Erik Giesa profile picture

Erik Giesa

Monday, March 5, 2018

Technology advancement continues to move ahead at meteoric pace and progress is always welcome…except when it isn’t. Advancements in cloud computing and “Internet of Things” (IoT) initiatives are drastically increasing the network attack surface and fueling the battle between IT and bad actors.

We know that holding back progress is not an option, so the question becomes: What can be done to improve network security? We think the best strategy is to effectively cloak network assets—essentially making them invisible to cyber-attackers. Enter Identity Defined Networking (IDN).

Based on the Host Identity Protocol (HIP), IDN provides overlay network fabric that sits on top of standard IP-based environments, overcoming the inherent weakness in TCP/IP. That weakness: IP addresses serve as identification AND location for devices on a network. IT teams know that this flaw makes it simple for hackers to probe and discover IP addresses, while also making it complex to manage devices that move from one server to another. So how can IDN address this problem?

Enter the CryptoID…

IDN creates a cryptographic identity for each authorized device on the network. By de-coupling the identifier and the locator functions of the IP address, it will now only serve as a resource locator. That resource is then assigned a unique and unbreakable cryptographic identity, replacing the flawed identifier function of IP addresses.

Our HIP-based appliances cloak critical network resources from would-be attackers by ensuring that only devices on a trusted whitelist can view, query, or detect them. Those appliances are available in physical and virtual form factors suitable for any environment, including branch offices, kiosks, drilling rigs, production facilities, college campuses, and other remote sites that communicate over public or private shared networks.

In an Enterprise Strategy Test Report, ESG had this to say:

ESG Lab validated the ability to quickly and easily create secure, encrypted communications channels that are isolated from other network traffic. ESG Labs also enabled secure communications between non-routable devices and secure peering across different cloud regions and providers. These tasks were simple to execute, took only minutes, and did not require changes to the existing infrastructure.

The outcome of deploying an IDN overlay is the ability to connect, protect, move, failover, and disconnect any resource globally and instantly. While enabling instant provisioning and revocation for any connected system within the overlay fabric, IDN also reduces up to 90 percent of an organization’s attack surface. That’s music to the ears of IT teams trying to prevent attacks! IDC thought so as well in their Technology Spotlight:

This reduction translates directly into a simplification of the network security architecture—reducing the number of firewall rules, simplifying the firewall rules that are still required, simplifying and streamlining network routes, reducing the range of traffic requiring inspection, and mitigating the impact of malware through proactive and remedial micro-segmentation

No longer a concept at home in Harry Potter or Star Trek movies, cloaking is now part of IT’s arsenal in the war against cyber-attackers!