DENVER -- NFV & Carrier SDN -- It's really as bad as you think it is when it comes to security in the world of NFV and SDN -- and the problem could get worse as more network functions are virtualized, according to the "Security in the Virtualization Era" panelists at the NFV & Carrier SDN event in Denver this week. In fact, according to Ray Watson, vice president, global technology, Masergy Communications Inc. , "We are all screwed."
After kicking off the panel with that bombshell, he went on to remind the packed house that today there is less time to respond to threats, because the bad guys are much faster to share known exploits and hacking discoveries. "We are tracking attacks in hours, and the day or two service providers used to have to patch breaches are long gone."
Panelist Ron Renwick, senior director of product marketing at Netronome , then threw himself on the identity theft sword and said, "I'm just going to tell you my social security number and get it over with."
In addition to hackers getting smarter by the second, Renwick noted, "It all comes back to a server or switch in a data center, they have to be contained and secure. If anything we are exacerbating the problem with distributed VNFs; we are solving one problem and creating more problems at the same time. How can you secure everything when you don't know where everything is?"
Indeed, the usual perimeter-based approach to securing service provider networks won't really work when virtual network functions (VNFs) and applications can be anywhere. And in an enterprise environment today, there are on-premise applications and private cloud applications which makes sandbagging the perimeter into the building impossible, said Mike O'Malley, vice president strategy and business development, for Radware Ltd. (Nasdaq: RDWR). "The applications are no longer in the building," said O'Malley.
But wait, there's more. It's now possible that the threats to one VNF are coming from another, housed in the same server, according to Watson.
One of the ongoing problems both network operators and enterprises face, however, is in finding cybersecurity experts: There are 250,000 vacant jobs today and that's expected to grow to 1 million by 2020, says Watson. "There is no indication that it's going to drop off."
The security experts didn't just dwell on the doom and gloom, however, but also discussed solutions to the crisis.
"Advancements being made in machine-to-machine and AI [artificial intelligence] are absolutely essential in fighting bad guys that are getting better," O'Malley said. "Solutions that can get better on the fly -- machine learning, AI -- and agility to deploy counter measures against a thinking enemy is required."
Arbor Networks' Gary Sockrider pointed to the ability to virtualize security as VNFs are created, delivering the right amount of security to fit a given application. And as Rob Sherwood, CTO of Big Switch Networks , said, small security teams with the right tools can be mighty. It's a "fallacy that if you hire more security professionals, you'll be more secure," he noted, adding that Google and Facebook have relatively small security teams.
Renwick added that the gap in skills and job market openings actually allows SDN to prove its worth. "This is where the opportunity of SDN applications with security come to bear," he said. "Having an SDN app that can look at all the probes, and detect and mitigate threats, takes the labor burden off the SOC. The business case around automation makes the service more profitable and solves labor issues."
— Elizabeth Miller Coyne, Managing Editor, Light Reading