Virtualized networks and SDN (software-defined network) architectures are “the next big thing,” offering businesses new opportunities to grow and change. They bring together far-flung facilities in a single, secure network and let people from all locations communicate as if they were in the same building. SDNs also create big challenges to IT and cybersecurity teams. Instead of securing one physical data center, they must now secure an increasingly large, complex and distributed network in a virtual environment.
Security in a Virtualized Network
Today’s virtualized networks and SDN architectures add new complexities and challenges to the job of guarding critical and sensitive data against increasingly sophisticated cyber attacks:
- Separation of the control and data planes requires technology that will protect SDN controllers and applications from data plane-based attacks.
- SDN architectures are multipath environments, connecting and scaling stateful network security devices and requiring the ability to programmatically direct and distribute traffic through them.
- SDN security tools must scale to very large numbers of programmable flows and effective line-rate performance.
The Software-Defined Data Center
To provide a secure SDN, a security system has to be as agile as the network architecture. Any gaps in protection or loss of performance can take away the advantages virtualization provides.
The key is to think not just of a software-defined network but a software-defined data center (SDDC) that transcends local boundaries. The SDDC covers remote branches, cloud servers and mobile and telecommuting devices. Data centers already deal with virtualization on the machine level. The next step is to run the entire network as a data center, including machines at distant locations. The security software needs to cover the control, data and management planes without leaving any gaps.
A Dynamic Approach to SDN Security
Traditional network monitoring is limited to specific points on the physical network, but that’s no longer enough. Approaches such as Fortinet’s SDN Security Framework address the dynamic nature of today’s modern, agile networks through scalability, segmentation and simplification. This approach answers key demands of SDN security, including:
- All components work together. Endpoint security isn’t sufficient protection. The SDN Security Framework includes monitoring of internal network behavior. The discovery of any anomalies triggers actions to prevent the damage from spreading. Using a coordinated approach, rather than a centralized one, provides better protection while avoiding performance bottlenecks.
- Automation keeps up with network changes. Virtual machines are created or destroyed as demand requires. Mobile devices come and go. If it’s necessary to re-configure security settings every time a device is added or moved, it would be practically impossible to keep up. Fortinet’s framework takes a dynamic approach that tracks all changes and keeps them in communication with the overall security system.
- Everything is managed through a single pane of glass. Just as SD-WAN technology provides a single point of control for the entire network, the SDN Security Framework allows network managers to view and control security policies from one control panel, wherever the devices are located, so nothing is overlooked.
Virtualized networks and SDN architectures offer businesses unprecedented opportunities, but they also invite a new level of security risk. While the potential benefits of SDN are enormous, ensuring effective security is a key consideration. CCSI, a Fortinet partner, delivers solutions to protect your complex, virtualized, SDN-driven network to bring your business to the next level. Contact us to learn more.