SlideShare a Scribd company logo

Inherent Security Design Patterns for SDN/NFV Deployments

OPNFV, profile picture
OPNFV

The document discusses the inherent security design patterns for Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) deployments, emphasizing the need for security measures that evolve with technology. It highlights the importance of a zero-trust security model, manual deployment challenges, and strategies to protect against cyber attacks throughout their lifecycle. Ultimately, it asserts that security can now be integrated into NFV infrastructure, making it a scalable resource for application workloads.

Technology
1 of 11
Downloaded 48 times
1
2
3
4
5
6
7
8
9
10
11
Inherent Security Design Patterns for SDN/NFV Deployments John McDowall Palo Alto Networks
Drivers for Consumers and Providers of Cloud/NFV Automa'on   Minimize    OPEX  &  CAPEX   Dynamic   Resources   Self-­‐Service   Portals   Scalability   Agility  Producers Consumers Make security easy-to-deploy by consumers No Bottlenecks Need well-defined security posture New   Business     Models  
“….if  innova+on  doesn’t  get  ahead  of  the   hackers,  we  will  likely  see  roadblocks  to   rolling  out  new  SDx  applica+ons  ….        ….  because  of  the  fear  that  SDx   Infrastructure  cannot  protect  against  and   contain  new  aAacks.  “     SDxCentral SDx Infrastructure Security Report 2015 Edition
Key Security Perspectives The security perimeter no longer exists. Understanding the Cyber Attack Pattern Lifecycle How do we prevent attacks with SDN/NFV ?
Preventing Across the Cyber Attack* Life Cycle Unauthorized Access Unauthorized Use Gather Intelligence Leverage Exploit Execute Malware Command & Control Actions on the objective Reconnaissance Weaponization & Delivery Malware Communicates with Attacker Exploitation Data Theft, Sabotage, Destruction * Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains Eric M. Hutchins, Michael J. Cloppert, Rohan M. Amin, Ph.D. Lockheed Martin Corporation Breach  the  Perimeter  1 Deliver  the  Malware  2 Exfiltrate  Data  4Lateral  Movement  3
Security Challenges with NFV Manual   Deployments     Slow  and  error-­‐ prone  processes  to   enable  security   Transient   Workloads     Workload  lifespan   is  in  hours,  days  or   weeks   Sta'c   Remedia'on     Lack  of  dynamic   remediaCon   measures   Malware     30,000     new  malware  /day  
Security Design Patterns for NFV
Applying Zero Trust* to NFV FoundationalSecurity DesignPattern * No More Chewy Centers: The Zero Trust Model of Information Security John Kindervag, Forester Research, 2014 Verify  and   Never  Trust   Inspect  and   Log  all  Traffic   Design   Network   Inside-­‐Out   Predefine: •  User-Access Controls •  Layer-7 Interactions Build: •  Security Compliance •  Auditable Entities Enable: •  Fine grained kill switch •  Real-time Security Updates
Foundation Security Blueprint FoundationalSecurity DesignPattern •  Define  allowable   interacCons   •  Add  applicaCon   security  paOern   •  Sign-­‐off  by  security   team   •  Deploy  zero-­‐trust   applicaCon  security   paOern.   •  Merge   parameterized   paOern  with  tenant   instance   •  Deny-­‐All  to  Only-­‐ Allowed   •  Real-­‐Cme  InspecCon   •  Update  threat   paOerns,  sigs  et  al   •  Disrupt  and/or   block  cyber   aOacks   •  Archive  logs  &   policies   •  Perform  forensics   •  Generate  report   Prepare   Deploy   Update   Remove   1 2 3 4 Virtual Function Security Model Virtual Function
Implementation of Foundation Security Pattern SecureEncapsulation DesignPattern Enforce zero-trust model – block all traffic until policy is applied. Security   Enforcement   Point   VM-­‐A   Security   Enforcement   Point   VM-­‐A   Security   Enforcement   Point   VM-­‐A   Security   Enforcement   Point   VM-­‐A   1 Security Controller Get signed “security pattern” from VM deployment Descriptor and deploy with application. 2 Get VNI/Tenant ID for instance mapping bridge vxlan nic Apply policy/tenant based on tenant ID and application security pattern retrieved from deployment. 4 3 v-­‐wire  v-wire NFV deployed security enforcement point. 1 Data  link   Control  link   v-­‐wire  
Summary •  Security was one on the biggest impediments to deployment of NFV. •  Leveraging NFV to define a foundational pattern to protect application workloads. •  Application Security patterns can now be applied to the foundational pattern to implement security from the inside out •  Security is now a resource that scales with your NFV infra-structure. 11

