Security & Virtualization: 'We Are All Screwed'

Elizabeth Miller Coyne

DENVER -- NFV & Carrier SDN -- It's really as bad as you think it is when it comes to security in the world of NFV and SDN -- and the problem could get worse as more network functions are virtualized, according to the "Security in the Virtualization Era" panelists at the NFV & Carrier SDN event in Denver this week. In fact, according to Ray Watson, vice president, global technology, Masergy Communications Inc. , "We are all screwed."

After kicking off the panel with that bombshell, he went on to remind the packed house that today there is less time to respond to threats, because the bad guys are much faster to share known exploits and hacking discoveries. "We are tracking attacks in hours, and the day or two service providers used to have to patch breaches are long gone."

Panelist Ron Renwick, senior director of product marketing at Netronome , then threw himself on the identity theft sword and said, "I'm just going to tell you my social security number and get it over with."

In addition to hackers getting smarter by the second, Renwick noted, "It all comes back to a server or switch in a data center, they have to be contained and secure. If anything we are exacerbating the problem with distributed VNFs; we are solving one problem and creating more problems at the same time. How can you secure everything when you don't know where everything is?"

Security Shock Jocks
From left: Ron Renwick, senior director of product marketing, Netronome; Rob Sherwood, CTO, Big Switch Networks; Mike O'Malley, vice president strategy and business development, Radware; Ray Watson, vice president, Global Technology, Masergy; and Gary Sockrider, principal security technologist, Arbor Networks
From left: Ron Renwick, senior director of product marketing, Netronome; Rob Sherwood, CTO, Big Switch Networks; Mike O'Malley, vice president strategy and business development, Radware; Ray Watson, vice president, Global Technology, Masergy; and Gary Sockrider, principal security technologist, Arbor Networks

Indeed, the usual perimeter-based approach to securing service provider networks won't really work when virtual network functions (VNFs) and applications can be anywhere. And in an enterprise environment today, there are on-premise applications and private cloud applications which makes sandbagging the perimeter into the building impossible, said Mike O'Malley, vice president strategy and business development, for Radware Ltd. (Nasdaq: RDWR). "The applications are no longer in the building," said O'Malley.

But wait, there's more. It's now possible that the threats to one VNF are coming from another, housed in the same server, according to Watson.

One of the ongoing problems both network operators and enterprises face, however, is in finding cybersecurity experts: There are 250,000 vacant jobs today and that's expected to grow to 1 million by 2020, says Watson. "There is no indication that it's going to drop off."

The security experts didn't just dwell on the doom and gloom, however, but also discussed solutions to the crisis.

"Advancements being made in machine-to-machine and AI [artificial intelligence] are absolutely essential in fighting bad guys that are getting better," O'Malley said. "Solutions that can get better on the fly -- machine learning, AI -- and agility to deploy counter measures against a thinking enemy is required."

Arbor Networks' Gary Sockrider pointed to the ability to virtualize security as VNFs are created, delivering the right amount of security to fit a given application. And as Rob Sherwood, CTO of Big Switch Networks , said, small security teams with the right tools can be mighty. It's a "fallacy that if you hire more security professionals, you'll be more secure," he noted, adding that Google and Facebook have relatively small security teams.

Renwick added that the gap in skills and job market openings actually allows SDN to prove its worth. "This is where the opportunity of SDN applications with security come to bear," he said. "Having an SDN app that can look at all the probes, and detect and mitigate threats, takes the labor burden off the SOC. The business case around automation makes the service more profitable and solves labor issues."

— Elizabeth Miller Coyne, Managing Editor, Light Reading

(5)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
User Rank: Light Beer
9/16/2016 | 7:44:13 PM
Re: Quelle surprise
Security with regards to SDN/NFV it just doesn't mean spinning up a FW or some other security instance. Security appliances obviously do lot of deep packet lookups and are  way complex than just configuring a security policy. If physicall appliances struggle to keep up with functional interactions then I doubt how well the virtual instances can cope up to. Btw, guess how many default usernames and passwords need to be changed to bringup the openstack controllers/neutron servers :-)

Kelsey Ziser
Kelsey Ziser,
User Rank: Blogger
9/16/2016 | 3:27:53 PM
Re: Quelle surprise
Ray delivered an Upskill U course on the changing face of security threats - see Big Data Analytics & Network Security. As you mentioned @Carol, Ray explained that hackers have easy access to very cheap tools but it's very expensive to combat their threats. He noted that "In addition to the challenges around data volume, the level of complexity around attacks has also increased exponentially."
User Rank: Light Sabre
9/16/2016 | 1:55:18 PM
Re: Quelle surprise
We'll continue to have problems as long as we use 20th-century ID procedures. We'll still have problems even when we move those procedures into this century, but maybe a little less common.
User Rank: Light Beer
9/16/2016 | 12:31:41 PM
Re: Quelle surprise
I moderated this panel and the first 15 minutes was pretty scary stuff. It used to be you needed skills to do hacking but now the tools are readily available for the amateur cyber criminal - or you can just outsource the dirty work to someone who is easily hired on the Internet, just like any other outsourcer. 
User Rank: Light Sabre
9/16/2016 | 9:56:12 AM
Quelle surprise
In 1880, the number of fatalities worldwide that could be directly attributed to automobiles was exactly zero. But no one wants to go back to those days -- well, almost no one.
Featured Video
From The Founder
John Chambers is still as passionate about business and innovation as he ever was at Cisco, finds Steve Saunders.
Flash Poll
Upcoming Live Events
June 26, 2018, Nice, France
September 12, 2018, Los Angeles, CA
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 17, 2018, Chicago, Illinois
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
NFV Is Down but Not Out
Iain Morris, News Editor, 5/22/2018
What VeloCloud Cost VMware
Phil Harvey, US News Editor, 5/21/2018
Verizon CEO Says LA Is Second 5G City
Dan Jones, Mobile Editor, 5/16/2018
TM Forum Sea-Change Overcomes That Sinking Feeling
Iain Morris, News Editor, 5/17/2018
Animals with Phones
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed