SlideShare a Scribd company logo

SDN Security Advantages: Centralized Control, Native Apps, and Dynamic Response

Priyanka Aash
Priyanka Aash

Current practices using wide-area routing over Internet infrastructure decentralize the control of how information is transferred. Software-Defined Networking (SDN) centralizes network control functions, offering more holistic network security management and allowing for dynamic divisioning, multivendor end-to-end security and reduced dependence on the traditional perimeter approach. (Source: RSA USA 2016-San Francisco)

Technology
1 of 11
Download to read offline
SESSION ID: #RSAC Dr. Edward G. Amoroso Senior Vice President & Chief Security Officer AT&T Security Advantages of Software-Defined Networking TECH-T10
#RSAC Forwarding Control Forwarding Control Forwarding Control Forwarding Forwarding Control Forwarding Decentralized Control (Hardware/Software) Centralized Control (Software – SDN Controller) Traditional SDN Centralized SDN Control and Virtual Forwarding Forwarding Control Forwarding Control Forwarding Control Fast Hardware Forwarding Traditional Control Control Control Forwarding Virtualized Network Functions Forwarding Forwarding NFV
#RSAC Centralized SDN Security Control Centralized SDN Control SDN Infrastructure (Simplified Forwarding Devices) - Data Collection - Network Info - Holistic View - Live Threat - Forwarding Changes - Network Update - Re-routing - Live Response SDN Security App 1 SDN Security App 2 . . . SDN Control: Centralized control allows for improved security vantage point Management: Security management improves with full network visibility Applications: SDN applications provide native security control functions Data Collection: Native collection and analytics offer enhanced response Efficiency: SDN enables more immediate re-routing and infrastructure changes (Dynamic Enforcement) Enterprise Security Processes Analogous to Traditional Mainframe Security
#RSAC Security by Design Traditional Router Patching Response Threat DDOS ACL Monitor Traditional Security Overlay ISP/Enterprise SDN/NFV Security SDN Apps SDN Control Devices Patching Patching Patching Response Response Response Integrated Design Separate Design . . . . . . . . . Retrofit: Existing networks have been retrofit with security after-the-fact Routers: Existing router complexity degrades response and patching Native: SDN and NFV include native security embedded during design Integration: Security by design in SDN results in more integrated security Complexity: Fresh SDN and NFV design provide opportunity for simplification (Security Designed In) Traditional Network Security Done “After the Fact”
#RSAC Add-On Security Protections Business XYZ SDN Controller User Provisioning SDN Control API Vendor Security Tool Internet Threats XYZ Security Vendor Security Tool Image SDN Cycle Time: Reduces provisioning from weeks/months to hours/minutes Attack Response: Improves defensive posture during live cyber attack Planned Upgrade: Enhances defensive posture in advance of planned need Economics: Avoids expense of vendor hardware appliance investment Platform: Establishes underlying SDN base for cyber security product market Future of Managed Security Services: On-Demand
#RSAC Defense in Depth Architecture Business XYZ SDN Controller User Provisioning SDN Control API Vendor 1 Security Tool SDN API API Vendor 3 Security Tool Vendor 1 Security Tool Image Vendor 2 Security Tool Image Vendor 3 Security Tool Image XYZ Security Vendor 2 Security Tool Service Chain Cycle Time: Reduces provisioning from weeks/months to hours/minutes Attack Response: Provides multiple layers of cyber defense Tailoring: Allows design to include strengths of each vendor Chaining: Creates opportunity to create virtual security chains Platform: Abstracts hardware differences between security vendors Allows Dynamic Security Service Chaining
#RSAC Streamlined Security Patching SDN Patch Control App SDN Control Forwarding DevicesForwarding DevicesForwarding DevicesForwarding Devices Hypervisor Cloud Hardware SDN/NFV Threat Intelligence Common Patch Images Greatly Simplified Patching Need Centralized Enterprise Security Patch Control Cycle Time: Reduces patch cycles from weeks/months to hours/minutes Automation: SDN controllers enable automation based on intelligence Inventory: SDN/NFV infrastructure offers live inventory for common images Validation: Patch metrics and posture can be collected in real-time Simplification: Simplified devices have smaller software patch surface Allows Install of Common Patched Images
#RSAC Improved Incident Response Hypervisor VM 1 VM 2 VM 3 VM 4 VM 5 Cloud Hardware Centralized Enterprise Incident Response SDN Response Control App SDN/NFV Response Intelligence Wipe and Restore Swap and Restore Common Restoration Cycle Time: Reduces response from days/hours to minutes/seconds Automation: SDN/NFV approach allows response based on intelligence Inventory: Virtualization enables wipe and restore response for VMs Forensics: Restoration allows swap and capture for off-line forensics Simplification: Common hardware enables swap and restore response Hardware Swapped and Sent Intact to Forensics
#RSAC Perimeter Independence Private Cloud VM 1 Email “Inside the Firewall” Web Telework Partners Only Allow VM 1 Required Service Current Perimeter: Enterprise perimeter weaknesses require immediate action Micro-Perimeter: Virtualization enables embedded cloud micro-perimeters Independence: Virtualized security works In both private and public clouds APT Attacks: Virtual micro-perimeters in the cloud are resilient against APT Equivalence: With virtual security, public and private clouds are threat equivalent Public Cloud VM 2 Public and Private clouds have SAME threat profile Use of Cloud Can Exceed Existing Perimeter Security
#RSAC DDOS Resilience VM 1 VM 2 VM 3 Internet DDOS Attacks VM 1’ VM 2’ VM 3’ SDN Controller Auto-Provisioned Scale Expansion SDN Auto-Shift to Scaled VMs Workload VM 1, 2, 3 Under Attack (Unavailable) VM 1’, 2’, 3’ Not Under Attack (Available) DDOS Threat: Many enterprise networks remain vulnerable to Layer 3/7 DDOS Layer 3: DDOS defenses rely on more powerful defense than offense (Gbps) Layer 7: Application-level DDOs attacks likely to increase (per Layer 3 defenses) Expansion: Virtualization allows for dynamic, expansion under attack Consequence: Approach is similar to CDN expansion to reduce attack consequence Dynamic Rule and Route Modification
#RSAC Implications for Attendees - Application for virtual data center design - Source selection in ISP/MSP services - Design base for virtualizing micro-segments - New platform for MSSP operations - Modified set of compliance issues for security

