Identity-Defined Networking (IDN) – Unified Networking & Security Made Simple
Tempered Networks is the pioneer of Identity-Defined Networking (IDN), a unified secure networking architecture that offers a game-changing and proven alternative to traditional IP networking. By introducing trust through cryptographic identities within the network, we enable a simpler approach to instantly connect, protect, and disconnect any resource globally across physical, virtual, and cloud domains.
Based on Host Identity Protocol (HIP), an open standard ratified by the Internet Engineering Task Force (IETF), our technology has been in production for over 10 years at a Fortune 50 company and only recently commercialized for the broader market. The result is a next-generation network virtualization fabric-based architecture, where all aspects of the network are for the first time software-defined, encrypted, segmented, cloaked, and orchestrated.
The IDN fabric is non-disruptive, can be deployed on-top of any IP network, and enables rapid provisioning and revocation of networking and security services that are managed in a highly dynamic and scalable way. This allows organizations to easily enable self-service by business units, yet satisfy corporate IT’s requirement to control and verify policy enforcement. Unlike traditional IP networking and SDN approaches, the IDN fabric requires few, if any, changes to the underlying network or security infrastructure, reducing the need for complex firewall rules, ACLs, VLANs, VPN policies and key management.
The outcome is a completely unique approach to networking that enables organizations to achieve superior security, agility and economics.
Identity-Defined Networking Fabric = Orchestration Services [The Conductor] + HIP Services
[click image to enlarge]
Building an IDN fabric requires two or more HIP service endpoints be deployed symmetrically either in a hub and spoke topology, mesh, or both.
Eliminate IT complexity with automated & effortless network orchestration
The Conductor is the orchestration engine and the intelligence behind an IDN that ensures all HIP services are up to date and synchronized, while collecting metrics as well as active state information on all services. Built with an “orchestration and manageability first” mind-set, the fully encrypted fabric is centrally managed through a highly scalable orchestration engine with an intuitive user interface. It’s important to note that no traffic passes through the Conductor, it merely defines policy for HIP services.
Adaptive Networking: The RESTful API enables integration and automation with other 3rd party security and networking services such as directory services, SIEMs, and performance monitoring tools. Instant quarantine or failover (for example) can now be automated based on events detected by these systems.
HIP Services gives you secure connectivity – anywhere in the world
Tempered Networks’ HIP Services are software products that are delivered in different form factors to support our design principle of secure networking for any device, anywhere. We have a flexible deployment model that spans nearly any type of resource, location, or environment and supports physical or virtual appliances, cloud environments, software installed directly on a client or server, or embedded in a custom application or hardware.
HIP services provide cloaking, secure connectivity, identity-based routing, and IP mobility, as well as micro-, macro-, and cross-boundary- segmentation enforcement within the military-grade encrypted fabric. They can effectively function as a router and/or bridge, thereby eliminating or reducing the need to maintain VPNs, ACLs, complex firewall rule sets, VLAN segmentation, routing convergence, and DNS for failover in an attempt to accomplish secure connectivity, access, availability, and segmentation.
Securely networking and managing thousands of endpoints is now for the first time easy and practical.
In a non-HIP-enabled deployment:
A machine’s IP address is used simultaneously for both identity and location. This creates a vulnerable identity (i.e. spoofable, hackable). And, since the IP address also serves as a locator, it can frequently cause conflicts, management overhead, security holes, and availability issues.
In a HIP-enabled deployment:
A machine is bound [or assigned] a unique cryptographic identity (CID) that becomes its identity. The IP address only serves as a device locator, and will only work within the IDN fabric if you have the correct CID to initiate communication.
Host Identity Protocol – An Evolution in Traditional IP Networking
Tempered Networks is the first to leverage the Host Identity Protocol (HIP), a standard-track network security protocol which provides built-in encryption and authentication. HIP was formally ratified by the IETF in April 2015, which crowned over 15 years of development, testing and deployment in co-ordination with several larger companies (such as Ericsson, Nokia, Verizon, TeliaSonera) and standard bodies (Trusted Computing Group, IEEE 802).
Recognized by the IETF community as the next possible big change in IP architecture, HIP solves a fundamental flaw in the internet created by the dual use of IP addresses, where an IP address determines the name and network location of a machine on the internet. By binding permanent, location-independent cryptographic identities to machines/networks, security is built-in from the beginning by introducing verifiable trust within the network.
HIP has been in use for over 10 years as a cost-efficient and scalable solution to address growing threat environments within the defense and aerospace industry, and was only recently commercialized for the broader market. Our platform moves security from the perimeter to the device, while giving you simple centralized control through our orchestration engine.
HIP enables organizations to cloak critical infrastructure (e.g networks, control systems, endpoints, etc.) from an attacker’s reconnaissance. Cloaked endpoints and networks have no TCP/IP footprint and are invisible to the underlying network and any untrusted devices or systems not part of the IDN fabric, which protects against DDOS, MiTM attacks, IP spoofing and other types of network and transport layer attacks.
By cloaking protected resources, step 1 of the Cyber Kill Chain – Recon, cannot take place. Attackers simply cannot attack what is not visible.