EXPERT SPEAK
Maan Al Shakarchi is
Head of Networking
at Avaya Europe,
Middle East, Africa,
Asia-Pacific
Using software defined
networking for protection
F
or enterprise organisations around
the world, software defined
networking is transforming the
way we build and operate our networking
infrastructure. Similar to the way
virtualisation technology has revolutionised
application servers and storage, we are now
going through the same evolution on the
networking side of the house.
The promise of software defined
networking touches on several aspects.
Simplicity and speed of rolling out new
services across an organisation is one.
Flexibility and operational efficiencies to
reduce cost is another. However, one of the
most critical aspects of software defined
networking is its implications on security.
With the constant news of hackers
penetrating critical institutions around
the world, this cannot come soon enough.
Let us have a look at three ways of how
software defined networking can help
organisations secure their networks and
keep hackers at bay.
Micro segmentation
Networks were originally designed to
connect devices and users together.
However, as more applications and services
started to move to IP, including CCTV
cameras, building managements systems,
phones, the need to separate those devices
into separate zones became essential.
Using one physical converged network
makes sense from a cost and management
perspective, but software defined
networking would allow us splitting up this
network into secure isolated zones.
Micro segmentation
would contain attacks
to specific servers
and prevent wider
exposure
An attacker, whether external or
disgruntled employee, will not be able to
have access to any network services outside
of their allocated zone. Micro-segmentation
allows for even further granularity,
separating individual servers, devices, or
users into unique secure zone.
Recent attacks on banks have relied
on attacking one publicly exposed server,
and then using it to access other internal
servers. Micro-segmentation would contain
attacks to specific servers and prevent
wider exposure.
Stealth networking
As traffic travels through legacy networks,
network devices which handle this traffic
are all exposed. Attackers can probe each
of those hops for exploits and eventually
find ways of getting in. Software defined
networking with fabric foundation
technologies rely on layer 2 traffic tunneling,
so the traffic now flies over the network and
lands at the destination with virtually one
hop. Think of taking a direct flight between
two cities, versus the traditional way of
stopping at several transit hops.
Software defined networking allows
the entire network between source and
destination to be hidden, and attackers
probing your network can only see a black
hole instead.
Network automation
The nature of network attacks is that they
happen instantly. The network has to
have the ability to automate its response,
at the same time as appropriate team
are notified. This used to be very difficult
in the past, as making any network
configuration was a complex task that was
almost impossible to automate.
However, software defined networking’s
inherent simplicity and openness presents
the opportunity to design an automated
workflow that is put into motion once
triggered.
As an example, the network can detect
that a contractor’s laptop in one of the
bank’s offices is transmitting suspicious
traffic patterns. It can create a new
quarantine zone, moving the machine
into that zone with forensics, identify the
CCTV cameras of that area, and put the
administrators remotely on the same video
call, so they have full eyes on the attacker’s
location. This scenario was simply not
possible in the past with legacy network
technologies.
We are moving to a new age where
attackers are constantly finding innovative
ways to penetrate security layers.
Organisations have a legal and ethical
responsibility to their customers to keep
their private information safe.
Adopting new technologies like software
defined networking to benefit is one of the
ways of evolving through next generation
technologies to stay one step ahead in the
never ending security race.
65