Avaya has announced their Surge IoT security product. What sort of security product is it? In a nutshell, Surge IoT is microsegmentation for your physical IoT devices. Surge works with any sort of wired IoT device, which is crucial for many different organizations with devices that can’t be retrofitted with software shims or agents. For example, health care organizations have many network-connected devices like this.
How does Surge IoT work?
There are three main components in Avaya’s Surge system. The first, and perhaps most crucial, is Avaya’s Open Networking Adapter (ONA). This pocket-sized, fanless device runs Linux and Open vSwitch. The IoT device plugs into the ONA. The ONA plugs into the rest of the network. The ONA becomes the security control point for the IoT device.
The second component is the HyperSec gateway. This gateway is a hub for the ONAs. ONAs will build an IPSEC tunnel back to the HyperSec gateway, encrypting the data going to and from the IoT device. The tunnel can bridge L2 traffic or operate in a more familiar L3 way, depending on your requirements.
The third component is an SDN controller. Software running on the controller allows operators to pair IoT devices with their attached ONAs. The controller software also runs a policy manager, where whitelists for the ONAs are managed. The controller programs the ONAs using OpenFlow to install the whitelists, a straightforward use case for OpenFlow.
The reason I chose to describe Surge IoT as microsegmentation is because of the whitelist aspect to the solution. Whitelisting means that only specifically allowed hosts can talk to the IoT device and vice-versa. That’s the heart of the matter — the most critical security feature keeping these high value targets safe.
The view from the hot aisle.
Avaya Surge IoT is an innovative solution from a company that’s done some of the more innovative things in networking over the last several years. I see Surge IoT as a smart solution that solves a specific problem while playing to Avaya networking’s strengths. Avaya has packaged up a useful solution leveraging technologies they’ve been perfecting for a while now.
Avaya networking isn’t the household name many other networking vendors are, but they have solid technology. Several Packet Pushers listeners who’ve deployed Avaya fabrics, based on Shortest Path Bridging, have had very positive things to report about ease of use and reliability when deploying even complex features. Surge IoT comes from the SPB legacy.
Avaya has also been cautious bringing Surge IoT to market. Initially, Avaya focused on health care specifically with the SDNFX initiative, and are just now moving into other verticals. And even then, they taking a cautious approach. Avaya wants to work primarily with channel partners to deliver this solution to customers. They’ll train the partners and enable them to sell and support this solution to their customer base. Caution is good. Caution encourages maturity in code and feature set as the product penetrates a broader market.
Of course, for some folks, the recent bankruptcy news might be troublesome. However, this bankruptcy proceeding is not a going out of business sale. Rather, it’s financial restructuring. No, bankruptcy proceedings are not good news. But on the other hand, Avaya’s not going anywhere anytime soon.
Avaya’s networking division, particularly, isn’t going anywhere. There has been no impact to the Avaya networking product portfolio or roadmaps, despite the bankruptcy. All is well, which is as it should be. At the very least, there’s an Internet of Things to secure.