Posted on Feb 14, 2018
One of the fundamental flaws with the way IT networks are constructed today is that organizations view networking and security as two separate entities. Today of all days, Cupid would ask, “Where’s the love in that?” Rather, it is necessary to bind together(connect) and protect (secure) as one. At Tempered Networks, we offer a unified approach, creating a perfect marriage between networking and security that’s more secure, reliable, and flexible.
IT teams are pulled and pushed to provide more open and available networks without risking business momentum and productivity. Security often takes the back seat.
Which is it then, security or networking? Must organizations choose? No. It is an unfair choice. And unwise. Too much of one, and not enough of the other, would harm the very heartbeat of the business. From our perspective, it is not a ‘this or that’ choice. It is an intertwined solution that achieves a higher level of security. It’s the underpinning of a flexible, growth-minded infrastructure.
Like Cupid, Tempered Networks’ mission aims for a perfectly balanced coupling between networking and security, resulting in a ‘better together’ situation. In our case, the quiver is ‘identity’ where we assign a unique identity to each device. Let’s eliminate the view of security and networking as separate beings, and interlock them as one – a single, integrated IT strategy.
We have the technology it takes to bridge the gap between security and networking. In our case, you can liken Tempered Networks’ centralized orchestration engine (The Conductor) to Cupid. The Conductor establishes and defines trust relationships and only allows devices with provable, trusted identities to connect and communicate with each other. So any device that has a unique crypto-identity can only be seen by trusted devices and hidden to all other ‘suitors’ who have not been whitelisted by Cupid. This approach not only dramatically reduces risk, but makes networking and communications incredibly efficient.
We provide the ability to cloak (hide) resources from all but trusted devices. And, since we provide an intuitive single-pane-of glass management console and support a broad range of environments – IT staff can easily control assets and end points across physical, virtual and cloud environments – even Cloud Nine.
Rather than manage complex networks loaded with security add-ons, establish a unified solution that securely connects everything from the get go. You can keep your firewalls to secure the perimeter, but the more they must do, and the more rules required to be put in place, the more complex things get. Simplicity outpaces complexity, and complexity is the enemy of security and efficiency. Learn more about how Tempered Networks simplifies secure networking so you too can find that match made in heaven.
Happy Valentine’s Day. May your network + security live happily ever after.
Posted on Feb 13, 2018
Mistake #2: ACLs–A set of rules that are made to be broken
There’s an old saying that confidently declares, “Rules are made to be broken.” It’s mostly attributed to American five-star general and hero of WW II, Douglas MacArthur. In the right context, it’s meant to be a motivational message, trying to inspire people to think outside the box and not be afraid to chart their own course. When misinterpreted, especially when referring to solutions for network security, the old adage can be devastating.
Consider the concept of an access control list (ACL). It’s basically a list of rules that decide which users and system processes can have access to which areas of your network. Using a forever increasing number of ACLs seems like a workable course of action on the surface, but after further investigation, you’ll realize they have no place in your organization as a solution to micro-segmentation needs.
In this case, hackers and others around the world with malicious intent view ACLs as the very symbol of a rule that’s made to be broken. Cyber criminals will make it their destiny to expose every loophole within an ACL through a flawed enforcement methodology to literally break your network.
Micro-Segmentation Mistake #2: ACLs
The biggest problem with using ACLs for micro-segmentation is that their base enforcement attribute uses insecure and inherently flawed IP and/or MAC addresses to grant access to the network. It’s the same fundamental flaw that exists with common TCP/IP networking, and it’s just not an acceptable level of risk for any organization to assume.
ACLs also involve an unfortunate abundance of cascading dependencies, which require a high-level of constant care and elite expertise from a superiorly skilled engineer to properly implement. This amounts to an even higher level of complexity than what’s involved with VLAN applications.
At their worst, ACLs form a misguided attempt at micro-segmentation that can amount to thousands of firewalls, exponentially increased switches and routers, and tens of thousands of new rules to follow. That’s way too much complexity for any IT or OT team to handle.
A Well-Tempered Solution
Who needs tens of thousands of rules when you can have real hardened WAN and LAN micro-segmentation via whitelisted devices, across a private overlay network that’s invisible to hackers? A well-Tempered solution to micro-segmentation eliminates the inherent flaw of address-defined networking by granting access according to identity, not address. Not only does this provide unprecedented security to your networks, but it also provides unlimited mobility.
