Overcoming Network Security Challenges with Network Function Virtualization
Up until the late 2000s, implementing carrier-grade security solutions involved a great deal of struggle and multiple appliances were installed all over the network. Ordinary servers weren’t built to handle the resource-intensive software that would monitor and protect your network. In the modern day, COTS servers have greatly increased their capabilities, allowing complex applications to run on general-purpose computing machines. The next obvious step is to run network security applications using NFV.
Security Appliances Swiftly Replaced by General Purpose Computing
Back in the good old days, cybersecurity organizations had to design and build complex appliances to run their services on. This custom-built security hardware soon became a familiar phenomenon.
In a time of small, manageable networks, security appliances made perfect sense. With a few affordable boxes, you could provide services such as malware detection, IDS/IPS, and DPI. The appliance’s on-board storage and processing meant that the security application wasn’t a resource hog.
That was then, however. As far as the present day is concerned, memory, processing power, and storage have all been reduced to a commodity level. General-purpose servers are now adequate to host many types of applications.
NFV Allows for Further Consolidation
Despite recent trends, security applications are still clunky enough that they generally require dedicated servers in order to run, and IT managers are leery of using one server to run multiple applications. The current situation still has a downside – the number of appliances, applications and nodes which require defense are resource intensive. The time and effort required to implement new information security solutions mean that SecOps can’t quickly pivot to defend against new threats, accommodate new compliance regimes, or even rapidly replace a sub-par product.
With NFV (Network Functions Virtualization), even these last restrictions can be wiped away.
NFV allows administrators to run multiple pieces of software on the same hardware, intermittently or in parallel. As an example, the ECI MUSE™ Cyber Security Suite runs on the robust Mercury™ NFV platform. By default, MUSE includes a powerful next-gen firewall, anomaly detection, and big data cyber analytics. MUSE isn’t just a service, however—it’s a complete solution. Users can implement any ECI cyber application or any 3rd party application. Both types of applications can be managed and controlled remotely with the MUSE COMPASS™ management dashboard.
Advantages of the MUSE Cyber Security Suite
With NFV, deployment and implementation are nearly effortless. There’s no need for forklift installations, and you don’t need to pre-configure hardware. Simply deploy new applications and push updates from your NOC.
With MUSE solution, your security applications will now have a much smaller footprint—one Mercury appliance running MUSE can host multiple applications. This may allow you to get rid of redundant appliances, reduce operational costs, and free up resources for other mission-critical applications. You can even use the Mercury NFV platform to host applications that aren’t security-related.
To summarize, NFV provides an amazing way for IT security directors to increase the flexibility and efficiency of their network security architecture, while simultaneously reducing or restraining overall costs. The ability to reduce the time and expense of implementation, plus the demonstrated ability to consolidate redundant hardware, is crucial for any organization in this day and age.
If you want to learn more about the MUSE Cyber Security Suite, contact ECI today for more information.