In this blog I am going to discuss some of the existing best practices for software-defined networking (SDN)-based security, the factors that are driving IT organizations to question those best practices, and then point out how the implementation of an SDN can help improve the overall security of the IT infrastructure.
One of the existing best practices for security is for IT organizations to manage network and security policies separately. It has also been very common for IT organizations to implement a large and growing number of security appliances that for the most part were configured at deployment and then re-configured only when absolutely necessary.
One of the factors that is driving IT organizations to question their security practices is the growth in the size of networks combined with the increase in the speed of their networks. This factor has caused centralized security appliances to become chokepoints. In addition, the growth in the number of security appliances is causing the management of those security devices to be increasingly burdensome and error-prone. Another factor driving IT organizations to question their existing security practices is that the time it takes to modify security policies is increasingly out of line with the time it takes to fire up or move a virtual machine.
One of the key tenets of SDN is that state information that used to be distributed in each network element is now centralized in an SDN controller. Having access to that centralized state information enables the deployment of value-added security functionality, in large part because security policy no longer has to be set on a device-by-device basis.
HP is an example of a company that has developed an SDN-based security application that takes advantage of centralized state information. That application, referred to as the Sentinel SDN Security Application, is designed to enable IT organizations to combat the security challenges that are associated with implementing BYOD. Sentinel leverages the HP TippingPoint Repudiation Digital Vaccine database to determine if the site that a user is trying to access is legitimate. If it is, Sentinel allows access to the site. If not, it blocks access and logs the attempt.
Click below to watch Part 11 of the SDN Journey – Note: You must be an SDNCentral member to watch. Login to SDNCentral or register for free.