Issue link: http://cp.revolio.com/i/915954
18 | THE DATA CENTER JOURNAL www.datacenterjournal.com predicTing The sofTware-defined neTwork e first step is to predict the behavior of the applica- tions that are served by the network. By using traffic-flow analytics for each application, enterprises can determine and visualize what service tiers (e.g., web server, database, video streaming and video optimization) and workloads (e.g., VM1, VM2, Container1 and VM3) each application uses, as well as the traffic patterns between each of these tiers. In addition, they can also determine which network-specific attributes are used by each application and their resources (e.g., IP address and TCP port). Understanding application-level information is also important to validate any compliance requirements. For example, a set of network requirements may need to be met to abide by a corporate information-security policy. is knowledge gives the enterprise an understanding not only of what applications and resources are being used but also how to specifically segment the network for each application to help ascertain what automated security policies should be applied. preVenTing securiTy Breaches using sofTware-defined securiTy Measures Preventing security breaches in a cloud-based environ- ment requires the implementation of automated security policies that can react dynamically to the applications and resources they consume. By understanding and segment- ing each application in advance, including its traffic pat- terns, service tiers and supporting workloads, an enterprise can create policies that isolate application-specific traffic in its own secure logical domain. As the resources change throughout the application's life cycle, the security measures will dynamically follow, thus eliminating the requirement for any custom or manual security configuration. ese policies are instantiated on various network enforcement points, including VMs and containers. In practice, however, the solution will need to span nonvirtual assets such as bare-metal servers and other nonvirtualized appliances to support the practical case of heterogeneous environments. conTinuous deTecTion is possiBle wiTh sofTware-defined Tools Continuous detection must be an ongoing part of security in a cloud-based environment. Typically, the new breed of attacks is more nuanced and sophisticated, unlike a typical denial-of-service (DOS) attack. ese attacks could be zero-day attacks with no known signature and designed to permeate and infect laterally (east to west), as discussed above. Using flow analytics, traffic flows for each application need to be tracked throughout the application's life cycle to anticipate potential threats. e right solution should also employ traffic insights from existing installed security measures. Correlating analytics from installed security measures with existing flow analytics will unlock further contextual insight into the traffic and potential threats. For example, has this traffic attempted to breach any of the established security controls, and if so, to what degree? Having access to this information will provide more context and will allow the enterprise to intelligently automate remediation policies. dynaMic sofTware-defined responses By having a dynamic understanding of the applica- tion traffic within the perimeter of the data center, branch, or public cloud, enterprises can then define and implement automated policies that can respond to certain suspicious ap- plication traffic flows in real-time. Some examples include: • Real-time local alerts can be triggered informing the operator of suspicious activity for each application right down to the service-tier level of granularity. For example, an alert can be triggered when a certain TCP port on a virtual DB server is receiving an unexpected amount of ingress traffic • Suspicious traffic can be steered to an existing SIEM to provide more correlation and analysis on this suspi- cious traffic flow, or to an IPS or L7 FW to sanitize the traffic • Suspicious traffic can be quarantined or even blocked by steering traffic into a quarantined zone based on an automated trigger. looking forward With the emergence of the IoT, AI, 5G, greater use of Wi-Fi and more employee mobility, enterprises are rapidly moving toward more-unique devices, more end points, more traffic and, unfortunately, many more security concerns. With the continued expansion of application and service consumption into public clouds, the scale of the networks and the attack surface will grow rapidly. is situation makes it even more important to implement SDN-based program- mability and policy-driven automation now in anticipation of future security concerns. n about the author: Patrick McCabe is a senior marketing manager at Nuage Networks and is responsible for promoting SDN products and solutions for service providers and enterprises. Patrick has held a number of engineering, sales and marketing roles during his 25 years in the telecommunications industry. He was educated at St. Francis Xavier University and Technical University of Nova Scotia (DalTech) and holds bachelor and master's degrees in engineering.