Pavel Ignatov - Fotolia
How does security for intent-based networking work?
Monitoring plays an essential role when it comes to security in intent-based networking environments, as it ensures policies are met and detects network anomalies.
Networks are designed and implemented to support the applications on which the business depends. Intent-based networking represents a fundamental change in how those networks are designed and managed. Rather than focusing on the process of selecting switches and other components, the designers now focus on the applications and their requirements.
Network designers use intent-based networking (IBN) tools to identify the network policies required to achieve the necessary level of application performance. Intent-based tools use those specified policies to automate the detailed work of selecting network components and the interconnections between them.
Security for intent-based networking is designed along with other network elements, as the IBN tools determine the security requirements of each application and place them where they're needed. The tools can create a new network design or specify changes to an existing network.
Configuring access control lists, firewalls and virtual LANs has proven to be complicated and prone to error. By automating this process, intent-based networking tools can remove a primary cause of security breaches. Major breaches in the past have occurred because configuration errors allowed malware from vulnerable network components -- such as end-user workstations and Wi-Fi networks -- to penetrate the wider network. Intent-based networking tools can eliminate this risk.
Intent-based networking can quickly accommodate rapidly arising business requirements, such as video conferences. The tools can also shift network resources and make the required protection changes without the need for network managers to make hurried decisions, which could result in errors.
Monitoring aids security for intent-based networking
Continuous feedback is a major element of intent-based networking. Network monitors have been used for many years, but they don't continually report on whether applications are meeting performance requirements -- nor do they constantly monitor protection settings to ensure the specified settings remain in place.
Intent-based tools continuously make sure all the policy requirements are being met. They monitor application performance and detect network problems. As applications start up or shut down, these tools make the necessary changes to support the modified environment.
Making the change to viewing the network as a collection of applications rather than switches and routers can be difficult, but current networks are complex and change rapidly. Intent-based networking has become a necessity as complexity continues to increase, and networks must remain adaptable to shifting requirements.