Defending network resources is a lot like defending a castle, argued Rod Wilson in a recent blog post. He’s the senior director for external research at Ciena.
In medieval times, a castle would be defended with strong walls, a deep moat, strong battlements, and guards to watch over the defenses.
This is similar to what networks need today: both good defenses and constant vigilance to detect and react to threats.
“Ciena believes in a multifaceted approach to secure networks, one that includes wire-speed encryption and thoughtful network architectures that can respond to resource cyber-attacks by provisioning new paths around compromised resources,” wrote Wilson. “However, new and future distributed cloud resources make this approach extremely challenging, and developing solutions requires a significant research investment.”
One potential solution to this problem is leveraging the programmability and intelligence of the software-defined networking (SDN) control plane.
The Ciena external research team has developed a 100G Optical-Packet research network, and is sponsoring collaboration with universities to investigate secure cyber-infrastructures and methods that would use SDN to reconfigure the network around cyber-attacks and other network anomalies, according to Wilson.
Using SDN/NFV-based technologies, researchers investigate how detection and protection concepts can provide autonomous protection against various types of cyber-attacks.
“Future product features based on this work will allow network operators to guarantee service levels to their customers even while under cyber-attack,” he noted. “As cyber-attacks and cyber-terrorism techniques grow increasingly advanced, high performance networked computer operations must evolve and develop new methods to avoid disruption.”
This is an interesting use case for SDN; usually we talk about how SDN can ramp up services fast and deliver a more nimble network at reduced cost.
Applying the SDN control plane to the cause of security is something like closing the inner walls once the external gate of a castle has been breached. As anyone who has ever watched an action movie set in medieval times will know, the ability to draw new lines of defense once the outer wall has been breached is a useful fallback. It’s no less so for networking in this age of cyber-attack threats.