More Related Content

PDF
'Moon' Security Management System for OPNFV
OPNFV
 
PPTX
Security at the Speed of the Network
Hantzley Tauckoor
 
PDF
Virtual Networking Security - Network Security
Eng Teong Cheah
 
PDF
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Winston Morton
 
PDF
VMUGIT UC 2013 - 03b Trend Micro
VMUG IT
 
PDF
Node JS reverse shell
Madhu Akula
 
KEY
mod_security introduction at study2study #3
Naoya Nakazawa
 
PPT
NFV Security PPT
Nisarg Shah
 
'Moon' Security Management System for OPNFV
OPNFV
 
Security at the Speed of the Network
Hantzley Tauckoor
 
Virtual Networking Security - Network Security
Eng Teong Cheah
 
Network Function Virtualization - Security Best Practices AtlSecCon 2015
Winston Morton
 
VMUGIT UC 2013 - 03b Trend Micro
VMUG IT
 
Node JS reverse shell
Madhu Akula
 
mod_security introduction at study2study #3
Naoya Nakazawa
 
NFV Security PPT
Nisarg Shah
 

What's hot (20)

PDF
Mod Security
Abhishek Singh
 
PDF
Cisco amp for meraki
Cisco Canada
 
PDF
Cisco umbrella overview
Cisco Canada
 
ODP
Web Application Firewall
Chandrapal Badshah
 
PPTX
Equifax cyber attack contained by containers
Aqua Security
 
PPTX
TechWiseTV Workshop: OpenDNS and AnyConnect
Robb Boyd
 
PDF
Cloud Native Security: New Approach for a New Reality
Carlos Andrés García
 
PPTX
Pxosys Webinar Amplify your Security
🏆Ruben Cocheno💭
 
PDF
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld
 
PDF
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Marco Balduzzi
 
PDF
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
PDF
Хакеро-машинный интерфейс
Positive Hack Days
 
PDF
Introduction to Mod security session April 2016
Rahul
 
PDF
VMworld 2013: Security Automation Workflows with NSX
VMworld
 
PDF
ASA Firepower NGFW Update and Deployment Scenarios
Cisco Canada
 
PDF
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Alert Logic
 
PDF
Hacking IoT with EXPLIoT Framework
Priyanka Aash
 
PPTX
Preventing Today's Malware
David Perkins
 
PPTX
How to Test High-Performance Next-Generation Firewalls
Ixia
 
PPTX
Sourcefire Webinar - NEW GENERATION IPS
mmiznoni
 
Mod Security
Abhishek Singh
 
Cisco amp for meraki
Cisco Canada
 
Cisco umbrella overview
Cisco Canada
 
Web Application Firewall
Chandrapal Badshah
 
Equifax cyber attack contained by containers
Aqua Security
 
TechWiseTV Workshop: OpenDNS and AnyConnect
Robb Boyd
 
Cloud Native Security: New Approach for a New Reality
Carlos Andrés García
 
Pxosys Webinar Amplify your Security
🏆Ruben Cocheno💭
 
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
Marco Balduzzi
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Lancope, Inc.
 
