Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

June, 2021 Release

New and Changed Features: June, 2021

DNS DGA Detection

Starting in Junos OS Release 21.2R1, Juniper ATP Cloud supports Domain Name System (DNS) Domain Generation Algorithm (DGA) detection. DNS DGA generates seemingly random domain names that are used as rendezvous points with potential C&C servers. DNS DGA detection uses machine learning models as well as known pre-computed DGA domain names and provides domain verdicts, which will help in in-line blocking and sinkholing of DNS queries on SRX Series Firewalls.

Use the set security-metadata-streaming policy policy-name detections dga command at the [edit services] hierarchy to configure DNS DGA detections.

To view the DNS DGA detections, log in to Juniper ATP Cloud Web portal and navigate to Monitor > DNS.

[See DNS DGA Detection Overview, DNS DGA Tunnel Detection Details, and security-metadata-streaming.]

DNS Tunnel Detection

Starting in Junos OS Release 21.2R1, Juniper ATP Cloud supports DNS tunnel detection. DNS Tunneling is a cyber-attack method that encodes the data of malicious programs or protocols in DNS queries and responses. It indicates that DNS traffic is likely to be subverted to transmit data of another protocol or malware beaconing.

Use the set security-metadata-streaming policy policy-name detections tunneling command at the [edit services] hierarchy to configure DNS tunneling detections.

To view the list of DNS tunnel detections on SRX Series Firewalls, log in to Juniper ATP Cloud Web portal, navigate to Monitor > DNS and click Tunnel tab.

[See DNS Tunnel Detection Overview, DNS DGA Tunnel Detection Details, and security-metadata-streaming.]

SSO with SAML 2.0

Juniper ATP Cloud supports Single sign-on (SSO) with SAML 2.0 protocol. SSO is an authentication method that allows you to securely log in to multiple applications and websites with a single set of login credentials.

You can now configure the SSO settings to sign into the ATP Cloud Web portal using an external Identity Provider (IdP), such as Okta and Microsoft Azure that supports SSO using SAML 2.0 protocol. To configure, activate, or deactivate SSO settings, log in to Juniper ATP Cloud Web portal and navigate to Administration > SSO Settings page.

[See Set Up Single Sign-on with SAML 2.0 Identity Provider and Configure SSO Settings.]