Resilient SDN Controllers Arun Sood, PhD Prof Computer Science, Dir International Cyber Center, GMU Founder CEO SCIT Labs Shahid N. Shah CEO Netspective Communications All Rights Reserved - SCIT Labs Confidential and Proprietary
SDN Controllers 4 • Centralized or Distributed • Potential for single point of failure • Physical access • Static systems • Monitoring and remote access • Software driven - vulnerable to attack
Breaches in the News • South Carolina Department of Revenue: 33 malwares were used to attack 44 systems – 75 GB lost; 3.8 M individual and >699K business tax returns; remediation cost estimated at $19 million • Target: False positives overwhelmed the security team – 40 million credit debit card info stolen; $236 million in expenses • Home Depot: Zero day attack – customized malware was not detected – 56 M cards stolen over five months. Cost $62 million • Reactive Security works some of the time. Remediation costs are high
Cyber Threat Observations I. Intrusions are inevitable. Most breaches discovered by third parties II. Malware installed. Intruders stay in systems for days, weeks, months III. Current servers are “sitting ducks” 6
Risk Management Approach Cyber Risk = Threats x Vulnerabilities x Consequences Focus on Consequence Management Resilience through seamless recovery User trade-off: compute cycles vs cyber risk (exposure)
Additional Advantages of Resilience & Restoration Approach 13 Security • Reduce data ex-filtration losses – Disconnect from malicious site – Rate modulation on outgoing data • IT Early warning • Respond to high threat intensity • Software whitelist on steroids • Reduce SOC ticket response time • Recovery • Forensic System & Network Management • Operational Resilience – No memory leaks – Apply hot patches – no server reboot required – Quick recovery from bad patch – Better manage the level of testing required • Configuration management • Automatically replace compromised VMs • Supports disaster recovery
Conclusion 15 • SDN security requires a resilience approach • SDN controller needs particular focus – Static implementations lead to asymmetric advantage for attacker – Successful persistent attacks can damage the network • SDN transactions are short – enables automated restoration • Cost of computer cycles is falling - supports a restoration strategy
shah
takatsunobuhiro
rigolon
yellowshippo
torounit
whywaita
tammyeverts
mottox2
ama_ch
ritou
senkin13
pauli
koudaiii
bcantrill
productmarketing
morganepeng
jensimmons
notwaldorf
bkeepers
marcduiker
mojombo
thekraken
hannesfritz
sonatard
chrislema