Software Defined Networks and their Implications on Security
In the inaugural session of the AlienVault experts’ opinions and ideas, Roger Thornton, CTO at AlienVault, interviews Dr. Ed Amoroso, former Chief Security Officer the CEO and Founder of Tag Cyber. Click here to watch the entire version.
The topic is SDN (software-defined networks) and the implications on security both good and bad. Roger leads off by recounting, “7 or 8 years ago an employee of mine was in my office, banging on the table and banging on the doors that SDNs were going to change everything, and the world was going to be a completely different place. And I’ve got to admit I didn’t get it. I didn’t get it technically. I think I have an idea now, but I also didn’t understand how quickly it would be upon us”.
Ed Amoroso explains more in the video, “So, if you think about software-defined, it’s a way of using software to virtualize something that previously was tangible. For example, when was the last time you bought a calculator? Never, right? I mean, if you go back, you and I would go buy a calculator. We would buy a TI calculator. It was a piece of equipment we held in our hands. Eventually, that became virtualized as an application that ran on another platform. So, we all use calculator apps on other things—software-defined calculators.
When was the last time you bought a flashlight, right? Now we use our phones. A piece of software has actually virtualized something that you would never have dreamed in a million years could be virtualized. A flashlight? What are you talking about? I need something that’s going to emanate light, and the idea that now flashlights are apps on some other platform is also kind of natural, but we don’t always think about that.
When you take a moment to think, ‘Hey, you’re right! I do use my phone as a flashlight. I do use my phone as a calculator,’ so the question becomes “Can you use infrastructure—a vanilla, baseline computer infrastructure—to implement other types of hardware components that you never would have dreamed could be virtualized”.
The video also addresses the pros and cons of security with SDN. According to Ed Amoroso, “SDN is software - but it still has the same concepts - I think you’ll see patching and provisioning are simpler because we can build clean images off in some laboratory, make sure it’s right, and then just deploy those images, and that’s a simpler kind of thing. Forensics is made simpler because we can basically grab an entire image, drop it into a forensics lab, do what we need to do”.