Taking the Whole-Network Approach to Security

Carl Weinschenk

Carl Weinschenk spoke to Stu Bailey, the co-founder and CTO of Infoblox.

Corporate networks are ever-more complex, which leads to great increases in the sophistication of attacks and the ways in which malevolent people can try to gain entry. Stu Bailey, the founder and chief technology officer of InfoBlox, says that the remedy is to automate the network. Bailey told IT Business Edge blogger Carl Weinschenk that determining precisely what is connected to the network and how each element influences the others are key steps in protecting the organization.

Weinschenk: What are the challenges facing corporate network owners?

Bailey: At the top level there are two primary challenges -- cost and complexity -- as networks scale to meet the increasing strategic demands of a business.

As we take it down a level the challenges are things like BYOD and IPv6 and everything getting connected and coming online. Then there are new advanced persistent threats that are attacking on two vectors: the proliferation of unmanaged devices and the increased complexity of the IT systems themselves.

Weinschenk: What is the result?

Bailey: The bad guys have more places to hide and more vectors of attack. As an example DNS increasingly is used as a vector of attack. We are a DNS company and it is one of the core competencies we feel well positioned to close down.

Weinschenk: So is the big problem that there are more avenues of attack, or that attacks are more sophisticated?

Bailey: It’s both. There are more possible vectors and because of the complexity of IT systems there is a richer landscape to be creative in terms of persistent threats. Persistent threats are those coming from the inside of an organization. What is clear and compelling is cybersecurity touches all components of the IT infrastructure. We’re getting requests to add security features along the lines of our core competencies, which are network control and automation.

Weinschenk: So what should corporate networking people be aware of?

Bailey: I think the first is to bring in technologies that are constantly discovering what’s on the network at any time. We advise customers to be able to answer the question of what is connected and how are those things interacting.

Weinschenk: Security, if anything, is becoming an even more important part of IT’s job than in the past because of these changes.

Bailey: The exponential rise in complexity in the network means security needs to be more systemic and pervasive in a way it hadn’t been before. We’ve noticed as the complexity of internal networks for large and even medium-size organizations rise they look more like unmanaged networks such as the Internet. For this reason, they are increasingly vulnerable to these very systemic security threats.

Weinschenk: How should these changes be integrated into corporate thinking?

Bailey: One thing we suggest is to think about complexity management as something foundational. The benefit of that is like holistic health care in that there are multiple benefits. Security is one benefit, but you also are taming costs and improving in other areas, such as strategically investing in complexity management and control frameworks and platforms. As an organization you will be able to get better security and get better economies as IT scales.

Weinschenk: It seems as if taming the complexity from a security point of view involves an approach that gets away from constantly putting out a series of discrete fires.

Bailey: I think there is a related shift from hardware-defined networks that work along box function lines to software-defined networks where functions are programmable properties on cheap and fast hardware. In that pure SDN model you have control-plane products that become the strategic place of value. Clearly you have security in the control plane whereas in hardware-defined, network security is on a box-by-box basis.

Weinschenk: So it will be one or the other? Box-by-box or at the control-plane level?

Bailey: It can’t be an either/or. We have so many firewalls and other security devices in the network. I see it as a transition. We’re positioned to help organizations transition from discrete box functions to something at the control-plane level where they are able to exploit something like software-defined networks.

I think an organization has to find whether it has a strategic value for automation. The first step is automation of what you have. Putting in a control plane over what you have now that can communicate with your existing hardware-defined network products. We call that the control-plane layer.

Weinschenk: This goes beyond the network management that is available today?

Bailey: The networking industry has boxes at data plane or management layer that are not real time or responsive. This is a category product that provides real-time automation and control as an overlay to existing hardware-defined network products. It sits between management and data plane.

Weinschenk: Is a defined element of the emerging software-defined network approach?

Bailey: Yes. I think SDNs are a fundamental shift in the industry that will have different stages. At one level you can think of it as a market correction where consumers of networking technologies can take advantage of very inexpensive hardware. The server, PC and tablet industries have taken advantage of this for many years. Where the value is shifting from the hardware to control plane software, that’s a journey.

Weinschenk: OK, so how do you start the journey?

Bailey: You first put in the control plane and then identify the most important functions to automate, where you get the most value for investing in automation and control. Security may be one, scaling of systems for BYOD may be another.

Weinschenk: And then?

Bailey: Step three is identifying products that fill those gaps. The larger trend is the exponential rise in the complexity in IT networks and the fundamental shift in how organizations think about the product and solutions landscape. Another trend is the disruption in security models. The trend of hardware-defined networks and software-defined networks is the overarching theme. These are the melodies, if you will.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.