Is Software Defined Protection the New Software Defined Networking?

Software Defined Networking (SDN) is the latest buzz term to take over the networking world – and is not to be overlooked. With the goal of automating network infrastructure functions that used to be fixed or manual, the aim is to take complex configuration tasks and make them programmable. When implemented correctly, it should make deployment of networking services much faster, smoother, and more predictable.

We believe the same thing about security, so we created Software-defined Protection (SDP). Essentially, SDP is the least complex way of looking at security and programming it to protect your network. It is modular, agile and most importantly, SECURE. It builds on concepts those of us who have been in Information Security have known for years, while taking into account the realities of today’s complex, distributed networks that increasingly lack traditional boundaries.

Here is a challenge most companies do not think about until they face it: How do you keep up on the latest threats without employing a bunch of security administrators to follow up manually on thousands of advisories and recommendations? Worse, how do you integrate all of those different security protections into your larger IT environment? It sneaks up on you before you know it, and here is how:

  • You need to employ people in multiple cities, and before you know it your business grows past your headquarters as you open a series of branch offices. How do you secure them all?
  • To make your field sales team effective, they need their cell phones, laptops and tablets to access the network 24/7, and you have them using a cloud-based CRM or ERP system.
  • You piece together getting everything set up the first time, but how do you ensure you keep everything up to update with patches and advisories on each piece of software they use?

In the end, it is all about modularity. Most companies claim they provide modularity, but never really deliver because they did not construct their underlying architecture that way. Check Point’s SDP architecture partitions the security infrastructure into three interconnected layers:

  • An Enforcement Layer that is based on physical and virtual security enforcement points and that segments the network, as well as executes the protection logic in high-demand environments.
  • A Control Layer that analyzes different sources of threat information and generates protections and policies executed by the Enforcement Layer.
  • A Management Layer that orchestrates the infrastructure and brings the highest degree of agility to the entire architecture.

Each layer focuses on its individual job. The Enforcement Layer executes policy from the Control Layer, which takes its inputs from the Management Layer. The updates are seamless, based on how you have set up the Management Layer configuration. This Management Layer provides a stable operational framework and incident insight/prevention for the continually changing threat landscape.

SDN will automate networking functions. SDP automates security functions. Both are the future. Find out what you are missing on Software Defined Protection.