At this week’s VMworld shindig in San Francisco, many networking and security vendors will crow about software-defined security and software use cases for SDN. Some of this rhetoric will be nothing more than industry hype, while other banter may prove to be extremely useful in the near future.
Yes, there are many interesting ways that SDN could work to enhance network security. That said, which SDN/network security use cases are really compelling and which could be considered second-tier? ESG research asked this specific question to security professionals working at enterprise organizations (i.e. more than 1,000 employees) as part of a recent network security research report (note: I am an ESG employee). Here are the top 5 SDN use cases for network security:
- 28% want to use SDN to help them selectively block malicious traffic to endpoints while still allowing normal traffic flows. In this case, SDN would be tied into malware detection appliances like those from Cisco, FireEye, Fortinet, Palo Alto Networks, or Trend Micro.
- 28% want to use SDN to improve network security policy auditing and conflict detection/resolution. Here, SDN could be used to aggregate and manage network segmentation for example.
- 23% want to use SDN to centralize network security service policy and configuration management. Similar to the use case above but in this case, SDN could be used to align network security policy with server virtualization (i.e. vCenter, MS System Center), cloud (i.e. AWS, OpenStack, etc.), or orchestration platforms (i.e. Chef, Puppet, etc.).
- 23% want to use SDN to automate network security remediation tasks. Think “self-defending networks” here. Based upon the latest threat intelligence, a firewall/SDN controller combination could generate new firewall rules on-the-fly. Firms like Norse, Vorstack, or Webroot could act as the security intelligence brains tied into SDN in this use case.
- 23% want to use SDN to implement more granular network segmentation for network security. Think micro-segmentation where specific users, sessions, or flows could communicate across a point-to-point VPN. For example, HyTrust works with Intel TXT to offer fine-grained segmentation aligning workloads with particular servers and trust zones.
SDN technologies are still relatively immature so network security benefits may be a while. Nevertheless, enterprise security professionals seem to recognize that SDN offers some interesting security use cases that could help them improve risk management, incident detection, and incident response at their organizations. As such, security professionals should pay attention to SDN progress, and network security vendors should align physical/virtual network security products and services with enterprise requirements.