Virtualizing Security into the Network (Finally)

Back in the mid-Nineties, the late Chuck Flink demonstrated for me in his North Carolina office how to use a computer to make a phone call. I thought the demo was cute, but didn't understand its implications. Of course, telephony has since completely transformed, with people all over the world taking conference calls using just their computers. Chuck's demo, in retrospect, was an amazing early glimpse into our future. I wish I'd paid closer attention.

Now in the early-Twenties, AT&T is offering a similar glimpse into the future with a game-changing technology called the Disaggregated Scalable Firewall (DSFW). Despite a name that could only have been made by engineers, the DSWF has the potential to transform the entire cybersecurity industry in a substantive manner. In fact, within a decade, I predict that every commercial security solution will be affected by this initiative. Let me illustrate:

Remember your calculator? Well, it's gone now, because its function has been virtualized into your phone. And remember your answering machine? Well, it's gone now, because the function has been virtualized into your mobile service. Carrying the pattern forward, I will soon be asking you if you remember your firewalls, SIEM platforms, and the like. They will be gone too, because their functions will be virtualized.

The DSFW initiative from AT&T (and kudos to Carolyn Raab from Corsa Technologies for bringing this to my attention) is not like those wizard-behind-the-curtain methods that move appliances from the perimeter edge to a data center. This new initiative bleeds the security functionality into network devices – albeit still with an enterprise focus. But this is true virtualization, and as suggested, this approach will change the entire security industry.

The AT&T solution uses special Broadcom hardware to retain layer 4 session data, which is necessary for any non-trivial firewall functionality. The AT&T virtual solution also includes technology from Palo Alto Networks, which provides the higher-level firewall features. Everything is wrapped in an open framework called the Distributed Disaggregated Chassis (ugh, these names) developed within the Open Compute Project (OCP).

This DSFW offering still targets enterprise customers and provides virtualization at their virtual edge. But this remains a great step toward complete virtualization within the carrier network core, which will also scale to 5G. Advances in policy orchestration will be required for realization of this next major step, but I am confident these are coming. Once enterprise teams get a taste of the power of virtualization, they will want more.

Corsa's Carolyn Raab also pointed me to several articles, including this one from SDXCentral. While I admire the attention, I don’t see sufficient urgency in the reporting, and I don’t agree with the bland assessments from analysts. Instead, I believe that this type of virtualization is a really big deal, and will drive a new marketplace for cybersecurity. More importantly, it will create an improved means for defenders to address attacks.

Let’s take the first case – namely, the creation of a vibrant marketplace. I believe that within a few years, every business and individual will purchase security on-demand with a plethora of virtual options, and this will be accomplished through a service provider. Whether that provider sells networking (like AT&T) or cloud services (like Microsoft) remains TBD, but with DSFW, AT&T is taking a huge step toward the front of the pack.

This is good-news/bad-news for commercial vendors, depending on their positioning, value proposition, and willingness to adjust. Some more rigid security solution providers will not like this new virtual marketplace and will likely suffer. But commercial vendors who heartily embrace virtualization, and who take the time to learn to software-define their offerings into virtual fabric such as with 5G will thrive. And they will thrive immensely.

Which brings me to my second point – namely, that with virtualization, defenders will have more flexible means for dealing with attacks. One of the greatest challenges in modern enterprise security is that defenders have a surprisingly weak ability to react to attacks in real-time. Yes, they can collect data and try to respond, but such action cannot include reconfiguration. Defenses are too rigid, and too difficult to re-provision or adjust.

But with the point-and-click provisioning associated with virtualized, network-based security, defenders under attack might decide to add diverse filtering, swap one vendor for another, or perform some similarly adaptive, flexible defensive operation. This carries the incredibly meaningful implication that defenders will be able to actually defend their networks in real-time. It could be the key to catching up with the offense.

But there is more: Since this capability will soon be embedded into the network fabric, it could easily be connected to intelligent decision-making from AI-based detection tools. In this way, the automated intelligence could detect offensive indicators and immediately adjust defenses based on learning patterns and optimization algorithms. This would be the beginning of an advanced defensive infrastructure – and it changes the game.

What this means for security vendors, as alluded to above, will depend on their approach. In this new marketplace, it will matter less how a given solution is packaged and will matter more how it works. Just like consumers pointing and clicking to buy products on Amazon, businesses (and the AI-based algorithms they depend on) will soon be provisioning security on virtual infrastructure based on perceived value.

The AT&T initiative, in conjunction with Broadcom and Palo Alto Networks, is an awesome peek into the near future. And the decision to create an open framework with OCP also suggests that AT&T and its partners understand the broad implications for the security marketplace. So, strap yourselves in, my friends, because once life gets back to normal (and it will) the cybersecurity ecosystem is about the change. And it’s about time.

Stay safe and healthy - and please let me know what you think.