Defense in Depth with Software Defined Networking
Last week at the RSA Conference in San Francisco, I had the pleasure of speaking to thousands of security professionals about the opportunities and risks associated with using Software Defined Networking (SDN) for security, which will be the underlying fabric of our next generation data centers and networks. SDN-enabled security will provide a better way to secure our most valuable applications, users and data, now and in the future.
Each vendor has a different definition of how the network is changing, and there are many different terms being used, such as software defined data center and software defined storage. Cisco calls this Application Centric Networking, for example, because we are introducing programmable APIs with a focus on distributed control plane intelligence so that applications can get value directly from the network.
It’s obvious why the networking industry is embracing SDN: lower operational costs and the ability to deploy applications and network services in a quicker, more scalable manner. Cloud bursting, which is about flexible compute in the cloud, is another SDN benefit that gives us the ability for applications to interact directly with the network in ways that do not happen today. For example, applications will be able to query the network for location of users to manage Quality of Service and deliver highly targeted content.
So why should the security industry care about SDN? As the threat landscape evolves, the opportunity is to make Security a key application for SDN. We can use SDN to build a Network-based Threat Defense System. I see three key elements to this system:
First, SDN makes the broader network more threat aware. We will unlock a whole new level of visibility for our knowledge-based security models, and we will have tremendous visibility from the Network such as applications, data, user and device identities, locations and overall behavior patterns. Analysis tools will leverage that information coming from all of the devices across the network, not just security devices, as a way to find and react better to threats. With SDN-enabled security applications, we can have more “Software Defined Security”, which will make us far faster, more pinpointed and ultimately better at stopping threats—even when they don’t traverse a security device or dedicated enforcement point in the network or in the data center.
Second, that real time control means that we can quickly act on advanced threats no matter where they are in the network or the data center. Once we can “see” the threats across our networks, we can now more quickly and pervasively act on that threat awareness. Using the intelligence of security devices to work in conjunction with the broader set of network devices will enable us to block traffic, drop infected hosts and prevent advanced malware from getting to sensitive information in the Data Center.
Third, security can now truly be built in to the network, and not simply bolted on to it. Instead of static or coarse grained security, we will deliver an on demand model where we spin up an application with the corresponding security in one motion. SDN will bring security services closer to the applications themselves and allow us to make decisions at a more granular level because we have more context. We will automate our “trust, but verify” access models because SDN-enabled security applications will have access to multiple context attributes all from a single authoritative source – the network itself.
The networking industry is already actively engaged in supporting SDN. As security professionals, we can get ahead of the game by acting now, enabling us to realize the benefits of being able to defend, discover and remediate the most critical threats impacting us, now and into the future. SDN will enable us to be better at defense in depth with more sensors in more places and with more real time control.
You can view the full RSA keynote video here.