Software-defined security (SDS) is a model in which the information security is controlled. The functions of network security devices, such as firewalling, intrusion detection, access controls, and network segmentation are extracted from hardware devices to a software layer. SDS exploits the software-defined networking (SDN) to enhance network security. The concept of SDS is intended to define the necessary security services as IT infrastructure transitions from a hardware based to a software-defined market.
Following the SDS architecture concepts, the design of security solutions to protect organisations from distributed denial of service (DDoS) and malware attacks can drastically change and evolve to a more dynamic and sophisticated implementation.
One of the inherent capabilities of an SDN controller is the fact that it has knowledge of the network topology and infrastructure and it pro-vides visibility of the traffic.
Components & enablers
- Host: The host is to send or receive data through the network. For the SDS, all security techniques are transferred to the controller.
- Controller: The controller is fully software-based. All security checks are done inside the controller. It has visibility of the traffic flows. It collects and processes information about the network.
- Switch: The switch consults the controller to decide whether to accept or reject a request. A reactive caching mechanism is adopted in SDN. However, it makes switches vulnerable to a DDoS attack.
Advantages & field of application
- Efficient and dynamic mitigation of security threats and attacks.
- Hardware cost reduction, due to the virtualisation of the network security applications in commodity hardware.
- Utilisation of existing network appliances, even if they do not support advanced traffic monitoring mechanisms.
- Dynamic configuration of existing network nodes for the mitigation of an attack, where and when needed.
- Harmonised view of logical security policies, which exist within the SDN controller model and are not tied to any server or specialised security device.
- Visibility of information from one source.
- Integration with sophisticated applications to correlate events in a simpler manner and respond more effective and intelligently to security threats.
- Central management of security, which is implemented, controlled and managed by security software through the SDN controller.
- May help to overcome cybersecurity issues. Facilitates IoT & BYOD connectivity. Abstracts security away from hardware vulnerabilities.
Technology Readiness Level
TRL 8 or even 9 but still 5/6 in TSO context
Research & Development
Solution implemented in the industries: hardware, software, telecommunication, banking, insurance, etc.
Best practice performance
The technology is present in the market, for now in the beginning stage; start-ups being a strong presence in this area.
The development of the following use cases has been prioritised:
- Policies should be bound to workloads, such as virtual machines, containers, applications, services or microservices.
- Write security policy in one place and deploy in multiple places, where workload policy would then be enforced.
- Must be able to measure the ability of network workloads to ensure the confidentiality, integrity and availability (the Security Triad) of the services they are delivering.
Best practice application