TaaSERA Using SDN for Malware Security
The Software Defined Networking (SDN) revolution offers many promises. One of those promises is the ideal of truly layered networks where services are abstracted from underlying hardware. While that's a worthy ideal, what is the practical use case?
As it turns out, SDN is ideally suited to help enable security. One company that is aiming to leverage the power of SDN for security is startup TaaSERA. TaaSERA is set to officially launch its suite of malware security products at the end of the month.
Sriniva Kumar, CTO of TaaSERA, explained to Enterprise Networking Planet that his company's security solution can be installed on the span port of a Layer 2 switch. The system can also be connected to virtual hosts as well. The basic idea behind the solution is to provide real-time malware behavior detection and analysis.
Kumar noted that TaaSERA can take the analysis from the company's sensor and through correlation enable remediation. At the network flow level, that remediation is enable via the OpenFlow SDN protocol.
"We can send OpenFlow commands to a switch and interact at the flow level with the entity that manages the flow," Kumar said. "With OpenFlow we can provide a better remediation through quarantining, moving the offending flow or virtual machine into a subnet."
Kumar explained that without SDN and OpenFlow, a vendor like TaaSERA must rely on a networking vendor like Cisco to open up their APIs in order to interact with flows on the switch.
"With OpenFlow, since it's an open protocol, we can talk to the OpenFlow controller rather than to the switch itself," Kumar said. "It is the OpenFlow controller that ahs the brains to say – with this flow I need to do certain thing."
The way that OpenFlow works is that switches must first be enabled to support the protocol. Currently multiple vendors including HP, Cisco and Juniper have been moving to enable OpenFlow on their respective switches. Those OpenFlow enabled switches are managed by an OpenFlow controller. Big Switch is one of the leading OpenFlow controller vendors in the market today with both a commercial controller and the Floodlight open source controller. Both HP and Juniper have publicly stated their intentions to build and deliver OpenFlow controllers of their own.
Kumar commented that TaaSERA is able to work with any OpenFlow controller via published APIs.
"We would open up our APIs for the controller and do a subscribe/publish action," Kumar said. "This is a global threat intelligence model and we're opening up a flexible interface."
While TaaSERA is leveraging OpenFlow for its commercial product to provide security, they aren't the only ones using SDN for security. Indiana University is also leveraging OpenFlowto deliver a distributed network IPS system.