Now that we renamed the company to Tempered Networks, people have been asking me what we mean by “tempered”. It’s really a reference to “well-tempered”, which means treated so as to develop the desired degree of hardness and elasticity. At Tempered Networks, our mission is to instill that hardness and elasticity into our customer’s networks. We do that with a suite of products that implement virtual private overlay networks that work across existing public and private infrastructure.
So what makes a network well-tempered? Communication is only allowed between things that are supposed to communicate with each other.
Common network security schemes often focus on a “zone defense” – creating DMZs and inner zones with firewalls in between, and then allowing traffic between the zones to enable networked applications that actually span across the zones. These perimeters end up being more porous than necessary and difficult to maintain.
By comparison, in a well-tempered network we create groups of hosts that are allowed to communicate, independently of where or on what LAN the hosts are on, or on how they are interconnected. Hosts can simultaneously be in multiple groups. Tempered Networks calls these groups “overlay networks” – a simplified way to express otherwise complex network policy.
For example, suppose we have a big machine in a factory. That machine needs to communicate with the process controller, in a different part of the factory. But maybe it also needs a communication path to the engineering offices where the programmers work. And the techs need a way to get firmware updates from their staging server to the machine. And the analysts in the QA department down the road want to collect statistics. And the InfoSec team needs access to the logs. Of course, each of those teams talking to the machine will be talking to other machines also, and to other parts of the company. QA department talks to the supply chain system but InfoSec does not. And it may all be changed next week!
With the Tempered Networks overlay approach, we might define one overlay network just for this one machine. Everything that talks to the machine is in the overlay network (and in other overlays for other machines). The above paragraph becomes a nearly exact specification of an extremely specific policy. The overlay network transcends VLANs and addressing schemes, and spans across firewalls, NAT, public networks, WAN, VPN, etc.
This approach hardens networks by enabling fine grain control over policy, while keeping them elastic, with a safe and simple way to create new secure communication paths across the enterprise. That’s what we mean by a “well-tempered” network.