Posted on Jun 12, 2018
Being in a technology startup is never easy. This is my 5th startup in a 25+ year career and my inspiration to keep pushing forward, regardless of the challenges, comes from the opportunity to work with forward-thinking customers and to witness how they apply our technology to solve big problems. Our customers’ innovation and success is the best motivation for me and my colleagues to make networking remarkably simple and radically secure.
It gets even more exciting when customers are recognized by industry for their creativity and innovation in using our technology, so I’m pleased to announce that one of our customers, Penn State University, was just awarded the 2018 Digie Award for “Most Intelligent Campus” at IBcon. For those who don’t know, IBcon and RealComm is the industry event when it comes to smart building technologies and best practices.
Penn State received the award based on the pretty incredible results they achieved using Tempered Networks’ IDN platform to quickly connect, segment, and protect their building automation systems. I won’t rehash Penn State’s case study, you can read about it here, but I will highlight some aspects that aren’t covered in the case study or the great Network World article that was written about the same project.
Imagine this. You have 650 buildings distributed across a state, a campus that really is a small city with all of the IoT endpoints required to run smart energy, water, fire, safety, lighting, and cooling among many other IoT elements. Imagine all of these distributed IoT endpoints running on a flat L2 network – the same network used by all of the students, faculty, administrators, and personnel within the Penn State system. Now imagine having a team of only four people to connect and protect those endpoints - there were just too many sleepless nights for Tom Walker and his team. Tom and his team knew they needed to do something different and it started with wanting to be able to segment his systems from all of the other chaos on the shared network. He looked at the traditional IT alternatives like next-gen firewalls and VPNs and using a combination of ACLs, VLANs, and NAC with port lockdown. But the complexity and administrative overhead was just too high, not to mention they can never accomplish true segmentation.
When Tom and his team discovered Tempered Networks’ IDN platform, they adopted it and made it their own in a manner I haven’t seen since my early days at F5 when we pioneered the concept of application delivery. Here are a couple of creative ways they applied our technology that we just couldn’t anticipate.
- Many lighting systems, like Lutron, use multi-cast. In fact, many building controls use multi-cast. In order to simplify and centralize, Tom wanted to place his Lutron control servers in his data center. But you can’t do multi-cast across networks, especially ones you don’t own, so he was hamstrung. By simply installing a HIPserver on his Lutron control servers and then joining them in the same IDN overlay network as his distributed lighting controls, he could move the servers from the local building LAN to his datacenter without making changes to the underlay network. How? Because with HIP Services and IDN, you can make the WAN behave and look like a private and segmented local broadcast domain. Unlike traditional IT, IDN is not constrained by address-defined networks and just rides on top.
- When new buildings are coming online, it’s common that the last thing to happen is laying the fiber. This means that test and validation of all of the building controls often happens last which puts a significant time crunch on making a building truly operational and places schedules at risk. Tom and his team had the idea to use a cellular enabled HIPswitch during build out so he could install, test, and validate the building controls as construction was happening. Then he could just cut over to the fiber when it was done. Now Penn State is ahead of the construction game when it comes to onboarding new buildings and with greater schedule predictability.
- Some of their IoT endpoints are so remote, his customers would often have to physically go to a site to manually collect data which took too much time and defeats the objective of creating a real-time intelligent campus. One remote site is in a cornfield that the facilities team has to maintain but was also shared among three different research groups dealing with crops, soils, and meteorological data. Just to lay cable to the site would have cost a hundred thousand dollars and significantly more to design and secure a network with traditional IT technology. Sending people out to the site to collect data or trouble shoot building controls was inefficient. In less than an hour he was able to standup a cellular HIPswitch, segment the research groups in their own overlay networks to connect, protect, and collect the data and create another overlay network for the facility team at a fraction of the cost. Now all stakeholders of that remote location have access to real-time data that’s micro-segmented, encrypted, can’t be discovered by hackers, and didn’t require any changes to existing infrastructure.
These were all use cases we didn’t conceive nor anticipate. They were the Penn State teams’ idea and it was brilliant. It’s no surprise they won and it’s an award that is well deserved. Penn State University should be proud for having such dedicated and innovative staff.
Thank you Tom, Sean, Ed, Clayton and Kevin for being the inspiration that makes guys like me want to continue pushing forward no matter how challenging startup life can be.
