Virtualization Technology News and Information
128 Technology 2018 Predictions: Routers Get Session Smart

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Patrick MeLampy, COO and co-founder, 128 Technology

Routers Get Session Smart

Benjamin Franklin in 1789 said in part, "two things are certain in life, death and taxes." If he were alive today, he might add a third, "and data breaches."

I predict that the industry will recognize the inefficiency of the onerous corporate tunnel overhead tax. IPSEC VPNs and SD-WAN tunnel techniques currently have up to a 30 percent overhead. In 2018, corporations will begin to recognize they need to seek alternatives to tunneling and that bloating their wide area bandwidth by 30 percent will no longer be acceptable.

I also predict the death of anywhere-to-anywhere networking. The costs incurred by corporations when data is stolen is growing without bound and represents an unbounded risk going forward. The data thieves sneak past firewalls, and security apparatus that delay getting inside data networks, but once inside a network, there are no security capabilities to prevent data from being exfiltrated. Nearly all data thefts are cloaked in encryption. Data is trickled out disguised as legitimate protocols. This is all enabled by networks that route packets from anywhere-to-anywhere.

I also predict a dramatic increase in security events that occur laterally in data centers, i.e. security events where one data center cluster of servers is infiltrated by another. Data center services used to be separated by layer two techniques, but as data centers have scaled and replicated, many of the separation techniques have become soft-state or advisory separations such as MAC databases, VxLANs and VRFs. These segmentation techniques offer new vectors of attack with the physical switched infrastructure providing wide open highways to steal data. Application owners rely on the data center infrastructure to prevent lateral attacks with blind trust. In 2018, I predict this will change as more corporations begin demanding proof of security within data centers.

These predictions are related. If network routers were session smart, they would be able to route packets without tunnel overhead saving 30 percent of the bandwidth. If network routers were session smart, they would be able to understand the direction of traffic, and by extension detect exfiltration. Network routers that understand services could greatly reduce the surface area of attack. If network routers were session smart, they would be able to authenticate each and every session.

The future isn't about new network layers on top of old. It's about the old bottom layers becoming session smart.


About the Author

Patrick MeLampy 

Patrick MeLampy, one of the co-founders of 128 Technology, has served as the company's chief operating officer and director since the company's inception. With Andrew Ory, Patrick co-founded Acme Packet Inc. and served as its chief technology officer since August 2000. He served as vice president of engineering of Priority Call Management (PCM) since 1989. At PCM, Patrick developed and supported the company's network telecommunications products and grew the engineering team from two to 75 members. He has developed intellectual property portfolios at PCM, LHS, PCM, and Acme Packet. Patrick earned a B.S. degree in mechanical engineering from the University of Pittsburgh and an M.B.A. from Boston University.

Published Wednesday, November 01, 2017 7:41 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2017>