Software-Defined

The Self Defending Network

by AceKrish on ‎03-02-2015 10:40 AM (16,069 Views)

For years, security has been about prevention, detection and remediation. And yes the emphasis has shifted in recent years towards detection and remediation but prevention is still a key component of any security strategy.

 

While the prevention methods have evolved over the decades – many network security devices still require human intervention to help ward off the attack. This becomes even more complex when applied to the virtual world where servers are spun up and down based on the needs of the business. How do you reduce the time for action with human intervention and allow for a self-defending network while ensuring network security?

 

Prior to the New IP, there has not been an open and extensible way of truly exposing the power of the network with the smarts of these security models. That has changed! With the advent of SDN, you now have a powerful ally in your fight. In the New IP, the SDN controller is the chief of the entire network – physical and virtual – and can provide just the panacea you need for security and networking to operate in a seamless manner and provide the self-defending network. How?

 

Brocade and Intel have come together to demonstrate an automated and open approach to mitigate network security threats utilizing automation, extensible programmability, next generation Virtual Network Functions (VNFs) and Controller-to-Controller API integration.

 

This security coalition comprised of the Brocade Vyatta Controller, Brocade vRouter and Intel Next-Gen Firewall (NGFW) with Security Management Center (SMC) is a powerful solution showcasing how to intelligently identify malicious traffic flows and automate the programming of the underlying network infrastructure to react to the inbound attack. While firewalls are attuned to block, allow, limit and other actions for specific policies, what typically is missing within this automated flow is a reprogramming of the network to prevent the attack from moving past the initial ingress – the data center edge router. The identification by the Intel NGFW and SMC will proactively send API calls to the Brocade Vyatta Controller to then re-program the network infrastructure (Open vSwitch and vRouter) to block and/or redirect the malicious flow – all within less than a second of the flow being identified.

 

By blocking or redirecting traffic in less time than it takes an operator to stand up from their chair, a self-defending network mitigates the risk exposure more efficiently than a solution requiring manual human intervention. To top it off, it also showcases the ease at which the Brocade Vyatta Controller can be utilized to manage network assets with open and robust control interfaces using a standard northbound interface to communicate with application level intelligence.

 

See the art of self-defending networks in Brocade's booth (2G29) at Mobile World Congress.