There are a thousand different ways the software-defined security (SDS) market can be sliced and diced. There are the types of threats a solution is designed to combat (e.g. mobile, advanced persistent threats, viruses, web, data, identity); the stage of the attack lifecycle the solution addresses (e.g. intelligence, detection, response, etc.) to name a few. We, at SDxCentral, looked at the market under the lens of solutions designed for the SDx Infrastructure. To that end, this report includes a look at some of the critical locations that have recently seen a lot of innovation and movement – it is by no means an exhaustive list:
- Data Centers
- Campus/Remote Offices
- Internet of Things (IoT) and Industrial Internet of Things (IIoT)
Traditionally, organizations sequentially placed security solutions/tools (e.g. firewall, intrusion prevention, AV, etc.) at key ingress and egress points to protect the data center (or in the DMZ). Recognizing that today’s data center networks are permeable, not trusted, thanks in large part to the adopt of cloud platforms, apps and services (which will be covered in more detail in the next section), organizations have been re-evaluating how they think about and design their data center security.
There is no longer a definable perimeter, so the focus can no longer be on just ingress/egress traffic, but has to encompass lateral (east-west) traffic. Once an attacker is in the network, they can often move about freely to carry out their attack objectives. This issue can be amplified in a virtualized environment that is very fluid. As a result, organizations are looking to deploy controls that enable consistent policy enforcement across their physical and virtual infrastructures.
Virtualized security functions enable security to be embedded (as an application on a bare metal hypervisor or as a hosted service on a virtual machine (VM)) throughout the data center (and cloud) environments. These functions can be scaled, moved and tuned easily to match the dynamic, virtualized (DC/cloud) environments they are supposed to protect.
Because SDx security capabilities can be easily deployed whenever and wherever they are needed, organizations are increasingly segmenting the network within their virtual switches, virtual routers and other virtual network elements, in attempts to stop and contain the lateral movement of attackers. With ‘micro-segmentation,’ organizations can segment the network and apply granular policies/controls, at a micro-level, within the virtual fabric to protect applications and even individual workloads.
As already noted, we have also started to see the use of containers as a way to deliver security services within data centers (and clouds). Containers virtualize the operating system (OS), splitting it into virtual compartments that can run ‘contained’ applications or workloads. This makes it easy to run an application/workload anywhere – basically anywhere Linux is running.
In recent years, we’ve seen the introduction of some new container-aware security deployments, with a couple of solutions adding support for container-based runtime architectures, like Docker. The good thing about containers is they already have some built-in security characteristics, such as isolation (not as robust as VMs, but improving rapidly). The bad thing, at least today, is they tend to have much shorter lives than VMs (and are less isolated than VMs), which can make them harder to secure, troubleshoot and audit. In addition, it’s important the container repositories are secured to make sure malicious code does not make its way into the images and pollute the entire infrastructure.
As organizations re-architect their data center security to better protect critical assets and prevent attack propagation (east-west, lateral traffic), the key will then be to extend the same level of controls and attack prevention out to all the cloud platforms/services and remote sites that make up their distributed environment.