Security: The Next SDN Frontier

A fundamental shift is happening in security technology

R. Scott Raynovich, Chief Analyst, the Rayno Report

Security is emerging as one of Software Defined Networking’s most important applications. In fact, it has the potential to combat the surging threat of cyber attacks on cloud services.

Cloud security threats are more prominent than ever, and they represent an important challenge to modern IT departments. You can check the headlines to see that prominent data breaches at Anthem Healthcare, eBay, Home Depot, JPMorgan Chase, and Target have amounted to 400 million records and credit-card accounts being compromised. Dig deeper, and you see that the entire security architecture may be flawed: Nobody has a way to monitor the cloud for security threats in real-time.

Enter SDN. After years of attacking IT security threats with point solutions — firewalls, virus scanners, and intrusion detection systems — SDN promises to integrate these approaches into living, breathing security applications that can scan and respond to all cloud network threats, in real-time.

How exactly do we accomplish that? Recently I have been studying the approaches of many security technology firms, and what I’ve found is that a fundamental shift is happening in security technology: Security scanning and analysis mechanisms are starting to move from hardware appliances to the cloud. This mirrors the larger trend of Network Functions Virtualization (NFV), where any network function or feature can be migrated to standard server hardware as a software function accessible from the cloud. (The move from security appliances to the cloud was covered in our recent premium report, “The Future of Cloud WAN.”)

Why is this important, you ask? The fundamental goal of SDN technology is to open up the network and make it more interoperable, so that more visibility, control, and automation can be built into cloud systems as a whole, rather than relying on technology that is trapped in islands of proprietary systems. More importantly, an SDN system can guide automated protections across the whole network in real-time, rather than just protecting specific boxes or applications.

To dumb it down: Why install a purpose-built firewall to guard your network’s door, when you could have a cloud-based security system that monitors your network and computing assets in real-time — and even automates security responses?

“Security needs to be built into the foundation, not the roof,” says Anthony Cochenour, a security veteran and President and founder of Hoplite Industries, a Bozeman, Mont.-based cloud security firm. Hoplite is building a policy-based cloud security service.

Other firms are focused on this as well. InMon Inc., a San Francisco-based builder of open-source monitoring tools, has demonstrated using SDN and open-source tools to build automated reponses to Denial of Service (DoS) attacks. InMon has published a whitepaper that shows how its sFlow monitoring protocol can be used to build automated security intelligence software. The company has also published detailed blogs about how these tools could be used to protect against large-scale attacks.

Recently I hosted a webinar with Pluribus Networks, an SDN startup based in Palo Alto that also believes that security will be huge on the SDN agenda. Pluribus builds an SDN operating system (OS) and analytics system that can be programmed to detect security threats. It demonstrated a Distributed DoS (DDoS) mitigation system on the webinar earlier this week.

Many other technology firms are working on security analytics and cloud-driven security solutions. We’ll be diving deeper on this. That’s why The Rayno Report will be launching a new report on cloud security in the coming months. Stay tuned: We hope to announce the publication of this report in May. It’s early days, but I think this important new trend of the integration of SDN and security will be one of the biggest developments in security technology in years.