Хакеро-машинный интерфейс
Positive Hack Days
 
Introduction to Mod security session April 2016
Rahul
 
VMworld 2013: Security Automation Workflows with NSX
VMworld
 
ASA Firepower NGFW Update and Deployment Scenarios
Cisco Canada
 
Css sf azure_8-9-17 - 5_ways to_optimize_your_azure_infrastructure_thayer gla...
Alert Logic
 
Hacking IoT with EXPLIoT Framework
Priyanka Aash
 
Preventing Today's Malware
David Perkins
 
How to Test High-Performance Next-Generation Firewalls
Ixia
 
Sourcefire Webinar - NEW GENERATION IPS
mmiznoni
 
Ad

Viewers also liked (12)

PPTX
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
PLUMgrid
 
PDF
Open Source Means Upstream First
OPNFV
 
PDF
Nuts & Bolts of the Dynamic Attack Chain
IBM Security
 
PPTX
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
Luigi Delgrosso
 
PPTX
Crack the Code
InnoTech
 
PPTX
InduSoft System security webinar 2012
AVEVA
 
PPTX
Amien Harisen - APT1 Attack
Indonesia Honeynet Chapter
 
PPTX
Security best practices
AVEVA
 
PDF
The Anatomy of a Data Breach
David Hunt
 
PDF
Openstack meetup: NFV and Openstack
Marie-Paule Odini
 
PPTX
Nfv
Ahmad Hijazi
 
PPTX
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Knowledge Group
 
See Your OpenStack Network Like Never Before with Real-time Visibility and Mo...
PLUMgrid
 
Open Source Means Upstream First
OPNFV
 
Nuts & Bolts of the Dynamic Attack Chain
IBM Security
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
Luigi Delgrosso
 
Crack the Code
InnoTech
 
InduSoft System security webinar 2012
AVEVA
 
Amien Harisen - APT1 Attack
Indonesia Honeynet Chapter
 
Security best practices
AVEVA
 
The Anatomy of a Data Breach
David Hunt
 
Openstack meetup: NFV and Openstack
Marie-Paule Odini
 
Nfv
Ahmad Hijazi
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Knowledge Group
 
Ad

Similar to Inherent Security Design Patterns for SDN/NFV Deployments (20)

PPTX
Web Application Security for Continuous Delivery Pipelines
Avi Networks
 
PPTX
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Scalar Decisions
 
PDF
Azure 101: Shared responsibility in the Azure Cloud
Paulo Renato
 
PPTX
Rik Ferguson
CloudExpoEurope
 
PPTX
.conf Go Zurich 2022 - Security Session
Splunk
 
PDF
Resume | Vijay Navgire
Vijay Νavgire
 
PDF
AWS live hack: Atlassian + Snyk OSS on AWS
Eric Smalling
 
PDF
Crush Cloud Complexity, Simplify Security - Shield X
Prime Infoserv
 
PPT
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
PPTX
CSS 17: NYC - Realities of Security in the Cloud
Alert Logic
 
PPTX
Managed security services
manoharparakh
 
PDF
Protecting microservices using secure design patterns 1.0
Trupti Shiralkar, CISSP
 
PDF
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld
 
PPTX
CSS17: Atlanta - Realities of Security in the Cloud
Alert Logic
 
PDF
Cloudflare_Everywhere_Security_Solution_Brief (1).pdf
petchphumsanit40
 
PPTX
CSO CXO Series Breakfast
CSO_Presentations
 
PPTX
chapitre1-cloud security basics-23 (1).pptx
GhofraneFerchichi2
 
PDF
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec
 
PPTX
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Ryan Hodgin
 
PDF
Data Center Server security
xband
 
Web Application Security for Continuous Delivery Pipelines
Avi Networks
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Scalar Decisions
 
Azure 101: Shared responsibility in the Azure Cloud
Paulo Renato
 
Rik Ferguson
CloudExpoEurope
 
.conf Go Zurich 2022 - Security Session
Splunk
 
Resume | Vijay Navgire
Vijay Νavgire
 
AWS live hack: Atlassian + Snyk OSS on AWS
Eric Smalling
 
Crush Cloud Complexity, Simplify Security - Shield X
Prime Infoserv
 
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
CSS 17: NYC - Realities of Security in the Cloud
Alert Logic
 
Managed security services
manoharparakh
 
Protecting microservices using secure design patterns 1.0
Trupti Shiralkar, CISSP
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld
 