With network security that’s unbound by the chains of TCP/IP, you’re free to move devices or entire networks anywhere they’re needed without worrying about hackers taking advantage of a weakened perimeter.
Contact us at Tempered Networks to fully customize a state-of-the-art micro-segmentation solution that provides ironclad security and limitless mobility for all your devices and networks. Let the rule-makers and rule-breakers continue fighting while you continue networking.
Posted on Feb 9, 2018
Part One: Mistaking VLANs for Micro-Segmentation Solutions
Why do bad things happen to good segmentation projects?
We see it all the time; companies start with the noble notion to successfully implement hardened LAN and WAN micro-segmentation for their devices, networks, or environments. It really shouldn’t be all that much to ask. After all, micro-segmentation is what helps a CIO or CISO sleep at night. It lets us rest peacefully knowing that the networks we’re responsible for are tightly secured, yet still highly accessible to the right users.
Most micro-segmentation projects start with positive vibes filling the air of conference rooms and remote locations, spanning company-wide. Everybody’s onboard with the goal of making their networks more secure and easier to connect. Then, two nefarious criminals to IT productivity everywhere begin to rear their ugly heads: cost and complexity. Suddenly, those vibes aren’t quite as positive anymore.
When bad things happen to good segmentation projects, it’s usually because cost and complexity become insurmountable. Thankfully, however, they’re no longer necessary evils, yet we’ve discovered that IT professionals across the industry still make some frighteningly common, but costly mistakes that need to be reconsidered.
Welcome to Part One of a five-blog series detailing these mistakes and how to avoid them. This first discussion examines the mistake of using VLANs for micro-segmentation, and how to avoid it.
Mistake #1: Using VLANs as a Segmentation Solution
Don’t incorrectly associate Virtual Local Area Networks (VLANs) for a simple form of micro-segmentation. Sure, VLAN hopping exploits like Double Tagging and Switch Spoofing can be prevented with some simple changes to default switch settings, but it’s also one more thing for a potentially already overworked administration to forget.
Even when an especially sharp administrator does make the necessary adjustments, these changes tend to impose limitations on particularly useful network functions like trunking. Furthermore, if settings aren’t applied correctly, new unforeseen attack vectors can open up.
Some administrators may be okay with assuming that level of risk and network limitations, but that’s when an even larger problem presents itself, which is effectively managing a VLAN at scale.
Certainly, a limited number of VLANs can be created on a few switches simply enough to implement some level of segmentation. The problem arises when VLANs need to be created and maintained for hundreds or thousands of distributed physical and virtual switches. That creates a complexity that no administrator wants to deal with or is even capable of implementing.
How to Avoid This Mistake
Avoiding this mistake really comes down to one easy-to-follow instruction:
Don’t use VLAN dependencies as an integral aspect of your segmentation project.
If the proposed solution involves VLANs to enforce access control or requires overly sophisticated interfaces or modifications to existing infrastructure, it’s best to seek a less complex, more cost-effective solution.
Proposing a VLAN based micro-segmentation project is most likely doomed for failure. The idea has merit, but ultimately the added complexity, associated cost, and potential risks involved add up to a low probability for success.
A Well-Tempered Solution
Why deal with the pitfalls of using VLANs for micro-segmentation when a vastly superior option is already available.
Simple, secure, and fast micro-segmentation can be obtained by any organization, and it doesn’t need to be cost-prohibitive either. Contact us at Tempered Networks to fully customize a micro-segmentation project for your organization right down to the device level.
We can implement an Identity Defined Networking (IDN) solution, powered by the revolutionary Host Identity Protocol (HIP) that secures devices based on identity, not addresses, so locations become irrelevant, which gives administrators a level of mobility and flexibility that’s unavailable anywhere else. Bad things no longer need to happen to good segmentation projects.
Posted on Feb 1, 2018
If you’re in IT or stationed in a NOC you know there’s a fundamental conflict between providing access to networks and securing sensitive data and systems. And when the network is based on Internet protocols designed to allow any computing device to communicate with any other, it creates an environment ripe for hacking, deception, and data breaches – further complicating you’re already challenging responsibilities.
