Articles / Orchestrating Flows for Cyber

on 08 Jan 2018

There is a great scene in the movie Victor, Victoria, where the character played by James Garner decides it’s time to mix things up a bit. So, he strolls into an old gritty bar wearing a tuxedo, walks up to the bartender, and orders milk. Within minutes, the other men in the bar decide they’ve had enough of this, and they start an intense bar fight. Garner is soon throwing and taking punches, getting tossed across the floor, and loving every minute of it.

I know this sounds funny, but sometimes I feel exactly like that with technology. I’ll spend a couple of days talking with Boards and senior executives, never going more than two microns deep on any technology, and then feel like I need to get back to my office and mix things up a bit. But rather than start a bar fight (and, yes, I grew up on the Jersey Shore), I prefer to do this by diving head first into something seriously technical.

So, my afternoon with Radware last week was just what the bartender ordered: Super technical material, interesting applications of complex SDN infrastructure, and detailed explanations of their new flow orchestration tools that don’t pause for Luddites. They were even kind enough to send me some documentation that included code specifications for their DefenseFlow APIs. I sat down at my desk, feeling like James Garner, and read every word.

Let me start by telling you about Radware, a company I’ve known well for years: They offer a portfolio of application delivery, DDOS protection, and load balancing products for your on-premise or cloud infrastructure. Their solutions transition gracefully between traditional systems and virtualized infrastructure, including software defined data centers. Many of you know them for their WAF solution, which includes an attractive cloud service option.

Radware is a public company, trading on NASDAQ, with over a thousand employees, and nearly a quarter of a billion dollars in revenue. They have headquarters in Tel Aviv and the US, with corporate presence around the entire globe. The Radware management team is highly experienced, and the technical community plays a prominent role as thought leaders in the networking, application, and security communities.

All that said, what caught my eye last week, revisiting with my old friends, was their DefenseFlow solution. It’s been bothering me recently that many technology companies and enterprise teams are not more effectively using the power of software defined networking (SDN) to orchestrate security controls. SDN, you will recall, is centered on the notion of dynamically orchestrating networked entities, such as virtual routers, using software.

So, I sat down and went through Radware’s DefenseFlow solution for managing and orchestrating DDOS protections, and it was thrilling to see how it all worked. Now, we all know that the current method of moving traffic around manually using BGP from an operations center is non-scalable to multiple, intense, parallel, non-stop denial of service attacks. (If you don’t know that, then I recommend you contact your DDOS Security vendor to discuss.)

The innovation in the Radware solution is that they use the northbound interface on the SDN controller (that’s the API I enjoyed reading so much), to monitor a customer’s network for volumetric increases, and to then dynamically task redirection of flow on the southbound interface to handle the attack. Radware’s experiences in load balancing, WAF, and anti-DDOS provide the perfect backdrop to building such an elegant approach to the problem.

Visualize this in your mind: External traffic is being managed inbound through your software defined data center with the usual assortment of internal destinations: Websites, apps, endpoints, and so on. A DDOS attack suddenly builds up toward one of your targets, probably the website, and the SDN controller immediately flow-orchestrates the increased volume to a collection of sinks or scrubbers, while maintaining proper traffic flow to non-targeted entities.

“We’re proud of our SDN solutions for enterprise cyber threats,” Carl Herberger, Vice President of Security Solutions at Radware, explained to me during our discussion. “We try to provide detection and orchestration of security at scale, because we know that with the speed of attacks were seeing on the Internet, enterprise teams will need to rely on proper automation to keep their applications and systems up and running.”

One positive implication of software-defined flow orchestration in the enterprise is that the sinks and scrubbers used for traffic redirection can be pretty much anything you like. Radware builds a cloud WAF service, for example, that can be integrated into your operation in much the same as your DDOS solution: The WAF becomes a dynamic target for traffic that requires real-time application protection. It’s a nice idea.

If you haven’t had a chance to dig into the Radware portfolio, then give them a call, and I’m sure Carl and his team will be happy to take you through their range of technical offerings. And believe me: If you’ve had it just-about-up-to-here with compliance, or audit, or Boards, or whatever yanks your chain, then ask the Radware team to send you some nice complex API specifications: You’ll feel better immediately.