As a standards-compliant IP (layer 3) network, the ENF is compatible with all servers, gateway/host/device manufacturers, software vendors, and cloud hosts. The following capabilities illustrate its interoperability:
Moreover, such flexibility extends to tools of the customer’s choice. Please get in touch with the sales team to learn more about how Xaptum can partner with customers to actualize such extensions.
The following subsections dive deeper into potential integration scenarios with the open-source tools mentioned above.
Snort is an open-source intrusion prevention system from Cisco, capable of real-time traffic analysis and packet logging on IP networks. Snort IPS uses a series of rules that define malicious network activity, alerting admins when suspicious traffic is detected. It can also be deployed inline to drop such packets.
Snort can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, and more. It can be used as a packet sniffer like tcpdump, a packet logger (for network traffic debugging, etc), a network file logging device (capturing files in realtime from network traffic), or as a full-blown network intrusion prevention system.
Snort can enable Xaptum to look deeper (than just layer 4) for malware and malicious traffic by enriching its single-pass packet inspection. Of course, Snort is just one example of an IDS/IPS tool that can be integrated with the ENF for added security.
Launched by the Open Cybersecurity Alliance, OpenDXL Ontology is the first open-source language for connecting cybersecurity tools and systems through a common messaging framework by removing the need for custom integrations between products that can be most effective when communicating with each other but suffer from fragmentation and vendor-specific architecture.
OpenDXL aims to streamline security automation that leverages disparate tools from different vendors to achieve consistent, beneficial outcomes. An Ontology interface would provide an effective means for Xaptum to communicate the customer’s network traffic or security metadata with third-party systems, such as their existing NAC (Network Access Control) tool.
The expansion of edge computing has escalated the need for a modern, distributed, microservices-based software architecture. Containers allow for applications to be broken into smaller, independent pieces that can be deployed and managed dynamically. The accompanying support for containerization (say through Docker) enables application portability and helps simplify application deployment and orchestration.
Consequently, the foremost open-source container-orchestration system, Kubernetes, has proven to be surprisingly well suited to manage complex, decentralized, and distributed environments. One of the key benefits extended is Self-healing – “Kubernetes restarts containers that fail, replaces containers, kills containers that don’t respond to your user-defined health check, and doesn’t advertise them to clients until they are ready to serve.”
Such a feature-rich and resilient infrastructure layer is complementary to Xaptum’s SASE fabric. By implementing a CNI (Container Network Interface) plugin, the ENF can securely connect dispersed containers, providing the needed foundation for deploying Kubernetes to automate edge orchestration.