This timeless Washington Post article sums up the dilemma nicely:
Those who helped design this network over subsequent decades focused on the technical challenges of moving information quickly and reliably. When they thought about security, they foresaw the need to protect the network against potential intruders or military threats, but they didn’t anticipate that the Internet’s own users would someday use the network to attack one another.
Add to the network security challenge advances such as ‘botnets’ and the Internet of Things (IoT) and today’s IT guru has their hands full! Hackers are able to take advantage of a fundamental flaw in the TCP/IP protocols on which Internet addressing is based. The TCP/IP use of a connected device’s address to serve the dual purpose of identifying the device as well as providing its location on the network results in a network vulnerability that is very visible to, and easily spoofed by, hackers anywhere in the world. That’s a difficult challenge to overcome… until now!
In our thinking, the answer is to separate the identity from the network address location, by moving away from Address-Defined Networking based on IP addresses for device identity to Identity-Defined Networking (IDN) where only trusted cryptographic identities bound to hosts or services can connect.
Building on the open standard Host Identity Protocol (HIP), the IDN creates a network fabric overlay to the Internet that provides cloaked and unbreakable network segments. Not only does it eliminate up to 90% of attack vectors, but it dramatically reduces provisioning and ensures that any trusted (or whitelisted) IP device can join the network fabric and be protected and managed by HIP services. That’s something that most folks in the NOC can get behind!
IP addresses were great when they were introduced but they come up short when it comes to establishing identity and delivering security. IT has enough to worry about today and network security is certainly among the larger and more daunting challenges. It’s nice to know that Identity-Defined Networking (IDN) can help reduce data center stress that comes with meeting the needs of business units and other internal customers!
Posted on Jan 29, 2018
We know what we think, but what do other IT professionals think when it comes to networking pain points? We recently worked with IDG Research and conducted a five-question survey in an effort to better understand the primary pain points surrounding the integration of traditional enterprise networks with cloud implementations. So who did we ask? Respondents were required to work in an IT-related function at the Director level or above for an organization with 500+ employees. Qualified respondents were also involved in the purchase process for IT solutions and services at their organization.
Here’s a rundown of the questions we posed and what these folks had to say…
How would you rate the challenge presented by the following aspects of connecting devices or resources on your organization’s network?
- 50 percent of the respondents found securing network access and control to be very challenging
- 34 percent found provisioning network access to be very challenging
- 28 percent for quarantine and revocation of machines to be very challenging
- 28% found connectivity across networks to be very challenging
What pain points has your organization experienced with provisioning, connecting, and securing networks?
- Most experienced resource constraints, network operations challenges, and human and device-related challenges, with the top six pain points being:
- The time it takes to deploy
- Managing distributed network policies
- Dealing with IP conflicts
- VPN and Firewall complexity
- Lack of mobility between separate networks
- Mistakes creating security exposure
Identity Defined Networking (IDN) enables you to create instant overlay networks—anywhere in the world—that are highly available, remarkably simple and radically secure. IDN requires no changes to the existing underlay network. IDN overlays are based on verifiable machine identities, managed through a point-n-click orchestration engine that is so easy your CEO can do it. With IDN, micro-segmentation, secure intra-cloud networking and machine-to-machine networking is now a simple task. IDN also eliminates the complexities and vulnerabilities created by traditional IP-based networking and security products. How appealing or unappealing is Identity Defined Networking to your organization?
- A majority (64 percent) found IDN to be very appealing
- 34 percent found IDN to be appealing
- Zero found IDN to be unappealing
Now think about the following aspects of Identity Defined Networking (IDN) and rate each on how appealing it is to your organization.
