With 2016 set to be the first significant year for the commercial deployment of virtual network functions (VNFs), it's time to address one of the biggest challenges facing network operators in the vanguard of virtualization -- network security in next-generation networks (virtualized and hybrid).
The challenge is not insignificant and not just focused on building a top-class defense against security threats: In addition to figuring out how to protect networks that incorporate virtualized functions and cloud environments, operators also need to determine how they can use their next-generation network security tools to develop new revenue-generating services.
With that in mind, Light Reading commissioned its independent test lab partner European Advanced Networking Test Center AG (EANTC) to evaluate a range of security tools and functions on offer from Cisco Systems Inc. (Nasdaq: CSCO) that traverses the virtual and physical worlds.
The results make for fascinating reading, as the EANTC team's report, which you can read over the course of the next ten pages, tells the story of a group of experienced technicians keen to examine just how emerging network topologies can be secured, defended and recovered before, during and after attacks of various kinds.
The evaluations are numerous and varied and simulate real-world scenarios, including: threat detection; attack visibility and mitigation; and security platform performance.
Of particular interest to service providers seeking to build a business case around next-generation security functionality is the test case dedicated to the verification of the provisioning process for security-as-a-service VNFs.
The EANTC team found Cisco's suite of capabilities more than capable of meeting the needs of today's progressive enterprises and service providers, whether in a virtualized environment or when a hardware-based solution is needed to deliver certain levels of performance and scale.
So let's get to the heart of the report, which is available for free (for registered users) as a downloadable PDF document at this link and also presented over the course of the following pages:
Page 2: Introduction: The EANTC Perspective
Page 3: Test Cases
Page 4: Threat Detection Effectiveness
Page 5: Service Chaining/Stitching - Test case 2a: Firepower 9300 with FTD, NGIPS, AMP
Page 6: Service Chaining/Stitching - Test case 2b: Radware DefensePro on Firepower 9300
Page 7: Orchestrating Security in SDN - Test Case 3a: Application Centric Infrastructure (ACI) Application Policy Infrastructure Controller (APIC) with ASA firewalls
Page 8: Orchestrating Security in SDN - Test Case 3b: CSR, ASAv and WSAv with Tail-F
Page 9: Security as a Service in a Virtualized Multi-Tenant Environment
Page 10: Performance, Scalability and Resilience - Test Case 5a: Performance of the Firepower 9300 platform
Page 11: Performance, Scalability and Resilience - Test Case 5b: ASA Firewall Clustering
— The Light Reading team and Carsten Rossenhövel, managing director, European Advanced Networking Test Center AG (EANTC) (http://www.eantc.de/), an independent test lab in Berlin. EANTC offers vendor-neutral network test facilities for manufacturers, service providers, and enterprises.