Recommended

Sdn&security
Sdn&securitySdn&security
Sdn&securityCristiano Monteiro
 
SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3Wen-Pai Lu
 
Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)Ameer Sameer
 
SDN-ppt-new
SDN-ppt-newSDN-ppt-new
SDN-ppt-newGifty Susan Mani
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksahmad abdelhafeez
 
SDN - a new security paradigm?
SDN - a new security paradigm?SDN - a new security paradigm?
SDN - a new security paradigm?Sophos Benelux
 
The Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on SecurityThe Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on SecurityBrent Salisbury
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinZivaro Inc
 

Recommended

Sdn&security
Sdn&securitySdn&security
Sdn&securityCristiano Monteiro
 
SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3Wen-Pai Lu
 
Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)Ameer Sameer
 
SDN-ppt-new
SDN-ppt-newSDN-ppt-new
SDN-ppt-newGifty Susan Mani
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksahmad abdelhafeez
 
SDN - a new security paradigm?
SDN - a new security paradigm?SDN - a new security paradigm?
SDN - a new security paradigm?Sophos Benelux
 
The Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on SecurityThe Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on SecurityBrent Salisbury
 
SDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinSDN Security: Two Sides of the Same Coin
SDN Security: Two Sides of the Same CoinZivaro Inc
 
SDN-Security
SDN-SecuritySDN-Security
SDN-SecurityParas Hematbhai Dudhatra
 
Attacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingAttacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingPriyanka Aash
 
Software defined networking players
Software defined networking playersSoftware defined networking players
Software defined networking playersAmeer Sameer
 
Software Defined Network (SDN)
Software Defined Network (SDN)Software Defined Network (SDN)
Software Defined Network (SDN)Ahmed Ayman
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
 
Software defined network
Software defined networkSoftware defined network
Software defined networkDeeptiman Mallick
 
Software Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefSoftware Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefZivaro Inc
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSrinivasa Addepalli
 
SDN Analytics & Security
SDN Analytics & Security SDN Analytics & Security
SDN Analytics & Security Scott Raynovich
 
SDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDxCentral
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkRobb Boyd
 
44CON & Ruxcon: SDN security
44CON & Ruxcon: SDN security44CON & Ruxcon: SDN security
44CON & Ruxcon: SDN securityDavid Jorm
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersIben Rodriguez
 
DEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFVDEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFVCisco DevNet
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 
2008-03-06 Harris Corp Security Seminar
2008-03-06 Harris Corp Security Seminar2008-03-06 Harris Corp Security Seminar
2008-03-06 Harris Corp Security SeminarShawn Wells
 
Introduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVIntroduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVKingston Smiler
 