- Reduce networking and resource provisioning time by up to 97 percent – 68 percent found appealing
- Reduce attack surface by up to 90 percent – 62 percent appealing
- Reduce failover and disaster recovery times to as little as milliseconds – 62 percent appealing
- Improve productivity for networking and security teams by up to 50 percent – 54 percent appealing
- Improve mitigation, revocation and quarantine by up to 50 percent – 46 percent appealing
- Decrease CapEx and OpEx as much as 50 percent – 44 percent appealing
When asked to rate the level of agreement or disagreement with the following statements about the complexity of networking and network security today, here are the top three responses:
- Security patches and tighter control over systems keep adding complexity to the network – 76 percent completely agree or agree
- Networking and network security is only getting more complex because of IoT – 74% completely agree or agree
- More endpoints being exposed via IoT will result in more network security threats – 70 percent completely agree or agree
It’s clear from the survey results that most organizations experience challenges when connecting devices or resources to their network, and the time to deploy is clearly the number one issue. I’m sure many of you can relate to that pain point, right? Network professionals also see growing complexity and network security threats, which will lead to increased costs. Again, given the speed at which technology advances and the increase in cyber threats this is also not surprising. Also not surprising, certainly to us, is that Identity Defined Networking (IDN) is driving benefits, such as reduced provisioning and disaster recovery time, and improved network security, making it a viable and recognized solution to networking pain points.
Posted on Jan 8, 2018
I’ve been in enterprise networking and security for nearly 30 years. In that time I can truly say that I’ve seen it all. After spending pretty much all of my calories in the world of IT, you can imagine that I have a long list of ‘lessons learned’. Lucky for you I won’t go through them now. Instead, my unsolicited advice to you when it comes to networking is: Don’t compromise. Simplicity and security ought to be attached at the hip and you shouldn’t have to sacrifice one for the other.
At Tempered Networks, we believe that security is a right and that networking shouldn’t be as difficult as it is. It should be simple, fast and affordable. Your network security should give you peace of mind, not anxiety. And, yes, even micro-segmentation should be simple to manage!
It’s one thing for me and our well-tempered team to believe this, but as it turns out, the folks at SC Media happen to agree—and they really like our technology. So much so that they honored Tempered Networks as one of just two vendors added to the SC Media 2017 Hall of Fame. I also appreciate the fact that they took the time to mention the HIPrelay, an identity-based router, that can connect any routable or non-routable device to another device anywhere based on the unique identity of the destination device. We like to think of it as our ‘killer app’ for networking.
Peter Stephensen, SC Media’s technical editor positioned it well, indicating that “It’s the beginning of allowing users to create their own private Internet.” That pretty much hits the nail on the head. You can check out the news here.
Here’s the bottom line: Your network should make you more productive, not hinder your business. Let us help you escape from the network cartels and get control over your network so it doesn’t control your life. Contact us to simplify your approach to secure networking and get back to work worth doing.
Posted on Nov 22, 2017
Thanksgiving has always been one of my favorite holidays. It’s the one day when my family can gather around a table, share an abundance of delicious food, and talk about everything that’s going on in each other’s lives and the world at large. In short, Thanksgiving is truly a time for family, food, and cheer.
Hot-button issues like politics and breaking news will likely take center stage at first, until somebody voices their opinion a little too strongly and tempers run hotter than the pot of boiling potatoes. That’s when I plan to change the subject to something a little more closely related to the true spirit of the holiday.
I’ll break up the heated debate with something like, “… You know what I’m thankful for this year? I’m grateful for the Host Internet Protocol (HIP), giving businesses a simple and secure networking solution. Adding, “With point-n-click microsegmentation,” just to really annoy everyone and get the eye roll from non-technophile family members and guests.
It may sound crazy, but I’ve spoken with many of my customers who are equally thankful for this best kept secret called HIP. They tell me that HIP has actually allowed them to obtain a work/life balance that previously never existed. With HIP, now they can…
- Go home for dinner with their families, rather than working overtime to solve complex networking issues and security troubles.
- Spend more work time on innovation and exploration, rather than flying to all parts of the world to add or diagnose machines or equipment, and perform system upgrades.
- Cut back on the acid reflux medication, because they know their company’s most valuable assets are cloaked and safe from cyberattack.
- Enjoy peace-of-mind knowing that they don’t have to make tradeoffs in resource availability to maintain ironclad security.
Thanks to HIP technology, IT professionals can breathe a sigh of relief during this year’s holiday season. They can take part in celebrating with friends and family, instead of spending the holiday at work and under the gun to provision more resources for Black Friday. Or, coping with the latest data breach that’s plaguing the company’s flat network.
After I express my over-the-top gratitude for HIP, I’ll go back to happily eating nap-inducing levels of turkey and pie. The full day of family, food, and fun will continue, while HIP safely secures and connects our clients’ networks everywhere.
What are you thankful for this year?