President, CEO and Co-Founder
Friday, November 16, 2018
For many—including myself—November marks an important time of the calendar year; one where friends and family gather to honor what’s most important to our communities and way of life. It’s a time where we pay particular attention to protect all the things we hold near and dear. Of course, I’m talking about Critical Infrastructure Security and Resiliency Month. It’s truly the most wonderful time of the year!
What else did you think I was referring to?
The Department of Homeland Security (DHS) has officially decreed 16 industry sectors within the U.S. as critical infrastructure. These sectors are set aside as critical because they protect essential services that provide clean drinking water, power to our homes, reliable methods of communication, and much more.
At Tempered Networks, we think a lot about protecting these sectors from cyberattacks, espionage, human error, and other dangers that may threaten public safety and the lifestyle we’ve grown accustomed to living.
I wanted to take this opportunity to reaffirm our company’s commitment to keep our critical infrastructure and our communities safe and secure. The benefits of micro-segmentation and proper access control have already been established by industry experts and organizations like NIST, PCI, and the U.S. DoD, as best practices. With that in mind, here are useful tips as you do your due diligence for your organization.
- Micro-segment your network with a modern software solution – Technologies such as VLANs and ACLs certainly still have a place in networking, but hardened security isn’t one of them. There are far too many loopholes that could make your network vulnerable to a variety of common attacks such as Double Tagging and Switch Spoofing. Using VLANs, ACLs, firewalls, or even older software-defined solutions also adds an unacceptable level of complexity that will require increased expertise and an overall lag in systems operations and corporate productivity. If a solution requires continuous modification of existing infrastructure or is dependent upon that infrastructure for enforcement, management costs will be high and prone to error. Instead, start with a proven approach using zero trust segmentation and access.
- A comprehensive segmentation solution includes connectivity, cloaking, and encryption – Traditional segmentation solutions still use address-defined networking that is susceptible to attacks through a flawed use of the IP address to provide the identity of a network endpoint, as well as the location. Fortunately, there’s a solution to this decades-old security flaw by leveraging the host identity protocol (HIP), which abstracts the IP layer with verifiable machine identities. Our HIP-based solution that we warmly refer to as Identity Defined Networking (IDN), employs fully encrypted overlay networks that are simple to deploy and manage. Mere mortals can use it. Really. Any device or machine in an IDN overlay is effectively cloaked and invisible to all but trusted endpoints in the IDN overlay. To complete the trifecta required for effective and sustainable segmentation, you need the ability to seamlessly connect network endpoints, even if they’re deemed as “non-routable,” meaning they have private IP addresses. In fact, IDN can even establish failover connections without human intervention, which is particularly important to reduce cost and complexity.
- Understand the scope of your segmentation requirements – The emergence of IoT has left a wide spectrum of new devices that could be used as entry points for hackers to gain access to your network. All too often we see organizations approach an initiative with a very narrow scope. Yet, the biggest attack vectors are largely forgotten “things” on your network. Don’t overlook your IP cameras, HVAC systems, IoT sensors, vending machines, bio-medical devices, and other previously unthought of, but nonetheless vulnerable portions of your network. Instead of assuming you know all the ins and outs of your company’s computing environment, we recommend soliciting feedback from others to ensure total coverage. Ask members at all levels of your IT staff to provide information on the various aspects of their job, to gain insight on some potential blind spots in security on which you may need clarity.
- Account for the high probability of human error – Regardless of the extreme measures you take to diligently connect your network, human error is going to occur. Traditional solutions that involve an abundance of firewalls and nearly constant security patches still use the inherently vulnerable IP address as an identifier. Complex solutions with many dependencies will create too many opportunities for human error. IT and OT teams are frequently overworked and understaffed, especially when it comes to network security, but you cannot hire your way out of this problem. Most experts will agree that any segmentation strategy which requires significant human effort with too many dependencies on the underlying network and security infrastructure is a recipe for failure.
Look for a segmentation and access solution that can be easily implemented over your existing infrastructure and maintained by the least tech savvy members of your team. Not sure you have all the bases covered to protect your organization? That’s okay, because Tempered Networks can provide all the security and connectivity you need with a simple, cost-effective, and scalable solution. You can learn more by reading a common use case for segmenting critical infrastructure environments and downloading our micro-segmentation guide . Whether you’re protecting renewable energy, county buildings, or oil and gas resources, we can help. Contact us today for more information, a no obligation demo, or a free trial.
Oh yeah, it’s also the start of the holiday season. I suppose Thanksgiving and Christmas mark a wonderful time of the year too! Happy Holidays!