The Promise of SDSec

By Amit Singh

Software-defined security is becoming an IT buzzword, but does it live up to the hype? We take a look at the benefits and pitfalls of the technology in the enterprise.

As the scale and sophistication of cybercrime continues to increase, enterprise businesses are redefining their defence strategies. Stakeholders are recognizing that next-generation security must be built around automated and actionable intelligence that can be shared to quickly recognize and mitigate threats.

Software-defined security (SDSec) is emerging as a tenable solution for ever evolving threats and effective management of security infrastructure. As per industry estimates, the worldwide software-defined security market is expected to grow from $1.59 billion in 2016 to $6.76 billion by 2021, at an estimated compounded annual growth rate (CAGR) of 33.6 percent.

Anmol Singh, Gartner — Anmol Singh, Principal Research Analyst, Gartner

“While Indian market for SDSec is at its nascent stage with large BFSI and IT/ITes customers as early adopters, the growing demand for increased server security by enterprises is the key trend for this market,” states Anmol Singh, Principal Research Analyst, Gartner.

“With the growing usage of IT enabled services for modern technologies such as cloud, virtualization, and mobility, usage of security solutions has also increased to protect virtualized and cloud infrastructure based services. In India, SDSec will gain maturity in the next 2-3 years with wide adoption from enterprises,” highlights Singh.

Driven by sophistication

Major drivers of the SDSec market are compliance as well as need for policy-driven, scalable, and programmable security architecture; faster response against threats/risks and requirement for increased security; security staffing and budgeting constraints along with increasing surge in cloud services. These factors are expected to shape the future of the SDSec market.

Kapil Awasthi, Check Point — Kapil Awasthi, Director, Sales, Check Point

“In the last 2-3 years, there has been a parallel trend toward Internet of Things (IoT) and software-defined networking (SDN). While implementation of SDN improves application performance across the network, it also necessitates security to integrate and communicate with the network controller, hence implementation of SDSec to fully secure the dynamic network,” underlines Kapil Awasthi, Director, Sales, Check Point.

Evolving SDSec space

While two years ago SDSec was merely a concept for many CIOs, it is now moving towards the discussion table. Although many solution providers are still testing the waters, few have already found success in this space.

“With the new-age data centers and businesses getting dynamic, traditional security solutions are unable to meet the demands of the discerning customers. We have seen a growing awareness among the customers toward newer threats and almost 60 percent of our enterprise customers are now discussing the technology,” says Ronny Ferrao, COO, Essen Vision.

The Mumbai-based security solutions provider has built a strong practice around software-defined security over the last two years. “We are seeing wide interest from our customers in the BFSI, manufacturing and pharma segments. We have executed over 15 projects with values ranging from $50,000 to $100,000 in the last 18 months,” discloses Ferrao.

Another Mumbai-based solutions provider, Locuz Enterprise Solutions, has developed a threat analytics solution on Cisco cloud security platform and big data analytics from Splunk. “Our real-time and proactive solution offers seamless policy-based management of the security infrastructure. It has found acceptance among defence sector and few of our large enterprise customers. Over the last 12 months we have executed over 10 such projects with average value of Rs 1 crore,” details Uttam Majumdar, President, Locuz.

The Delhi-based ACPL Systems, a Palo Alto and Arista partner, has found success with its customers in IT/ITes segment. The company has already implemented an SDSec project worth over $1 million for an ITes customer and implementing the second one for another ITes customer.

“These are very large organizations with 30,000 to 35,000 users globally. We have deployed the solution capable of handling over 20Gbps of application traffic. We are also in conversation with many of our customers and have 2-3 deals in advanced stage where the customers are moving toward software defined data center (SDDC). SDSec will be an obvious choice for them,” discloses Rajnish Kumar Niraj, CTO, ACPL.

An edge over traditional architecture

The software-defined security works with the help of virtualized solutions to avoid usage of traditional security methods and to improve security layers. This security approach helps in automating the security management and reducing errors, workloads.

Rajesh Maurya Country Manager India — Rajesh Maurya, Regional Vice President, Fortinet

“SDSec lets companies implement network segmentation, intrusion detection, and other security controls through software. It’s becoming the buzzword because traditional security tools, which rely on static network and machine configurations, are not well suited to the dynamic environment of virtual machines (VMs) and virtual networks,” says Rajesh Maurya, Regional Vice President, Fortinet, India & Saarc.

However, benefits from SDSec come from use of abstraction, automation, orchestration, scaling and application programming interfaces (APIs).

Awasthi of Trend Micro states that implementation of SDSec in a Greenfield project brings the network security costs down with the consolidation of security devices. The major savings come from reduced operational expenses as number of persons and man-hours required to manage the security operations goes down drastically.

Agrees Singh of Gartner, “As per our estimates, customers can reap up to 30 percent cost savings on operational expenses. However, the SDSec system will be as good as the defined security policies and orchestration. In fact, continuous optimization and refinement of security policies may further decrease the operational expenses.”

On the other hand, traditional network security relies on stateful devices and on static machine and network identities that are challenging to work with and difficult to change. These limitations become acute in virtualized infrastructure, which is characterized by transience and mobility.

