Software Defined Networks (SDN) : A Revolutionary New Architecture Deserves Revolutionary New Cybersecurity Protection

As Virtual Machines (VM) were the disruptive technology last century for server and storage platforms, Software Defined Networks (SDN) appears to be an industry-changing, disruptive technology for switch and router platforms in this young century.  SDN has already gained grass roots momentum as early adopters Google, Goldman Sachs and Fidelity have announced that they have deployed SDN, over a year ago, on their enterprise networks.  Gartner analyst Greg Young has pointed out that security around SDN in particular is still an open field--not necessarily a good thing for security managers who might be faced with securing SDN in a few years. This is where ISC8 and its approach to adding a security layer for SDN fits in.

One of the highest risks that enterprise owners and operators face as they deploy this SDN technology is their belief (either implicitly or explicitly) that their existing cybersecurity perimeter equipment on their legacy layer 2/3 network fabric will be able to protect their intellectual property and IT infrastructure inside their new (SDN) framework.  Nothing could be further from the truth.  Most enterprise asset owners and IT/Cybersecurity practitioners realize that their current perimeter defenses are woefully inadequate in the wake of the ever-increasing quantity and quality of advanced malware being found on networks today.  Inadequate planning for network security on their SDN architecture will make the network operators even more oblivious to the security posture of their data and assets.  The cyclonic movement of traffic at the core of the network enabled by the SDN technology will render perimeter security equipment virtually blind to detect and alert on advanced malware and other types of cyber attacks that take place on the interior of the enterprise network.  Specifically how does one search and detect malware on the interior of the network while SDN executes, in real-time, the following network-based features: 

Custom Flow Management

  • On-Demand Network Provisioning
  • Flexible, Real-time, Network Optimization
  • Dynamic QoS Profiles
  • Application-defined SLA’s
  • Network Policies at Scale
  • Intra/Inter Domain Load Balancing

Most, if not all, of an enterprise’s cybersecurity protection is either in the form of perimeter defense or aimed at very specific type of threats/intrusion mechanisms. The ultimate goal of malware is to get to the interior of the network (where confidential, proprietary and classified data is stored).  SDN gives the network operator or enterprises complete command and control of their layer 2 & layer 3 network devices and unprecedented granular management of the resources, features and configurations across the entire network architecture…all from a single GUI interface.  This works even if the network switches and routers are from different vendors (as long as they are Open Flow enabled devices.)  SDN based networks are capable of supporting custom requirements from various business applications (SLA’s, QoS, Policy Management, Security, etc.) along with complete control over all the features, capabilities and resources across their entire switching and routing fabric. 

ISC8’s advanced malware detection product, Cyber adAPT®, has been engineered to work seamlessly with SDN’s network architectures to provide a real-time view of the toxicity of the data traffic on the interior network and associated forensic data related to network traffic movement throughout the core… all from a single GUI interface. 

Cyber adAPT is accretive to your existing defense in depth architecture and will provide visibility and actionable data to your network operations staff that would enable them to identify zero days and other targeted attacks before they can exfiltrate proprietary/confidential data…which should be the Holy Grail of every CISO.

Prudent planning is required in order to leverage the full capabilities of Cyber adAPT and SDN technology.  There is no better time than when you are rebuilding your network from the inside out to add cybersecurity protection.  A cybersecurity protection solution must analyze all network traffic on the interior of the enterprise network in order to determine threat severity for the enterprise at large where it matters most…at the core of the network.  Anything less than designing and deploying a security framework that can give you that visibility and analysis would be a-kin to designing an enterprise network in a vacuum and then bolting on network security protection after the fact…like we did in the last century.  


Llewellyn Derry is the Vice President of Business Development for ISC8.  ISC8 has built the industry’s first signature-less advanced-malware detection product that operates at 10G and above and sits in the core (not the perimeter) of the enterprise network.  He has over 25 years of industry experience in the commercial, federal government and overseas markets.  Prior to joining ISC8 Llewellyn was with Raytheon as Sr. Director of Cybersecurity Solutions. There he managed the company’s worldwide cybersecurity R&D budget and lead a team that developed a portfolio of cybersecurity services for the Critical Infrastructure Protection (CIP) market for Commercial Utilities, Energy Companies and DoD Installations.  Llewellyn holds the CISSP, CISM and C|EH certifications and serves on the Board of Advisors at the University of Dallas’ Graduate School of Management’s Information Assurance Program.  He is also a member of the FBI’s Infragard Team and the United States Secret Service’s Electronic Crimes Task Force (ECTF).