
PALANTIR concurs on an NFV architecture to protect SMEs
On 25th February 2021, the H2020 PALANTIR project presented its first draft architecture, the basis of a platform whose aim is to help secure Small and Medium Enterprise (SME, ME) environments in a time where data breaches and ransomware attacks are increasing in frequency. This architecture results from the requirement taking and analysis carried out within a consortium formed by research branches from commercial companies, SMEs, telecommunication companies and operators, universities and military academies or research centres, like the i2CAT Foundation. To model the common scenarios, three different Use Cases are considered, each associated to a specific environment, common attack vectors and restrictions on the infrastructure and, thus, its delivery mode:
Private medical practices, specially prone to data breaches and ransomware attacks. With the platform hosted in a node inside the medical environment and directly managed by the medical entity, this expects a lightweight deployment approach to be followed — also understood as a Virtual Customer Premises Equipment (vCPE)-based Managed Security Services (MSS) model.
- Uninterrupted electronic commerce, prone to data breaches, spyware, ransomware and Denial of Service (e.g., DDoS); where a cloud deployment (hosted MSS model) is in use to deliver the security services.
Sharing live Threat Intelligence, here functioning as a Multi-access Edge Computing (MEC) model collected data of threats from multiple clients. Threat data is gathered from multiple clients and aggregated in the edge; then its feedback on propagating threats can be used to provide recommendations to connected users and sharing intel data, e.g. to Malware Information Sharing Platform (MISP) instances.
The latter scenario will be evaluated in 5G testbeds so as to emulate traffic from the edge network in large-scale MEC environments, whereas vCPE and cloud deployments will be validated in more specific Network Function Virtualisation (NFV)-based infrastructures.
Similarly to 5G-focused projects like Open-VERSO, the PALANTIR project benefits from both the NFV and the Software-Defined Networking (SDN) approaches, which are key enablers that provide the substrate to support prompt network and systems reconfiguration. This reconfiguration of the infrastructure is carried out through deployment of services and configurations, as needed in specific points of the infrastructure.

PALANTIR identifies four main lines of action, each devised as an architectural block or component:
Identification of active threats, benefiting from Machine Learning techniques and providing remediation & recommendation notifications.
Validation of trust status for infrastructure nodes and virtual services, leveraging Trust Computing techniques.
With the above input, employ a Security-as-a-Service (SecaaS) approach to orchestrate the different services, configurations, etc to be enforced.
With the above input, employ a Security-as-a-Service (SecaaS) approach to orchestrate the different services, configurations, etc to be enforced.
The SecaaS orchestration is based on both NFV and SDN to configure services and configurations in the computing and/or networking devices in the NFV Infrastructure (NFVI).
Specifically, the NFV approach is in use to deploy security-related services that are identified from a Catalogue (typically, but not constrained to, traffic filtering and analysis capabilities). Some of such services are selected and orchestrated to be instantiated in a given location of the infrastructure, as well as reconfigured as deemed necessary. This NFV approach is in line and expected to follow multiple specifications as defined by ETSI, both for the NFV architecture itself, as well as considerations for monitoring and security management, cloud-native and PaaS principles, orchestration management interfaces and potentially some others.
On the other hand, the SDN approach configures the network devices to interconnect computing nodes, e.g., in different data centres. This can be performed using typical OpenFlow-based SDN controllers or even defining custom network protocols in the data plane using P4.
PALANTIR is an example of the contribution of the softwarisation techniques to build a testbed offering comprehensive functionality. There, the NFV basic architecture and extensions are followed to control the resources lifecycle (e.g., deployment, configuration and monitoring of virtual services), the Software-Defined techniques serve for ancillary automation and reconfiguration of the NFVI and the MEC architecture allows the edge processing. All of them contribute towards the creation of a complete and flexible infrastructure. This is specially relevant for 5G testbeds, like those to be federated in Open-VERSO, and common tools, techniques and expertise can be leveraged.
Author: Carolina Fernández. Software Networks, i2CAT Foundation