Andrea Danti - Fotolia

Security company uses SDN framework to fight DDoS attacks

Cybersecurity company Nexusguard said it implemented SDN technology to fight large DDoS attacks -- automating routing decisions and scaling network resources.

With the size of the average distributed denial-of-service attack increasing, cybersecurity company Nexusguard Ltd. said it will use SDN technology to better mitigate massive DDoS traffic bursts. The company recently began using an SDN framework to support policy-based routing automation -- maximizing the use of available network resources that can be brought to bear during attacks.

Bill Barry, executive vice president at Nexusguard, based in San Francisco, said the company began looking at automation as a way to provide large-scale DDoS mitigation capabilities to service providers.

"We saw that there is a need to automate and simplify [the routing] process in order for us to scale," Barry said.

Nexusguard's service is based on AuSM, a proprietary SDN framework from San Francisco-based network design company Serro. An SDN framework corrals all of a network's hardware and software resources, integrating them into a cohesive platform via APIs. AuSM powers Nexusguard's automated intelligence (AI) tool to intelligently and dynamically route DDoS traffic among nine global scrubbing centers -- ensuring the network absorbs attack traffic as efficiently as possible.

Ed Lombera, vice president of engineering at Serro, said the AuSM SDN framework, working with Nexusguard AI, takes information from the network -- such as prescribed business policies and current network conditions -- and automatically translates it into router and switch configurations.

"When denial-of-service attacks occur, the system updates the software to [say]: 'Hey, we need to identify some data, move it around, move [it] across certain Internet service providers to either avoid [bandwidth] overages or to better meet our commitments,'" he said.  

Previously, Nexusguard relied on manual traffic handling. To absorb traffic from large or concurrent DDoS attacks, the company simply overbought network capacity, or paid overusage fees -- which were nearing half a million dollars per year, on average, according to Barry.

"Internally, I think a [major] driving factor on why we went forward with this project -- on top of delivering better service for our customers -- is the cost [savings]," he said.

Lombera estimated the AuSM SDN framework will pay for itself within its first year of operation.

While Nexusguard heralds its new DDoS mitigation approach as the first to enable automated route engineering, other cybersecurity companies also offer SDN-powered products and services for DDoS mitigation. Radware, for example, uses SDN technology to monitor and filter network traffic.

I think it's another example of evolving [SDN] use cases.
Lee Doyleprincipal analyst at Doyle Research

Lee Doyle, principal analyst at Doyle Research in Wellesley, Mass., said Nexusguard's use of SDN amounts to traffic-steering -- similar to SD-WAN implementations in branch networks, but for the purpose of DDoS attack mitigation.

"I think it's another example of evolving [SDN] use cases," Doyle said.

Implementations of SDN for security purposes can be a double-edged sword. Controllers and data plane devices are particularly vulnerable, and underlying virtualization systems are also at risk for hackers. But SDN's ability to dynamically reconfigure a network in the face of a network attack holds broad appeal as well.

Nexusguard began implementing the AuSM SDN framework across its scrubbing center network infrastructure last year. Barry said it will be live in all nine centers by the end of 2016.

Next Steps

SDN may hold key to more secure networks

SDN poses security risks

How SDN can mitigate network attacks

Dig Deeper on Network infrastructure

Unified Communications
Mobile Computing
Data Center