SafetyDetectives spoke with the Senior Director of Product Management at Spirent, Sashi Jeyaretnam, about the advantages of cloud-based networks, security challenges that occur when introducing new tech to the market, what tech trends will become mainstream in the coming years, and more.
Can you introduce yourself and talk about your role at Spirent?
My name is Sashi Jeyaretnam, and I’m a Senior Director of Product Management at Spirent. I lead the Application Performance and Network Security testing portfolio, which consists of hardware as well as virtual and container test solutions. I have over 20+ years of experience in networking and cybersecurity technologies. My niche has been in the test and measurement space, and I have had the opportunity to drive and introduce market-leading performance and cybersecurity test solutions for on-premise, cloud, and hybrid networks. I’m a strong advocate of the importance of taking a proactive and measured approach to mitigate cybersecurity and Quality of Experience (QoE) risks in any organizations’ network transformation programs and projects.
What are the main services that Spirent offers?
Spirent has a long heritage in providing test and measurement solutions for virtually all segments of the network communication market. We are leading the charge in many of the next major advancements in networking, ranging from high-speed Ethernet 800G, 5G, cloud-native and cybersecurity. On the cybersecurity front, Spirent offers testing solutions to validate the performance, scalability, and security effectiveness of heterogenous networks and security solutions like next-gen firewalls (NGFWs), intrusion prevention/detection systems (IPS/IDS), application delivery controllers (ADCs), software-defined wide area networks (SD-WAN), Secure Access Service Edge (SASE) and Zero-Trust Network Access (ZTNA) architectures.
Our flagship test solution CyberFlood, delivers a unified workflow, portable methodologies, and ease of deployment across all domains (on-prem, private cloud, public cloud and cloud-native/container), giving it a clear and proven advantage of being used throughout the network lifecycle – design, deployment, and on-going assurance.
In addition, we also offer a variety of managed test services delivered by certified, seasoned professionals. Our security consultants act as an extension of your in-house security team, proactively identifying vulnerabilities and mitigating risks. Augmenting security teams with experts in testing and security can help optimize staffing, supplement an organization’s internal expertise, and facilitate compliance through independent third-party testing and reporting.
Can you discuss any recent developments or initiatives that Spirent has undertaken to support emerging technologies such as 5G, IoT, or virtualization?
Emerging technologies such as 5G, IoT, virtualization, cloud-computing have led to the rapid evolution and adoption of new networking and security architectures such as SD-WAN, Private 5G, SASE (Secure Access Service Edge) and new approaches such as Zero Trust (ZT) that bake security into distributed, disaggregated networks. However, the security and scale advantages of these solutions can quickly be offset by the added complexity and difficulty of testing and validating performance, QoE, and security efficacy.
At Spirent, we have been focused on evolving our test solutions to address these complexities of distributed, disaggregated network infrastructure and validating the perimeter-less, dynamically-scaling and constantly changing networks and polices. Here are some of the key developments and initiatives we have been working on:
- Cloud-native performance testing (with Spirent CyberFlood Container) – enabling realistic and scalable application traffic emulation in cloud-native environments to verify that Kubernetes cloud-native infrastructures, network functions and services like ingress controller are ready to deliver and maintain required performance and scale.
- High-performance cloud & security testing (with CyberFlood Virtual) – delivering high-performance and scalability is essential when it comes to cloud and security testing. Our CyberFlood Virtual solution uses compute resources efficiently, which in turn simplifies the need to deploy more test agents/ports and maximizes the performance of our realistic traffic generation capabilities in private and public cloud deployments.
- Multi-cloud validation – expanding our public cloud support to Oracle (OCI) and the Chinese cloud providers in addition to the existing support on Amazon, Azure, and Google Cloud, is helping our customers validate their multi-cloud strategies.
- Distributed hybrid network & security validation (with CyberFlood) – offering a single pane of glass to execute testing across on-prem hardware appliances, virtual and container ports, delivering a multi-domain and distributed solution that spans the edge to the cloud, emulating realistic application & threat workloads to exercise the limits of distributed hybrid networks.
- Zero-Trust validation (with CyberFlood) – emulating the user context to test the interoperability with Okta Identity Provider integration with a SASE System (NGFW) and validate the security polices and their impact on performance and user experience.
- Cloud resiliency testing (with Spirent CloudSure and CyberFlood) – deterministically exercising the built-in resiliency and self-healing capabilities of cloud-native networks with its real-world cloud impairments and characterizing the impact of cloud degradations on performance, Quality of Experience (QoE), and robustness of cloud-native infrastructure and network functions (CNFs).
What are the security challenges of bringing new tech to market?
Organizations face many challenges when implementing transformation strategies that move them towards distributed and dynamic application delivery networks and security architectures.
