Holistic vs. Dedicated Approaches to Cyber Security
While many organizations see network functions virtualization (NFV) solutions as a technology for making their infrastructure more dynamic and efficient, most fail to realize that it can also be leveraged to make cyber security programs more effective. Instead of having to deploy multiple, dedicated security appliances that uniformly inspect all network traffic in the same way, NFV can be leveraged by companies to take a more holistic and adaptive approach to configuring security policy.
Dedicated Security Appliances—Missing the Mark
Traditionally, network architects and security professionals have deployed a number of dedicated security appliances like next-gen firewalls, intrusion prevention systems (IPS), web application firewalls and more to protect their network. However, with 80 million to 90 million security incidents occurring each year and 70% going undetected, it’s clear that there’s an issue with this approach.
When dedicated security appliances (firewalls, intrusion prevention, advanced threat detection, etc.) are deployed in the network, each one in turn analyzes the traffic according to its specific algorithms. In this approach, all traffic is equal, there is no attempt to segregate the traffic upfront to determine which streams represent higher risks and there is no coordinated effort to treat the threats as a whole. Companies have to hope that one of their appliances will pick up the threat before it is allowed to pass into the corporate network.
When we look at the number of breaches that occur on a continuous basis, it is clear that this approach is not as effective as it could be. Moreover, it puts quite a strain on the network throughput and increases latency. To better fully secure corporate assets, companies should consider revamping their security strategy to leverage the benefits virtualization can provide.
The Holistic Approach to Security with NFV
Just as companies leverage NFV to cut down on the amount of physical hardware in the network, security teams can apply the same principles to their programs. By treating security applications as virtualized network functions, they can use one NFV platform to run multiple security VNFs – thereby reducing CapEX and OpEx. Moreover, and additional benefit of NFV is the ability to centrally manage the VNFs which limits the need for truck roll upgrades.
Another benefit which is often overlooked is the ability to leverage adaptive service chaining to gain greater efficiencies, protection and control, while reducing overhead in terms of throughput and latency.
There are two key advantages to this more holistic approach. To start, adaptive service chaining lets companies control how each service type is treated before it is let in and out of the network. Say a company has a firewall, advance threat detection (ATD) engine and encryption system. Security professionals can create a number of service-based policies for greater efficiency without creating additional vulnerabilities. For example, they can specify a program where Skype traffic goes through the firewall but bypasses the ATD and encryption engine or create one where traffic designated for corporate webservers pass through both the firewall and ATD before it is let through.
Obviously, if companies can reduce the resources needed to support their security applications, they can then invest in a greater number of applications.
NFV-based security applications offer additional benefits. For example when paired with a centralized management system, alarm fatigue can also be reduced. A centralized management engine uses big data analytics to build rules and heuristics which can then be used to fine tune threat detection and prevention. Since data from all the applications are compiled and analyzed, security professionals can more quickly identify and characterize suspicious behavior.
Optimizing the Your NFV Investments
As companies look to transform their infrastructures, it’s important to take a wider view of how new technologies like NFV and SDN can help. Now that next-gen networking technology has matured beyond the “hardware” phase, companies need to look at how virtualized network functions can further enhance operations. Service chaining of security applications is just the first step in maximizing NFV investments.
When adopting an NFV platform, telcos, utility companies and service providers must be careful—not all platforms are created equal. Even though NFV can make the network more flexible, closed platforms make it difficult to adapt in the long run because implementing new services and applications can be complicated. Look for platforms that truly adhere to the open standards as defined by OpenFlow, OpenStack and ETSI.
Are you taking NFV to the next level and using it to enhance your security protocols? Share your tips in the space below.