It’s becoming clear that rising network security threats will drive increasing integration between network virtualization (NV) and security, as we’ve long predicted here. This means that software-defined networking (SDN) will become a key technology for securing the cloud.
- Centralizing network security service policy and configuration management
- Automating network security remediation
- Blocking malicious traffic from endpoints
- Simultaneously allowing for expected normal traffic
- Network policy auditing and detection and resolution of conflicts
Increased Threats Drive Security Need
SDxCentral confirmed some of these trends in securing the cloud in our recent “2016 Next-Gen Infrastructure Security Report.” Our research indicates the scope and size of network attacks are increasing. IT specialists are looking at more flexible and diverse ways to monitor network security – including an expanded use of virtualization and cloud-based security services.
Respondents to the SDxCentral survey indicated that “data privacy and security” was their top concern (83%), followed by “application security” and “securing cloud environments.”
Industry watcher Hackmageddon has broken down the top attack techniques used in 2015. Many are the usual tactics we have seen in years past – but nearly a quarter are unknown, which makes them harder to identify and defend against. Verizon identified point-of-sale (PoS) and phishing attacks as the “rock stars” of threats in its 2016 report. The Identify Theft Resource Center (ITRC) looked at the publicly available information on attack types in the U.S. and found that hacking, skimming, and phishing are by far the most popular tactics used by attackers.
These attacks cost organizations in terms of lost productivity, lost revenue, and reputational damage. The cost of global cyber espionage is approximately $500 billion annually, hitting $1 trillion if you include the costs associated with stolen intellectual property. According to the “2015 Cost of Data Breach Study” by IBM and the Ponemon Institute, the average total cost of a data breach increased from $3.52 million in 2014 to $3.79 million last year. Targeted attacks are likely to continue on networked resources.
Securing the Cloud With Virtualization
The trend toward cloud computing technologies has made it more challenging to maintain visibility and control over network and IT resources. While the flexibility and agility of cloud resources has its clear benefits, it has also changed the threat profiles of organizations. A report from Intel Security found that only 34% of IT pros feel senior management fully understands the security implications of the cloud. Alert Logic’s “Fall 2015 Cloud Security Report” found security incidents were much more likely to occur in the cloud than on-premises.
In the future, security that relies on the deployment of proprietary, purpose-built hardware won’t meet the demands of today’s dynamic environments. Hence we are seeing the evolution to cloud-based and virtualized security approaches.
Almost every security function can be delivered in software. These include, among others:
- Unified threat management (UTM)
- Identity access management (IAM)
- Data loss prevention (DLP)
- Risk and compliance management
- Deep packet inspection (DPI)
- Network and host intrusion detection and prevention (IDS/IPS)
- Anti-virus (AV)
- Security information and event management (SIEM)
- Incident response and forensics
- Disaster recovery (DR)
- Denial of service (DoS) mitigation
- Distributed denial of service (DDoS) mitigation
- Web filtering
These security techniques are migrating to a cloud-based model that can monitor applications in a data center and across hybrid clouds, rather than limiting their abilities to a local or WAN network. As these services are virtualized, they can be integrated into cloud environments to provide more distributed protection.
Virtualization and Security Merge
The broad trend in the security market is to deliver security services in the cloud, leveraging data from virtual and cloud-based environments to monitor activity and spot anomalies. In addition, SDN and NV platforms are developing key analytics functionality than can be used to improve security. Emerging software-defined anything (SDx) infrastructure security technology can make it easier to segment the network and apply controls to protect applications and even individual workloads. The use of techniques such as microsegmentation, snapshotting, and rollbacks are all inherent to SDN and NV technology and can be used to improve network security.
Security services that are built on an SDx architecture will be able to take advantage of SDN’s natural application policy and analytics functions to improve security across networks. We are in the early days of this integration between network virtualization and security – you can expect to see more partnerships develop among SDN, NV, and security technology over time.