As we develop more powerful cloud architectures and virtualize more of our infrastructure, we need a better understanding of the changing security implications, best practices and threat models of a virtual network.

A white paper from Cloud Security Alliance included some great new information on how network function virtualization (NFV) and software-defined networking (SDN) have evolved and can be used in the modern enterprise. This post is the first in a three-part series on the topic in which we will look more closely at the security challenges of both technologies and provide recommendations on what you should do to make your virtual networks more secure.

Security and the SDN

Last year, we wrote about how software and virtualization can help define a more protected perimeter, particularly for health care organizations that want to segregate a virtual network for clinical trials and files containing more sensitive data, for example.

The concept behind SDN is relatively simple to explain: You can make changes to your network infrastructure (routers, firewalls and virtual LAN segments) on the fly, such as being able to respond to an outage or security incident. You can insert additional network paths or firewalls on demand when they are needed, just as a virtual machine (VM) allows you to bring up an instance of a Windows server when needed.

A VM decouples the physical hardware from the actions of a computer, such as running an operating system or saving files to a hard drive. Similarly, using NFV means you decouple a piece of networking gear from the physical device (a firewall, router or switch) itself.

But this simple explanation hides a great deal of complexity in terms of deployment, not to mention the difficulty of migrating from existing infrastructures to the virtual networks.

Too Many Choices for Virtual Networks

However, as more network-centric appliances proliferate, virtualizing them makes sense because network traffic patterns and operational requirements change. Many IT departments currently make use of virtual LANs. These perform some of these activities but still rely on physical network gear. SDN makes it easier to add tens or thousands of VMs and automate the provisioning and changes to your network infrastructure so you can become more flexible in your operations.

The good news is that SDN is a rapidly evolving marketplace. The bad news is that, like many IT-related innovations, there are several conflicting standards and vendor alignments competing in this space. Anyone who contemplates SDN will have to choose one of the top commercial camps based on the product offering and related standards and how it will integrate with existing security protocols.

“The pace of development and NFV/SDN evolution present an incredible challenge because they are outpacing the ability to fully understand security issues and provide effective controls,” the CSA paper stated. “Furthermore, the lack of consistent standards among SDN implementations can create further gaps in security.”

Be sure to read our next post in this series on the security challenges and increased risks of network function virtualization.

More from Network

Cybersecurity in the Next-Generation Space Age, Pt. 4: New Space Future Development and Challenges

View Part 1, Introduction to New Space, Part 2, Cybersecurity Threats in New Space, and Part 3, Securing the New Space, in this series. After the previous three parts of this series, we ascertain that the technological evolution of New Space ventures expanded the threats that targeted the space system components. These threats could be countered by various cybersecurity measures. However, the New Space has brought about a significant shift in the industry. This wave of innovation is reshaping the future…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Cybersecurity in the Next-Generation Space Age, Pt. 2: Cybersecurity Threats in New Space

View Part 1 in this series, Introduction to New Space. The growth of the New Space economy, the innovation in technologies and the emergence of various private firms have contributed to the development of the space industry. Despite this growth, there has also been an expansion of the cyberattack surface of space systems. Attacks are becoming more and more sophisticated and affecting several components of the space system’s architecture. Threat Actors' Methodology Every space system architecture is composed of three…

Beware of What Is Lurking in the Shadows of Your IT

This post was written with contributions from Joseph Lozowski. Comprehensive incident preparedness requires building out and testing response plans that consider the possibility that threats will bypass all security protections. An example of a threat vector that can bypass security protections is “shadow IT” and it is one that organizations must prepare for. Shadow IT is the use of any hardware or software operating within an enterprise without the knowledge or permission of IT or Security. IBM Security X-Force responds…