Software-Defined Security (SDS)

SDS is a model in which the information security is controlled. The functions of network security devices, such as firewalling, intrusion detection, access controls, and network segmentation are extracted from hardware devices to a software layer. SDS exploits the Software-Defined Networking (SDN) to enhance network security. The concept of Software-Defined Security is intended to define security services needed as IT infrastructure transitions from hardware based to a software-defined market.


Technology Types

Following the SDS architecture concepts, the design of security solutions to protect organisations from Distributed Denial of Service (DDoS) and Malware attacks can drastically change and evolve to a more dynamic and sophisticated implementation.

One of the inherent capabilities of an SDN controller is the fact that it has knowledge of the network topology and infrastructure and it provides visibility of the traffic.


Components & enablers

  • Host: The host is to send or receive data through the network. For the SDS, all security techniques are transferred to the controller;
  • Controller: The controller is fully software-based. All security checks are done inside the controller. It has visibility of the traffic flows. It collects and processes information about the network;
  • Switch: The switch consults the controller to decide whether to accept or reject a request. A reactive caching mechanism is adopted in SDN. However, it makes switches vulnerable to a DoS attack.

Advantages & field of application

  • Efficient and dynamic mitigation of security threats and attacks;
  • Hardware cost reduction, due to the virtualisation of the network security applications in commodity hardware;
  • Utilisation of existing network appliances, even if they do not support advanced traffic monitoring mechanisms;
  • Dynamic configuration of existing network nodes for the mitigation of an attack, where and when needed;
  • Harmonised view of logical security policies, which exist within the SDN controller model and are not tied to any server or specialised security device;
  • Visibility of information from one source;
  • Integration with sophisticated applications in order to correlate events in a simpler way and respond more effective and intelligently to security threats;
  • Central management of security, which is implemented, controlled and managed by security software through the SDN controller;
  • May help to overcome cybersecurity issues. Facilitates IoT & BYOD connectivity. Abstracts security away from hardware vulnerabilities.

Technology Readiness Level

TRL 8 or even 9 but still 5/6 in TSO context


Research & Development

Solution implemented in the industries: hardware, software, telecommunication, banking, insurance, etc.


Best practice performance

The technology is present in the market, being at the beginning for now, start-ups being a strong presence in this area.

The development of the following use cases has been prioritized:

  • Policies should be bound to workloads, such as virtual machines, containers, applications, services or microservices;
  • Write security policy in one place and deploy in multiple places, where workload policy would then be enforced;
  • Must be able to measure the ability of network workloads to ensure the confidentiality, integrity and availability (the Security Triad) of the services they are delivering.

Best practice application


References

N/A