A New Dynamic Security Model for NFV and SDN

By Mike Miracle

So what is up with BlackRidge and Network Function Virtualization (NFV) and Software Defined Networking (SDN)? We recently participated in the announcement of the Ciena Agility Matrix NFV solution for service providers and their enterprise customers. The Ciena solution includes their NFV platform and an on-line marketplace for purchasing and deploying VNFs (Virtual Network Functions). BlackRidge is providing our identity-based network security solution,Transport Access Control (TAC), as a VNF that runs on the Ciena NFV infrastructure.

To digress a bit, NFV is the process of taking the network functions on a service provider’s core network and running them in a fully virtualized environment, and a VNF refers to a specific vendor’s product. The goal is for service providers (the telecom operators) to gain similar economics and business agility that enterprise IT and cloud service providers are achieving from virtualization. This also enables service providers to deliver new data center services to enterprises. Related to NFV is SDN which is an architecture that decouples the network control and forwarding functions.

What the Ciena collaboration provides BlackRidge is a new distribution channel to telecom and managed service providers through Ciena for our virtual appliance running on the NFV infrastructure. This expands our immediate market reach and ensures that we participate in the market shift of how telecommunication companies are delivering new services to enterprises, including on-demand consumption models.

NFV deployments are an ideal time to implement a new security model that is independent of network design and that greatly increases the network security posture for both the service provider and their enterprise customers. BlackRidge TAC provides a high throughput, low latency, and cost effective trust model that is cryptographically secure but computationally efficient, topology independent and backwards compatible with the Internet.

You can learn more about this in John Hayes’ guest blog for Ciena:
A New Dynamic Security Model for NFV Enabled Environments.

We are excited to be collaborating with Ciena to provide our game changing and military grade security protection to communications service providers. BlackRidge TAC can also be deployed in existing network environments, and we have also demonstrated with Ciena the ability to secure SDN by cloaking control plane communications.

Initially developed to cloak servers on the battlefield, our patented Transport Access Control applies existing identity in real-time across internal and external network boundaries before a network session is established to:

  • Cloak and protect resources from unidentified and unauthorized users
  • Stop cyber-attacks by blocking network scanning, reconnaissance, and lateral spreading
  • Segment and isolate resources and stop data exfiltration

All designed to reduce risk, simplify compliance and increase operational efficiencies by blocking anonymous and unauthorized traffic before your security defenses engage at the application layer.