Software-defined networking security: Should we worry?

Yes. Next question?

No, seriously, software-defined networking security concerns are real. SDN users should be as worried as anyone about their networks’ vulnerability, and perhaps a little more worried than most, if for no other reason than: (a) They are changing the rules for how their networks work, and (b) they are doing so using relatively new technology. They will need to be diligent about system updates and patches as security problems are found and fixed, for example. Many network managers have been quite tardy in rolling out security fixes on their existing infrastructures; that won't do with so much new hardware and software in the mix.

Download this free guide

SD-WAN Buyer's Guide: What to Know Before You Buy

In this two-part guide, analyst Lee Doyle reveals the top 7 SD-WAN trends to watch for this year, and our editors compare 13 leading SD-WAN products in one handy infographic to help guide your purchasing decision.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

If they are doing classic SDN -- in which network control and network data packet handling are separate -- they will have to watch both controllers and data plane devices for updates, and also every SDN application they use on top of the controllers.

If they are doing more virtualization-focused SDN, they'll need to mind the controller there, too, as well as the underlying virtualization platforms (e.g., VMware NSX) and any physical devices included in the mix, each with its own operating system.

In either scenario, because they are changing how they control and structure the network, security and network teams will need to make sure that their monitoring tools can see the new lay of the land. If virtual overlay networks are creating new security zones, for example, then the security operations center must be able to see and report on activity within and across those zones as needed.

Everyone will have to be prepared for evolving network attacks based on SDN technology. For example, several new kinds of resource-exhaustion denial of service attacks might be possible based on the use of SDN controllers. All should be prepared to jump in with new kinds of mitigation and defense -- software-defined networking security? -- in response.