Autonomous Networks Revolutionizing Network Security
Explore the future of network security with autonomous networks that operate with minimal human intervention, leveraging pillars like Intent-Based Networking, Zero-Trust Architecture, and eXplainable AI to enhance security and efficiency. Discover how these advanced networks can transform traditional network configurations into self-configuring and reconfiguring systems.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Zero-Trust Explainable Autonomous Networks Daniele CANAVESE (IRIT) Journ e Scientifique Annuelle du D fi Cl ICO Montpellier (France),July12, 2024
Network security: what kind of future? >current approach some tools for automatic network configuration, but high-level security engineering is manual >fact: networks are evolving, humans are not > new approach: autonomous networks run with minimal to no human intervention can configure and reconfigure themselves independently 2
Autonomous networks: pillars > Intent-Based Networking (IBN) intent: tell what the network must achieve, not how to do it example:connection between client ande-bank with high confidentiality human create intents, machines apply them > Zero-Trust Architecture (ZTA) perimeter defense:trustmyself,do not trust others perimeter-less defense (ZTA):do not trust anybody > eXplainable AI (XAI) why an AI system returned a result to build trust + compliance with some regulations (e.g., GDPR) 3
Architecture Python ASP intents configurationsystem (inject security) reaction system (keep system working) network to manage 4
How to go from this visitors guests local employees DNS server DHCP server Internet web server mail server DB server app server controllers remote employees 5
To this? FW VPN FW WAF security gateway local employees DHCP server DNS server security gateway web server mail server DHCP server DNS server 1 visitors 2 FW IPS security gateway DB server DHCP server DNS server Internet 3 FW FW IPS VPN security gateway guests security gateway DHCP server DNS server app server controllers DHCP server DNS server remote employees 0 4 6
Vanilla network visitors guests local employees DNS server DHCP server Internet web server mail server DB server app server controllers remote employees intents 7
Stage 1: zones (grouping network functions) visitors guests local employees DNS server DHCP server 0 1 Internet web server mail server DB server app server controllers 2 3 4 remote employees 8
Stage 1: zones (splitting infrastructure functions) security gateway local employees DHCP server DNS server security gateway web server mail server DHCP server DNS server 1 visitors 2 security gateway DB server DHCP server DNS server Internet 3 security gateway guests security gateway DHCP server DNS server app server controllers DHCP server DNS server remote employees 0 4 9
Stage 2: connectivity (intra-zone channels) security gateway local employees DHCP server DNS server security gateway web server mail server DHCP server DNS server 1 visitors 2 security gateway DB server DHCP server DNS server Internet 3 security gateway guests security gateway DHCP server DNS server app server controllers DHCP server DNS server remote employees 0 4 10
Stage 2: connectivity (inter-zone channels) security gateway local employees DHCP server DNS server security gateway web server mail server DHCP server DNS server 1 visitors 2 security gateway DB server DHCP server DNS server Internet 3 security gateway guests security gateway DHCP server DNS server app server controllers DHCP server DNS server remote employees 0 4 11
Stage 3: specialization FW VPN FW WAF security gateway local employees DHCP server DNS server security gateway web server mail server DHCP server DNS server 1 visitors 2 FW IPS security gateway DB server DHCP server DNS server Internet 3 FW FW IPS VPN security gateway guests security gateway DHCP server DNS server app server controllers DHCP server DNS server remote employees 0 4 12
Stage 4: configuration FW VPN FW WAF security gateway local employees DHCP server DNS server security gateway web server mail server DHCP server DNS server 1 visitors 2 FW IDS SDN security gateway DB server DHCP server DNS server Internet 3 FW FW IDS VPN security gateway guests security gateway DHCP server DNS server app server controllers DHCP server DNS server remote employees 0 4 13
Takeaways > networks are becomingtoobig and complexto be secured by hand > autonomousnetworks intent-based management: ease-of-use zero-trust architecture: security explainable AI: trust > future work finish the configuration system reaction system 14