Simplifying SDN Networking Across Private and Public Clouds
Simplifying SDN Networking Across Private and Public CloudsSimplifying SDN Networking Across Private and Public Clouds
Simplifying SDN Networking Across Private and Public Clouds5nine
 
Incident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIncident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIben Rodriguez
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Winston Morton
 
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill ChainOrchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill ChainPriyanka Aash
 

More Related Content

What's hot

Attacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingAttacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingPriyanka Aash
 
Software defined networking players
Software defined networking playersSoftware defined networking players
Software defined networking playersAmeer Sameer
 
Software Defined Network (SDN)
Software Defined Network (SDN)Software Defined Network (SDN)
Software Defined Network (SDN)Ahmed Ayman
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware
 
Software Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefSoftware Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefZivaro Inc
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSrinivasa Addepalli
 
SDN Analytics & Security
SDN Analytics & Security SDN Analytics & Security
SDN Analytics & Security Scott Raynovich
 
SDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDxCentral
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_finalLan & Wan Solutions
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkRobb Boyd
 
44CON & Ruxcon: SDN security
44CON & Ruxcon: SDN security44CON & Ruxcon: SDN security
44CON & Ruxcon: SDN securityDavid Jorm
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersIben Rodriguez
 
DEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFVDEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFVCisco DevNet
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 
2008-03-06 Harris Corp Security Seminar
2008-03-06 Harris Corp Security Seminar2008-03-06 Harris Corp Security Seminar
2008-03-06 Harris Corp Security SeminarShawn Wells
 
Introduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVIntroduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVKingston Smiler
 
Simplifying SDN Networking Across Private and Public Clouds
Simplifying SDN Networking Across Private and Public CloudsSimplifying SDN Networking Across Private and Public Clouds
Simplifying SDN Networking Across Private and Public Clouds5nine
 
Incident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIncident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIben Rodriguez
 

What's hot (20)

SDN-Security
SDN-SecuritySDN-Security
SDN-Security
 
Attacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networkingAttacking SDN infrastructure: Are we ready for the next gen networking
Attacking SDN infrastructure: Are we ready for the next gen networking
 
Software defined networking players
Software defined networking playersSoftware defined networking players
Software defined networking players
 
Software Defined Network (SDN)
Software Defined Network (SDN)Software Defined Network (SDN)
Software Defined Network (SDN)
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
 
Software defined network
Software defined networkSoftware defined network
Software defined network
 
Software Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefSoftware Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology Brief
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_Networks
 
SDN Analytics & Security
SDN Analytics & Security SDN Analytics & Security
SDN Analytics & Security
 
SDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined Networking
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_final
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your Network
 
44CON & Ruxcon: SDN security
44CON & Ruxcon: SDN security44CON & Ruxcon: SDN security
44CON & Ruxcon: SDN security
 
New Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data CentersNew Threats, New Approaches in Modern Data Centers
New Threats, New Approaches in Modern Data Centers
 
DEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFVDEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFV
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)
 
2008-03-06 Harris Corp Security Seminar
2008-03-06 Harris Corp Security Seminar2008-03-06 Harris Corp Security Seminar
2008-03-06 Harris Corp Security Seminar
 
Introduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFVIntroduction to OpenFlow, SDN and NFV
Introduction to OpenFlow, SDN and NFV
 
Simplifying SDN Networking Across Private and Public Clouds
Simplifying SDN Networking Across Private and Public CloudsSimplifying SDN Networking Across Private and Public Clouds
Simplifying SDN Networking Across Private and Public Clouds
 
Incident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIncident Handling in a BYOD Environment
Incident Handling in a BYOD Environment
 

Similar to SDN Security Advantages: Centralized Control, Native Apps, and Dynamic Response

Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Winston Morton
 
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill ChainOrchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill ChainPriyanka Aash
 
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.Priyanka Aash
 
A Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecurityA Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecuritySébastien Tandel
 
Software Define Network, a new security paradigm ?
Software Define Network, a new security paradigm ?Software Define Network, a new security paradigm ?
Software Define Network, a new security paradigm ?Jean-Marc ANDRE
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacionrubychavez
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web SystemsInnoTech
 
Security at the Speed of the Network
Security at the Speed of the NetworkSecurity at the Speed of the Network
Security at the Speed of the NetworkHantzley Tauckoor
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesAngel Villar Garea
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_diveNur Shiqim Chok
 
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...Jürgen Ambrosi
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine Erin Banks
 
Infrastructure as (Secure) Code
Infrastructure as (Secure) CodeInfrastructure as (Secure) Code
Infrastructure as (Secure) CodeMark Nunnikhoven
 