CSS17: Atlanta - Realities of Security in the Cloud
Alert Logic
 
Cloudflare_Everywhere_Security_Solution_Brief (1).pdf
petchphumsanit40
 
CSO CXO Series Breakfast
CSO_Presentations
 
chapitre1-cloud security basics-23 (1).pptx
GhofraneFerchichi2
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Ryan Hodgin
 
Data Center Server security
xband
 

More from OPNFV (20)

PPTX
How to Reuse OPNFV Testing Components in Telco Validation Chain
OPNFV
 
PPTX
Energy Audit aaS with OPNFV
OPNFV
 
PPTX
Hands-On Testing: How to Integrate Tests in OPNFV
OPNFV
 
PDF
Storage Performance Indicators - Powered by StorPerf and QTIP
OPNFV
 
PDF
Big Data for Testing - Heading for Post Process and Analytics
OPNFV
 
PPTX
Testing, CI Gating & Community Fast Feedback: The Challenge of Integration Pr...
OPNFV
 
ODP
How Many Ohs? (An Integration Guide to Apex & Triple-o)
OPNFV
 
PPTX
Being Brave: Deploying OpenStack from Master
OPNFV
 
PPTX
Upstream Testing Collaboration
OPNFV
 
PDF
Enabling Carrier-Grade Availability Within a Cloud Infrastructure
OPNFV
 
PDF
Learnings From the First Year of the OPNFV Internship Program
OPNFV
 
PDF
OPNFV and OCP: Perfect Together
OPNFV
 
PDF
The Return of QTIP, from Brahmaputra to Danube
OPNFV
 
PDF
Improving POD Usage in Labs, CI and Testing
OPNFV
 
PDF
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
OPNFV
 
PDF
Distributed vnf management architecture and use-cases
OPNFV
 
PDF
Software-defined migration how to migrate bunch of v-ms and volumes within a...
OPNFV
 
PDF
Securing your nfv and sdn integrated open stack cloud- challenges, use-cases ...
OPNFV
 
PDF
My network functions are virtualized, but are they cloud-ready
OPNFV
 
PDF
Challenge in asia region connecting each testbed and poc of distributed nfv ...
OPNFV
 
How to Reuse OPNFV Testing Components in Telco Validation Chain
OPNFV
 
Energy Audit aaS with OPNFV
OPNFV
 
Hands-On Testing: How to Integrate Tests in OPNFV
OPNFV
 
Storage Performance Indicators - Powered by StorPerf and QTIP
OPNFV
 
Big Data for Testing - Heading for Post Process and Analytics
OPNFV
 
Testing, CI Gating & Community Fast Feedback: The Challenge of Integration Pr...
OPNFV
 
How Many Ohs? (An Integration Guide to Apex & Triple-o)
OPNFV
 
Being Brave: Deploying OpenStack from Master
OPNFV
 
Upstream Testing Collaboration
OPNFV
 
Enabling Carrier-Grade Availability Within a Cloud Infrastructure
OPNFV
 
Learnings From the First Year of the OPNFV Internship Program
OPNFV
 
OPNFV and OCP: Perfect Together
OPNFV
 
The Return of QTIP, from Brahmaputra to Danube
OPNFV
 
Improving POD Usage in Labs, CI and Testing
OPNFV
 
Run OPNFV Danube on ODCC Scorpio Multi-node Server - Open Software on Open Ha...
OPNFV
 
Distributed vnf management architecture and use-cases
OPNFV
 
Software-defined migration how to migrate bunch of v-ms and volumes within a...
OPNFV
 
Securing your nfv and sdn integrated open stack cloud- challenges, use-cases ...
OPNFV
 
My network functions are virtualized, but are they cloud-ready
OPNFV
 
Challenge in asia region connecting each testbed and poc of distributed nfv ...
OPNFV
 

Recently uploaded (20)

PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Approach and Philosophy of On baking technology
30anthuong17
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
A Presentation on Artificial Intelligence
memembruh336
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Cloud computing and distributed systems.
kkkkkhan
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 

