The rise of cloud-based computing as the enterprise sends data and the processing of it into the networks of cloud-service providers, whether they be platform-as-a-service, infrastructure-as-a-service and software-as-a-service, is also raising questions about the future of the firewall and IPS. Today, there's little cooperation with what you do in a service such as Amazon and what you do on premises, Young says. Today, the firewall and IPS largely remains on premise.
"It's a disruptive shift," acknowledges Toubba, but says Juniper believes software-based firewalling, among other security services, can be adapted to SDN and cloud technologies.
Simon Crosby, founder and CTO at start-up Bromium -- who was also founder and CTO at XenSource before it was acquired by Citrix -- scoffs at the idea that traditional firewalling and IPS (or "next-generation" anything) is the answer. He says public cloud technologies and OpenStack are among the forces pushing things to the breaking point.
The security industry is largely "bankrupt" and vendors "lie," Crosby declares, warning "anything that asserts it can detect an attacker is fatally flawed." He claim a better approach to virtual machine security is going to be done through CPU-based protection and "hardware isolation" that make use of built-in Intel and ARM chip security functions in a novel way. Bromium's vSentry virtualization security works like a VM within a VM to isolate and then "throw away" attack code targeting Windows.
Whether newer ideas such as these catch fire remains to be seen.
SDN, an upcoming technology, doesn't mean physical switches are going to go away, says Gartner's Young, noting this still immature form of networking will mean new ways to orchestrate applications and automate service chaining through controllers. The problem, however, is that it will certainly impact what is done with firewalls today and at this point there really doesn't appear to be a solid security model for SDN. "Current SDN security mechanisms are effectively non-existent," Young said.
Sign up for Computerworld eNewsletters.