Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

The Next Big Thing for Network Security: Automation and Orchestration

In a previous SecurityWeek column, I wrote about the security considerations for software defined networking (SDN). Whether or not SDN becomes the next evolution of networking, this new architecture clearly showcases the move towards a more dynamic and agile environment.

In a previous SecurityWeek column, I wrote about the security considerations for software defined networking (SDN). Whether or not SDN becomes the next evolution of networking, this new architecture clearly showcases the move towards a more dynamic and agile environment. In this constantly changing cloud environment, the most effective method to deploy network security will be via automation and orchestration systems and the ability to integrate these systems will become the key foundational feature for network security.

In a private cloud environment, applications and desktops are increasingly being virtualized at an unprecedented rate and scale. As the number of virtual machines (VMs) increases, automation and orchestration is no longer a “nice to have.” It has not only become increasingly complex to configure and manage multiple security devices, but also extremely inefficient and prone to error.

Next Big Thing

The ability to translate complex business and organization goals into a set of automated data center workflows is critical to not slowing down the application delivery process. It is also an essential part of making compliance and security requirements a lot easier to manage in a very dynamic environment. To fully realize the promise of private clouds or software defined data centers (as VMware defines it), the traditional IT infrastructure — in particular network security — needs to transform into agile and adaptive end-to-end automated processes.

Consider the process today — the VM IT administrator needs to deliver a particular application X. The actual application provisioning can be accomplished in minutes. However, the security implications of delivering this application will extend the process significantly. First, of course, the VM administrator will need to go through the chains of approval to ensure the application is allowed. From a networking perspective, there may be specific policies that dictate which virtual LANs (VLANs) the application needs to be placed in. Then, the appropriate security policies will need to be added or modified on a variety of network (switch ACLs) or network security appliances (firewall policies) that are in the traffic flow.

The Trinity of Automation and Orchestration

The above process may become more efficient with software defined networking, but there are still three elements at play every time an application is delivered – virtualization, networking and security. In order to unlock the benefits of cloud computing, lower costs and accelerate IT agility, enterprises need a way to rapidly deploy relevant network security services in lock step with the fluid virtual compute layer, with full automation and orchestration among virtualization, networking and security elements.

This requires a systems approach when thinking about network security. The delivery of an application can trigger a cascading series of actions to ensure that the application is delivered efficiently and in compliance with any regulatory requirements.

This also requires more efficient context sharing among three very diverse elements. For example, when a VM is instantiated or moved, one must consider how to share this specific action or the information about the application running on the virtual machine with other management systems. At the same time, while context sharing and automating the process of security insertion in the data center workflow is important, it’s equally important for the security IT administrator to maintain independent security policy creation.

It’s about the Applications

And of course, it’s all about the applications. Cloud is about the ability to deliver applications more efficiently. We’ve abstracted the physical server hardware from the applications itself via server virtualization. Therefore, network security policies need to consider this problem from an application-centric view. Next-generation firewalls (NGFWs) now provide the ability to implement policies based on applications, users and content, and they can provide the appropriate hooks for automation and orchestration solutions. However, extending further on this concept, there is a need to have more application specific contexts such as application containers within security policies instead of having to map them to more traditional networking concepts like IP addresses and fully qualified domain name (FQDN).


CogsOne of the considerations in an automated and orchestrated cloud environment is the impact of compliance. In a very dynamic environment, when the configuration of applications, networking and network security are changing, how do you ensure that compliance regulations continue to be met? I believe the automation and orchestration flows actually assist in this regard, but the critical factor will be the understanding of how the various components work and the appropriate actions that are triggered.

I’ve used an analogy of cog wheels or gears working in tandem to describe this concept in the past. The ability to engineer and understand all the gears of the ecosystem, and the impact of every action will be required to ensure compliance requirements are being met.

The Next Big Thing Is…

In summary, the next big thing for network security is automation and orchestration. It may not be sexy, but it will become the key enabler to truly realize the vision of your next-generation data center.

Related Reading: It’s All About the Applications

Related Reading: Network Security Considerations for SDN

Related Reading: Making Systems More Independent from the Human Factor

Related Reading: Software Defined Networking – A New Network Weakness?

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...