Tempered Networks’New Identity Networking Paradigm

The Cure for IT Risk, Cost, and Complexity –unified secure networking made simple

Tempered Networks’ Identity-Defined Network (IDN) It’s never been possible…until now

MOVE ANY IP RESOURCE

GLOBALLY

ONE-CLICK SEGMENTATION :

MICRO, MACRO, CROSS -REALM

CLOAK AND ENCRYPT

INSTANTLY CONNECT,

D ISCONNECT,REVOKE

INSTANT MICRO and

MACRO FAILOVER

NEW HOST IDENTITY

NAMESPACE

▪ Unify networking and security based on identity

▪ Simplify to reduce cap ex and op ex

▪ Segment to reduce business risk

▪ Orchestrate for speed, consistency, and simplicity

▪ Instantly network and secure any thing, anywhere, anytime

Traditional Networking is Complex, Costly and Fragile

Users

Remote

Worker

Site 1

Remote

Vendor

IT Intranet

Data Center

Data Center

Gateway

Switch Block

IT Intranet

Corporate

Network

Users

Remote

Worker

Site 1

Remote

VendorIT Intranet

Data

Center

Data Center

“We didn’t focus on how you could wreck this (IP) system intentionally…

getting this thing to work at all was non-trivial.”

- Vint Cerf, Washington Post, November 2016

Lack of Identity: The Root Cause of Complexity, Cost, and Vulnerability

Complex firewall and

networking rule sets

Routing policies,

VLANs and

ACLS overhead

… per networked “thing”

VPN access

controls for each

network

DNS and routing

updates for failover

100%

Network and Security Policies

USE IP ADDRESSES as IDENTITY

*Inspired by, “An Attack Surface Metric,” Dr. Pratyusa Manadhata, Member, IEEE, and Dr. Jeannette Wing, Fellow, IEEE, IEEE Transactions on Software Engineering, 2010

(clients x resources) x (net & sec policy) x updates = complexity(c x r ) x p = y*n in

continuous change

The new Identity Networking paradigm is required

Link (L1)

Network (L2-L3)

Transport (L4)

Application (L5-L7)

MAC address

IP Address

IP Address: Port

IP Address: Port

Internet 2.0 –

“Network everything”

Link

Network

Transport

Application

MAC address

IP Address

Host Identity

Protocol (HIP)

Host Identity Tag: Port

Host Identity

Host Identity Tag: Port

Internet 3.0 –

“Network ONLY CRYPTO-IDENTIFIED things”

To a secure,

mobile and

private Internet

Authenticate and Authorize a “device” BEFORE transport is established

HIPservers

HIPswitch

Tempered Networks’ IDN Conductor

Control based on unique crypto-identity for every networked thing via an overlay fabric .

Seamless deployment, simple policy orchestration and enforcement based on identity.

Securely connect, cloak, segment, revoke, move, and failover instantly within the IDN’s encrypted fabric.

Public / Corporate Network (No Identity. Untrusted. Unmanageable.)

IDN Fabric (trusted, cloaked, segmented, encrypted)

HIPclientsHIPchip

IP

Cameras

➢ Applications

➢ Databases

➢ Cloud workloads

➢ Containers

PoS / ATMs

Identity-Defined Networking (IDN) – the way forward Securely network and orchestrate any thing, anywhere, anytime - instantly.

IP

Cameras

Reduce and accelerate the time to provision

BEFORE TEMPERED

Ticket submitted to Network

IT for new resources addition

to corporate network.

Design for Routing, Firewall,

VPN, and Switching Policies

Design Submitted to InfoSec

for review and approval

Approval of Design

by InfoSec

Implementation of Design by

Network Ops

Implementation Review and

Sign-Off by InfoSec

GO LIVE!

Week 1

Week 2

Week 3

Week 4

Week 5

Week 6

Week 7

AFTER TEMPERED

Ticket submitted to Network

team for new resource.

InfoSec approved.

Day 1

Any resource can be added to the IDN

fabric through explicit device-based

authentication and authorization.

Automatic inheritance of:

• Hardened segmentation

• Cloaking

• Military-grade encryption

between all IDN Endpoints

Simple and consistent deployment by

NetOps. Easily verif ied by InfoSec.

Secure networking

time reduced by:

97%

GO LIVE!

Use case – oil and gas (ICS/SCADA)

➢ Failed audit

➢ Flat L2 network

➢ Duplicate IP addresses

➢ Provisioning time and politics

➢ Congestion on radio network

➢ No adequate redundancy

➢ Secure micro-segmentation

➢ TNI routes but leaves L2 network alone

➢ IP addresses are abstracted from the network, no need to re-IP

➢ OT controls their own network and destiny, IT no longer cares

➢ Allowed use of OSPF, radios became much more efficient

➢ Now has cell back-up

Challenge Benefit

IDN Lab/Demo

Data Center 1

Remote Station

Sub 1

NOC

Sub 2

Sub 3

Routed WAN

MPLS

Layer2 – Layer3 Secure Segmentation

Data Center 2

SIEM Services Database

VLAN 10 – 10.10.10.0/24

VLAN 20 – 10.10.20.0/24

VLAN 10

10.10.10.0/24

VLAN 10

10.10.10.0/24

VLAN 10

10.10.10.0/24

Wifi

Corporate Network

Users

Applications Services Database

Conductor

Field Techs

On Demand

HIP Tunnels

3rd Party

Untrusted

Public

Data Center 2

Distribution CenterRemote Location

Data Center 1

WAN / MPLS

Research Facility

Mobile

Field Tech

Remote LocationDistribution CenterSupply Chain

Mobile

Field Tech

ConductorHIP Relay

On Demand

HIP Tunnels

On Demand

HIP Tunnels

Thank you