Simple and Secure Micro-Segmentation for Internet of Things (IoT)

Transcription

1 Solution Brief Simple and Secure Micro-Segmentation for Internet of Things (IoT) A hardened network architecture for securely connecting any device, anywhere in the world Tempered Networks believes you should not have to compromise security for simplicity. Our Identity-Defined Networking solution enables you to easily connect, segment and manage your IoT environment. Lower CapEx and OpEx Faster network and resource provisioning time Reduced overall network attack surface

2 IoT is Driving Tremendous Value for Organizations The Internet of Things (IoT) is here, where virtually every machine and device are being connected. The promise of IoT is creating billions of dollars in value across multiple sectors, as the cost of connected things continues to decrease. Successful IoT initiatives are transforming how organizations do business by delivering significant cost savings and increased business agility by improving efficiency and automation, expanding data sources for business intelligence, and offering increased opportunities to deliver new service models for customers. With this enormous potential, organizations are embracing IoT to bridge their physical and digital worlds, and drive digital transformation. The Challenges Surrounding Secure IoT Connectivity and Segmentation Most IoT devices are not general-purpose devices such as smartphones and laptops, but rather devices with a dedicated function such as vending machines, IP cameras, robotics, building sensors, and a whole host of other systems and devices. As organizations plan for IoT initiatives, they are struggling with how to securely connect all of the different devices and systems, given the wide array of new security and networking challenges that come with adding so many things to the corporate network. The unfortunate reality of IoT is that security was an afterthought in much of the earlier system designs, which means that integrating these things with the corporate network creates complexity for IT teams. This effort often requires deploying multiple tools and technologies with a patchwork of VLANs, VPNs, Access Control Lists, routing rules, and firewall policies; all of which need to be configured for each thing that is added to the network. This approach is complicated, prone to error, and difficult to scale, especially for organizations with geographically disbursed resources. Additionally, the current shortage of experience IT employees makes it very expensive for organizations to roll out IoT initiatives. Secure IoT Networking with Identity-Defined Networking (IDN) We understand what it s like to be overwhelmed by network complexity, which is why we ve built a better solution that s trusted by CIOs of billion dollar brands and founders from F5, InfoBlox, Microsoft, and Splunk. Tempered Networks IDN solution is the industry s first platform that unifies networking and security into one simple and secure architecture. By delivering machine-to-machine secure networking, IDN eliminates most of the vexing challenges surrounding IoT initiatives. For the first time, organizations can connect, encrypt, and microsegment any IoT devices, anywhere in the world across enterprise, remote, and cloud infrastructures, with little or no modification to the underlying switching and routing infrastructure. IDN is purpose-built to overcome the networking and security challenges caused by today s complex and inherently vulnerable networks. The flexible IDN fabric overlays existing infrastructure (public or private) and delivers a simple networking architecture. This allows you to harden your network against breaches, as well as extending security across the Wide Area Network (WAN) in a manner that was previously impossible. Instantly and easily create overlay networks to connect, segment and manage all your networked devices. Now you can achieve the benefits of Software-Defined Networking (SDN) because our solution has native security and mobility to make your network resilient, nimble, and manageable. 2

3 Reducing Cost and Complexity with Simple and Secure Micro-segmentation With a simpler and more secure networking architecture, organizations can now significantly reduce, if not eliminate, traditional IT solutions such as complex internal firewalls, VPNs, Access Control Lists, and VLANs. The result is simple and segmented connectivity for any device, anywhere in the world, across any transport, with a level of security that was previously impractical, of not impossible, to achieve. Solution Comparison: Tempered Networks vs. Traditional IT Solutions* Using Tempered Networks IDN solution, this customer was able to securely connect and segment over 600 IP cameras across geographically disbursed locations around the world. With built-in encryption, instant micro-segmentation, scalable network orchestration, and a very easy deployment, they completed the project on time and significantly under budget, while providing a highly available and more secure overlay network model. *Traditional IT Solutions include Firewalls / VPNs / VLANs / Access Control Lists (ACLs) Bridging the IT/OT Divide While the promise of IoT value can only be realized by integrating the physical and digital worlds, it also forces the convergence of information technology (IT) and operational technology (OT). As organizations continue to increase the number of connected devices across converging IT and process networks, the question becomes how to overcome the gap between IT and OT? Who will take responsibility for the connectivity and security of tens of thousands of devices? With IDN, it s now possible to give local control over individual overlay segments of the network to business units, without the risk of impacting the rest of the network. IT can maintain centralized control and visibility, while having OT teams deploy and manage their individual devices and network segments. Compliance Just Got Easier You can now strengthen your cybersecurity posture by leveraging IDN to build an integrated, automated, simple, and secure network architecture that achieves the recommended security outcomes contained in the National Institute for Standards and Technology (NIST) Cybersecurity Framework. With built-in security and a level of segmented connectivity that simply hasn t been possible until now, IDN delivers strong risk management practices for IoT to protect confidentiality, integrity, and availability of resources and data. For organizations that deal with payment card information, IDN is effective in providing significant support for the key requirements and controls of PCI DSS and can assist in a comprehensive program of cyber-security for merchants, issuing banks, processors, services providers, and other entities required to comply with PCI DSS

