& cplSiteName &

Security & Virtualization: 'We Are All Screwed'

Elizabeth Miller Coyne

DENVER -- NFV & Carrier SDN -- It's really as bad as you think it is when it comes to security in the world of NFV and SDN -- and the problem could get worse as more network functions are virtualized, according to the "Security in the Virtualization Era" panelists at the NFV & Carrier SDN event in Denver this week. In fact, according to Ray Watson, vice president, global technology, Masergy Communications Inc. , "We are all screwed."

After kicking off the panel with that bombshell, he went on to remind the packed house that today there is less time to respond to threats, because the bad guys are much faster to share known exploits and hacking discoveries. "We are tracking attacks in hours, and the day or two service providers used to have to patch breaches are long gone."

Panelist Ron Renwick, senior director of product marketing at Netronome , then threw himself on the identity theft sword and said, "I'm just going to tell you my social security number and get it over with."

In addition to hackers getting smarter by the second, Renwick noted, "It all comes back to a server or switch in a data center, they have to be contained and secure. If anything we are exacerbating the problem with distributed VNFs; we are solving one problem and creating more problems at the same time. How can you secure everything when you don't know where everything is?"

Security Shock Jocks
From left: Ron Renwick, senior director of product marketing, Netronome; Rob Sherwood, CTO, Big Switch Networks; Mike O'Malley, vice president strategy and business development, Radware; Ray Watson, vice president, Global Technology, Masergy; and Gary Sockrider, principal security technologist, Arbor Networks
From left: Ron Renwick, senior director of product marketing, Netronome; Rob Sherwood, CTO, Big Switch Networks; Mike O'Malley, vice president strategy and business development, Radware; Ray Watson, vice president, Global Technology, Masergy; and Gary Sockrider, principal security technologist, Arbor Networks

Indeed, the usual perimeter-based approach to securing service provider networks won't really work when virtual network functions (VNFs) and applications can be anywhere. And in an enterprise environment today, there are on-premise applications and private cloud applications which makes sandbagging the perimeter into the building impossible, said Mike O'Malley, vice president strategy and business development, for Radware Ltd. (Nasdaq: RDWR). "The applications are no longer in the building," said O'Malley.

But wait, there's more. It's now possible that the threats to one VNF are coming from another, housed in the same server, according to Watson.

One of the ongoing problems both network operators and enterprises face, however, is in finding cybersecurity experts: There are 250,000 vacant jobs today and that's expected to grow to 1 million by 2020, says Watson. "There is no indication that it's going to drop off."

The security experts didn't just dwell on the doom and gloom, however, but also discussed solutions to the crisis.

"Advancements being made in machine-to-machine and AI [artificial intelligence] are absolutely essential in fighting bad guys that are getting better," O'Malley said. "Solutions that can get better on the fly -- machine learning, AI -- and agility to deploy counter measures against a thinking enemy is required."

Arbor Networks' Gary Sockrider pointed to the ability to virtualize security as VNFs are created, delivering the right amount of security to fit a given application. And as Rob Sherwood, CTO of Big Switch Networks , said, small security teams with the right tools can be mighty. It's a "fallacy that if you hire more security professionals, you'll be more secure," he noted, adding that Google and Facebook have relatively small security teams.

Renwick added that the gap in skills and job market openings actually allows SDN to prove its worth. "This is where the opportunity of SDN applications with security come to bear," he said. "Having an SDN app that can look at all the probes, and detect and mitigate threats, takes the labor burden off the SOC. The business case around automation makes the service more profitable and solves labor issues."

— Elizabeth Miller Coyne, Managing Editor, Light Reading

(5)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
User Rank: Light Beer
9/16/2016 | 7:44:13 PM
Re: Quelle surprise
Security with regards to SDN/NFV it just doesn't mean spinning up a FW or some other security instance. Security appliances obviously do lot of deep packet lookups and are  way complex than just configuring a security policy. If physicall appliances struggle to keep up with functional interactions then I doubt how well the virtual instances can cope up to. Btw, guess how many default usernames and passwords need to be changed to bringup the openstack controllers/neutron servers :-)

Kelsey Ziser
Kelsey Ziser,
User Rank: Blogger
9/16/2016 | 3:27:53 PM
Re: Quelle surprise
Ray delivered an Upskill U course on the changing face of security threats - see Big Data Analytics & Network Security. As you mentioned @Carol, Ray explained that hackers have easy access to very cheap tools but it's very expensive to combat their threats. He noted that "In addition to the challenges around data volume, the level of complexity around attacks has also increased exponentially."
User Rank: Light Sabre
9/16/2016 | 1:55:18 PM
Re: Quelle surprise
We'll continue to have problems as long as we use 20th-century ID procedures. We'll still have problems even when we move those procedures into this century, but maybe a little less common.
User Rank: Light Beer
9/16/2016 | 12:31:41 PM
Re: Quelle surprise
I moderated this panel and the first 15 minutes was pretty scary stuff. It used to be you needed skills to do hacking but now the tools are readily available for the amateur cyber criminal - or you can just outsource the dirty work to someone who is easily hired on the Internet, just like any other outsourcer. 
User Rank: Light Sabre
9/16/2016 | 9:56:12 AM
Quelle surprise
In 1880, the number of fatalities worldwide that could be directly attributed to automobiles was exactly zero. But no one wants to go back to those days -- well, almost no one.
Featured Video
From The Founder
Light Reading founder Steve Saunders grills Cisco's Roland Acra on how he's bringing automation to life inside the data center.
Flash Poll
Upcoming Live Events
February 26-28, 2018, Santa Clara Convention Center, CA
March 20-22, 2018, Denver Marriott Tech Center
April 4, 2018, The Westin Dallas Downtown, Dallas
May 14-17, 2018, Austin Convention Center
All Upcoming Live Events
SmartNICs aren't just about achieving scale. They also have a major impact in reducing CAPEX and OPEX requirements.
Hot Topics
Project AirGig Goes Down to Georgia
Dan Jones, Mobile Editor, 12/13/2017
Here's Pai in Your Eye
Alan Breznick, Cable/Video Practice Leader, Light Reading, 12/11/2017
Verizon's New Fios TV Is No More
Mari Silbey, Senior Editor, Cable/Video, 12/12/2017
Ericsson & Samsung to Supply Verizon With Fixed 5G Gear
Dan Jones, Mobile Editor, 12/11/2017
Juniper Turns Contrail Into a Platform for Multicloud
Craig Matsumoto, Editor-in-Chief, Light Reading, 12/12/2017
Animals with Phones
Don't Fall Asleep on the Job! Click Here
Live Digital Audio

Understanding the full experience of women in technology requires starting at the collegiate level (or sooner) and studying the technologies women are involved with, company cultures they're part of and personal experiences of individuals.

During this WiC radio show, we will talk with Nicole Engelbert, the director of Research & Analysis for Ovum Technology and a 23-year telecom industry veteran, about her experiences and perspectives on women in tech. Engelbert covers infrastructure, applications and industries for Ovum, but she is also involved in the research firm's higher education team and has helped colleges and universities globally leverage technology as a strategy for improving recruitment, retention and graduation performance.

She will share her unique insight into the collegiate level, where women pursuing engineering and STEM-related degrees is dwindling. Engelbert will also reveal new, original Ovum research on the topics of artificial intelligence, the Internet of Things, security and augmented reality, as well as discuss what each of those technologies might mean for women in our field. As always, we'll also leave plenty of time to answer all your questions live on the air and chat board.

Like Us on Facebook
Twitter Feed