Ashraf Sheet, regional director, Middle East and Africa, Infoblox, discusses the importance of network visibility and control, and the future of connectivity.
Why is network visibility and control very important for enterprises?
In today’s digital world, billions of devices connected to applications, digital transactions, and communications are exploding – and the paradigms of how people conduct business are changing. This hyper-connected world gives rise to new vulnerabilities and endless complexity that is expensive to manage and challenging to secure. In this volatile environment, network visibility is vitally important. If you can’t see what’s on your network, you can’t control it and that makes your organisation vulnerable. You need a way to control and automate error-prone processes. You need to ensure network and service availability, manage risk, improve operational efficiencies and unlock meaningful insights to transform your network into a competitive advantage.
The path to accomplish that is through solutions that provide automation, scale, redundant architecture, visibility across diverse infrastructures and context-aware security. The need for these comprehensive solutions with complete end-to-end visibility across network infrastructure and end-hosts has grown exponentially because of emerging drivers like virtualisation, cloud, IPv6 adoption, BYOD, Internet of Things (IoT) and risks imposed by cyber threats.
Can network automation speed up deployments and improve security?
Absolutely! These days, networks must support an escalating number of on-demand applications and split-second response times. As a result, network infrastructures are becoming more complex. It’s composed of diverse, often siloed, multi-vendor infrastructure, including mobile devices at the edge and data centre infrastructure. To make everything run smoothly, network engineers likely rely on manual processes and poorly integrated solutions. These approaches hinder agility, do not provide complete visibility, and are not scalable. They make it increasingly difficult to meet the increasing demands for service delivery and reliability that the enterprise and its customers require. What’s needed is a network automation solution, like Infoblox NetMRI for example, that helps organisations gain control over its highly complex network infrastructure – one that simplifies and automates management of multi-vendor environments and enforces best practices, compliance mandates, and security policies.
Data breaches and other cyber-attacks can cost organisations dearly in lost revenue, diminished profits, and damage to the brand. With a good network automation solution, the network automatically defends against evolving attacks, identifies problems before they arise, speeds remediation, and lowers costs.
What will be the impact of SDN and NFV on DDI?
With more network functionality being managed by software than ever before come some unique considerations around security, particularly when an organisation moves its Domain Name System (DNS) infrastructure to an NFV implementation.
Planning such a transition requires extra thought to be given around the protection in place. Network resources can be quickly overwhelmed by a DNS-based DDoS attack which, by generating too many resolution requests for the DNS system to handle, will prevent legitimate requests from being resolved and effectively shut down the network.
Individual VMs will be attacked using tunnelling techniques, which encrypt and exfiltrate information through channels not normally analysed by traditional security software.
Furthermore, VMs, in common with physical hardware, are susceptible to infection by malware. If a machine isn’t quarantined quickly enough after becoming infected, the damage can rapidly spread, disrupting the functionality of other machines throughout the network from within.
Such examples illustrate why DNS-based security needs additional attention, and why monitoring the virtualised environment requires a different approach to that used in traditional network security.
Rather than being bolted on, DNS security needs to be built into the NFV and SDN architecture. The integration of DNS-specific protection will help minimise any gaps in coverage that may be overlooked by add-on solutions and exploited by attackers.
The elastic scalability function in the Infoblox solution enables automatic instantiation of additional secure DNS virtual machines upon detection of an overload condition or sudden spike in DNS traffic.
The Infoblox Virtual Secure DNS solution also provides the rapid provisioning and orchestration integration needed for NFV and SDN environments.
NFV is emerging as the next stage in creating highly dynamic, automated networks. But, as technology continues to evolve, so the DDI infrastructure must evolve with it, managing the risks while reaping the rewards.
Is there anything you offer currently to ease the move to IPv6 in this region?
The transition to IPv6 is happening at the precise moment when networks are going through extraordinary changes – virtualisation and containerisation, XaaS, next-generation hyper-scale data centre, and the Internet of Things (IoT) can unlock unprecedented value for the enterprise. An IPv6 migration is imminent. However, to take full advantage of these technologies requires a dedicated IPv6 practice and specialised tool sets that most IT organisations lack. Further, as Gartner says, organisations undertaking a large-scale IPv6 deployment are likely to need a DDI platform (DNS, DHCP, and IP Address Management) which is where Infoblox can help. We’ve taken our extensive experience in DDI technology to create an industry first Actionable Network Intelligence Platform. Infoblox Actionable Network Intelligence empowers your organisation to implement a rigorous IPv6 practice with an ideal mix of capabilities, tools, and actionable insights.