Posted on Jun 8, 2018
Tempered Networks wants to hire “A” players who self-manage. Recently, Marguerite Yeo joined our team, and so far, it’s not hard to gauge her impact. The first week, she took the lead on a trade show campaign for RealComm, the pre- and post-demand creation. She wrote the copy, worked with Alyssa on the design, and with Grant on the implementation and functionality of the whole campaign. A few days ago, Trisha and Rich sat down with her to help us get to know her better.
Where is your hometown?
I really have two hometowns. I spent my first 18 years in Singapore, but now I consider Seattle a hometown as well. In between, I have lived in Vancouver, Atlanta, and New York—I’ve been fortunate to live, study, work, and develop my technology career in these cities. I love technology. From a personal perspective, technology has changed my life in many ways. From a business perspective, I love marketing technology.
Before working at Tempered, what was the most unusual or interesting job you’ve ever had?
When I finished high school, I went to work at a wholesale distribution company in Singapore. It was a small company, so I took the orders, typed them up, processed them, took care of petty cash, everything. I loved everything I learned. It really helped me to understand business and it was different from all the other normal jobs people my age took like delivering newspapers.
How do you balance your career and personal life?
My goal is to use the gym here and run at the Olympic Sculpture Park. I don’t watch TV, but I love to read, especially Dan Brown books. Okay, I have a bunch of unread books at home, you know… ‘How to write the perfect marketing plan.’ I’m also a total foodie and art gallery junkie. I always make time to try new foods and go to the local art galleries in Seattle.
What is your proudest moment at any company?
At each of the companies she has worked at, Marguerite mentioned a common theme, “I want to leave a company in a better state than when I came.” At Avalara, they made their numbers, but people also began to understand how they made the numbers, the levers they could pull, and why. At ExtraHop, she helped to create and sustain a professional website with a capability to leverage it for leads. At VMware, it was the introduction of selling cloud services online. Over and over again, she’s wanted to leave each company better.
What is your role at Tempered?
Together with a small team, I manage our company website, digital initiatives (search, social, display, webinars, email), events, partner marketing, and the brand. My goal is to drive qualified leads, and in partnership with sales, move those leads along the sales funnel.
Best vacation you’ve had?
When we asked her this question, her eyes lit up… “Iceland!!!! I love living in the city, but to visit, I want it to be rugged. So, Iceland provided a raw, pristine, and perfect trip...Ice blocks on black sand beaches, mountains, waterfalls, floating glaciers, geysers, the Northern Lights, etc.
If Hollywood made a movie about your life, who would you like to see cast as you?
She immediately said, “Nicole Kidman.” We all immediately saw the similarities: composed, tall, emotions under control, classy. But when we asked to elaborate, she said, “I like that she does not grab the limelight.” Yep, we agree that her work says it all.
Motto or personal mantra?
“Be nice, be good, be kind, because Karma will come back to bite you.”
People would be surprised if they knew:
I like speed…I like fast cars, and I drive a stick shift. My friends say I’m a different person behind the wheel.
We can’t wait to go for a drive!
Posted on Jun 5, 2018
“I have a feeling we are not in Kansas anymore.”
Who doesn’t identify with Dorothy from The Wizard of Oz these days? This statement has become so powerfully relatable because we associate Kansas with normalcy and safety. Any new world is far from our comfort zone. So what happens when you put a bunch of really smart people in the same room to solve one of the world’s most important safety problems? If you are not intentional, the potential is to get the chaos of Oz. On the other hand, if you are intentional about culture you won’t get Kansas, but you can get a really cool culture.
So let’s pull aside the curtain!
Our CEO, Jeff Hussey, always says, “I want to be really intentional about the culture we create.”
Great companies and organizations are set apart from all other others by their culture. Every organization has one. And every one is distinctive and unique.
Opinion varies widely. However, there is agreement on this: culture shapes us. Culture can prohibit or spark, inhibit or initiate. Let’s be clear: our choices, behaviors, and environment speak louder than what is written on our company posters about mission and values.
Culture is the unspoken set of standards; the unwritten set of rules, the undeclared set of expectations. You may not always see culture, but you constantly feel it or run into it. Sometimes this culture is highly cultivated. But more often than not, we live a culture by “default”.
So what’s ours?
(1) Self-Managers: It means taking initiative, getting done whatever needs to get done without wasting resources. Self-management means that managers, teams, or leaders set the overall direction of a project or task, and team members implement the details with minimal oversight. The manager’s contact with reports generally consists of weekly meeting for project updates, issues, and resource requests. Otherwise, employees complete their own tasks, run their own projects, and try to solve their own problems.
