There is a gaping security hole at the network edge that Avaya Inc. intends to fill with some souped-up, hyper-segmentation capabilities.
The idea is to augment existing security measures (e.g., firewalls) with a segmentation approach that Avaya believes can dramatically minimize a common category of hacking. The company calls its approach "Everywhere Perimeter."
Here's the basic problem: The interconnections between subsystems are frequently weak points that can be exploited.
One example of weak interconnections is, as companies grow, their IT systems tend to grow as a hodge-podge of subsystems metaphorically bolted together. Operations systems get combined with communications systems, and then sales and marketing support gets lumped in, and then facilities management gets layered on, and so on.
Target was hacked for the second time a few years back, with the hackers stealing the data of millions of customers. The hackers gained access to Target's customer records by going through the HVAC control system, said Mark Randall, senior vice president of Avaya's networking business. The hackers were already past the firewall; there was no next line of defense.
Had the subsystems been segmented and secured, that hack would have still happened, but the hackers would have got into the HVAC system and would have been stuck there, confined (so to speak) to raising and lowering the temperature.
Unsecured connectivity is also developing into a risk moving forward with the Internet of things (IoT). IP devices are set up to identify themselves on a network, but that is considered particularly dangerous in the context of devices in a medical facility; the FDA bars medical devices from being discoverable on a network for that reason. Once groups of devices or even individual devices are segmented, they can then be masked.
Network segmentation is hardly a new idea, but few people realize it's a viable option.
Avaya recently commissioned a survey in which most respondents said they believed end-to-end segmentation is important, but fewer than 23% believe they currently deploy such a strategy, saying it's too complex (35%), too resource intensive (29%) and too risky to the rest of the network (22%). What's more, almost one fourth of respondents didn't even know end-to-end network segmentation was possible (22%).
Avaya considers this is a prime market opportunity, Randall told Light Reading.
Avaya has the capabilities to divide a network into quite literally millions of segments, all opaque to each other. The segmentation can be applied throughout the entire network, from data centers down to desktops, the company said.
Network-wide segments are created with simplified configuration commands on an edge device, which enables organizations to add new services or make changes to existing services in minutes, the company said.
Avaya Networking's foundational approach to network security addresses the growing number of breaches by offering an end-to-end segmentation solution that comprises three capabilities:
Hyper-segmentation: The ability to create stealth segments that span the entire network.
Native stealth: The characteristic of a hyper-segment that is invisible to hackers.
Automated elasticity: The capability to create and remove hyper-segments automatically.
Combined, these capabilities will enable organizations to automatically manage segments seamlessly and invisibly.
In a statement, Randall said, "As the number of network security breaches reach staggering proportions -- an increase of 38% in just the past year alone - hackers seem to be just one step ahead of the latest security technologies. Avaya's approach to network security begins at the core and extends wherever the business needs it to be. Our hyper-segmentation, native, stealth and automated elasticity capabilities creates safety zones that hackers can't see, and therefore won't be able to access."
— Brian Santo, Senior Editor, Components, T&M, Light Reading