“Security experts are such a cheery lot. They’ll usually tell you you’re doing everything wrong and that we’re all doomed.”
Craig Matsumoto in an article here.
I don’t profess to be a network security expert, but I can’t help but thinking that network virtualisation will bring security and OSS experts far closer together than ever before. I can envisage a merging of the NOC (Network Operations Centre) and the SOC (Security Operations Centre). The foundations of both industries are as much process-driven as they are technology-driven, but today I’ll focus on the technological overlaps:
- Network perimeters become blurred as the VMs that underpin VNFs are managed and maintained, often automatically moved across data centre and cloud environments
- Hypervisors and SDN controllers become new attack surfaces and in the case of SDN controllers a breach could represent a loss of control of the entire network
- A multitude of vendors across the VNFs, hypervisors, hardware platforms, controllers, APIs and associated management suites could present mismatches to exploit
The other interesting aspect is from the perspective of the CSPs. With a traditional carrier link, the CSP just provides a dumb pipe with no concept of securitisation of the link. The customer has the responsibility of securing itself by providing the security infrastructure such as firewalls, etc that connect to the carrier-links.
Virtualised networking has a strength in that it allows for the simple instantiation of logical security devices to protect logical network domains or functions at a far cheaper price-point than with physical devices. This potentially makes the customer’s network more secure. However, the new challenge for the CSP is ensuring that the multi-tenanted infrastructure (hardware and software) that underpins the virtual customer networks is also secured.
It’s at this CSP layer that the OSS (ie the dynamic management of physical and logical devices and network links) will provide invaluable intel to the security tools in terms of correlating network / security events.
This is where the analytics of the network generate the melding of industries. The anomalytics becomes a blend continual monitoring of: alarms, reliability / SLA / performance counters, intrusion detection events, fraud analysis, firewall events, viral infections, load balancing (for DoS attacks), etc.
There are too many events for a human to handle so advanced machine learning will have a big part to play in controlling this cocktail.