Software Defined Networking (SDN) separates the control plane — which decides where traffic goes — from the data plane — which actually forwards the traffic. In traditional networking, both functions live in the same physical device. SDN centralizes control in a software controller, allowing network behavior to be programmed and changed dynamically without touching physical hardware.
From a security perspective, SDN enables rapid response to threats. When an attacker is identified, network policies can be updated across an entire environment in seconds to block their traffic, isolate their segment, or redirect them to a honeypot. Traditional networks require manual changes to individual device configurations, a process that takes hours or days for complex environments.
CISSP Relevance
SDN is addressed in Domain 4 (Communications and Network Security). CISSP candidates must understand how SDN changes the security model compared to traditional networking, the security implications of centralizing network control, and how SDN enables more responsive and granular security policy enforcement.
External reference: NIST SP 800-125B Secure Virtual Network Configuration
Related terms: Network Segmentation, Zero Trust