Tempered Networks Brings Identity-Defined Networking to PCI DSS

The Host Identity Protocol-based Identity-Defined Network approach gets additional capabilities to help enable PCI DSS compliance.

Tempered Networks

Tempered Networks is expanding the focus of its Identity-Defined Networking (IDN) platform to help organizations be compliant with Payment Card Industry Data Security Standard requirements. The PCI DSS compliance capabilities are part of Tempered Networks' latest platform milestone, which also introduced the new HIPrelay identity-based router technology. 

Tempered Networks was originally known as Asguard Networks but rebranded in 2014. The core technology behind Tempered Networks is the Host Identity Protocol (HIP), which enables the Identity-Defined Network model. The IDN provides organizations with the ability to both segment a network and verify that only trusted authorized devices are able to communicate with each other.

PCI DSS compliance is a complicated set of compliance rules that includes over 200 requirements for individual controls. Tempered Networks doesn't provide everything that is required for PCI DSS compliance, but with the new update, the IDN platform now helps enable compliance.

"We have added the necessary reporting elements required for PCI DSS," Erik Giesa, vice president of products at Tempered Networks, told eWEEK.

The new PCI DSS reporting is implemented in the HIP Conductor component, which also provides policy management capabilities. IDN has also been expanded to connect items that had previously been non-routable on a network to a secure PCI DSS compliant network, Giesa said.

The PCI DSS compliance capabilities make use of multiple Tempered Networks HIP-based services, including the new HIPrelay. Tempered Networks originally only had physical HIPswitches that connected devices as well as the HIPswitch Conductor management tool. The company has since added virtual HIPswitches that can run in the cloud.

The HIPrelay is a software feature that runs on a HIPswitch and aims to help organizations connect devices into the IDN fabric in a secure manner. As such, any device can be routed to connect to a HIPrelay, which will then act as a gateway to the rest of an IDN deployment. Giesa explained that once a policy is defined with the Conductor, that policy is pushed to all the HIP services and allows authorized connections. If a policy violation is detected, revocation of access to a connected device can be performed instantly, he added.

As part of the IDN approach, Giesa said an organization can segment a network to create data sovereignty zones.

"So for example, only machines in Germany can be set to go through the German HIPrelay and can only talk to other machines located in Germany," Giesa said. "So you're guaranteed that any communication and data traffic flows stay within a specific jurisdiction to comply with whatever regulations are in place."

Looking forward, Tempered Networks has plans to further expand the IDN approach to provide additional security capabilities.

"The direction we're going is to provide simpler, faster and better orchestration at scale," Giesa said. "We have a very open API, but we'll be integrating even more with things like security analytics."

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.