Red Armor Software-Defined Network Security
Scale to 100% Inspection with Software-defined Network Security
Software-defined network security (SDNS) lets you economically inspect 100% of your traffic, all the time, for all time. At its foundation is a security service load balancer which sits in-line and horizontally scales your inspection capability into any number of existing physical or virtual instances of your inspection services. This is a simple yet performant way of service chaining security functions which effectively decouples security from the network. It creates a scalable and flexible architecture that allows security inspection and services to be added or removed without impacting network performance and without any changes to the network.
Take your network gateway as an example where, in so many cases, the firewall is running hot, encrypted traffic is growing exponentially, and there is no relief in sight. Reducing your firewall rules and tuning down your IPS is not an option but neither is spending lots more money chasing the next size of firewall.
Instead, you can horizontally scale your firewall capability by using a security service load balancer to symmetrically and bi-directionally redirect traffic into existing physical or virtual instances of your firewall. This approach allows you to continue to use your firewall (or other security function such as SSL/TLS visibility) appliance but as you need scale to achieve 100% traffic inspection you no longer need to purchase bigger firewalls, instead spin up software-defined security functions (virtual instances) as your needs dictate.
Once you can scale for 100% traffic inspection, there is so much more you can do. Specifically, while redirecting traffic with unwavering performance into your horizontally scaled security functions, this same security service load balancer can also copy any amount of traffic you need into your analytics and security intelligence stack.
This stack might be on-premise or cloud-based. It can be proprietary, COTS or open-source. In addition to copying traffic, generating IPFix (sampled or unsampled) at this same point in the network produces valuable information for network and security monitoring. You can also use the same point in the network to take immediate action (block, rate-limit, accept) to traffic as directed by the security stack.
With this approach you can inspect all traffic with cloud-based analytics for:
• Network and security performance monitoring
• Anomaly detection
• Dynamic deception
• Behavior analytics
When you wrap all of this up together, you are looking at software-defined network security (SDNS). Your scaling comes through the addition of virtual instances of security functions; your analytics, threat hunting, and correlation is done in the cloud (public or private) for economies of scale and operational efficiency, and containing and remediating is done in your network independently from where the analysis was performed. Security service load balancing allows the administrator to send specific types of traffic to dedicated workloads that are scaled horizontally, which leads to simple predictable performance. As you need more of one resource, you can add it as required, and when you are done, you can release it thereby elastically expanding and contracting your security infrastructure.
You start with a simple solution to economically inspect 100% of your traffic without impacting network performance. Then you grow into an even better solution, which keeps pace with changing security threats and increased network bandwidth demands, and that is cloud-based for ultimate flexibility and automation.
Welcome to the world of software-defined network security.