In-brief: Recent news events underscore the threat that companies face from inadequately protected internal network assets. Cisco’s Scott Harrell argues that the adoption of software-defined networking may provide a powerful new tool to halt hackers ability to move within compromised networks.
In modern data center environments, attacks can happen in minutes and spread rapidly across the infrastructure to cause significant losses that can take months to discover, contain and fix. As the headlines frequently remind us: attackers are becoming stealthier and better organized.
And once an attacker establishes a beachhead on one server inside a data center, less stringent controls over the internal “East-West” traffic flows between back-end applications and servers can enable attackers to broaden the attack to move from server to server and steal even more data. In fact, in a 2015 survey of IT security professionals commissioned by Cisco and conducted by Enterprise Strategy Group, 57 percent reported a security incident had compromised their data center services within the last 24 months.
For a large number of companies, however, applications are now the key interface with internal and external customers. What is to be done? Companies may find help in an unexpected place: software defined networking technologies that are helping sophisticated firms deliver applications rapidly.
[Read more of Scott’s thought leadership here.]
Software-Defined Networking (SDN) is a way to centralize the management of network and application services and ensure applications are up and running or scaled up or down in minutes instead of months. But in addition to enabling new operational models that accelerate application agility, a well-designed SDN infrastructure can also help to improve data center security. In fact, the security advantages of SDN deployments are an important consideration that companies should make in weighing their response to the sophistication, complexity and frequency of threats facing their data centers.
Leveraging SDN to Combat Evolving Threats
The traditional defenses which many organizations have come to depend on to protect the data center were designed to control access and were less focused on detecting advanced threats as they enter and as they move inside the data center. While existing defenses will continue to be an important part of protecting the data center, in order for data center security architectures to remain relevant in a world that is dealing with sophisticated new threats, they must evolve to address the dynamic landscape.
Leveraging an SDN infrastructure can improve data center security by simplifying and automating security infrastructure configuration. Attacks can be isolated so that they cannot spread from one system to another. Policy controls on traffic passing between the application, database and Web server tiers can be more actively monitored , providing fine-grained threat protection and policy enforcement. And, with the widespread adoption of virtualization, private cloud, and three-tier server architectures, these capabilities are vital since 76% of the traffic inside data centers now passes between these internal systems.
Choosing the Right SDN Solution for Security
While there are multiple SDN solutions in the market, selecting the right technology is essential for dealing with both current and future security challenges. Of course your SDN should integrate seamlessly with your network. Beyond that, enhancing security for data center traffic requires a solution that is “application-centric.” In other words, it should emphasize application-based policies and use the same policies and orchestration to defend both virtual and bare metal workloads.
In application-centric approaches, the SDN infrastructure plays a key security role as well as the security software. Such an approach ensures only specified applications can interact with authorized end users or applications. This greatly simplifies access control, allowing it to be applied to all traffic flows including east west flows and greatly restricts lateral movement once a user or application is compromised.
An application centric approach can be applied across virtual and physical workloads and can monitor the health of both servers and security infrastructure. This allows your data center to scale more dynamically both for computing and security. Application security policies are created once and then applied dynamically based on the actual application interactions on your network. That compares to legacy application security policy management, in which security policies are static and tightly coupled with your network topology.
[Read more on Security Ledger about advanced threats.]
To understand how SDNs can transform how application security is managed, consider the nuts and bolts of many enterprise security operations: firewall access control lists (or ACLs). With current data center models, ACLs are often not removed even when applications are decommissioned because an organization may have millions of ACLs and firewall rules and they are unsure of the effect of removing them. This puts the organization at risk of noncompliance during auditing and also increases risk to the organization because newer ACLs may conflict with existing ACLs and firewall rules.
But the adoption of SDNs can lead to greater efficiency and streamlined management and configuration of the Access Control Lists (ACLs) and firewall rules related to applications. Using an application-centric approach, security professionals can create business-level policies and rules that are automatically updated on the back-end to greatly reduce human error and automate removal of ACLs when the application policy is removed.
SDN architectures and designs enable leading security technologies such as next-generation firewalls, next-generation IPS, and advanced malware protection to be pushed deeper into the data center. With these capabilities, organizations gain unprecedented control, visibility and centralized security automation in the data center. This is crucial in enabling organizations to dynamically detect and block advanced threats with continuous visibility and control.
New security challenges in the data center raise the stakes for companies weighing a move from traditional data center operation model to a next-generation Software Define Networking model. Simply put: the benefits SDN brings in accelerating and automating the deployment of security policies make a compelling argument in favor of deploying an SDN solution. While not all SDN approaches are equal, with an application-centric approach, organizations benefit from a unified, and automated approach to security policies in the data center before, during and after an attack.
Scott is a regular contributor to The Security Ledger and the Vice President of Product Management in the Security Technology Group at Cisco. You can connect with him on LinkedIn.