Sharda Tickoo_Trend Micro — Sharda Tickoo, Technical Head, Trend Micro India

“SDSec, by contrast, introduces simplicity to the world of network security. In this model, protection is based on logical policies not tied to any server or specialized security device. Besides, other features due to which SDSec is being adopted are: it works by integrating with other technologies such as data loss prevention, identity and access management and other software-defined networking technologies,” adds Sharda Tickoo, Technical Head, Trend Micro India.

Road ahead

While SDSec creates a massive opportunity for solution providers, it also carries great amount of complexity in implementation and therefore needs expertise to make sure that deployment is seamless.

Riyaz Tambe, Palo Alto1 — Riyaz Tambe, Head, Systems Engineering, Palo Alto

“We have observed that while awareness is increasing rapidly but skills gap is a global issue among the solution providers. Skills required to take care of current cyber security threats and SDSec implementation are limited and is one of the biggest challenges,” highlights Riyaz Tambe, Head, Systems Engineering, Palo Alto Networks.

Adds Niraj of ACPL, “Solution providers need to develop skills around automation, orchestration, application development and API integration. Besides identifying and partnering with vendors offering mature tools and technologies, they need to build team with experts on networking and security layers and with policy-driven approach.”

Gunjan Shah, Director, Insight Business Machine

At the same time, many of the solution providers opine that the technologies like SDSec need some time to be mature enough to gain momentum. “Most of the customers view security as a cost center and are of the opinion that SDSec is good to have but not essential for them. While many of our customers have revamped their networking architecture to be SDN-ready, they are unable to fully utilize the capabilities of SDN due to interoperability issues. Unless they get their SDN piece right, they are reluctant to move to SDSec,” elaborates Gunjan Shah, Director, Insight Business Machine.

“To enable wide adoption of software-defined technologies among enterprises and SMBs, vendors need to show high level of commitment to get rid of interoperability issues. SMBs clearly would not like themselves getting into vendor lock-ins,” concludes Singh of Gartner.

As with the cloud, big data and even cyber security in recent times, SDSec is going to be the next big buzzword we will be hearing for a while. As to whether or not it turns into something very positive for the enterprise, we will have to wait and see. However, there is no reason not to be optimistic about the innovations in this area.

What is SDSec all about?

Enabling security to protect workloads and information, regardless of location
Aligning security controls to the risk profile of what they are protecting
Enabling automated provisioning and orchestration of security controls by policy
Removing the time- and error-prone human middleware via higher levels of automation
Enabling information security professionals to focus on policies and detecting advanced threats, not programming firewalls
Enabling security to scale to protect dynamic cloud-based workloads
Enabling security to move at the speed of digital business

Business benefits of SDSec

Central management of security. Organizations can use security software, through the SDN controller, to implement, control and manage threats from one single place.
Efficient and dynamic mitigation of security threats and attacks. Since the mitigation can be applied close to the source of the attack, organizations can relieve their network from having to off-ramp traffic to a central location, and allow for dynamic insertion and removal of security points where and when needed.
Hardware cost reduction. Due to the virtualization of network security applications in commodity hardware, the need to buy and deploy specialized vendor appliances is reduced or eliminated.
Use of existing network appliances. Even if legacy appliances do not support advanced traffic monitoring mechanisms, organizations can aggregate the legacy functionality via the SDN controller and blend this with other new technologies as they are introduced.
Dynamic configuration of existing network nodes for the mitigation of an attack. Virtually configuring connection points, as and when needed, will replace the traditional resource-intensive and often vendor-specific method of using static pre-configured policies.
Harmonized view of logical security policies. The policies exist within the SDN controller and are propagated across the infrastructure nodes rather than being tied to a server or specialized security device, enabling a holistic approach to cyber security.
Visibility of information from one source. This replaces the need to introduce network probe elements in different locations of the network, which then have to be correlated.
Integration with sophisticated applications. These applications can therefore use the existing information around the network in order to correlate events in a simpler way and respond more effectively and intelligently to security threats.

Vendors gaining strength

In the software-defined security market there are many vendors including Cisco, Citrix, Dell EMC, Ericsson, Fortinet, Fujitsu, HPE, IBM, Intel, Juniper, Palo Alto, Symantec, Trend Micro, VMware, among others.

Last 6-12 months have seen many of the vendors, specially the networking vendors acquire network security companies to strengthen their security portfolio and to leverage the growing concerns over security threats.

September 2016 saw HPE entering into partnership with Arista Networks, a network switching company. This partnership will help HPE to provide software-defined network security solutions and to improve its market share in networking.
Symantec has acquired Blue Coat in August 2016 to implement its integration strategy and thus accelerating its commitment to innovate cyber security solution.
In June 2016, VMware acquired Arkin Net, a software-defined security solution provider to provide VMware customers more options in software-defined networking portfolio. This partnership will also help the company deliver automation, security and continuity for business applications.
Further, Intel launched software-defined security controller in 2014. The software has defined to provide security to hybrid data centers and other software-defined infrastructure.