SDN 4 S : Software Defined Networking for Security

Security Operations Centers (SOCs) rely on analysts to perform largely manual processes to carry out the various stages of the incident management lifecycle. These processes are time-intensive and typically require much context switching and hand-off between monitoring and operations analysts, introducing considerable delays into the resolution of incidents. With enterprise networks facing malware threats of increasing complexity and volume, this approach becomes unsustainable. It is crucial, therefore, to develop solutions that dependably automate and accelerate incident management tasks and only involve the limited pool of highly-trained and experienced analysts an organization can have at its disposal when truly necessary, where it matters. In this report we introduce SDN4S: a system and solution to minimize the time between incident detection and resolution by using automated countermeasures based on Software-Defined Networking (SDN). SDN4S creates incident-specific response workflows orchestrating actions and network-based countermeasures automatically upon receiving an alert, leading to faster and more predictable incident response. We describe the architecture and implementation of SDN4S, and report on the test deployment of the system on our research network. External Posting Date: January 23, 2017 [Fulltext] Internal Posting Date: January 23, 2017 [Fulltext]  Copyright 2017 Hewlett Packard Enterprise Development LP SDN4S: Software Defined Networking for Security Theo Koulouris, Marco Casassa-Mont Hewlett Packard Labs Hewlett Packard Enterprise