Defending the Castle: A multi-layered approach to securing R&E networks
Recently, I participated in the Internet2 Global Summit in Washington DC. Considering how significantly the threat landscape in Research and Education environments has grown over the past few years, I was unsurprised by the number of discussions focused on network and computer system security.
One telling report from FireEye Cyber Threat Map lists Education as the second most attacked industry, placing education at a higher-risk target than the Financial Services and High-Tech industries.
All industries are at risk, however, and just having antivirus detection and protection software on end point computers is not an effective way to secure your environment. Basic firewalls help, but they, too, can be penetrated. Therefore, today’s networks must have a multi-faceted approach to cyber-threat mitigation.
At the Internet2 Global Summit, a presentation from ESnet CTO Inder Monga referenced medieval times, when castles were built with strong walls, a deep and wide moat, stout battlements, and guards posted on the parapets.
In today’s digital world, network protection follows the same logic: layers of defenses plus the ability to detect and react.
Advanced network analytics provides an opportunity to detect cyber-attacks, and increasingly, also offer insights into how we should react to such threats. These real-time analytics will become vital tools in the war against cyber threats, with the ability to collect and assess network performance data and anomalies working to better alert network operators to unwelcome incursions.
But how do you utilize these advanced detection techniques to increase your reaction time? Is there a way to automate the response?
Ciena believes in a multifaceted approach to secure networks, one that includes wire-speed encryption and thoughtful network architectures that can respond to resource cyber-attacks by provisioning new paths around compromised resources. However, new and future distributed Cloud resources make this approach extremely challenging, and developing solutions requires a significant research investment.
A potential answer rests in the exploration of how to use the intelligence and programmability provided by an SDN control plane. To this end, Ciena’s External Research team has built an advanced 100G Optical-Packet research network and is sponsoring collaboration with major universities to investigate secure cyber infrastructures and methods that would use SDN to reconfigure the network around cyber-attacks and other network anomalies. Using SDN/NFV-based technologies, researchers investigate how detection and protection concepts can provide autonomous protection against various types of cyber-attacks.
The Ciena research environment includes Cloud computer and storage resources developed based on the National Science Foundation’s GENI (Global Environment for Network Innovation) networked computer infrastructures. Additional exploration includes development of new techniques for advanced detection and defensive functionalities designed to mitigate cyber threats and improve network and data security, as well as other important network-enabled applications.
By using this research network and its resources to experiment with new programmable interfaces, Ciena and our collaborators will be able to establish, manipulate, move, and take down services as needed, in response to simulated cyber attacks. Future product features based on this work will allow network operators to guarantee service levels to their customers even while under cyber-attack. As cyber-attacks and cyber-terrorism techniques grow increasingly advanced, high performance networked computer operations must evolve and develop new methods to avoid disruption.
This is precisely what Ciena’s research work with universities seeks to achieve: the discovery of new ways with which to leverage programmable network resources and network enabled security applications – all in the pursuit of staying one step ahead.