Service oriented software-defined security framework

What is claimed is: 1 . A software defined security system comprising: a security control device; one or more assets; and a security controller that communicates with the security control device and the one or more assets, the security controller including a processing engine configured to: register the security control device by creating a physical-logical attribute mapping for the security control device, and generating a security service description associated with the security control device; register the one or more assets by creating a physical-logical attribute mapping for each of the one or more assets, and generating security service requirements for each of the one or more assets; and generate a security service binding based on a request for service, the processing engine being operable to translate the security service binding into a set of security control commands and communicate the security control commands to the security control device. 2 . The system of claim 1 , wherein the security control device is one of a firewall, an intrusion detection system, and an identity and access management system. 3 . The system of claim 1 , wherein the one or more assets include one of a server, a VPN client and server, an external computing device, and a mobile computing device. 4 . The system of claim 1 , wherein the processing engine is further configured to: receive data identifying a security event; access a playbook that identifies one or more actions for the security controller to perform for the security event; and perform the one or more actions in response to the security event. 5 . The system of claim 4 , wherein the security event comprises an event from an intrusion detection control, a network topology change, or a server failure. 6 . The system of claim 4 , wherein generating the security service binding comprises preforming the one or more actions in response to the security event. 7 . The system of claim 1 , wherein: the physical-logical attribute mapping for the security control device comprises an IP address-hostname mapping for the security control device, and the physical-logical attribute mapping for each of the one or more assets comprises an IP address-hostname mapping for each of the one or more assets. 8 . The system of claim 1 , wherein the processing engine is further configured to: receive data indicating a change to a physical attribute of one of the one or more assets; in response to receiving the data indicating the change to the physical attribute of the one of the one or more assets, identify a security service requirement for the one of the one or more assets; and generate a security service binding for the one of the one or more assets based on the security service requirement for the one of the one or more assets. 9 . The system of claim 8 , wherein the security service binding for the one of the one or more assets is generated automatically and without user input after receiving the data indicating the change to the physical attribute of the one of the one or more assets. 10 . A computer-implemented method comprising: registering, by a security controller that communicates with a security control device and one or more assets, the security control device by creating a physical-logical attribute mapping for the security control device, and generating a security service description associated with the security control device; registering the one or more assets by creating a physical-logical attribute mapping for each of the one or more assets, and generating security service requirements for each of the one or more assets; generating a security service binding based on a request for service; translating the security service binding into a set of security control commands; and communicating the security control commands to the security control device. 11 . The method of claim 10 , wherein the security control device is one of a firewall, an intrusion detection system, and an identity and access management system. 12 . The method of claim 10 , wherein the one or more assets include one of a server, a VPN client and server, an external computing device, and a mobile computing device. 13 . The method of claim 10 , comprising: receiving data identifying a security event; accessing a playbook that identifies one or more actions for the security controller to perform for the security event; and performing the one or more actions in response to the security event. 14 . The method of claim 13 , wherein the security event comprises an event from an intrusion detection control, a network topology change, or a server failure. 15 . The method of claim 13 , wherein generating the security service binding comprises preforming the one or more actions in response to the security event. 16 . The method of claim 10 , wherein: the physical-logical attribute mapping for the security control device comprises an IP address-hostname mapping for the security control device, and the physical-logical attribute mapping for each of the one or more assets comprises an IP address-hostname mapping for each of the one or more assets. 17 . The method of claim 10 , comprising: receiving data indicating a change to a physical attribute of one of the one or more assets; in response to receiving the data indicating the change to the physical attribute of the one of the one or more assets, identifying a security service requirement for the one of the one or more assets; and generating a security service binding for the one of the one or more assets based on the security service requirement for the one of the one or more assets. 18 . The method of claim 17 , wherein the security service binding for the one of the one or more assets is generated automatically and without user input after receiving the data indicating the change to the physical attribute of the one of the one or more assets. 19 . A non-transitory computer-readable medium storing software comprising instructions executable by one or more computers which, upon such execution, cause the one or more computers to perform operations comprising: registering, by a security controller that communicates with a security control device and one or more assets, the security control device by creating a physical-logical attribute mapping for the security control device, and generating a security service description associated with the security control device; registering the one or more assets by creating a physical-logical attribute mapping for each of the one or more assets, and generating security service requirements for each of the one or more assets; generating a security service binding based on a request for service; translating the security service binding into a set of security control commands; and communicating the security control commands to the security control device. 20 . The medium of claim 19 , wherein the security control device is one of a firewall, an intrusion detection system, and an identity and access management system.