In our self-managed workplace, our teammates maintain an open-door policy and keep you informed of issues they encounter. Other than ensuring employees have what they need to complete a task, such as tools and training, you are free to focus on higher-level responsibilities, such as growing the business and raising money.
(2) Self-Awareness: If we know what our strengths are, we can apply them in the right situations. We can also know when to draw on the strengths of others within the team.
If we know our weaknesses, we can recognize our emotions in particular circumstances. We can acknowledge these and stop ourselves from reacting inappropriately to a situation.
Being self-aware enables us to be more realistic about our judgments and ourselves. In turn, others trust and respect us for this, the converse is that when we lack self-awareness, we appear less credible because others are more aware of our own strengths and weaknesses than we are ourselves.
Being self-aware enables us to balance our conviction with humility; creating our vision, but being willing to actively listen to new ideas and other opinions.
(3) Collaborative: Collaboration invites people into partnerships that require commitment. Each individual commits to give something to the initiative. It is required of each to take the risk of losing something. Collaboration is the advancement of a cause or purpose that is bigger than the sum of its parts. The outcome of collaboration has a multiplying effect, a greater outcome than just the sum of the contributions. This can result in a change in direction, behaviors, awareness, and possibility for the organization. We are better together. There is no limit to what can be accomplished if it doesn’t matter who gets credit.
(4) Do the right thing: How does a commitment to "do the right thing" as it's applied to customers, employees, and other stakeholders affect an organization's daily decision-making? Doing the right thing, in every aspect of business, leads not only to success, but fosters excellence and creates leaders.
In the end, we believe these conditions and ingredients optimize productivity, performance, and profit.
Posted on May 29, 2018
It was so much easier to identify the bad guys in the days of the Wild West. You could spot them coming from a mile away. They rode into town rather brazenly on horseback, wearing a black hat, wreaking of cheap whiskey, and harboring all sorts of ill intentions. In fact, they pretty much announced to the entire town that they were there to steal everyone’s money. Unless they ran into Wyatt Earp or Wild Bill Hickock, nobody was going to stop them.
Many years later, as the world shifted toward the Technological Age, the criminal element evolved from gun-slinging outlaws to cyber outlaws. One of their most preferred methods of thievery—ransomware.
Imagine waking up one morning and trying to login to your company’s system through its Out of Band Management (OOBM) interface. It’s a work from home day, so once you get your k-cup full of coffee, it’s off to the home office to log in remotely. Upon attempted login, however, you see something like the following message on your screen …
“Your hard disk is encrypted using RSA 2048 asymmetric encryption. To decrypt files, you need to obtain the private key.
It means we are the only ones in the world to recover files back to you. Not even God can help you now.
If you want your files back, send an email to … We’ll give you instructions for transferring bitcoin to our wallet address and how to get your files back.”
That’s pretty close to the message many users got recently when they attempted to log in to their HPE iLO4 management interface. It’s not quite Jesse James busting through the swinging doors of your saloon with guns a-blazing, but it sure is effective.
Much like the law-abiding citizens of the Wild West needed increased security to protect them from the bad guys, you need increased security to protect you from the cyber outlaws of today.
Identity Defined Networking (IDN) provides simple and secure OOBM access by creating a fully micro-segmented, private overlay network that is virtually invisible to cyber outlaws around the world. Only whitelisted devices can connect to it, but those end-points that are verified and trusted can connect from anywhere, eliminating the need for complex firewall rules, certificates, or any other bulk that could slow down your communication speeds. IDN can also be connected to any medium including Wi-Fi, Ethernet, cellular, or radio transmission.
Cyber outlaws attempting a form of ransomware similar to the one previously mentioned would never be able to break through the rock-solid security of IDN because they would never see it, to begin with.
Furthermore, unprecedented network security meets unprecedented usability in our IDN architecture via The Conductor, which is a simple, point-and-click user interface to allow instantaneous policy orchestration with zero expertise required to implement.
With IDN from Tempered Networks, you have a choice for protecting your most valuable digital assets: keep fighting the cyber outlaws with yesterday’s technology or upgrade your security, reduce complexity, and enjoy peace of mind knowing that you’re heading into a gunfight with a bullet-proof vest.
For more information about our ground-breaking IDN technology, please contact us here: www.temperednetworks.com/contact
Posted on May 24, 2018
Ludwin was part of the original Tempered team that commercialized HIP out of Boeing's research department. However, Ludwin wasn’t even on the team that was working on HIP in the first place. How did he end up here then? Keep reading to find out!
Trisha: You’ve been working here for 6 years now—that’s longer than any of our other employees! Could you share your story of how you got started at Tempered?
