In the past, the hard edges of the traditional firewall were enough to protect an organization against outside access. Today, supporting the Internet of Things, visitors and remote workers, personal devices and more have fragmented the traditional network perimeter. These advancements in technology make it nearly impossible to determine where a given organization’s perimeter lies, with connections spanning the campus edge, user devices, IoT devices and external and internal clouds. Ultimately, there’s no longer a rigid perimeter, but rather, an “everywhere perimeter.”
Adequately defending an everywhere perimeter calls for fundamentally new capabilities within today’s security model. Organizations must identify methods of automating the increasingly tedious task of securely onboarding thousands of devices, servers, users and applications to the network while ensuring safe transport of data, protection of customer data and compliance to regulations
Here’s where Extreme Networks Fabric Connect comes in. Fabric Connect provides inherent network security to enhance the security layers already present. This foundational layer is comprised of three synergistic capabilities which are inherent within its Fabric Connect network virtualization technology:
- Hypersegmentation
- Stealth
- Elasticity
Hypersegmentation
- Hypersegmentation is a significant improvement upon traditional network segmentation. The Extreme method for hypersegmentation offers massive scalability and enables the network to be segmented end-to-end from the application server to the end device in order to completely isolate different traffic types, applications or types of users. When hypersegments are created, organizations reduce the attack surface, gain a quarantine function if a segment is breached, simplify anomaly scanning and achieve greater firewall efficiency.
Stealth Networking Capabilities
- Hypersegmentation is combined with another capability called native stealth, which limits the visibility of the network to reduce attack opportunities.
- With Fabric Connect, forwarding is based on ethernet-switched paths, so network topology is invisible from an IP perspective. Since there are no inherent hop-by-hop IP paths, the network topology can’t be traced using common IP scanning tools.
- The other important aspect to stealth networking is that in a Fabric Connect network, aggregation and core nodes don’t have visibility to the service layer. Instead, services are encapsulated at the network edge. What hackers can’t see, they can’t attack.
Elasticity
- Finally, there’s network elasticity as an enabler for securing the everywhere-perimeter. An elastic hypersegment automatically stretches services to the edge, only as required, and only for the duration of a specific application session. As applications terminate, or end-point devices close down or disconnect, the redundant networking services retract from the edge. In deleting a network configuration that isn’t required anymore, back door entry points to the network are eliminated.
Chi Corporation is Extreme Network’s only Black Diamond Partner in the state of Ohio. Contact our sales and engineering teams for more information.
Originally published on the Extreme Network’s blog, April 28, 2021, by Camille Campbell