Software Defined Security: Going Beyond Traditional Measures

Written by

Organizations today are evolving and rapidly adopting new technologies. Whether introducing flexibility to their employees or new services to their customers, companies are redefining the organizational boundaries. But what this brings is an increase in their threat footprint.

In fact, one of the largest concerns for businesses is how to implement advanced security mechanisms to protect their assets and networks. In order for them to protect their resources and tackle emerging risks, it is now necessary to look beyond traditional security solutions.

Traditionally, organizations would deploy mechanisms for monitoring traffic and identifying anomalies such as a security application for detecting DDoS or malware threats, and specialist software or appliances for cleaning the traffic or blocking the infected host.

The mitigation of an attack typically takes place in the appliance, which is mostly deployed in central points of the infrastructure. As a result, this can cause delays and latency because the traffic has to be diverted from the original traffic path in order to be cleaned before returning to its destination. In addition, other points in the network such as core routers, switches and firewalls need to be pre-configured to enable the traffic diversion and mitigation to succeed.

Evolution of security architecture

Organizations now need to look towards leveraging emerging technologies such as Software Defined Networking (SDN) in order to efficiently and dynamically address security threats and attacks.

One of the inherent capabilities of an SDN controller is the fact that it has knowledge of the network topology and infrastructure, providing overall visibility of an organization’s network traffic. Controllers have now evolved to deliver integrated security functions including routing, firewalling policies, service chaining enablement and more.

The SDN controller can also make use of Network Function Virtualization (NFV) concepts, which allow for the deployment of sophisticated network functions in commodity hardware, managed through the application of service chaining. This ensures that the traffic flows are dynamically directed to the right network elements if and when needed. This overall model is described as Software-Defined Security (SDSec).

Essentially, by taking the SDSec approach, the design of security solutions to protect organizations can drastically change and grow to a more dynamic, integrated and controlled implementation.

Benefits of SDSec

By leveraging technologies like SDN and NFV – and therefore advancing to an evolved security architecture – organizations can take advantage of the benefits and opportunities that were either not possible in the past, or were too expensive to be justified.

Key benefits to businesses include:

  • Central management of security. Organizations can use security software, through the SDN controller, to implement, control and manage threats from one single place.

  • Efficient and dynamic mitigation of security threats and attacks. Since the mitigation can be applied close to the source of the attack, organizations can relieve their network from having to off-ramp traffic to a central location, and allow for dynamic insertion and removal of security points where and when needed.

  • Hardware cost reduction. Due to the virtualization of network security applications in commodity hardware, the need to buy and deploy specialized vendor appliances is reduced or eliminated.

  • Use of existing network appliances. Even if legacy appliances do not support advanced traffic monitoring mechanisms, organizations can aggregate the legacy functionality via the SDN controller and blend this with other new technologies as they are introduced.

  • Dynamic configuration of existing network nodes for the mitigation of an attack. Virtually configuring connection points, as and when needed, will replace the traditional resource intensive and often vendor-specific method of using static pre-configured policies.

  • Harmonized view of logical security policies. The policies exist within the SDN controller and are propagated across the infrastructure nodes rather than being tied to a server or specialized security device, enabling a holistic approach to cyber security.

  • Visibility of information from one source. This replaces the need to introduce network probe elements in different locations of the network, which then have to be correlated.

  • Integration with sophisticated applications. These applications can therefore use the existing information around the network in order to correlate events in a simpler way and respond more effective and intelligently to security threats.

In summary, SDN and NFV can provide tremendous opportunities for organizations to evolve their traditional security architecture and implementation models.

By adopting the SDSec model, businesses can realize the benefits of programmability and automation, which will consequently enable them to respond to today’s security threats in a more dynamic, efficient and intelligent way.

What’s hot on Infosecurity Magazine?