IDN is a next-gen platform for unified, secure networking that delivers fully encrypted, on-demand network provisioning for any resource, anywhere, at any time. ‘One-click’ trust policies are established based on unique device-based cryptographic IDs, not spoofable IP addresses, and centrally managed using our policy-based orchestration. IDN effectively offers a secure SDN solution and allows customers to leverage connectivity beyond just the WAN, including cellular, WiFi, and satellite networks.
Virtual Edge Solution Details
|Solution Demand||Cloud Service Providers, Healthcare, Financials, Government & Education and Retail|
Explicit trust between your data center, remote locations, and the public/private cloud instances is not only possible with Tempered Networks, but simple and practical. Instantly connect, protect, segment, move, failover, and disconnect devices and resources anywhere in the world, with unprecedented speed and simplicity. IDN significantly reduces IT complexity, is simple to orchestrate, and requires no modification to the underlying network, applications, or infrastructure. Devices connected within the encrypted IDN fabric are natively cloaked and invisible to hacker reconnaissance, and protected against DDOS, MiTM attacks, IP spoofing and other types of network and transport layer attacks.
|Form Factor||Hardware appliance (COTS), Hardware appliance (proprietary), Software (including installable SW package/Virtual SW appliance/VNF in NFV deployments) and As a Service (XaaS) in the cloud|
|Target Market||Both Business and Home|
|Primarily Sells to||Enterprises|
|Layers of the OSI Directly Controlled||Physical L1 connectivity, L2 connectivity, L3 connectivity and L4-7 traffic – for optimization, security etc|
|Key Partners||Marcum, Optiv, Siemens Rockwell, International, Sysorex|
|Current Production Deployments||Yes|
|Licensing and Pricing||
Tempered Networks has one of the most flexible, cost-effective, elastic licensing and pricing models. We support perpetual and subscription licensing. Subscription licensing is based on an annual contract allowing customers to pay as they grow. Pricing can start at $600 annually per virtual HIPswitch and $1200 per virtual Conductor.
|More Licensing/Pricing Information||http://www.temperednetworks.com/wp-content/uploads/2015/02/TemperedNetworks-Product-Brochure.pdf|
|Product Differentiator||The only Identity-Defined network overlay where trust and segmentation is based on unique device-based cryptographic identities.|
|Product Differentiator #2||All communication is automatically encrypted between all IDN endpoints and all devices within the fabric are cloaked and cannot be fingerprinted.|
|Product Differentiator #3||The only fabric that has <1 second failover and true IP mobility for any connected thing from datacenters to discreet devices.|
Connectivity is natively supported in our physical appliances: cellular, WiFi, Ethernet, Serial over IP, and radio connectivity.Trust based LAN segmentation and containment that can span subnets, VLANs, and network boundaries with no modifications to the underlayIdentity-Based Routing (IDR) overcomes much of the complexity of inter-networking because Virtual Trust Segments can be instantly provisioned across network boundaries.Better security because the Host Identity Protocol establishes trust between networks or devices before transport communication is established & data is exchangedHost Identity (unique Cryptographic IDs) can be assigned to a device, application, and even micro-service
Unlike SD-WAN or other SDN technologies, Tempered’s IDN natively supports WAN, LAN, WiFi, and Cellular connectivity with link failover. A HIP Service or IDN Endpoint can be deployed as either a physical, virtual, or cloud applicance called a HIPswitch (an IDN Gateway), or can be deployed as a laptop client, server software, mobile client, can be embedded directly into an application, or even as firmware for things like IP cameras, Industrial Control Systems (ICS), and even cable modems and routers. Segmentation can now be driven down to the individual device level for a perimeter of one.
|Regional/Enterprise Data Center||
The trust-based encrypted fabric provides a true overlay requiring little to no modifications of the underlying network. An IP address no longer serves as the identifier and locator of a device. Instead, an IDN endpoints unique cryptographic ID serves as the identity and the IP address serves its true and originally intended function as the local resource locator. This decoupling enables unprecedented flexibility overcoming many of the mobility restrictions associated with traditional networking and not available in any SD-WAN or SDN technology. Micro, macro, and cross-boundary segmentation is now possible.
|Transport Network Elements – including optical, copper (physical) and MPLS (logical)||
For the logical network, everything rides on top of TCP/IP. The Host Identity Protocol (HIP) authenticates and authorizes the device before device communication (L4 TCP) can begin, then TCP session can be established. Once authenticated, the session is encrypted AES 256 with ESP to its symmetric destination. HIP has been designed to be forward and backward compatible and will support any type of link or logical network including MPLS. The superiority of the IDN approach no longer has to rely on DNS or routing convergence for failover which is often slow, unpredictable, and can’t be easily verified or tested.
|L3 Routing Capabilities||Yes|
|Description of L3 Routing Capabilities||
The system supports L3 service discovery and forwarding.
|Description of L2/Network Services||
The HIPservice offers typical gateway services for devices that are cloaked and protected. For example, DNS, DHCP, VLAN tagging, overlay segmentation, and L2 white listing.
|Application-Aware QoS Capabilities||No|
|Description of Multi-Network Capability||
HIPservice and the Conductor have HA options. Conductor can configure to failover from an enterprise deployment to the cloud instance in the event of an outage. The multiport solutions of the HIPservice switch, ports can be configured as ethernet bonded or media agile WAN link load balancing or failover.
|Built-in L4 Security Capabilities||Yes|
|Description of Built-in L4 Security Capabilities||
Security is established by explicit whitelisted trust between devices. This provides cloaking out-of-the box for the device and protection agains DoS, IP spoofing, and MiTM attacks. Authenticated and authorized communication can be locked down to the port level and in the future can be embedded in a discreet application.
|Built-in L7 App-Aware Security Capabilities||No|
|Top Use Cases||
With Tempered’s ability to assign trust down to the device level and centrally orchestrate and manage trust relationships at scale, the use cases are broad. Examples include: Instantly Provision or Revoke Remote Staff, 3rd Party, or Supply Chain Access; Instant Connectivity, Encryption, and Failover Across Managed and Unmanaged Networks; On-Demand Secure Network Provisioning and PCI Compliance; MPLS Replacement, Remote Office Security, and Instant Failover; Secure and Segmented User, Vendor, and Application Access Control; Secure and Segmented Machine-to-Machine Communications.
Company Contact Information
|Organization Size||1 - 100|
|Address, Line 1||3101 Western Ave|
|Address, Line 2||Suite 550|
Tempered Networks is the pioneer of Identity-Defined Networking (IDN) that enables customers to easily build cloaked and encrypted networks, instantly. Its technology has been in production for over 10 years in the aerospace and defense industry and recently commercialized for the broader market.