VMware Developer-Ready Transformation
VMware Developer-Ready TransformationVMware Developer-Ready Transformation
VMware Developer-Ready TransformationVMware Tanzu
 
Managed desktop and infrastructure
Managed desktop and infrastructureManaged desktop and infrastructure
Managed desktop and infrastructureBlink Communications
 
Air defense advanced forensics module spec sheet
Air defense advanced forensics module spec sheetAir defense advanced forensics module spec sheet
Air defense advanced forensics module spec sheetAdvantec Distribution
 
Junos space seminar
Junos space seminarJunos space seminar
Junos space seminarKappa Data
 
20150311 NSX update 301
20150311 NSX update 30120150311 NSX update 301
20150311 NSX update 301Kevin Groat
 

Similar to SDN Security Advantages: Centralized Control, Native Apps, and Dynamic Response (20)

Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015Network Function Virtualization - Security Best Practices AtlSecCon 2015
Network Function Virtualization - Security Best Practices AtlSecCon 2015
 
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill ChainOrchestrating Software Defined Networks To Disrupt The Apt Kill Chain
Orchestrating Software Defined Networks To Disrupt The Apt Kill Chain
 
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.
 
A Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecurityA Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive Security
 
Software Define Network, a new security paradigm ?
Software Define Network, a new security paradigm ?Software Define Network, a new security paradigm ?
Software Define Network, a new security paradigm ?
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacion
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
 
Security at the Speed of the Network
Security at the Speed of the NetworkSecurity at the Speed of the Network
Security at the Speed of the Network
 
VMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use casesVMware NSX for vSphere - Intro and use cases
VMware NSX for vSphere - Intro and use cases
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
 
Cybersecurity - Jim Butterworth
Cybersecurity - Jim ButterworthCybersecurity - Jim Butterworth
Cybersecurity - Jim Butterworth
 
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
6° Sessione VMware NSX: la piattaforma di virtualizzazione della rete per il ...
 
040711 webcast securing vmachine
040711 webcast securing vmachine 040711 webcast securing vmachine
040711 webcast securing vmachine
 
MONITORING PPT.pdf
MONITORING PPT.pdfMONITORING PPT.pdf
MONITORING PPT.pdf
 
Infrastructure as (Secure) Code
Infrastructure as (Secure) CodeInfrastructure as (Secure) Code
Infrastructure as (Secure) Code
 
VMware Developer-Ready Transformation
VMware Developer-Ready TransformationVMware Developer-Ready Transformation
VMware Developer-Ready Transformation
 
Managed desktop and infrastructure
Managed desktop and infrastructureManaged desktop and infrastructure
Managed desktop and infrastructure
 
Air defense advanced forensics module spec sheet
Air defense advanced forensics module spec sheetAir defense advanced forensics module spec sheet
Air defense advanced forensics module spec sheet
 
Junos space seminar
Junos space seminarJunos space seminar
Junos space seminar
 
20150311 NSX update 301
20150311 NSX update 30120150311 NSX update 301
20150311 NSX update 301
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