Inherent Security Design Patterns for SDN/NFV Deployments

  • 1. Inherent Security Design Patterns for SDN/NFV Deployments John McDowall Palo Alto Networks
  • 2. Drivers for Consumers and Providers of Cloud/NFV Automa'on   Minimize    OPEX  &  CAPEX   Dynamic   Resources   Self-­‐Service   Portals   Scalability   Agility  Producers Consumers Make security easy-to-deploy by consumers No Bottlenecks Need well-defined security posture New   Business     Models  
  • 3. “….if  innova+on  doesn’t  get  ahead  of  the   hackers,  we  will  likely  see  roadblocks  to   rolling  out  new  SDx  applica+ons  ….        ….  because  of  the  fear  that  SDx   Infrastructure  cannot  protect  against  and   contain  new  aAacks.  “     SDxCentral SDx Infrastructure Security Report 2015 Edition
  • 4. Key Security Perspectives The security perimeter no longer exists. Understanding the Cyber Attack Pattern Lifecycle How do we prevent attacks with SDN/NFV ?
  • 5. Preventing Across the Cyber Attack* Life Cycle Unauthorized Access Unauthorized Use Gather Intelligence Leverage Exploit Execute Malware Command & Control Actions on the objective Reconnaissance Weaponization & Delivery Malware Communicates with Attacker Exploitation Data Theft, Sabotage, Destruction * Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains Eric M. Hutchins, Michael J. Cloppert, Rohan M. Amin, Ph.D. Lockheed Martin Corporation Breach  the  Perimeter  1 Deliver  the  Malware  2 Exfiltrate  Data  4Lateral  Movement  3
  • 6. Security Challenges with NFV Manual   Deployments     Slow  and  error-­‐ prone  processes  to   enable  security   Transient   Workloads     Workload  lifespan   is  in  hours,  days  or   weeks   Sta'c   Remedia'on     Lack  of  dynamic   remediaCon   measures   Malware     30,000     new  malware  /day  
  • 8. Applying Zero Trust* to NFV FoundationalSecurity DesignPattern * No More Chewy Centers: The Zero Trust Model of Information Security John Kindervag, Forester Research, 2014 Verify  and   Never  Trust   Inspect  and   Log  all  Traffic   Design   Network   Inside-­‐Out   Predefine: •  User-Access Controls •  Layer-7 Interactions Build: •  Security Compliance •  Auditable Entities Enable: •  Fine grained kill switch •  Real-time Security Updates
  • 9. Foundation Security Blueprint FoundationalSecurity DesignPattern •  Define  allowable   interacCons   •  Add  applicaCon   security  paOern   •  Sign-­‐off  by  security   team   •  Deploy  zero-­‐trust   applicaCon  security   paOern.   •  Merge   parameterized   paOern  with  tenant   instance   •  Deny-­‐All  to  Only-­‐ Allowed   •  Real-­‐Cme  InspecCon   •  Update  threat   paOerns,  sigs  et  al   •  Disrupt  and/or   block  cyber   aOacks   •  Archive  logs  &   policies   •  Perform  forensics   •  Generate  report   Prepare   Deploy   Update   Remove   1 2 3 4 Virtual Function Security Model Virtual Function
  • 10. Implementation of Foundation Security Pattern SecureEncapsulation DesignPattern Enforce zero-trust model – block all traffic until policy is applied. Security   Enforcement   Point   VM-­‐A   Security   Enforcement   Point   VM-­‐A   Security   Enforcement   Point   VM-­‐A   Security   Enforcement   Point   VM-­‐A   1 Security Controller Get signed “security pattern” from VM deployment Descriptor and deploy with application. 2 Get VNI/Tenant ID for instance mapping bridge vxlan nic Apply policy/tenant based on tenant ID and application security pattern retrieved from deployment. 4 3 v-­‐wire  v-wire NFV deployed security enforcement point. 1 Data  link   Control  link   v-­‐wire  
  • 11. Summary •  Security was one on the biggest impediments to deployment of NFV. •  Leveraging NFV to define a foundational pattern to protect application workloads. •  Application Security patterns can now be applied to the foundational pattern to implement security from the inside out •  Security is now a resource that scales with your NFV infra-structure. 11