The main challenge is optimizing the cloud infrastructure for cost while balancing performance and quality of experience is also a key struggle. Organizations need to right-size their cloud environments, whether it’s public cloud, on-prem virtual or cloud-native environments. They need to ensure they have sufficient computing and networking infrastructure to deliver the performance for any type of application and workload their customers need. That includes verifying the latency and bandwidth of these geographically distributed networks is adequate to deliver the Quality of Experience for end users.
The second challenge is that with increasingly distributed users, branch locations, and IoT sensors, organizations don’t really have a perimeter to protect anymore. With the mote and castles model of corporate datacenter-based security gone, organizations are embracing a decentralized security model where the security controls are distributed to be closer to the users and applications – they are embracing different security models likes SASE (secure access service edge), or CDN (content delivery networks) and/or MECs (multi-access edge compute) delivered security.
The challenge here is evaluating the efficacy and effectiveness of these security controls in a distributed manner. Previously when we test a firewall, we would surround the device under test with clients and server elements to emulate the realistic application traffic that the device or security control will be subjected to in a corporate data center. Now, we need to emulate the distributed-ness of the users and applications and take into account the underlying compute infrastructure the used to deploy the application services and security control. This infrastructure is not under the control of enterprise organizations, or the system integrators or vendors delivering the networking devices. There are numerous external factors, such as ISP links connecting the users and service, cloud providers shared infrastructure policies, and SaaS apps that are not under the control of enterprise network operators. As a result, characterizing these unknowns and compensating for the shortfalls is critical to delivering consistent security and user experience.
Finally, the challenge of keeping pace with continuous changes arising from the expanding threat landscape and attack surface and managing the continued network changes coming from vendor updates and policy changes needs to be efficiently managed. It is essential to implement a robust change management practice incorporating testing into the CI/CD/CT or DevSecOps processes.
How are cloud-based networks better than traditional ones?
Cloud-based networks are better than traditional ones in many ways. Here are some of the advantages:
- Reliability: cloud-based networks are more reliable than traditional networks. They are typically backed up by multiple data centers, with data and services always available even if there are issues at a data center goes down.
- Scalability: cloud-based networks are highly scalable, they can easily be expanded or contracted to meet changing needs by adjusting to what services and resources are being subscribed to. This is in contrast with traditional networks, which can be difficult and expensive to scale as it would involve physically building out an existing infrastructure.
- Cost-effectiveness: cloud-based networks are often more cost-effective than traditional networks. Part of this comes from economies of scale with a cloud provider spreading costs over many customers, the pay-as-you-go pricing reduces the initial investment, enabling organizations to only pay for the resources they use.
- Security: Cloud-based networks are more secure than traditional networks. Cloud providers have invested heavily in the latest security measures including advanced encryption and modern security technologies. However, it is important to keep in mind, security in the cloud is a shared responsibility. This means, every organization is ultimately responsible for making sure they maintain consistent security across their entire hybrid, multi-cloud infrastructure.
Cloud-based networks offer several advantages over traditional networks. As a result, cloud-based networks have grown in popularity and demand, offering many hosting options for organizations to leverage. Here are some additional benefits of cloud-based networks:
- Reduced IT and operating costs: cloud-based networks can help businesses reduce their IT costs by eliminating the need to purchase and maintain their own hardware and software.
- Improved user collaboration: cloud-based networks and applications make it easy for employees to collaborate on projects, regardless of their location. This can lead to increased productivity and innovation.
- Increased infrastructure flexibility: cloud-based networks give businesses more flexibility to scale their IT resources up or down as needed. This allows business to quickly scale up or down as their network needs changes over time – spending on cloud infrastructure that is right-sized for their needs.
While cloud infrastructures are designed to be highly scalable and resilient, it is critical to fine-tune auto-scale policies and optimize costs, while minimizing disruptions to end user Quality of Experience (QoE) as cloud network functions and services are scaled in and out. In addition, security and application policies need to be validated so they scale in and out automatically with applications as soon as they are created, tracking all changes until that resource no longer exists.
What tech trends do you see becoming more mainstream in the next few years?
Zero Trust Network Access (ZTNA) relies on trust brokers to grant access based on identity, policy, and context (vs. network connections). We expect ZTNA to become more mainstream as organizations move away from VPN technologies. As a result, organizations must validate ZTNA elements like the identity provider, policy enforcement points, as well as that policies themselves are defined correctly. The lack of ZTNA standardization has resulted in proprietary products and services with varying capabilities. Therefore, it is critical to validate the impact of user-based security and application policies on network performance and QoE.
As networks evolve and organizations adopt more cloud-native technology, which is very elastic and dynamic, a lot of data (logs and alerts) will be generated from cloud infrastructures, Kubernetes services, and network and security functions. As a result, we expect networking and security to become more automated, more self-sufficient, and self-healing, leveraging machine learning-augmented security and observability to analyze, correlate, and predict based on the large quantities of data being generated. This will, in turn, enable networking and security teams to keep up with the accelerated rate of change.