SDN Security Advantages: Centralized Control, Native Apps, and Dynamic Response

  • 1. SESSION ID: #RSAC Dr. Edward G. Amoroso Senior Vice President & Chief Security Officer AT&T Security Advantages of Software-Defined Networking TECH-T10
  • 2. #RSAC Forwarding Control Forwarding Control Forwarding Control Forwarding Forwarding Control Forwarding Decentralized Control (Hardware/Software) Centralized Control (Software – SDN Controller) Traditional SDN Centralized SDN Control and Virtual Forwarding Forwarding Control Forwarding Control Forwarding Control Fast Hardware Forwarding Traditional Control Control Control Forwarding Virtualized Network Functions Forwarding Forwarding NFV
  • 3. #RSAC Centralized SDN Security Control Centralized SDN Control SDN Infrastructure (Simplified Forwarding Devices) - Data Collection - Network Info - Holistic View - Live Threat - Forwarding Changes - Network Update - Re-routing - Live Response SDN Security App 1 SDN Security App 2 . . . SDN Control: Centralized control allows for improved security vantage point Management: Security management improves with full network visibility Applications: SDN applications provide native security control functions Data Collection: Native collection and analytics offer enhanced response Efficiency: SDN enables more immediate re-routing and infrastructure changes (Dynamic Enforcement) Enterprise Security Processes Analogous to Traditional Mainframe Security
  • 4. #RSAC Security by Design Traditional Router Patching Response Threat DDOS ACL Monitor Traditional Security Overlay ISP/Enterprise SDN/NFV Security SDN Apps SDN Control Devices Patching Patching Patching Response Response Response Integrated Design Separate Design . . . . . . . . . Retrofit: Existing networks have been retrofit with security after-the-fact Routers: Existing router complexity degrades response and patching Native: SDN and NFV include native security embedded during design Integration: Security by design in SDN results in more integrated security Complexity: Fresh SDN and NFV design provide opportunity for simplification (Security Designed In) Traditional Network Security Done “After the Fact”
  • 5. #RSAC Add-On Security Protections Business XYZ SDN Controller User Provisioning SDN Control API Vendor Security Tool Internet Threats XYZ Security Vendor Security Tool Image SDN Cycle Time: Reduces provisioning from weeks/months to hours/minutes Attack Response: Improves defensive posture during live cyber attack Planned Upgrade: Enhances defensive posture in advance of planned need Economics: Avoids expense of vendor hardware appliance investment Platform: Establishes underlying SDN base for cyber security product market Future of Managed Security Services: On-Demand
  • 6. #RSAC Defense in Depth Architecture Business XYZ SDN Controller User Provisioning SDN Control API Vendor 1 Security Tool SDN API API Vendor 3 Security Tool Vendor 1 Security Tool Image Vendor 2 Security Tool Image Vendor 3 Security Tool Image XYZ Security Vendor 2 Security Tool Service Chain Cycle Time: Reduces provisioning from weeks/months to hours/minutes Attack Response: Provides multiple layers of cyber defense Tailoring: Allows design to include strengths of each vendor Chaining: Creates opportunity to create virtual security chains Platform: Abstracts hardware differences between security vendors Allows Dynamic Security Service Chaining
  • 7. #RSAC Streamlined Security Patching SDN Patch Control App SDN Control Forwarding DevicesForwarding DevicesForwarding DevicesForwarding Devices Hypervisor Cloud Hardware SDN/NFV Threat Intelligence Common Patch Images Greatly Simplified Patching Need Centralized Enterprise Security Patch Control Cycle Time: Reduces patch cycles from weeks/months to hours/minutes Automation: SDN controllers enable automation based on intelligence Inventory: SDN/NFV infrastructure offers live inventory for common images Validation: Patch metrics and posture can be collected in real-time Simplification: Simplified devices have smaller software patch surface Allows Install of Common Patched Images
  • 8. #RSAC Improved Incident Response Hypervisor VM 1 VM 2 VM 3 VM 4 VM 5 Cloud Hardware Centralized Enterprise Incident Response SDN Response Control App SDN/NFV Response Intelligence Wipe and Restore Swap and Restore Common Restoration Cycle Time: Reduces response from days/hours to minutes/seconds Automation: SDN/NFV approach allows response based on intelligence Inventory: Virtualization enables wipe and restore response for VMs Forensics: Restoration allows swap and capture for off-line forensics Simplification: Common hardware enables swap and restore response Hardware Swapped and Sent Intact to Forensics
  • 9. #RSAC Perimeter Independence Private Cloud VM 1 Email “Inside the Firewall” Web Telework Partners Only Allow VM 1 Required Service Current Perimeter: Enterprise perimeter weaknesses require immediate action Micro-Perimeter: Virtualization enables embedded cloud micro-perimeters Independence: Virtualized security works In both private and public clouds APT Attacks: Virtual micro-perimeters in the cloud are resilient against APT Equivalence: With virtual security, public and private clouds are threat equivalent Public Cloud VM 2 Public and Private clouds have SAME threat profile Use of Cloud Can Exceed Existing Perimeter Security
  • 10. #RSAC DDOS Resilience VM 1 VM 2 VM 3 Internet DDOS Attacks VM 1’ VM 2’ VM 3’ SDN Controller Auto-Provisioned Scale Expansion SDN Auto-Shift to Scaled VMs Workload VM 1, 2, 3 Under Attack (Unavailable) VM 1’, 2’, 3’ Not Under Attack (Available) DDOS Threat: Many enterprise networks remain vulnerable to Layer 3/7 DDOS Layer 3: DDOS defenses rely on more powerful defense than offense (Gbps) Layer 7: Application-level DDOs attacks likely to increase (per Layer 3 defenses) Expansion: Virtualization allows for dynamic, expansion under attack Consequence: Approach is similar to CDN expansion to reduce attack consequence Dynamic Rule and Route Modification
  • 11. #RSAC Implications for Attendees - Application for virtual data center design - Source selection in ISP/MSP services - Design base for virtualizing micro-segments - New platform for MSSP operations - Modified set of compliance issues for security