ONS2016

Application Defined Security control is a paradigm for applications, application controllers or clients to dictate what traffic they want to receive, when to receive them and how.
With the Application Defined Security Control, networks can be “cellularized” at application/service granularity for more fine-grained and distributed security control. This approach not only allows applications to dictate what/when/where/how their traffic are delivered, but also allows the controller to place the most suitable virtual security functions at the close proximity to the application end points to fight against advanced attacks more effectively.
The ability to utilize the virtualized security functions on these granular “micro-layers” allows the establishment of comprehensive “default deny” security postures, greatly inhibiting the unwanted traffic or DoS attacks traffic.