Securing the Expanding Network Perimeter. Is Your Agency Ready for SDN?

Cybersecurity attacks, such as ransomware and phishing scams, have delivered crippling IT blows in the public sector for some time. And here’s the bad news—these attacks have proliferated in the days of COVID-19. A new report from Google found a 350% increase in phishing attacks since the beginning of the year.

SolarWinds SDN 2020 Blog ImageJust as threat actors get shrewder, the network perimeter is broadening. More remote endpoints and a greater reliance on cloud infrastructure is making it harder to secure, monitor, and defend government networks. This places more pressure on already overwhelmed IT teams.

To better defend against today’s cyberattacks, state and local governments are increasingly exploring the benefits of software-defined networking (SDN). But what is SDN, how does it enhance network security, and what are some best practices to keep in mind as agencies consider transitioning from traditional networks? Let’s take a look.

What Is SDN?

SDN is a network architecture designed to make today’s complex networking environments easier to manage and more flexible and adaptable to the changing needs of the organization.

With SDN, many functions of the network infrastructure are automated, and network configuration is simplified. Instead of a single network engineer controlling hundreds of switches, SDN manages potentially thousands of network switches from a single, centralized controller. This allows IT teams to elastically scale the network infrastructure as and when it’s needed to make smarter use of existing resources and budgets.

The Security Benefits of SDN

From a cybersecurity perspective, SDN brings many benefits. Traditional, hardware-based networks are only as strong as their weakest point. Because each switch is configured manually the risk of error is high—creating vulnerabilities bad actors can exploit. With SDN, engineers can define security policies at the controller level, then deploy and consistently enforce those policies across network endpoints and VLANs. This leaves no room for misconfiguration or risk and reduces administrative overhead.

SDN also makes it easier to support network segmentation, where aspects of networks are isolated from one another. Segmentation can mitigate the threat of cyberattacks. If a bad actor compromises one part of the network, segmentation means they can’t compromise all of it. On hardware-based networks, segmentation is a costly and cumbersome process because switches must be manually configured at the individual level. With software-defined networks, however, engineers can easily program the network at scale from the console and quickly enforce segmentation to increase security.

Additionally, SDN makes it easier to collect data from across the network and use this information to detect traffic anomalies indicative of malicious activity.

New Challenges for Monitoring Solutions

SDN is still relatively new to many government agencies, and rather than rip and replace traditional networks, those who adopt it implement it only where it makes sense. But this creates new complexities for busy network managers.

One of the key requirements of a successful and secure SDN is comprehensive network visibility—and there are many challenges monitoring tools must address. Specifically, IT professionals must be able to view and monitor physical, logical, and software components from one place. Hopping from tool to tool to monitor different elements of the network infrastructure introduces unnecessary cost and risk. Running multiple monitoring tools also creates a training headache. It’s no surprise government agencies are seeking to consolidate and stop the proliferation of network management and monitoring tools in favor of centralized solutions with comprehensive visibility across their hybrid infrastructure.

They also need solutions with visibility across cloud environments. If an issue arises, network administrators need to be able to quickly conduct root cause analysis to determine where the problem exists, who owns the fix—the cloud provider or the agency—and move to reduce “mean time to innocence.”

Making the Transition to SDN

SDN’s ability to automate complex and time-consuming networking and security tasks is fast tracking its maturation. But SDN isn’t for everyone. If your organization is relatively small with only a handful of geographically distributed sites, traditional networks will serve you well. However, if your environment is highly distributed (making it cost-prohibitive to deploy costly hardware) or a hybrid infrastructure, then the benefits and economies of scale of SDN can be realized.

To ensure your state or local agency is on the right path to experiencing the automation and security benefits of SDN, take an informed approach to your transition. Plan and set clear expectations about the problems and challenges you’re trying to solve. Then set measures of success aligned with those objectives.

To support the SDN infrastructure of tomorrow, you’ll also need to prepare personnel for this transition. Visit our SDN Solutions Page and bridge the monitoring gap between the physical and virtual networks of tomorrow, today.

Related Articles