SDN/NFV-enabled Security Architecture for fine-grained Policy Enforcement and Threat Mitigation for Enterprise Networks
Demo at SIGCOMM 2017
Today, network security in enterprises is mainly enforced by firewalls guarding the perimeter of the network against an ever-increasing number of cyber threats. However, once the perimeter is breached attackers and malware can easily compromise additional hosts as we have seen in the recent outbreak of the WannaCry worm.
A complimentary approach to alleviate these threats is to quarantine malicious hosts on a network level. To accomplish this, a fine-grained flow selection and security control is needed which can be provided by architectures like Software-Defined Networking (SDN) and Network Function Virtualization (NFV).
As one of the authoring partners of this demo at the renown ACM SIGCOMM conference, we demonstrate the prospects of seamlessly integrating SDN and NFV based security operations into the existing enterprise network infrastructure to provide state-of-the-art stateful firewalling for advanced packet filtering as well as on-demand fine-grained flow separation and isolation for the exterior and interior network.
StableNet® provided by Infosim® and the extensions made to it play one of the key roles in this demo. Not only does StableNet® monitor all critical systems within the demonstrator, but the shown scenarios also demonstrate how our solution is capable of consolidating modern SDN and NFV environments as well as legacy network infrastructures.
Research Partners: University of Würzburg, TU Munich, genua GmbH, Infosim®
Network Automation starts with discovery to build the inventory baseline as a foundation and everything else proceeds from there. Let’s have a look at some automated discovery use cases.
This is the first part of the “Outside Contributions” blog series that will be looking into the Telco market with our long term Partner KedronUK.
Key Challenges for today’s Telco Network & Service Management: Closing service gaps between Telco and Enterprise management requirements
This is the first part of a three-part blog series that will be looking into the specific challenges and opportunities that Telcos are currently facing with managing their ever-evolving network infrastructures.