Network security is entering a new phase in which an entirely different approach may be needed to battle the bad guys. Will software defined networking (SDN) be a key component? I believe the answer is yes.
Hundreds — sometimes thousands — of malicious cyber attacks are occurring every day. These attacks are often global, distributed, and sophisticated. Given that much security technology is static, reliant on human monitoring, and limited in its access to data sources, a new brand of cloud security systems will be needed. This technology will be more analytical and automated.
Let’s take a look at where this is all going.
Global Threat Scales Up
It’s clear to me that most corporations have lost control over security in their data and networks.
Prominent data breaches at Anthem Healthcare, eBay, Home Depot, JPMorgan Chase, and Target have amounted to 400 million records and credit-card accounts being compromised in just the last two years. The entire security architecture may be flawed: Nobody has a way to monitor the cloud for security threats in real-time.
There’s more: The White House was recently hacked. And the former federal “Cybersecurity Czar” Richard Clarke has said most corporate networks are compromised regularly and that traditional “perimeter” security defenses no longer work.
Want more proof that network security is broken?
The slide below, provided by Osterman Research, shows that 76 percent of the respondents to a survey of enterprise IT managers said it would take at least “hours” to respond to a security breach. The survey collected data from 225 respondents from mid-sized and large enterprises.
Here is some more data from the Osterman Research survey:
- 94 percent of organizations are not well prepared to respond to a data breach
- Only 33 percent of organizations have involved the security team in the follow-up response. Two-thirds of customers rely on manual responses
- Only one-quarter are using automated systems for breach discovery and remediation
Welcome to the new world of network security, where your network and data are constantly under siege.
It’s clear that there is a problem, and the current security architecture is not adequate.
Here’s an analogy that I like to use: If you are afraid of a terrorist attack, do you think locking the door and hiding under the bed is the way to protect yourself? No. You need constant satellite and data surveillance.
The next security architecture will require monitoring tools, analytics, and automated responses all working together as one system. It will run in the cloud, not on a piece of hardware in your wiring closet. And it will act in real time.
You need all these things because your enemy is everywhere. And you need to be watching everything.
The “threat map” below, taken a couple of weeks ago, represents the potential of real-time monitoring. It shows he number of coordinated security attacks underway at a specific point in time. The map was supplied to me by Hoplite Industries, a Bozeman, Mont.-based firm that is actively monitoring Internet-based security threats.
Hoplite is constantly monitoring malicious machines (IP address), autonomous system number (collection of networks), and compromised websites being used to relay probes/attacks. Every day the company’s sensor network collects data on thousands of malicious events which are assimilated into a database for analysis.
As I’ve written before, SDN is key because interoperability enables more visibility into traffic and flows. This visibility enables more analytics to be run on network functions.
One of the core principles of SDN is that by separating the control plane from the data plane and providing interoperable APIs, the entire network can (in theory) be monitored and analyzed.
SDN could also move security applications from hardware devices to software applications in the cloud. Firewalls, the “locked door” paradigm, simply aren’t enough anymore. Cloud-based scanning and analytics tools are needed. This mirrors the larger trend of network functions virtualization (NFV), where any network function or feature can be migrated to standard server hardware as a software function accessible from the cloud. (The move from security appliances to the cloud was covered in my recent premium report, “The Future of Cloud WAN” [registration and payment required].)
Recently I hosted a webinar with Pluribus Networks, an SDN startup based in Palo Alto, Calif., that also believes that security will be huge on the SDN agenda. Pluribus builds an SDN operating system and analytics system that can be programmed to detect security threats. It demonstrated a distributed denial-of-service (DDoS) mitigation system on the webinar earlier this week. (Here’s a link to the replay.)
Many other technology firms are working on security analytics and cloud-driven security. I expect that during the next few years, we will see SDN platforms emerge as important enabling technologies for security applications that integrate real-time analytics and monitoring. This model will be needed if large global corporations are to have any hope of defending their systems against almost constant attack.