Software Defined Networking (SDN) is a hot topic for carriers and most service providers are somewhere in the process of figuring out how to take advantage of this technology. SDN's design can help to overcome the network challenges that accompanied the explosive growth of video, mobility and cloud services. Major Tier 1 telecoms across the globe are already implementing capabilities to reduce costs and add more flexibly to their managed services.
Cyber attackers, however, want to exploit the growing attack surface presented by these new open services and legacy security approaches are becoming insufficient in dealing with the new types of attack techniques and targets. The good news is that when planning and deploying SDN, carriers have a great opportunity now to automate and improve attack detection and mitigation. The key is to implement a network security solution that can take advantage of SDN's dynamic nature.
The SDN Advantage
An SDN architecture provides an intelligent central console that decouples the network control plane from the forwarding plane. This enables carriers to meet two critical business objectives: to create more valuable services by leveraging network-wide intelligence and to automate manually intensive tasks like provisioning, operating and troubleshooting hardware-intensive networks.
An SDN network can also automatically respond to changes in network behavior. This enables a learning network where carriers can now better harness the plethora of data they have to improve performance and customize service offerings in ways that would have been impossible to do manually. This is how network security can become an automated process based on best-fit policies for a carrier's network.
Bridging the Silos of SDN
By separating the control and data planes, SDN is not limited by physical devices to control and manage traffic flows. With no physical barriers, SDN controllers can monitor traffic, detect threats, and mitigate attacks anywhere in the network with the use of a software-based network security solution.
But, it seems every equipment vendor provides a SDN controller that feeds in the carrier's SDN control plane. The challenge is how to bridge the silos of multiple vendors' SDN controllers to work together and provide telemetry to the SDN control plane where network security functions can feed off network wide data.
Plan Now for SDN-enabled Network Security
As carriers move their SDN strategies from the white board to proof-of-concept trials to commercialization, now is the time to incorporate the right SDN-enabled network security solution. With multi-vendor interoperability and the ability to accept telemetry from multiple disparate sources, the right network security solution provides one automated control center for the entire network.
The network security solution can take advantage of the programmability of SDN to proactively provide better protection for the entire network at the least cost and provide previously unachievable network agility.
Our new e-book – Taking advantage of SDN services to intelligently automate network security: How to monitor and mitigate application and volumetric attacks with software driven policies – can help answer specific questions about the network security solutions that are available today that can tap into the automation benefits of SDN.
This is the second in a series of e-books designed to provide the latest information and thought leadership on security solutions for Carriers and Service Providers. You'll learn more about how the right security solution can access telemetry from anywhere in the network to detect attacks, automatically mitigate the threat, and more effectively defend your network from harm with fewer resources.
I'll be speaking more about how to leverage a flexible SDN/NFV framework for real-time scaling of network security and intelligent services at the SDN World Congress in Dusseldorf, Germany on Thursday, October 15th at 15:00.