The SDN philosophy provides its own answers to cybersecurity problems, and those answers have fundamental technological importance – feedback on the announced Zero Trust reference architecture for secure and resilient cyberspace.
In May 2021, the U.S. Defense Information Systems Agency (DISA), responsible for technology support in the area of ICT and communications for the main entities of the U.S. internal and external security system, announced new reference assumptions prepared for the U.S. Department of Security, titled „Department of Defense (DOD) Zero Trust Reference Architecture”[1]. What is the importance of this document? Undoubtedly, in the years to come, it will provide a reference point for the growing number of proponents of a holistic and universal understanding of technological and process issues (including systems, networks, services, but also human behaviour) in building a secure cyberspace and its cyber-physical resilience. This holistic approach can be expected to be increasingly adopted by other countries as part of their cybersecurity strategy and by the international cybersecurity ecosystem (by providers of hardware and software solutions, in corporate operations, consulting or research in the area of cybersecurity).
What is the Zero Trust paradigm?
To quote the introduction of this document:
Zero Trust is the term for an evolving set of cybersecurity paradigms that move defenses from status, network-based perimeters to focus on users, assets, and resources. Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the Internet) or based on asset ownership (enterprise or personally owned).
Overall, Zero Trust is intended to be a strategy, a framework for acting and thinking about how to holistically secure critical assets from threats by:
- moving away from the assumption of distinguishing zones in systems and networks with an assigned characteristic of “trust”. This is a strong response to the popular model of cyberattacks based on gaining footholds, especially those with higher authorisations – Zero Trust, by design, does not allow it,
- the need to develop and apply a comprehensive architecture of cybersecurity solutions and processes in each layer and technological dimension of modern information and communication systems and networks, in order to effectively combat the most sophisticated cyber threats (the so-called “5 Ds – deny, degrade, disrupt, deceive, destroy”).
Zero Trust is a long-planned evolution of EXATEL’s network
The mission to create “the safest network” in Poland – including the provision of highest level cybersecurity services – is in Exatel’s DNA. The security of EXATEL’s network and its customers is based on the most effective approaches: secured-by-design, defense-in-depth, least privilege, segmentation, continuous monitoring, and quick response to incidents. EXATEL drew conclusions from its observations of the changing cyberspace landscape several years ago, concluding that we are already approaching the limits of the possibilities of standard hardware, software, architectural and process solutions for cybersecurity. This is how EXATEL’s R&D team was formed – directly on the “development floor”, out of the diagnosis of new opportunities and threats performed for our Customers.
One of the main driving forces behind the use of software-defined networking (SDN) technology at EXATEL was the emerging opportunity for a new way of managing the services provided and the cybersecurity. The adaptability of SDN solutions gives network management a necessary advantage by enabling dynamic policy definition in a flexible software-configurable environment, enforcing those policies, continuously validating undertaken actions and reporting any deviations. The proposed Zero Trust architecture introduces this way of managing cybersecurity as an operational foundation, and SDN, or a software-based approach to technology in general, becomes mandatory.
In applying the SDN approach to solving cybersecurity problems, EXATEL has placed emphasis on, among others:
- Natively embedded mechanisms that protect data stored, transmitted and processed by the EXATEL network.
- New model of identity management, authentication and authorization of activities of all Users, systems and services of the EXATEL SDN network.
- Development of its own modules and cybersecurity services within the SDN architecture, e.g. firewalling, segmentation, encryption communication, cyber threat detection or detection and mitigation of Distributed Denial of Service attacks based on its proprietary TAMA system[2].
- Development of cyber threat analysis associate systems for visibility and situational awareness. This approach translates into strengthening the ability to respond quickly to detected anomalies and incidents thanks to the automation of decision making process and actions.
EXATEL’s approach to cybersecurity is supported by its Zero Trust reference architecture. Diagram 1 shows an overview of key technologies for the Zero Trust paradigm, among which SDN has been selected as the underlying technology for the execution of networks and environments. This means that SDN technology is the operating environment for the entire Zero Trust architecture and forms the basis for all other associated services and technologies within the Zero Trust paradigm.
Diagram 1 – Overview of pillars of Zero Trust
This post opens a series of articles on cybersecurity in EXATEL’s SDN. In the next posts we plan to touch upon other issues, such as:
- how we approach the cybersecurity aspects of SDN platforms and applications in the development process,
- implementation of Zero Trust in SDN in the context of critical systems and services (for example, industrial systems),
- a model process of evolving your own network to SDN and Zero Trust,
- how cybersecurity operational activities (monitoring, alerts, response) can evolve with SDN and the Zero Trust paradigm.
We encourage you to follow the news on development and adaptation of SDN philosophy by EXATEL. Would you like to discuss directly how EXATEL can help you build cybersecurity based on best practices and proprietary technologies? Do you want to create SDN-based solutions with us? Learn more about working at EXATEL.
***
Reference list:
[1] “Department of Defense (DOD) Zero Trust Reference Architecture”, Ver. 1.0, Joint Defense Information Systems Agency (DISA) and National Security Agency (NSA), 2021. https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf
[2] TAMA – Autorski system Anty DDoS EXATEL https://exatel.pl/tama-anty-ddos
