You are here:  Home  >  Data Blogs | Information From Enterprise Leaders  >  Current Article

Networks Are Becoming Self-Aware and Self-Defending

By   /  February 23, 2015  /  No Comments

by James Kobielus

Software-defined networking (SDN) enables connectivity to be as malleable as any online resource. SDN brings the benefits of cloud-based virtualization to the physical layer of telecommunications environments. It leverages hypervisors, centralized controllers, and other virtualization infrastructure that enable bandwidth, switching, routing, capacity management, and other capabilities to be executed with unparalleled flexibility by means of programmatic controls.

As an integral component of software defined enterprise architectures, SDN continually optimizes compute, storage and networking infrastructure in line with enterprise policies and compliance requirements. Just as important, SDN ensures that networks remain self-aware, self-defending, and self-healing 24×7 without inordinate requirements for administrative intervention. In an SDN, these capabilities are available across vendor-neutral switching fabrics that span multiple hardware providers.

Self-defense is integral to SDN’s role as a critical piece of enterprise and carrier infrastructure. SDN would be ruinously risky if it didn’t ensure end-to-end security across all connected resources. Authentication, access control, encryption, auditing, intrusion prevention, and other safeguards must operate 24×7 on all resource access, workload management, and quality-of-service operations at every level of the SDN.

Big data is a huge component of SDN security, as this recent article makes abundantly clear. I like the author’s discussion of the benefits of leveraging big data analytics in conjunction with an SDN controller. Keeping big data under your SDN controller’s hood enables automated 24×7 monitoring, diagnosis, troubleshooting, optimization, and control of it all. As the piece states, “You can use machine data to provide input about network devices; assign various endpoints to provide raw data for analytics; assess what impact parallel processing or virtualization have on various network components.”

Sensor-driven device security is the heart of this discussion, and it relates closely to the Internet of Things (IoT). In this regard, I recommend that you look at my discussion of the role of big-data repositories in securing the IoT. As I stated there, end-to-end IoT security requires a consolidated security incident and event management (SIEM) repository. This involves implementing a single big-data repository for IoT security-relevant log data, with its own analytic and trend-analysis tools to identify threats across the entire IoT cloud under your purview.

SDN security also relates to my discussion of big data, quality of service, and “Telecom 2.0” in this blog. Extending what I stated there, the network operational support infrastructure necessary to support continuous SDN security should incorporate the following big-data elements:

  • Data warehousing platform(s) for storage, analysis, reporting, dashboarding, query and governance of security-relevant data linked to office subscriber systems of record
  • Hadoop or NoSQL platform(s) for discovery, extraction, collection, transformation, cleansing, integration and preprocessing of multi-structured security-relevant data
  • Stream-computing platform(s) for low-latency consolidation, filtering and correlation of security-relevant events
  • In-memory data platform(s) for real-time interactive data modeling, visualization and exploration of security scenarios
  • Graph analytics platform(s) for tracking of security-relevant user, component, application, system and network behaviors
  • Next best action, decision automation, or recommendation engine platform(s) for executing predictive models, business rules, orchestrations and other business logic needed to respond to security-relevant events
  • Identity resolution platform(s) to facilitate linking of diverse subscriber identifiers—at the application, device and network levels—in order to correlate security metrics across heterogeneous networks
  • Archival platform(s) for logging, time-series analysis and regulatory reporting of security-relevant historical data

If implemented effectively within the SDN, this layered big-data infrastructure can enable enterprises and carriers to ensure continuous enforcement of end-to-end security. In addition, it can allow them to distinguish themselves competitively through the provision of consolidated security reports, dashboards, diagnostic tools and other decision-support front-ends. Ideally, these consolidated security metrics should be accessible to users directly through self-service portals or indirectly through the SDN providers’ customer-support ecosystems.

How big will this big-data resource need to grow to realize this vision of continuously self-aware and self-defending SDNs? IoT will play a pivotal role determining how massive the underlying SIEM big-data repository will need to be. The larger, more diverse, and more dynamic the IoT traffic patterns on your network, the larger the SIEM infrastructure. Network data administrators must prepare themselves for petabyte volumes, streaming velocities, and multi-structured varieties necessary to run a secure SDN.

About the author

James Kobielus, Wikibon, Lead Analyst Jim is Wikibon's Lead Analyst for Data Science, Deep Learning, and Application Development. Previously, Jim was IBM's data science evangelist. He managed IBM's thought leadership, social and influencer marketing programs targeted at developers of big data analytics, machine learning, and cognitive computing applications. Prior to his 5-year stint at IBM, Jim was an analyst at Forrester Research, Current Analysis, and the Burton Group. He is also a prolific blogger, a popular speaker, and a familiar face from his many appearances as an expert on theCUBE and at industry events.

You might also like...

Tackling the Challenge of Transforming Unstructured Data into Actionable Intelligence

Read More →