4 Identity-Defined Networking Fabric Our software is designed to run nearly anywhere on almost any type of device, virtual machine, or cloud instance. Only three components are needed to quickly deploy your own IDN fabric across any network, with minimal modifications to the underlying switching and routing infrastructure. IDN Orchestration: The Conductor The Conductor is our orchestration engine, which creates and manages distributed policy to all HIP Service and HIPrelay endpoints. IDN Enforcement Points: HIP Services A HIP Service runs on or adjacent to any host and acts as the network policy and security enforcement point. IDN Routing: The HIPrelay The world s first Identity-Based Router which authorizes and connects machine-to-machine encrypted connectivity between private or non-routable endpoints. Our ruggedized platforms are ideally suited for commercial and industrial depoloyments such as SCADA & Industrial Control Systems (ICS), field deployed devices, fixed or mobile Point of Sales (Pos) systems, building management and BACnet systems, Industrial IoT devices, robotics, and many other devices and systems. With a large number of ports, fast Ethernet, Serial-over-IP, and single or dual cellular modem configuration, you can now eliminate the cost and complexity of having separate Ethernet switches, VPNs, firewalls, cellular modems/routers, and APNs. 4

5 The Conductor Simple Management Makes Your Life Easier As the intelligence controlling the IDN fabric, the Conductor was designed to be extremely easy to use, even for staff without advanced technical training. You can now instantly create hub-and-spoke or highly distributed mesh networks, without the traditional network challenges. By automating network and security policies, it s easy to handle large scale deployments with thousands of devices across your hybrid data center, giving you better control of your entire enterprise network architecture, and allowing you to provision and revoke resources 97% faster than traditional IT solutions. With the Conductor, you can: Deploy an instant overlay network in minutes with minimal changes to existing routing and switching infrastructure Limit access to only allow authenticated, authorized, and accountable machines Deliver connectivity for Layer 2 and Layer 3 networks across any link medium See the status of every connected device, resource, or workload in your network Point-and-Click Network Overlays in Minutes Creating communication policy is pointand-click simple by adding the devices you want to include and building explicit trust relationships by checking the radio buttons. This simple process replaces the multiple steps typically required for security and network configuration by IT staff. The Visual Trust Map allows you to immediately validate communication policy. This feature helps you with regulatory compliance reporting and security audits. 5

6 A Better Way to Connect IoT Devices Our award-winning networking platform is based on the principle that it must be easy to connect, encrypt, segment, orchestrate, move, failover, and disconnect devices. Our technology has been in production for over 12 years at a Fortune 50 company, and delivers a proven alternative to traditional IT solutions. With IDN s superior flexibility, security, and scalability, it s easier than ever before to seamlessly connect IoT devices. Non-traversal microsegmentation is a simple 3-click operation that s verifiable and nearly hack-proof. You can now connect any device at multiple global locations, without having to implement complex and costly NetSec solutions. The result is simple and secure connectivity that can be seamlessly deployed on top of any IP network. Capabilities Comparison: Tempered Networks vs. Traditional IT Solutions Next Steps Contrary to common assumptions, effective micro-segmentation can be simple, highly resilient and significantly more secure than most organizations realize. And it doesn t have to cost a fortune. If you d like to learn more on how we can help you build a simpler and more secure network, please us at segment@temperednetworks.com or call us at There s no obligation and it s easy to get started. 1. Contact us to schedule an appointment so we can discuss your environment and goals 2. We ll develop a custom segmentation plan and review with you 3. Try the IDN Solution, and we ll have you in control of your network within 1 day 6