This document discusses the need for self-defending networks to address evolving security threats. It notes that threats are now faster moving and more difficult to detect than in the past. Self-defending networks aim to identify threats, isolate infected devices, and reconfigure network resources automatically in response to attacks. They integrate security across all network aspects for a globally distributed defense.
1. INTRODUCTION
As the nature of threats to organizations continues to evolve, so must the defense
posture of the organizations. In the past, threats from both internal and external
sources were relatively slow-moving and easy to defend against. In today's
environment, where Internet worms spread across the world in a matter of minutes,
security systems - and the network itself - must react instantaneously.
The foundation for a self-defending network is integrated security - security that is
native to all aspects of an organization. Every device in the network - from
desktops through the LAN and across the WAN - plays a part in securing the
networked environment through a globally distributed defense. Such systems help
to ensure the privacy of information transmitted and to protect against internal and
external threats, while providing corporate administrators with control over access
to corporate resources. SDN shows that the approach to security has evolved from
a point product approach to this integrated security approach
These self-defending networks will identify threats, react appropriately to the
severity level, isolate infected servers and desktops, and reconfigure the network
resources in response to an attack. The vision of the Self-Defending Network
brings together Secure Connectivity, Threat Defense and Trust and Identity
Management System with the capability of infection containment and rouge device
isolation in a single solution.
SELF DEFENDING NETWORKS
To defend their networks, IT professionals need to be aware of the new nature of
security threats, which includes the following:
Shift from internal to external attacks Before 1999, when key applications ran on
minicomputers and mainframes, threats typically were perpetrated by internal users
with privileges. Between 1999 and 2002, reports of external events rose 250
percent, according to CERT.
Shorter windows to react. When attacks homed in on individual computers or
networks, companies had more time to understand the threat. Now that viruses can
propagate worldwide in 10 minutes, that "luxury" is largely gone. Antivirus
solutions are still essential but are not enough: by the time the signature has been
identified, it is too late. With self-propagation, companies need network
technology that can autonomously take action against threats.
2. More difficult threat detection. Attackers are getting smarter. They used to attack
the network, and now they attack the application or embed the attack in the data
itself, which makes detection more difficult.An attack at the network layer, for
example, can be detected by looking at the header information. But an attack
embedded in a text file or attachment can only be detected by looking at the actual
payload of the packet--something a typical firewall doesn't do.The burden of threat
detection is shifting from the firewall to the access control server and intrusion
detection system.Rather than single-point solutions, companies need holistic
solutions.
A lowered bar for hackers. Finally, a proliferation of easy-to-use hackers' tools and
scripts has made hacking available to the less technically-literate. The advent of
'point-and-click' hacking means the attacker doesn't have to know what's going on
under the hood in order to do damage.
These trends in security are what have lead to the advent of SDNs or Self
Defending Networks as the latest version in security control.