Tempered Networks aims to make it easier to deploy Host Intrusion Protocol-based technology with the launch of a second generation of its hardware switches and updated software.
Tempered Networks entered the market in November 2014 as the rebranded name of Asguard Networks. The HIP specification was originally jointly developed by Verizon, Ericsson and Boeing as a security isolation and control mechanism for industrial networks. Tempered Networks’ goal is to bring HIP to the enterprise and the emerging Internet of things (IoT) world with its HIPswitch technology.
“The customers that are really paranoid will do a one-to-one relationship, where a device will plug directly into a HIPswitch, while the ones that are less paranoid will plug in behind layer 2 switches,” Mark Kaplan, vice president of security architecture and services, told eWEEK.
HIPswitch has two distinct interfaces, Kaplan explained. One of the interfaces handles TCP/IP traffic, and the first thing it does is it checks the media access control (MAC) and IP address of a device to make sure it’s on a white list of allowed devices. “So if you plug something directly into the HIPswitch and the device isn’t white-listed, you won’t get anywhere,” Kaplan said.
The other interface is the outside encryption interface; it uses HIP, which encapsulates and encrypts traffic in a manner similar to how an Internet Protocol Security (IPsec) session works. IPsec is often deployed for VPNs in an enterprise. The HIP encryption used by Tempered Networks is AES256, SHA-2, which is among the strongest grades of encryption available.
“Host Identify Protocol is similar to IPsec, but instead of binding to a host name or an IP address for trust, it uses host identity, which is embedded in devices with a digital certificate,” Kaplan explained. “Each HIPswitch, whether it’s physical or virtual, has its own unique identity.”
The new feature sets from Tempered Networks include an auto-discovery capability to map out a network of HIPswitches. In the past, Tempered Networks had to perform a manual inventory of devices that were plugged in behind HIPswitches, Kaplan explained. “Customers can now plug in a HIPswitch and automatically discover all the devices that are communicating on the connected wire,” he said.
The autodiscovery capability is in the SimpleConnect user interface, which enables the Tempered Networks HIPswitch Conductor management tool. By automatically discovering devices, policies can now also be more easily applied at scale to large deployments. Additionally, there are new improvements to help set and define policies across large volumes of devices.
Kaplan said the new autodiscovery and security policy features have helped him personally on client installations. He noted that he was at a client site last week and building out an entire enterprise policy took only six minutes to secure 702 devices. The rapid deployment was aided by Tempered Networks’ capability to handle Comma Separated Value (CSV) import.
“So a customer can literally build out their policies [using] an Excel spreadsheet and then import into the HIPswith Conductor,” Kaplan said. “It moves away from what was a user interface that required a lot of user clicking, to now keeping most of the major work down to just a few mouse clicks.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.