Next Generation Network Security using Software-Defined Networking

State of Network Security Fixed-function hardware at network perimeter Intranet Internet

Traditional Network Security is Broken! Attacks growing in scale, diversity, and sophistication! Internet Intranet Current trajectory is impractical  Cost, management complexity, user pain

Our vision: “Software-Defined” network security Flexible , in-depth, progammable defenses! Network Orchestration Layer Admin High level security policy intents Programmable centralized management Flexible “software” network appliances Fixed-function hardware at network perimeter Intranet Internet

Key Technical Challenges Management complexity Scalability Resource management Resilient to “smart” attackers

Two concrete use cases Precise Security Instrumentation for Enterprise Networks Flexible and Elastic DDoS Defense as a Network Service