Introduction to ENF

Introduction

Industrial IoT drives efficiency and reduces cost by allowing the real-time monitoring of assets without human intervention. Real-time monitoring increases availability of equipment by alerting operations of situations that need immediate attention. IoT enables optimized maintenance scheduling by collecting data from the assets.

Challenges

Security

Security is a primary concern for most companies when considering an IoT strategy. There are three main aspects in securing IoT devices; control, data integrity, and obscuring data.

Control

Undoubtedly, the most important aspect of IoT security is to deny malicious actors the ability to make changes to any settings. A purposely incorrect setting can cause downtime, equipment damage or failure, or large liability.

Data Integrity

Similarly as important, the data from an IoT device must not be altered. At first glance, this might not seem as critical as securing control operations, but an incorrect reading may cause an operator to take actions with catastrophic results.

For example: An operator may see a low pressure reading on a system and take action to correct it. If the actual pressure is already at or above the desired level, the operator’s action may cause equipment failure.

Obscuring data

For safety and competitive reasons, it is desirable to only allow authorized users access to any monitoring data.

Managing many devices

As the number and types of deployed devices increase and become more widely distributed, managing them becomes exponentially more difficult. Manually provisioning hundreds or thousands of devices is logistically difficult, prohibitively expensive, and error-prone. Misconfiguration is a leading cause of cybersecurity incidents. Reconfiguring and updating devices in the field is another challenge that must be adequately managed.

Last-mile connection

Configuring the last-mile connection for many IoT devices, especially if they are widely dispersed, is also a challenge.

Creating a dedicated LAN at a single site might be expensive, but is achievable. Doing the same over multiple locations or for mobile devices would be prohibitive.

Network Segmentation / Microsegmentation

For both security and management, the ability to use microsegmentation on the IoT network is advantageous.

In larger installations, the devices in one role do not need the ability to directly communicate with the devices in another role. Using a microsegmentation approach allows fine-grain control of device interconnection.

For example: the equipment on the manufacturing floor should be isolated from the rolling stock.

The ENF Overlay Network

The Xaptum Edge Network Fabric (ENF) is a fully-routable, IPv6 network overlay that isolates clients from the public Internet and each other through a parallel network this is fully secured. Unlike the public Internet, which was designed for sharing information, the ENF only connects devices and endpoints that are expressly granted permission.

The ENF solves IoT Challenges

Security

The ENF uses industry-standard, end-to-end encryption. From the outside world, the devices are invisible and cannot be scanned.

Control
Only authorized users have access to the network and the devices.
Data Integrity
Since all communication is encrypted and routed via the ENF overlay network, altering data is practically impossible.
Confidentiality
Similar to using a VPN, all data is hidden.

Ecosystem

ENF
The Edge Network Fabric is the network overlay by which Xaptum delivers encrypted messages on behalf of the clients.
enfcli
The enfcli (ENF Command Line Interface) is a tool that can be used by clients to configure their networks and devices. The command line tool allows clients to use scripting tools to automate operations. (The API is also available to allow clients to write tools to interface with their existing systems.)
Router Card
The Xaptum router card is an “on-ramp” to the ENF. It contains a TPM (Trusted Platform Module) that allows secure, authenticated communication with Xaptum ENF. The TPM is used to uniquely and authoritatively identify an individual device.

Didn't find what you were looking for?

Contact us and we’ll get back to you as soon as possible.

Contact Us