Problem Statement
Organizations are susceptible to security threats targeted at the weakest point in the systems which can be scaled east-west into the organization. This requires the cloud to have the capability to predict possible threats and seamlessly orchestrate policies to address them.
Proposed Solution
A controller placed in the SP cloud which performs deep packet inspection on the traffic. Since traffic inspection of packets is a memory overhead, the controller has ability to maintain a label for each packet class and use it to rule out overlapping inspections for subsequent packets. The controller logs threat data and provides input to the operator to design and insert security rules seamlessly. It provides capability to monitor the rate of traffic passing through the NFVs and provide clustering and load balancing capabilities. It also provides capability to spawn network functions on demand or modify the existing network functions based on refined security policies.
The key takeaways for cloud developers and designers are
- Different kinds of possible threats in a cloud environment.
- Implementation of Virtual Network Functions like ASA, WSA, CSR.
- Deep packet inspection and prediction algorithms.
- How to Clusterise NFVs and load balance traffic across them?
- How to design security rules based on zero trust policy?
- Insight into the seamless orchestration of NFVs