As SD-WAN matures, the more critical its security is becoming for enterprise customers. And while vendors are working on various strategies to secure the technology, 128 Technology believes that the best way for enterprises to protect themselves against threats is by eliminating tunnel-based approaches to SD-WAN.
128 Technology is a 4-year-old networking startup that developed a pure-software service to simplify routing and offer a different approach to the SD-WAN use case. Instead of using tunnels to connect different areas of a network, it uses something it calls multi-path secure vector routing.
The software routes traffic across public and private networks, and then metadata communicates how to route packets from one private network to another. In addition, it doesn’t require overlay networks nor restrict the WAN to just one vendor.
And while 128 is a pure software company, it has partnerships with a number white box companies to create universal CPE (uCPE) hardware to deploy. This includes Lanner, which it partnered with in October 2017, as well as Silicom, Advantech, and Kontron.
When it first launched, it didn’t want to be referred to as an SD-WAN company. Patrick MeLampy, 128’s chief operating officer, has now backtracked a bit on that sentiment.
“I was honestly foolish in the whole thing with the SD-WAN, I was predicting that there will be a future where there won’t be a WAN, or in the way that we think of it today,” he said. “We took great happiness because we’re doing it differently.” Now, however, the company is embracing the SD-WAN use case.
According to MeLampy, there are several use cases where 128 has seen its SD-WAN approach find success. These are for deployments where scalability is important because 128 doesn’t use hub-and-spoke, tunnels, data center hubs, or have data center router requirements; for unified communications use cases, particularly voice calls; and when there is limited bandwidth available.
The other successful use case, MeLampy would argue, is security.
There are a number of challenges that are affecting the SD-WAN market in terms of security. One of the greatests, says MeLampy, is the networking industry’s reliance on the Linux operating system.
“There’s a lot of vulnerability tied to that area, that come in from all the change that goes on,” he said of the Linux OS. “All these vulnerabilities [are] not really about routing packets, it’s about how the applications are set to run in Linux and that creates a lot of vulnerabilities.”
MeLampy added that there is SC Linux, “basically a secure Linux, customers should be demanding that.”
In addition he says that the trend in the industry to make networking more programmable and automated — and using a number of tools to do so — is opening up vendors including 128 to vulnerabilities. “What works good in a data center that has physical security doesn’t always work great in a distributed wide area network and I think we’re running into some of those things,” he said.
While 128 is also vulnerable to these security issues, it is doing some things differently that make its SD-WAN software more secure.
128 uses what it calls “semantics-based policy language.” Meaning that it creates a secure vector, or directional route, that “talks” to the specific server being reached. In addition, the vendor provides session-by-session authentication and and security for each vectors.
“We’ve always believed that sessions individually should be routed, not packets,” MeLampy said. What this does, he continued, is that sessions being routing between networks must be authenticated and pass a route policy, “In a sense, we’re almost more like a firewall than a router.”
As a result, MeLampy says that 128 has been able to achieve a higher security certification with the U.S. government than other vendors. Specifically, its session-smart router is FIPS 140-2-certified by the National Institute of Standards and Technology. He said that it’s hard for its competitors to get this because “they’re using tunnels and non-standard key management … we’re not doing that.”
128 also has similar security options and partnerships as other SD-WAN vendors do. Customers can service function chain a number of security products, with Palo Alto Networks being one of its biggest partnerships. MeLampy also named Webroot, zScaler, and a number of open source security projects as its partners in the space.
Starting a ‘Revolution’
128 Technology believes that it is starting a revolution around security and networking.
“People want something simpler, they want something more secure, I don’t think building virtual networks on top of the networks we already have is necessarily the way to go,” said MeLampy.
He added that he doesn’t think there is going to be a long life for vendors using virtual networks and tunnels on top of other networks. “We think there’s going to be a revolution, and we think we’re going to be the first company that’s going to start it, hopefully.”