In September 2016, Gartner analysts published a report on application designs that unintentionally expose services to vast amounts of cyber threats. The analysts explain how typical network designs are not built for a complex and interconnected world of applications that live in the cloud. While the public Internet is a “cesspool” of attacks, digital businesses require more interconnectedness than ever before. Attackers who discover services often find vulnerabilities in applications and application programming interfaces (APIs) that bypass firewalls and intrusion prevention systems (IPS). Attackers will target services, users of the services, or both. Services and applications need to be insulated from the dangers of the public Internet using logical isolation of applications with technologies such as software-defined perimeters (SDPs).
The Fourth Industrial Revolution is the ongoing automation of traditional manufacturing and industrial practices, using modern smart technology. Industry 4.0 is now characterized by dispersed and remote edge deployments with limited human input for protection, thereby requiring even more protection with SDP capabilities. While analysts believe the best line of defense is to completely isolate endpoints from the Internet, turnkey solutions to solve the problem at scale are rare in the market.
Xaptum’s ENF secures critical Industry 4.0 sectors such as transportation, energy, and water. These customers often have tens of thousands of edge devices in dispersed and remote locations, potentially running over an untrusted communication path. To enable them to isolate critical assets from the public Internet, Xaptum has deployed a robust, scalable, secure, multi-tenant, global overlay network. Some of the critical benefits extended are as follows:
The ENF uses default-deny firewall rules in isolating remote IP endpoints to mitigate risks of lateral attacks. It provides customers with the macro/microsegmentation capabilities they need to securely accelerate deployments.
The overlay provides the same “black cloud” invisibility. Its endpoint-centric firewall enables Zero Trust Networking at scale. Zero Touch Provisioning expedites onboarding, while the use of only familiar networking tools eliminates the need to learn new vendor-specific SDP software or configuration language.
As a standards-compliant IP (layer 3) network, the ENF can tunnel multiple industrial automation protocols and is compatible with all device manufacturers, software vendors, and cloud hosts. There are no SDKs or agent platform lock-ins and clients require only standard TLS & crypto libraries. To learn more about the solution’s interoperability, please refer to the Concepts article.