While software-defined networking (SDN) is slowly working its way toward having a real impact on how network architects can keep up with increasing demands, SDN adoption is on a collision course with another key networking challenge—security.
At the height of SDN’s hype in 2013, software-centric networks were being praised by many for their potential to revolutionize network security. The hype may have died down in recent years, leaving us with a more realistic perspective of the advantages and disadvantages of SDN for network security.
If you’re thinking of starting the transition from a hardware-centric network to SDN, don’t forget to weight the pros and cons in terms of network security.
What SDN Can Do for Security in a Perfect World
As the security stack becomes more complex at the edge of the network, it’s no wonder that network architects and security professionals are looking for new ways to approach network protection. When data breach volumes started to spike in 2013, it seemed like SDN was going to be the answer.
Software-defined networking didn’t revolutionize network security in 2013, but its potential to improve network defense still stands today and technology is catching up. The following are just a few of the ways that SDN could make a positive impact on network security moving forward:
- Centralized Data Routing: One of the main draws of SDN is its ability to route all traffic through a single, centralized controller. In terms of network security, SDN can be used to route data packets through a single firewall and make IDS and IPS data capture more efficient.
- Simplify VLAN Configuration: Companies using VLANs for greater security know that managing configurations isn’t an easy task—especially when you’re managing potentially thousands of them. SDN makes it easier to automate configuration and also improves the traceability of those configurations.
- Ease Pressure Off of the Perimeter: Today’s network perimeters are under immense pressure to defend internal networks from a wide array of potential threats. With flow-based security processing, SDN offers a more dynamic way to route traffic through security appliances and applications, taking some of the pressure off of perimeter defenses.
- More Effective Policy Management: Rather than physically configuring security solutions, SDN enables central management of security policies to make network operator roles more efficient.
There are many more potential use cases for SDN in network security, but the bottom line is this—effectively implementing a software-defined network means you can extend your defense capabilities from simply blocking specific attacks to proactively adapting to new threats.
>> Download Now: Visibility Architecture in SDN & NFV Environments [Free whitepaper]
With so many potential network security advantages from SDN, it might seem like an obvious choice to make the switch. However, there are some key challenges to keep in mind.
Be Careful—Central Control Means Central Vulnerability
The main issue regarding SDN security is the fact that virtualizing every aspect of the network infrastructure and its management greatly increases your attack footprint.
Rather than attackers having specific virtualized instances in the public cloud to target, they could potentially compromise your central controller and gain complete control over your network. This is an extreme scenario, but it could become very real as SDN sees more widespread adoption.
Digging a little deeper, software-defined networks could experience greater vulnerability due to the separation of control and data planes. If there is any disruption in communication between the two planes, it could result in a major hole for attackers to compromise. We know that attackers are relentless in their research and preparation, so it would only be a matter of time before these disruptions were exposed.
Just like in today’s hardware-centric networks, ensuring visibility in your software-defined network is the key to maintaining security. Deploying a foundation of visibility with a network TAPs may not be a point security solution, but it is certainly necessary if you want to reap the benefits of SDN while avoiding potential security pitfalls.
Looking to add visibility to your SDN deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!
