SDN, NFV Pose Security Risk – Level 3 CMO

Level 3 has acknowledged there are some deep-seated concerns that SDN and NFV technologies may pose a security risk.

The issue could be critical for Level 3, which is keen to establish itself as a leading supplier of security products to government and enterprise customers but also claims to be at the forefront of the transition to New IP technologies.

Anthony Christie, the operator's chief marketing officer, says Level 3 Communications Inc. (NYSE: LVLT) is keen to start providing cloud-based firewalls, intrusion prevention and intrusion protection systems using NFV technology but admits "there are a lot of questions around network control" when it comes to SDN and virtualization.

"In a cloud-based environment apps are sitting all over the place -- you can't point to them and know where they are," he said, pointing out one key difference between the virtualized network environment of the future and today's systems.

Christie was asked whether SDN and NFV technologies might amplify security threats after executives at Light Reading's Big Telecom Event (BTE) earlier this year had flagged concerns on the matter. (See SDN & NFV Amplify Security Threat – Allot.)

At BTE, Jay Klein, the chief technology officer of Israel's Allot Ltd. (Nasdaq: ALLT), issued a stark warning that SDN could endanger network security by "creating lots of stupid nodes reporting back to a central location" during a panel session at the event.

"The central location has better visibility of what's happening on the complete network but if you attack that central location you can kill off the network," he said at the time.

While recognizing those concerns, Christie says that NFV-based security offerings are on Level 3's roadmap and could appear within a year or two.

Like other service providers drawn to the virtualization promise, Level 3 believes SDN and NFV will generate economies of scale and help it to avoid being tied to a single vendor's products.

Christie cites "white boxes" when asked to provide an example of the benefits associated with New IP technologies.

White box is the term used to describe commodity components (such as servers and switches) running at low cost and using open-source software that, if deployed on a large scale by network operators, could put enormous pressure on traditional vendors such as Cisco Systems Inc. (Nasdaq: CSCO) and Arista Networks Inc. , which recently claimed to be seeing little demand for them from its customers. (See Arista Sees Weak Demand for White Box Switches.)

Want to know more about the emerging SDN market? Check out our dedicated SDN content channel here on Light Reading.

Level 3 says it has the largest deployment of SDN technology of any service provider globally after adopting the architecture of tw telecom inc. (Nasdaq: TWTC), a network operator it bought for $7.3 billion late last year. (See Can Level 3 Execute the Perfect Merger?)

"They had been developing dynamic features on the network using underlying SDN technology and we've taken that and rolled it across our broader network," says Christie. "That deployment is in North America currently but it will be brought into Europe by the end of this year and generally available for Ethernet and IP-VPN services next year. Towards the tail end of next year it will be available globally."

In a security context, the shift to SDN and NFV could also receive a spur from Level 3's more recent takeover of Black Lotus, a DDoS mitigation specialist it acquired in July to support the development of its security offerings. (See Level 3 Elevates Security With Black Lotus.)

"It should help us to accelerate roadmap items and we've got good talent and customers from it as well," says Christie. "The integration is largely complete."

Next page: Level 3's new Security Operations Center (SOC)

1 of 2
Next Page
DHagar 9/25/2015 | 4:27:24 PM
Re: This topic divides rooms janerygaard, that's an interesting approach.  I am with you in that SDN/NFV by design with its distributed networks compounds the risks.  Your idea of constant monitoring through automation makes sense.

The other approach I was thinking was to create another layer (i.e., platform) and control that perimeter, rather than all the points?

Clearly, they are smart to be focusing on this.  If they can establish a solution that holds the confidence of their customers, they will have an edge.
bosco_pcs 9/25/2015 | 2:37:55 PM
Re: This topic divides rooms Ixia should be in the sweet spot
janerygaard 9/25/2015 | 1:57:08 PM
Re: This topic divides rooms I dont think there are two sides to the story. NFV/SDN will introduce more security challenges, and independently if they are easy to fix or not - the pure amount of them will be a challenge (read: risk). So security processes need to be automated within the orchestration layer to ensure the first level of security.

[email protected] 9/25/2015 | 10:51:33 AM
This topic divides rooms I hear both sides of the story.... one side says that vitrualization leaves a single point of attack while the other says it makes it more distrivbuted and easy to close down a security breach...

Intersting that security concerns are not halting Level 3's SDN/NFV implementations.
Sign In