existing hardware.|
|Log retention and storage||JSA Series database can easily archive logs and integrate into an existing storage infrastructure for long-term log retention and hassle-free storage.||Enables organizations to archive event and flow logs for whatever time period is specified by a specific regulation.|
||Provides secure storage based on industry regulations.|
|Real-time event viewing||JSA Series allows users to monitor and investigate events in real time or perform advanced searches. The event viewer indicates what events are being correlated to offenses and which are not.||
|Data warehousing||JSA Series includes a purpose-built data warehouse for high speed insertion and retrieval of data archive of all security logs, event logs, and network activity logs (flow logs).||Enables full audit of all original events and flow content without modification.|
JSA Series Secure Analytics’ network security management solution takes an innovative approach to managing computerbased threats in the enterprise. Recognizing that discrete analysis of security events is not enough to properly detect threats, the JSA Series was developed to provide an integrated approach to threat analytics that combines the use of traditionally siloed information to more effectively detect and manage today’s complex threats. Specific information that is collected includes:
- Network Events: Events generated from networked resources, including switches, routers, servers, and desktops.
- Security Logs: Includes log data generated from security devices like firewalls, VPNs, intrusion detection/prevention, antivirus, identity management, and vulnerability scanners.
- Host and Application Logs: Includes log data from industry-leading host operating systems (Microsoft Windows, UNIX, and Linux) and from critical business applications (authentication, database, mail, and Web).
- Network and Application Flow Logs: Includes flow data generated by network devices and provides an ability to build a context of network and protocol activity.
- User and Asset Identity Information: Includes information from commonly used directories, including Active Directory and Lightweight Directory Access Protocol (LDAP). By incorporating patent pending “offense” management technology, this integrated information is normalized and correlated by the JSA Series, resulting in automated intelligence that quickly detects, notifies, and responds to threats missed by other security solutions with isolated visibility.
|Out-of-the-box correlation rules||JSA Series correlation rules allow users to detect specific or sequential event flows or offenses. A rule consists of tests and functions that perform a response when events match.||
|Offense management||The offense manager allows you to investigate offenses, behaviors, anomalies, targets, and attackers on your network. The JSA Series can correlate events and network activity with targets located across multiple networks in the same offense and ultimately the same network incident.||
|QID mappings||JSA Series associates or maps a normalized or raw event to a high-level and low-level category.||
|Historical profiling||JSA Series collects and stores entire event data for later use, enabling extensive use of historical profiling for improved accuracy.||Allows users to view historical data at any given point as well as views into incident management and the tracking of events.|
|JSA Series magistrate||JSA Series magistrate component prioritizes the offenses and assigns a magnitude value based on several factors that include the number of events, severity, relevance, and credibility.||
|Offense manager API||JSA Series provides a set of open APIs to modify and configure incident management parameters like “create, close, and open.”||Allows users to integrate third-party customer care applications like Remedy and other ticketing solutions.|
|Flow support||Flow support includes NetFlow, J-Flow, sFlow, and IPFIX||
As a member of the JSA Series Secure Analytics network security management solution, Juniper Secure Analytics Vulnerability Manager helps organizations minimize the chances of a network security breach by proactively finding security weaknesses and mitigating potential risks. Using Juniper Secure Analytics Vulnerability Manager, organizations can perform rapid network scans, discover and highlight high-risk vulnerabilities from an integrated dashboard, and automate regulatory compliance through powerful collection, correlation and reporting tools.
|Vulnerability overview||Juniper Secure Analytics Vulnerability Manager maintains a current view of all discovered vulnerabilities, including details such as when they were found, when they were last seen, what scan jobs reported them, and to whom the vulnerability was assigned for remediation or mitigation.||Provides the insight needed to make informed decisions.|
|Vulnerability dashboard||The vulnerability dashboard provides a single, integrated view into multiple vulnerability assessment feeds and threat intelligence sources, allowing security teams to quickly identify exposures that pose the greatest risks.||Makes it easy to identify and prioritize vulnerabilities.|
|Rapid network scans||Scans can be scheduled or performed dynamically to identify and locate security weaknesses to minimize risks.||Allows network vulnerabilities to be quickly found, analyzed and remediated.|
|Automated regulatory compliance||Conducts regular network scans and maintains detailed audit trails to facilitate compliance with federal or industry regulations.||Makes compliance easy and automatic.|
Juniper Secure Analytics Risk Manager is an integral component of a complete security intelligence solution, helping security professionals detect and mitigate advanced threats. The ability to proactively quantify risk from vulnerabilities, configuration errors, anomalous network activity, and other outside threats can help organizations prevent exploits that target high-value assets and data.
|Risk Manager Topology Viewer||Enables users to see network devices and their respective relationships, including subnets and links.||Helps visualize current and potential network traffic patterns with a network topology model, based on security device configurations.|
|Device configuration management||Automates the collection, monitoring, and auditing of device configurations across an organization’s switches, routers, firewalls, and intrusion detection system/intrusion prevention system (IDS/IPS) devices.||Provides centralized network security device management, reducing configuration errors and simplifying firewall performance monitoring.|
|Advanced investigative network topology, traffic and forensics tools||Two network visualization security tools provide unique, risk-focused, graphical representations of the network, providing network and security teams with critical vulnerability information before, during, and after an exploit.||Quantifies and prioritizes risks with a policy engine that correlates network topology, asset vulnerabilities, and actual network traffic, enabling risk-based remediation and facilitating compliance.|
Organizations of all sizes across almost every vertical market face a growing set of requirements from IT security regulatory mandates. Recognizing that compliance with a policy or regulation will evolve over time, many industry experts recommend a compliance program that can demonstrate and build upon the following key factors:
- Accountability: Providing surveillance that reports on who did what and when
- Transparency: Providing visibility into the security controls, business applications, and assets that are being protected
- Measurability: Metrics and reporting around IT risks
Secure Analytics is available in two different licensing options:
- Log Analytics: Enables event searching, custom dashboards, and scheduled reporting
- Threat Analytics: All log analytics features + flow support, advanced correlation, and vulnerability assessment Integration
|Dimensions (W x H x D)||17.2 x 3.5 x 24.8 in (43.7 x 8.9 x 63 cm)||17.2 x 3.5 x 24.8 in (43.7 x 8.9 x 63 cm)|
|Weight||42 lb (19 kg)||57 lb (25.85 kg)|
|Rack mountable||2U (rails and screws included)||2U (rails and screws included)|
|A/C power supply||Standard: 920W high-efficiency (94%+)
AC-DC redundant power; support hot-swap
AC Input: - 100-240 V, 50-60 Hz, 11-4.4 Amp
|Standard: 920W high-efficiency (94%+)
AC-DC redundant power; support hot-swap
AC Input: - 100-240 V, 50-60 Hz, 11-4.4 Amp
|D/C power supply||Optional: 850W/1010W highefficiency redundant DC to DC power supply
DC Input: 850W:
• -35Vdc to -42Vdc, 30-25A
• 1010W: -43 Vdc to -76 Vdc , 30~17
|Optional: 850W/1010W high-efficiency redundant DC to DC power supply
850W: -36Vdc to -42Vdc, 30-25A
1010W: -43 Vdc to -76 Vdc , 30~17
|Fans||3 x 8 cm 9.5K RPM, 4-pin PWM fans||3 x 8 cm 9.5K RPM, 4-pin PWM fans|
|Traffic ports||2x SFP+ 10GbE
4x RJ-45 GbE
|2x SFP+ 10GbE
4x RJ-45 GbE
|Console port||1 x RJ-45 DB9 serial console||1 x RJ-45 DB9 serial console|
|Maximum events per second (distributed collector)||20,000||40,000|
|Flows per minute||600,000||1.2 million|
|CPU||2 x Ten-Cores||2 x Ten-Core|
|Memory||128 GB RAM||128 GB RAM|
|Storage||8 x 900GB 2.5" 10K SAS, RAID 10||16 x 2TB, 2.5’’, SAS RAID 6|
|PSU||920W AC (dual included), (DC optional)
Note: Mixing AC and DC supplies is NOT recommended nor supported
|920W AC (dual included), (DC optional)
Note: Mixing AC and DC supplies is NOT recommended nor supported
|Operating Temperature||50° to 104° F (10° to 40° C)||32° to 104° F (0° to 40° C)|
|Storage Temperature||-40° to 158° F (-40° to 70° C)||-40° to 158° F (-40° to 70° C)|
|Relative Humidity (Operating)||8 to 90% noncondensing||5 to 90 percent noncondensing|
|Relative Humidity (Storage)||5 to 95% noncondensing||5 to 95 percent noncondensing|
|Altitude (Operating)||6,500 ft maximum||6,500 ft maximum|
|Altitude (Storage)||35,000 ft maximum||35,000 ft maximum|
|Compliance and Safety|
|Safety Certifications||CSA 60950-1 Safety of Information Technology Equipment
||CSA 60950-1 Safety of Information Technology Equipment
|Warranty||Hardware one year and software 90 days||Hardware one year and software 90 days|
Download the Juniper Networks JSA Series Secure Analytics Data Sheet (PDF).
- Pricing and product availability subject to change without notice.