IoT, or internet of things, is still an emerging technology as IT and business leaders struggle with understanding how the world changes when everything is connected. The one area of IoT where connecting things has been commonplace for more than a decade is the industrial IoT (IIoT) world. Building control systems, factory equipment, machinery and other things have been on their own network as connectivity makes those systems better.
Digital transformation requires IT-OT convergence. Some in IT circles were not aware of this, because these devices have been managed by the operational technology (OT) groups in companies, but more and more there’s a desire to bring IT and OT together. This lets data be aggregated for machine-learning purposes and creates some process efficiency. The downside of IIoT becoming part of IT’s scope is securing the systems.
Legacy security tools and approaches don’t scale in a hyperconnected world
One could attempt using traditional, internal firewalls and use ACLs, VPNs and VLANs, but that’s very expensive and not scalable. Also, while that approach has been around for a while, it’s very rigid, making it less than ideal for the dynamic nature of IIoT. This creates a problem for cybersecurity pros that are now tasked with securing IIoT.
Recently, Tempered Networks announced what it claims is the first purpose-built IIoT cybersecurity platform, which enables businesses to secure IIoT networks without the manual and financial overhead of firewalls, VLANs, ACLs and VPNs. The complexity of doing this in hyperconnected environments can take the IT team from being over-burdened to being unable to do their jobs. The vendor accomplishes this with an overlay solution that encrypts and isolates IIoT traffic by creating a logical air gap.
Tempered Networks uses micro-segmentation to protect IIoT environments
Tempered’s approach is to use micro-segmentation to create a secure overlay to the existing data network. This overlay approach makes it easier to secure east-west traffic as well as north-south. Firewalls are great at the former but do not have the agility to handle the latter.
(For the record: "East-west" traffic refers to traffic within a data center -- i.e. server-to-server traffic. "North-south" traffic is client-to-server traffic, between the data center and the rest of the network, or anything outside the data center.)
One of the unique aspects of the Tempered Networks solution is that it was built with the assumption that hyper-connectivity and endpoint mobility were the norm. Its most recent update expands on this vision and includes the following enhancements.
- Granular port isolation is how Tempered defines the groups of interfaces that are upstream from machines on different segments. While this feature is available on most switches, Tempered offers multiple segmented overlay networks, each with their own set of policies, within a single Tempered HIPswitch. This lets customers segment zones of traffic within the data center as well as between cloud, on premises and virtual environments and make it look like a single environment.
- Policy based network objects is how Tempered co-exists with existing management schemes because administrators can run the network the way they want using Tempered. This can be particularly valuable though in migrating from a traditional address-based environment to an identity based one.
- Snort integration enables deeper inspection for malware detection and the ability to identify malicious traffic on a network. Snort is a very popular security tool and should enable Tempered to look deeper than just layer 4.
- Simplified and more scalable managed service provider (MSP) and independent software vendor (ISV) management. HIPswitches now support multiple layer 3 active underlay interfaces for multi-tenant and mulit-homing cabilities. These links can be configured in multiple active / standby modes using new failover groups.
- Reduced network complexity. The enhanced platform enables customers to replace edge switches, internal firewalls, VPNs, cellular modems and other infrastructure reducing OpEx and CapEx.
All of these new product enhancements are available to Tempered Networks customers today at no charge if they have a maintenance agreement.
IIoT requires new ways of thinking about security
IIoT environments require a different type of security tool. The massive number of IIoT devices being exposed to the Internet has increased the attack surface for most industries by at least an order of magnitude. The product updates to Tempered Networks enhances micro-segmentation for industrial networks to protect the IIoT endpoints without requiring perimeter-based security tools.
Using the wrong tool for the job never works. Trying to hammer a nail with a wrench or remove a Phillips screw with a slot head always creates a bad situation. In the area of securing IIoT, legacy firewalls and VPNs were never designed for the rigors of IIoT. Don’t misread my words; firewalls and VPNs are incredibly important, but they secure different types of threats.
Zeus Kerravala is an eWEEK regular contributor and the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions.