Software defined networking (SDN) is going to revolutionize the way organizations approach big data, especially in the area of software defined networking security. The combination of big data analytics and the self-optimizing and self-healing nature of SDN open new possibilities for smart, self-aware networks capable of defending themselves against threats.
According to the Dell’Oro Group, the SDN market is expected to jump 65 percent this year. The reason for the boom according to Dell’Oro analysts is that SDN architectures are just starting to be deployed. Sale of routers is down 4 percent in the fourth quarter of 2013 as IT managers look forward to 10-Gigabit Ethernet switching for the enterprise and 25-Gigabit Ethernet for the cloud which fuels sales of SDN hardware to manage those switches.
Software defined networking decouples the control plane from the physical network, using centralized controller software to provision and manage switches and shape network traffic from a central location, without having to configure individual switches. The result is a vendor-neutral switching fabric that spans multiple ASICs and hardware vendors.
At present the most popular SDN protocol is OpenFlow, an open source protocol that centralizes packet switching control across the switching fabric. The OpenFlow protocol provides communications between the SDN controller and the switch hardware so you can manage any switching device from any manufacturer.
Software defined networking security has to be built into the architecture to protect the availability and integrity of connected network resources. For example, while the SDN Controller provides a central point of control for the switch fabric, it also offers a central point of attack. Trusted communications need to be maintained to provide access to only trusted devices. There also needs to be a policy framework in place that can provide checks and balances for SDN commands, and a reporting and remediation system has to be in place in the event of a security breach.
Big Data Powers Software Defined Networking Security
Now consider how big data can power software defined networking security.
SDN provides a central point of administration with the entire network as a resource. SDN streamlines provisioning and provides top-down network decisions based on controller input. SDN applications respond to changes in the network environment. Feedback to the SDN controller can be used to ensure the desired behavior of the overall network. The natural evolution is from manual SDN control to automated control, programming the SDN controller to react to network activity.
Now consider what happens when you marry the SDN controller with big data analytics. You can use big data to monitor all aspects of the network. You can use machine data to provide input about network devices; assign various endpoints to provide raw data for analytics; assess what impact parallel processing or virtualization have on various network components.
The more end points you have reporting from various locations about different network states, the more the information has to be analyzed. Now you have a big data initiative that provides the analytics necessary to determine the automated commands for the SDN controller.
Big Data Securing Big Data
Now consider how big data processes analytical data. Analytical tools historicly take snapshots of data over time, providing an overall picture using data taken at historical intervals. With big data you can change the dynamic of samples, not only collecting information from more data points but with greater frequency.
One of the questions about big data analytics is whether to use batch processing or real-time analytics. If you plan to make near real-time adjustments based on analytics then the closer you can get to real-time processing the better.
And you can scale big data to gather as much data as seems necessary, both inside and outside the enterprise; the better the quality of the data the better the quality of the big data findings.
Now you have the potential to create a self-administering network that is capable of identifying threats in real time and protecting itself. Using real-time analytics it’s possible to identify a network threat, generate an automated response, and issue a command to the SDN controller to isolate the threat. Big data analysis operates faster than human response time so in addition to sending out an alarm, the SDN controller can be programmed to take immediate action and then report and log that action for later review.
Of course, this opens other questions such as how to determine what end points to trust, how to manage change approval, and how to handle testing, auditing, and archiving. However, the promise of the self-healing network is there, all it will require is a little software defined networking security.