Securing the Everywhere Perimeter
The world is on the verge of an unprecedented expansion in networked connectivity, driven by the combined forces of the Internet of Things and Smart infrastructures. These are posing significant threats to today’s network security model. No organization can afford to ignore the importance of protecting access to its network, applications, and information. Without proper controls, a breach of one device could provide a hacker with the virtual keys to the castle.
A central problem is the sheer number and mobility of devices creating new BYOD and IoT-based internal access points. Onboarding, securing, tracking, and managing thousands of devices seems practically impossible. In addition to increased entry points for hackers, these trends extend the traditional organizational boundary to cloud instances.
These trends make it nearly impossible to determine where the organization’s perimeter lies. Is it the branch? The campus edge? A user device? An IoT device? An external cloud? An internal cloud? The answer is that there is no longer a rigid perimeter—there is only an everywhere perimeter.
Businesses need an effective strategy to differentiate critical applications and confidential data, partition users and devices, establish policy boundaries, and reduce their exposure.
Leveraging Avaya technology, organizations can hide much of their network and protect those elements that remain visible. Borders are established that defend against unauthorized lateral movement, the attack profile is reduced, and highly effective breach isolation is delivered. Businesses can avoid many of the conventional hooks and tools that hackers seek to exploit.
In my new Avaya video I elaborate on the Avaya technologies that help secure the everywhere perimeter. I explain how organizations can significantly reduce the level of network exposure and how they can avoid the chinks that are normally used for an exploit.
Deploying an IoT-ready Architecture
Securing the everywhere perimeter offers a series of capabilities that seek to address both traditional and emergent networking requirements with an innovative approach to protecting critical applications and confidential data.
The three key emerging challenges—implementing scalable segmentation, managing the double-edged nature of IP reachability, and securing edge configuration and attachment—are addressed by the three pillars of Avaya’s securing the everywhere perimeter:
- Hyper-Segmentation: Greatly improving upon traditional segmentation, Avaya’s hyper-segmentation scales to millions and seamlessly spans the entire organization from data center to device. Once hyper-segments are created, organizations experience a reduction in the attack surface, a quarantine function if a segment is breached, improvement of anomaly scanning, and greater firewall efficiency.
- Native Stealth: Unlike traditional technology, Avaya delivers hyper-segments that are not exposed to the vulnerabilities of Internet Protocol (IP). What this means is that in the event the organization is breached—for example, through the HVAC or an IoT network segment—the hacker is unable to see anything outside that segment, keeping them contained. Because intermediate networking nodes are ignorant of the content, and do not rely upon IP-based reachability, these cannot be used as launch points for exploiting a breach.
- Automatic Elasticity: Avaya has pioneered the concept of network elasticity as an enabler for securing the everywhere perimeter. An elastic hyper-segment automatically stretches services to the edge, only as required and only for the duration of a specific application session. As applications terminate, or end-point devices close down or disconnect, the now-redundant networking services retract from the edge. It simplifies deployment of hundreds of segments for tens of thousands of endpoints.
Avaya delivers a solution set of next-generation capabilities that address the challenges of the everywhere perimeter. It provides a foundational layer that seamlessly manages hyper-segmentation, native stealth, and automatic elasticity across the organization. Using software-defined and identity technologies to automate onboarding and access from users, devices, networking nodes, and servers, Avaya makes protecting and managing everywhere access practical.