Ludwin: I came from the same place where our whole technology originated: Boeing. One of Tempered’s founders, David, worked on the original project. Boeing encountered operational difficulties, such as maintaining a huge manufacturing network, tons of SCADA devices, robots, and other systems. You don’t want the traffic that you have running on such a big production network to be mixed with the IT network. However, Boeing wanted access to the robots from the IT network and had been looking for a solution to that problem for years. Jeff Ahrenholz, one of Tempered’s current employees on the DataPlane team, worked on the original project with open HIP. Jeff and other members on this research team came up with the idea of taking open HIP protocol and marrying it with a VPLS. This would allow Boeing to secure and segment the production network and still have access to the IT network. I wasn’t actually involved in any of that. David (one of our founders) and I were buddies outside of work, so I knew a lot about the project and it had made quite a bit of a splash at Boeing. David finally asked if I wanted to join him in his venture to commercialize the technology. Boeing gave us their blessing, seeing as they’re an aerospace player and did not have any interest in being involved in IT. Besides, they really wanted to see their competitors adopt this technology. Personally, I had spent so many years at Boeing, and I was just ready to do something new. It was just one of those life-changing moments.
Trisha: What are the biggest changes you’ve seen?
Ludwin: Everything changes, right? Obviously, the technology changes. When we first started working on it, we had a strong SCADA focus. We still had Boeing on our minds, so we zeroed in on that same use case. It was all Layer 2, no routing, no DHCP, no bells and whistles, none of these things that we eventually had with our first minimally viable product. Now, we’ve got HIPclients, 50 gazillion platforms, we have the cloud, and we work on all of these different and complex add-on features that our customers are asking for. If you want to be a serious player in the IT market, you have to support all of these things. The product has changed to a degree that’s almost unrecognizable for me.
Then there’s all the organizational changes that come about when you actually grow up as a company. Originally, we were just three guys sitting in a little basement where our view outside the window was of chickens running around. It was nice, but we’re a company now. We were really excited when Jeff Hussey came along to see what he could turn this into. I’m still totally amazed by it. We’ve got professionals to do everything. We’ve got people like you to focus on just HR, experts in Marketing, etc.
Trisha: What has been the most challenging aspect so far?
Ludwin: I’ve always found the business side to be the most challenging part. It’s hard to get the street cred in the networking field, which is very mature and established. People have set expectations about what a networking product should look like or what you’ve gotta be able to do to swim with the sharks there. It’s difficult to get to a point where companies are willing to bet their bottom line on your technology—that’s exactly what our customers are doing. It’s an investment for them. Also, their business runs across their network, and if their network croaks, their business goes with it. It takes a huge amount of trust from your customers to really go along the journey with you and buy your products.
On the technical side, there are some peculiar aspects to network technology that make it a difficult field to be in. It’s a very messy and complex field. When you bring your technology in there, it has to work. If it doesn’t work, what are you going to do? It’s not like writing an app for a phone. If the app does something weird, you have tools and means to figure out what your app is doing wrong. But with networking, there’s a number of different things that have nothing to do with what you’ve brought in there, that might be behind why something doesn’t work.
Trisha: What is something that most people don’t know about you?
Ludwin: What do people not know about me? …What do they know? I worked a long time in a field of research that has nothing to do with networking. I was doing research on collaboration tools. It’s more empirical research. You go into settings where people use tools of various kinds and perform data analysis to some degree. You count the beans and try to find out why collaborations between teams work and why they don’t work. I was originally working in the research industry in Germany. As a researcher, you go to a lot of conferences and meet a lot of people. There was a fairly well-known guy from Boeing that was at a conference and he asked me to come to Seattle.
Trisha: What aspect of your role do you enjoy the most?
Ludwin: I love seeing the technology evolve. What I find the most rewarding is working hard on solving a technical issue and arriving at a point where it simply works. Seeing the technology being used and running in production environments…I find that to be a really gratifying aspect. To solve a problem that makes people want to spend money on our products is really rewarding. Then there’s the whole team aspect. That’s what I really love about Tempered. We have great people and I’m having fun working with every one of them. They’re extremely competent; everybody is really special and knowledgeable in some way. It’s just an awesome environment.
Trisha: Anything else you’d like to note?
Ludwin: I feel like the time is right for this. The internet is just a bad place. Someone’s got to do something about it. I think our solution is extremely compelling in a lot of ways compared to other offerings out there. If this doesn’t work, I don’t know what’s going to work.
Posted on May 22, 2018
If you watch Grey’s Anatomy you might have caught the season finale late last year where a hospital cyberattack infected their IT infrastructure and resulted in cardiac monitors going crazy and medical records being hijacked. The ensuing chaos was certainly enough to rattle the nerves of the medical personnel trying to treat patients and I’m sure it also gave all the IT folks responsible for hospital and healthcare systems pause. Are they prepared to handle hospital cybersecurity threats of this magnitude?
Last year, the WannaCry cyberattack made a lot of people take notice. To this day, the UK’s National Health Service continues to reel from their attack and recently prompted a horrifying article from the Register. The article’s title, Imagine You’re Having a CT Scan and Malware Alters the Radiation Levels – It’s Doable, tells you all you need to know. If this scenario doesn’t send a shudder through your IT department it certainly should!
Medical equipment and healthcare records are some of the most valuable out there for hackers due to their importance to medical personnel and their cost to replace, making them targets for cyberattacks and ransomware. In a recent post, we shared some of the costs associated with cyberattacks on hospitals:
- A cyberattack on a hospital costs, on average, $3.5 million
- 46% of hospitals spend less than $500,000 annually on cybersecurity
- A data breach can cost $200 per compromised health record
- An unknowing HIPAA violation can cost up to $1.5 million per year
Like any campus environment, hospitals have many easy entry points for attackers, including biomedical devices, drug dispensers, and third-party concessions like cafes via their Point-of-Sales systems. With growing network attack surfaces and vulnerable devices, most hospital IT teams face a daunting challenge of segmenting sensitive data while restricting and monitoring access to systems and devices. Ask anyone in IT and they’ll tell you that it’s extremely difficult to achieve sustainable PCI compliance along with HIPAA compliance without eroding their already tight budgets and constraints on their time.
There is a way to put this nightmare scenario behind you without breaking the bank! In fact, our healthcare clients have seen a 50 percent lower CapEx and OpEx through network simplification. They can connect and revoke devices 97 percent faster with little or no network changes. In addition, they can reduce their attack surface by over 90 percent through cloaking, micro segmentation, and encryption. And here’s the kicker… it’s simple!
With our Identity Defined Networking (IDN) solution, IT folks can unify networking and security into a single platform that eliminates network complexity. It’s literally a point-and-click console that makes it effortless to implement hardened network segmentation—down to an individual endpoint. IDN allows you to easily remove sensitive systems and assets from prying eyes through network cloaking, micro-segmentation, machine authentication and authorization, and end-to-end encryption. With our comprehensive, defense-in-depth approach, we not only facilitate industry compliance, but also deliver hardened security, resource resiliency, and network elasticity.
Now you can get back to some of that Grey’s Anatomy without thinking about your worst IT nightmares!
Learn more about how we enable zero trust networking for healthcare systems and vulnerable endpoints
Posted on May 17, 2018
Hey, look! Another data breach. This time, Chili's was breached due to malware on the Point of Sale (POS) appliances.
"A breach is always bad news, but perhaps the silver lining here is how quickly the breach was discovered, and customers were notified. This gives hackers less time to exploit the stolen debit and credit cards and makes the breach less valuable to criminals,”
When something like this occurs, the question always seems to be "How did this happen?" Technology is only as good as its weakest link. Data breaches could happen because of social engineering, outdated or unpatched software, or malicious applications stealing data.
PCI DSS outlines security controls and procedures for handling payment card data. Let's ask the question though, why does something like PCI DSS exist? Because technology is complicated, and if not adequately maintained, reviewed, and audited, data breaches are inevitable.
We've built all these controls and procedures, but have we ever considered the underlying technology is flawed? Our trust model is broken and should be replaced with something that ensures deny-by-default whitelist only policy that is easy to set up.
Travis Smith, principal security researcher at Tripwire, says it best: “Using application whitelisting to prevent unknown programs from running is generally the best defense against malware such as the one used to steal credit card numbers from point of sale machines. The next best defense is a properly segmented network that isolates payment systems, allowing them to only communicate with critical locations on the internet. This will allow infected machines to prevent credit card data from leaving the company's systems.
It's a good thing Tempered Networks provides solutions for doing just that. Our HIPservices are built to allow secure, trusted communications with a view into what devices and things can communicate with what, that only you, the admin, have visibility into. Had Chili's implemented Tempered Networks IDN micro-segmentation, the POS data exfiltration would not have happened.
Read more about how Tempered Networks IDN solution can help at https://www.temperednetworks.com/solution/use-cases/PCI-networks