Israeli firm is key to securing future networks: expert

Israel’s Radware is playing a key role in securing the next generation of networks, according to the people who are building that next generation. Neela Jacques, executive director, OpenDaylight Project, says Radware has been a big help in securing OpenDaylight, a collaborative open source project hosted by The Linux Foundation to encourage more companies to use Software-Defined Networks (SDN).

“Security is a key driver for SDN, and Radware has been actively participating in the OpenDaylight community to enable its security technology to work with a wide range of environments,” Jacques said. “It is contributions like this that demonstrate how OpenDaylight is becoming the de facto standard platform for the industry. We applaud their efforts and look forward to their continued contribution to the community.”

As more network traffic is off-loaded to the cloud, networks get more clogged with data, compromising bandwidth and server space. New ways of handling high volumes of traffic are needed. Otherwise the daily steady increase in data flow might choke off the Internet and secure cloud networks altogether. In response, networking firms have developed Software-Defined Networks (SDN) and Network Function Virtualization (NFV) systems, which let administrators use software to direct network traffic, overriding the hardware configuration when necessary.

OpenDaylight is a consortium of over 40 companies (including Cisco, Intel, Microsoft, HP, IBM, Citrix, and nearly every other big tech and networking company) working with the Linux Foundation to allow the different SDN solutions to co-ordinate their efforts, allowing plug-and-play protocols and functions that can be turned on and off when appropriate, depending on the customer and need. With support from nearly everyone in the IT industry, OpenDaylight’s networking management layer looks like a winner.

Developing new networking protocols is complicated work, and since OpenDaylight seeks to bring about a unified solution, it includes features and functions that will enable it to work with a large number of solutions. That’s the kind of thing hackers salivate over — the more features, the more chances to hijack one of those features for their nefarious purposes. In fact, SDN security has been a major concern in the networking press in recent months, with some experts saying that SDN controllers (the strategic software “brain” of the network) need better security.

In response, the Linux Foundation, which has taken upon itself development of an open-source SDN, has just released Helium, the second version of its open source SDN software stack. Helium is supposed to be better integrated with other components of the project, and features better security.

Linux itself is an open-source computer operating system set up as an alternative to the dominant Microsoft and Apple OS programs that run most computers in the world. It’s based on the premise that operating systems should be free and easy to use.

Radware developed Defense4All, an SDN application for Helium that provides DoS and DDoS (denial of service attack, in which hackers attempt to take down a server or network by overloading it with network traffic) protection. By integrating with the Helium SDN controller, Defense4All can work on all the SDN solutions, making it an all-around defense that diverts attacks on any of the systems to virtual “scrubbing centers,” where the threatening traffic harmlessly attacks dummy servers. Among its advantages, said David Aviv, vice president, advanced services for Radware, is the ability to detect DoS/DDoS attacks using behavioral analysis technology. Once an attack is detected, it programs the network to forward suspicious traffic flows to a DoS mitigation device.

“We are pleased to be part of OpenDaylight and are committed to strengthen this partnership by releasing new features for Defense4All that will further enhance this project,” says David Aviv, vice president, advanced services, Radware. “As security should be an integral part of the network services rather than being hosted by the network, operators can provision a DoS/DDoS protection service per virtual network segment or per customer, reducing both time and cost.”