Level 3 has acknowledged there are some deep-seated concerns that SDN and NFV technologies may pose a security risk.

The issue could be critical for Level 3, which is keen to establish itself as a leading supplier of security products to government and enterprise customers but also claims to be at the forefront of the transition to New IP technologies.

Anthony Christie, the operator's chief marketing officer, says Level 3 Communications Inc. (NYSE: LVLT) is keen to start providing cloud-based firewalls, intrusion prevention and intrusion protection systems using NFV technology but admits "there are a lot of questions around network control" when it comes to SDN and virtualization.

"In a cloud-based environment apps are sitting all over the place -- you can't point to them and know where they are," he said, pointing out one key difference between the virtualized network environment of the future and today's systems.

Christie was asked whether SDN and NFV technologies might amplify security threats after executives at Light Reading's Big Telecom Event (BTE) earlier this year had flagged concerns on the matter. (See SDN & NFV Amplify Security Threat – Allot.)

At BTE, Jay Klein, the chief technology officer of Israel's Allot Ltd. (Nasdaq: ALLT), issued a stark warning that SDN could endanger network security by "creating lots of stupid nodes reporting back to a central location" during a panel session at the event.

"The central location has better visibility of what's happening on the complete network but if you attack that central location you can kill off the network," he said at the time.

While recognizing those concerns, Christie says that NFV-based security offerings are on Level 3's roadmap and could appear within a year or two.

Like other service providers drawn to the virtualization promise, Level 3 believes SDN and NFV will generate economies of scale and help it to avoid being tied to a single vendor's products.

Christie cites "white boxes" when asked to provide an example of the benefits associated with New IP technologies.

White box is the term used to describe commodity components (such as servers and switches) running at low cost and using open-source software that, if deployed on a large scale by network operators, could put enormous pressure on traditional vendors such as Cisco Systems Inc. (Nasdaq: CSCO) and Arista Networks Inc. , which recently claimed to be seeing little demand for them from its customers. (See Arista Sees Weak Demand for White Box Switches.)

Want to know more about the emerging SDN market? Check out our dedicated SDN content channel here on Light Reading.

Level 3 says it has the largest deployment of SDN technology of any service provider globally after adopting the architecture of tw telecom inc. (Nasdaq: TWTC), a network operator it bought for $7.3 billion late last year. (See Can Level 3 Execute the Perfect Merger?)

"They had been developing dynamic features on the network using underlying SDN technology and we've taken that and rolled it across our broader network," says Christie. "That deployment is in North America currently but it will be brought into Europe by the end of this year and generally available for Ethernet and IP-VPN services next year. Towards the tail end of next year it will be available globally."

In a security context, the shift to SDN and NFV could also receive a spur from Level 3's more recent takeover of Black Lotus, a DDoS mitigation specialist it acquired in July to support the development of its security offerings. (See Level 3 Elevates Security With Black Lotus.)

"It should help us to accelerate roadmap items and we've got good talent and customers from it as well," says Christie. "The integration is largely complete."

Next page: Level 3's new Security Operations Center (SOC)

Level 3 slips into new SOC
Christie was speaking to Light Reading at the official opening of Level 3's new Security Operations Center (SOC) in London. (See Eurobites: Vodafone & EE Miss VoLTE Boat.)

The London SOC represents the operator's first in the EMEA region, which it has served up until now from its facilities in North America.

Figure 1: The Dark Art of Security In the gloom of a typical north London September morning, Dale Drew, Level 3's chief security officer, shows off a small part of the operator's new SOC.

Executives gathered at the opening event said Level 3 had decided it needed a physical security presence in EMEA to satisfy growing customer demands, with about 32% of DDoS attacks worldwide targeted at European entities, according to the company's research.

Emphasizing the effectiveness of cyber-security measures, Level 3 says there was a 38% year-on-year decline in traffic from command-and-control (C2) servers in eastern Europe in the second quarter of this year following the removal of one large C2 server.

Although security offerings accounted for only a small percentage of the $6.8 billion in sales that Level 3 generated last year, revenues from this business are growing faster than in any other area, according to Jack Waters, Level 3's chief technology officer.

The company says that on a daily basis the SOC monitors 1,000 C2 servers, more than 1 million malicious packets and around 1.3 billion security events, tracking nearly 3 million "compromised computers" each day.

— Iain Morris, , News Editor, Light Reading